]> git.ipfire.org Git - thirdparty/libarchive.git/log
thirdparty/libarchive.git
2 weeks agoMerge pull request #3098 from stoeckmann/filter_read_ahead
Martin Matuška [Tue, 9 Jun 2026 06:28:38 +0000 (08:28 +0200)] 
Merge pull request #3098 from stoeckmann/filter_read_ahead

filters: Simplify `__archive_read_filter_ahead` use

2 weeks agoMerge pull request #3119 from stoeckmann/7zip_u32_oflow
Martin Matuška [Tue, 9 Jun 2026 06:27:58 +0000 (08:27 +0200)] 
Merge pull request #3119 from stoeckmann/7zip_u32_oflow

7zip: Fix range check in get_pe_sfx_offset

2 weeks agoMerge pull request #3115 from stoeckmann/gzip_writer_mem
Martin Matuška [Tue, 9 Jun 2026 06:26:54 +0000 (08:26 +0200)] 
Merge pull request #3115 from stoeckmann/gzip_writer_mem

gzip: Fix OOB in writer with huge filename

2 weeks agoMerge pull request #3114 from stoeckmann/open_oob
Martin Matuška [Tue, 9 Jun 2026 06:25:51 +0000 (08:25 +0200)] 
Merge pull request #3114 from stoeckmann/open_oob

Fix OOB in `archive_read_open_filenames_w` on some systems

2 weeks agoMerge pull request #3113 from stoeckmann/fflags_strcpy
Martin Matuška [Tue, 9 Jun 2026 06:25:10 +0000 (08:25 +0200)] 
Merge pull request #3113 from stoeckmann/fflags_strcpy

7zip/rar5: Simplify file attribute handling

2 weeks agoMerge pull request #3108 from stoeckmann/windows_legacy
Martin Matuška [Tue, 9 Jun 2026 06:24:24 +0000 (08:24 +0200)] 
Merge pull request #3108 from stoeckmann/windows_legacy

Reduce Windows legacy support

3 weeks agoMerge pull request #3116 from stoeckmann/hardening
Dustin L. Howett [Tue, 9 Jun 2026 00:29:04 +0000 (19:29 -0500)] 
Merge pull request #3116 from stoeckmann/hardening

This PR does not fix any reachable issue, but fixes the code in question nonetheless to prevent regressions in the future:

- Do not call `archive_copy_error` after `archive_read_free` to prevent a user after free bug
- Reset `vtable` to `NULL` to prevent `close` from being called after filter initialization error, since `data` is already freed and set to `NULL`, preventing a `NULL` pointer dereference

3 weeks agoMerge pull request #3021 from chnzzh/fix/iso9660-ce-loop
Dustin L. Howett [Tue, 9 Jun 2026 00:06:43 +0000 (19:06 -0500)] 
Merge pull request #3021 from chnzzh/fix/iso9660-ce-loop

iso9660: fix infinite loop on self-referencing CE entry

3 weeks agoMerge pull request #3127 from shxz9u/fix-callback-data-realloc
Dustin L. Howett [Mon, 8 Jun 2026 20:39:07 +0000 (15:39 -0500)] 
Merge pull request #3127 from shxz9u/fix-callback-data-realloc

Avoid updating allocation state before realloc succeeds

3 weeks agoMerge pull request #3126 from stoeckmann/shar
Dustin L. Howett [Mon, 8 Jun 2026 20:30:26 +0000 (15:30 -0500)] 
Merge pull request #3126 from stoeckmann/shar

shar: Check `archive_entry_clone` result

3 weeks agoMerge pull request #3125 from stoeckmann/disk_clone
Dustin L. Howett [Mon, 8 Jun 2026 20:29:48 +0000 (15:29 -0500)] 
Merge pull request #3125 from stoeckmann/disk_clone

Check allocation in `_archive_write_disk_header`

3 weeks agoMerge pull request #3124 from stoeckmann/entry_mem
Dustin L. Howett [Mon, 8 Jun 2026 20:28:01 +0000 (15:28 -0500)] 
Merge pull request #3124 from stoeckmann/entry_mem

entry_link_resolver: Improve memory handling

3 weeks agoMerge pull request #3123 from stoeckmann/cab_remaining
Dustin L. Howett [Mon, 8 Jun 2026 20:27:04 +0000 (15:27 -0500)] 
Merge pull request #3123 from stoeckmann/cab_remaining

cab: Simplify `cab_read_ahead_remaining`

3 weeks agoMerge pull request #3122 from stoeckmann/into_buffer
Dustin L. Howett [Mon, 8 Jun 2026 20:26:25 +0000 (15:26 -0500)] 
Merge pull request #3122 from stoeckmann/into_buffer

Remove `archive_read_data_into_buffer` comment

3 weeks agoMerge pull request #3117 from i1011/iso9660-null-deref-fix
Dustin L. Howett [Mon, 8 Jun 2026 20:25:59 +0000 (15:25 -0500)] 
Merge pull request #3117 from i1011/iso9660-null-deref-fix

iso9660: Fix null dereference in set_directory_record_rr

3 weeks agoopen: Fix OOB in archive_read_open_filenames_w 3114/head
Tobias Stoeckmann [Wed, 3 Jun 2026 20:12:03 +0000 (22:12 +0200)] 
open: Fix OOB in archive_read_open_filenames_w

If a system with sizeof(wchar_t)=2 (e.g. Cygwin) tries to convert a wide
character string into a multi byte string representation, it
precalculates the required length with sizeof(wchar_t) instead of
MB_LEN_MAX. This can lead to short memory allocation for filenames which
have a shorter representation in wchar_t than in UTF-8.

Resolves GHSA-crm5-q56g-xw29.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoopen: Check OOB in archive_read_open_filenames_w
Tobias Stoeckmann [Wed, 3 Jun 2026 20:10:35 +0000 (22:10 +0200)] 
open: Check OOB in archive_read_open_filenames_w

A system with sizeof(wchar_t)=2 (Cygwin on Windows) can trigger an out
of boundary write in archive_read_open_filenames_w when converting the
wide character string into a multi byte string.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agorpm: Refactor filter 3131/head
Tobias Stoeckmann [Mon, 8 Jun 2026 18:39:39 +0000 (20:39 +0200)] 
rpm: Refactor filter

The current finite state machine carefully handles short reads, i.e. the
loop can enter as often as needed until enough bytes arrive for the
current state to perform its actions.

This can be simplified by relying on __archive_filter_read_ahead to
return the amount of bytes actually needed. I assume that this did not
happen in the original code due to its age (2009) and evolution of
libarchive's internals over time.

Also, headers are only skipped at the beginning. As soon as the reader
starts returning data (ST_ARCHIVE reached), the filter pretty much
becomes a pass-through filter.

Split the initial lead and header skipping into its own function and
only keep track if the initial skipping was performed or not. This
greatly simplifies the reader function.

Also, it avoids book keeping of internal states and "total_in" tracking,
which I don't have to properly audit for edge cases anymore.

Last but not least, this refactoring properly reports truncated streams
now.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoAvoid updating allocation state before realloc succeeds 3127/head
magnolia [Sun, 7 Jun 2026 23:37:54 +0000 (08:37 +0900)] 
Avoid updating allocation state before realloc succeeds

3 weeks agoread_data_into_fd: Allocate nulls on demand 3128/head
Tobias Stoeckmann [Sun, 7 Jun 2026 15:20:58 +0000 (17:20 +0200)] 
read_data_into_fd: Allocate nulls on demand

Allocate nulls only when needed, i.e. when sparse files are encountered.
This removes another malloc call from regular use cases.

While at it, call archive_set_error in case of allocation failure for
better error messages.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoread_data_into_fd: Perform final seek check
Tobias Stoeckmann [Sun, 7 Jun 2026 14:47:20 +0000 (16:47 +0200)] 
read_data_into_fd: Perform final seek check

Try to detect if writing data to correct position failed due to being
in append mode.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoread_data_into_fd: Print correct error code
Tobias Stoeckmann [Sun, 7 Jun 2026 14:44:36 +0000 (16:44 +0200)] 
read_data_into_fd: Print correct error code

If lseek fails to seek to correct position, e.g. because the descriptor
is in append mode, do not use errno because it's not set.

In such a case, fall back to ARCHIVE_ERRNO_MISC.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoshar: Check archive_entry_clone result 3126/head
Tobias Stoeckmann [Sun, 7 Jun 2026 13:52:45 +0000 (15:52 +0200)] 
shar: Check archive_entry_clone result

Properly handle allocation failures.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoCheck allocation in _archive_write_disk_header 3125/head
Tobias Stoeckmann [Sun, 7 Jun 2026 13:49:46 +0000 (15:49 +0200)] 
Check allocation in _archive_write_disk_header

The POSIX and Windows code did not check the result of
archive_entry_clone. Handle this error condition properly.

While at it, unify POSIX and Windows code a bit.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoentry: Use size_t for element count 3124/head
Tobias Stoeckmann [Sun, 7 Jun 2026 13:43:13 +0000 (15:43 +0200)] 
entry: Use size_t for element count

LLP64 could theoretically overflow the 32 bit counter. It still needs a
lot memory to achieve this, but let's better be safe than sorry.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoentry: Check allocation in insert_entry
Tobias Stoeckmann [Sun, 7 Jun 2026 13:42:29 +0000 (15:42 +0200)] 
entry: Check allocation in insert_entry

Check if allocation succeded. If not, properly handle the error instead
of eventually performing a NULL pointer dereference.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agocab: Simplify cab_read_ahead_remaining 3123/head
Tobias Stoeckmann [Sun, 7 Jun 2026 13:19:50 +0000 (15:19 +0200)] 
cab: Simplify cab_read_ahead_remaining

We do not have to guess the amount of remaining bytes, since
archive_read_ahead returns the information.

Simplify the function.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoRemove archive_read_data_into_buffer comment 3122/head
Tobias Stoeckmann [Sun, 7 Jun 2026 13:15:33 +0000 (15:15 +0200)] 
Remove archive_read_data_into_buffer comment

The function has been removed in 2011 with commit
fe9b86254d66411b6bf267a02236d4672258b61b. Remove the comment as well.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agorar5: fix integer underflow in bytes_remaining 3121/head
00redbeer [Sun, 7 Jun 2026 12:23:25 +0000 (14:23 +0200)] 
rar5: fix integer underflow in bytes_remaining

A malformed RAR5 archive with data_size=1 forces bytes_remaining
(ssize_t) to wrap to -2 when a compressed block header consumes
to_skip=3 bytes (CWE-191). That negative value is then implicitly
cast to size_t ~0 inside malloc(), requesting a ~16-exabyte
allocation — confirmed heap buffer overflow via ASAN/UBSan on a
48-byte crafted archive requiring no authentication.

Three guards added to archive_read_support_format_rar5.c:

1. Reject data_size > SSIZE_MAX before assigning to bytes_remaining
   (CWE-195, unsafe unsigned-to-signed conversion)

2. Reject to_skip > bytes_remaining in process_block() before the
   subtraction — this is the primary fix for the underflow (CWE-191)

3. Change cur_block_size == 0 to cur_block_size <= 0 in merge_block()
   as defense-in-depth so that any negative bytes_remaining reaching
   read_ahead() is caught before it becomes a malloc size (CWE-122)

3 weeks agorar5: check integer overflow in bytes_remaining
00redbeer [Sun, 7 Jun 2026 12:14:34 +0000 (14:14 +0200)] 
rar5: check integer overflow in bytes_remaining

A malformed RAR5 archive with data_size=1 forces bytes_remaining
(ssize_t) to wrap to -2 when a compressed block header consumes
to_skip=3 bytes (CWE-191). That negative value is then implicitly
cast to size_t ~0 inside malloc(), requesting a ~16-exabyte
allocation — confirmed heap buffer overflow via ASAN/UBSan on a
48-byte crafted archive requiring no authentication.

Reproducer: 48-byte crafted RAR5 archive; ASAN confirms
"allocation-size-too-big 0xfffffffffffffffe".

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoiso9660: Reserve more space in record to avoid null deref 3117/head
i1011 [Sun, 7 Jun 2026 12:50:42 +0000 (20:50 +0800)] 
iso9660: Reserve more space in record to avoid null deref

3 weeks agoiso9660: Add symlink name length enumeration test
i1011 [Sun, 7 Jun 2026 12:50:31 +0000 (20:50 +0800)] 
iso9660: Add symlink name length enumeration test

3 weeks agoshar: Use archive_endian.h function 3120/head
Tobias Stoeckmann [Thu, 4 Jun 2026 19:41:12 +0000 (21:41 +0200)] 
shar: Use archive_endian.h function

Make it easier to verify code by re-using already existing function.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agorar5: Use archive_endian.h functions
Tobias Stoeckmann [Thu, 4 Jun 2026 18:10:41 +0000 (20:10 +0200)] 
rar5: Use archive_endian.h functions

Make it easier to verify code by re-using already existing functions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks ago7zip: Use archive_endian.h functions
Tobias Stoeckmann [Thu, 4 Jun 2026 18:02:51 +0000 (20:02 +0200)] 
7zip: Use archive_endian.h functions

Make it easier to verify code by re-using already existing functions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoiso9660: Use archive_endian.h functions
Tobias Stoeckmann [Thu, 4 Jun 2026 17:45:40 +0000 (19:45 +0200)] 
iso9660: Use archive_endian.h functions

Make it easier to verify code by re-using already existing functions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agogzip: Use archive_endian.h functions
Tobias Stoeckmann [Thu, 4 Jun 2026 17:30:58 +0000 (19:30 +0200)] 
gzip: Use archive_endian.h functions

Make it easier to verify code by re-using already existing functions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agocpio: Use archive_endian.h functions
Tobias Stoeckmann [Thu, 4 Jun 2026 16:34:46 +0000 (18:34 +0200)] 
cpio: Use archive_endian.h functions

Make it easier to verify code be re-using already existing functions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoendian: Add new 24 bit functions
Tobias Stoeckmann [Thu, 4 Jun 2026 16:04:36 +0000 (18:04 +0200)] 
endian: Add new 24 bit functions

Sometimes, 24 bit operations are needed. Enough users exist that moving
this into archive_endian.h is worth it.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks ago7zip: Fix range check in get_pe_sfx_offset 3119/head
Tobias Stoeckmann [Sat, 6 Jun 2026 20:47:00 +0000 (22:47 +0200)] 
7zip: Fix range check in get_pe_sfx_offset

Fix an unsigned integer overflow in get_pe_sfx_offset to properly
address the correct section.

Reported by shxz9u.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoxz: Properly clean up resources on error path 3116/head
Tobias Stoeckmann [Sat, 6 Jun 2026 09:40:19 +0000 (11:40 +0200)] 
xz: Properly clean up resources on error path

If vtable is not set to NULL, close function would be called during
shutdown. Since data is already freed and set to NULL, this would lead
to a NULL pointer dereference later on.

The called library functions should never fail though, so this is a
purely defensive measure against future lzma changes.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agomatch: Prevent currently unreachable UAF
Tobias Stoeckmann [Sat, 6 Jun 2026 09:37:27 +0000 (11:37 +0200)] 
match: Prevent currently unreachable UAF

If archive_read_next_header in add_pattern_from_file would ever return
anything but ARCHIVE_OK or ARCHIVE_EOF, a use after free would occur
when copying error information.

Since this is impossible with current setup (format raw without any
further filter, thus only open_filename code), this change is a purely
defensive measure against future changes.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agogzip: Fix OOB with huge filenames 3115/head
Tobias Stoeckmann [Thu, 4 Jun 2026 20:13:45 +0000 (22:13 +0200)] 
gzip: Fix OOB with huge filenames

If a filename is larger than INT_MAX, an out of boundary write could
occur on 64 bit systems. Fix data types and ignore such huge file names.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agogzip: Properly handle option strdup failure
Tobias Stoeckmann [Thu, 4 Jun 2026 19:52:58 +0000 (21:52 +0200)] 
gzip: Properly handle option strdup failure

If the original name cannot be duplicated, return ARCHIVE_FAILED instead
of ARCHIVE_WARN. The latter implies that the option is unknown, which is
not the case.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agogzip: Turn total_in unsigned
Tobias Stoeckmann [Thu, 4 Jun 2026 19:41:55 +0000 (21:41 +0200)] 
gzip: Turn total_in unsigned

All arithmetical operations are unsigned, and it makes sense to keep it
unsigned: The total_in value is written at the end of the stream and if
the value overflows, it's pretty much expected to be % UINT32_MAX.

Very unlikely that int64_t will ever overflow, but the fix is cheap.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agocpio: Simplify WINAPI_FAMILIY_PARTITION check 3108/head
Tobias Stoeckmann [Wed, 3 Jun 2026 18:33:37 +0000 (20:33 +0200)] 
cpio: Simplify WINAPI_FAMILIY_PARTITION check

The macro is defined in archive_windows.h if missing.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agowindows: Simplify la_CreateSymbolicLinkW
Tobias Stoeckmann [Tue, 2 Jun 2026 19:02:59 +0000 (21:02 +0200)] 
windows: Simplify la_CreateSymbolicLinkW

The CreateSymbolicLinkW function is available since 0x0600 and is also
part of the Nano Server APIs. On earlier systems, don't even try.
Otherwise use it directly to simplify code.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks ago7zip/rar5: Simplify file attribute handling 3113/head
Tobias Stoeckmann [Wed, 3 Jun 2026 18:47:22 +0000 (20:47 +0200)] 
7zip/rar5: Simplify file attribute handling

- Use a stack array for 22 bytes
- Entering the if-branch already implies that we will add data
- Use snprintf instead of strcpy

Even though snprintf is slower than strcpy, it's easier to verify and
since nobody complained so far about the malloc overhead, this should be
okay (for now).

As a bonus, this code cannot fail anymore, which previously meant that
file attributes were silently ignored.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agowindows: Remove pre Windows XP support code
Tobias Stoeckmann [Tue, 2 Jun 2026 19:01:23 +0000 (21:01 +0200)] 
windows: Remove pre Windows XP support code

The oldest version we support is 0x0502, while _WIN32_WINNT_XP is
0x0500. Drop support code for even older versions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoMerge pull request #3039 from dnelson-1901/manpage-fixes
Dustin L. Howett [Wed, 3 Jun 2026 05:35:22 +0000 (22:35 -0700)] 
Merge pull request #3039 from dnelson-1901/manpage-fixes

3 weeks agoMerge pull request #3109 from stoeckmann/windows_concurrency
Dustin L. Howett [Wed, 3 Jun 2026 05:33:10 +0000 (22:33 -0700)] 
Merge pull request #3109 from stoeckmann/windows_concurrency

3 weeks agoMerge pull request #3112 from stoeckmann/windows_partition
Dustin L. Howett [Wed, 3 Jun 2026 04:58:40 +0000 (21:58 -0700)] 
Merge pull request #3112 from stoeckmann/windows_partition

3 weeks agoMerge pull request #3106 from stoeckmann/precompute_tables
Tim Kientzle [Wed, 3 Jun 2026 04:10:22 +0000 (21:10 -0700)] 
Merge pull request #3106 from stoeckmann/precompute_tables

Precompute static tables

3 weeks agoMerge pull request #3107 from stoeckmann/dynamic
Tim Kientzle [Wed, 3 Jun 2026 04:09:33 +0000 (21:09 -0700)] 
Merge pull request #3107 from stoeckmann/dynamic

Turn static state variables dynamic

3 weeks agoMerge pull request #3110 from stoeckmann/static_style
Tim Kientzle [Wed, 3 Jun 2026 04:08:35 +0000 (21:08 -0700)] 
Merge pull request #3110 from stoeckmann/static_style

Turn two static tables `static const`

3 weeks agoMerge pull request #3111 from stoeckmann/tests_assert_a
Tim Kientzle [Wed, 3 Jun 2026 04:07:42 +0000 (21:07 -0700)] 
Merge pull request #3111 from stoeckmann/tests_assert_a

tests: Use assertEqualInt for archive_write_free

3 weeks agowindows: Extend CreateSymbolicLinkW guard 3112/head
Tobias Stoeckmann [Tue, 2 Jun 2026 20:28:33 +0000 (22:28 +0200)] 
windows: Extend CreateSymbolicLinkW guard

Add WINDOWS_PARTITION_SYSTEM to guard for extended supported.
Reported by Duncan Horn.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agowindows: Define WINAPI_FAMILY_PARTITION if missing
Tobias Stoeckmann [Tue, 2 Jun 2026 20:26:17 +0000 (22:26 +0200)] 
windows: Define WINAPI_FAMILY_PARTITION if missing

Define the macro WINAPI_FAMILY_PARTITION if it's missing, which can
happen on old Windows versions like Windows XP. Also add other missing
definitions to support compilation.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agotests: Use assertEqualInt for archive_write_free 3111/head
Tobias Stoeckmann [Tue, 2 Jun 2026 19:34:35 +0000 (21:34 +0200)] 
tests: Use assertEqualInt for archive_write_free

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agowindows: Fix concurrency in __archive_create_child 3109/head
Tobias Stoeckmann [Tue, 2 Jun 2026 19:13:11 +0000 (21:13 +0200)] 
windows: Fix concurrency in __archive_create_child

Use proper memory barrier while checking for availability of function
WaitForInputIdle.

Since Vista, InitOnceExecuteOnce is a very simple idiom to handle such a
singleton setup. For earlier setups, accept a possible data race and
recover gracefully if two concurrent threads performed the initial
setup.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agolz4: Adjust style 3110/head
Tobias Stoeckmann [Tue, 2 Jun 2026 18:53:18 +0000 (20:53 +0200)] 
lz4: Adjust style

Having const right after static makes it easier to grep for array which
are not static const.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agorar5: Turn rar5_signature_xor const
Tobias Stoeckmann [Tue, 2 Jun 2026 18:52:01 +0000 (20:52 +0200)] 
rar5: Turn rar5_signature_xor const

The content is never modified, so move it into read-only section.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agoposix: Move static var into archive_write_disk 3107/head
Tobias Stoeckmann [Tue, 2 Jun 2026 18:28:53 +0000 (20:28 +0200)] 
posix: Move static var into archive_write_disk

Move a static variable into struct archive_write_disk, which is a safe
location from a thread perspective.

Only create and use it if it's really needed, i.e. for systems which
lack support for extended attributes.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agotar: Move static variables into struct tar
Tobias Stoeckmann [Tue, 2 Jun 2026 18:18:02 +0000 (20:18 +0200)] 
tar: Move static variables into struct tar

Move these variables into struct tar, which is populated for every
individual tar archive.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agolha: Precalculate CRC16 tables 3106/head
Tobias Stoeckmann [Tue, 2 Jun 2026 17:41:34 +0000 (19:41 +0200)] 
lha: Precalculate CRC16 tables

This avoids all possible concurrency issues.

As a bonus, turn the whole array const to move it into read-only
section.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agocrc32: Precalculate table
Tobias Stoeckmann [Tue, 2 Jun 2026 17:30:58 +0000 (19:30 +0200)] 
crc32: Precalculate table

This avoids all possible concurrency issues.

As a bonus, turn the whole array const to move it into read-only
section.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agotar: Precalculate decode_table of base64_decode
Tobias Stoeckmann [Tue, 2 Jun 2026 17:31:54 +0000 (19:31 +0200)] 
tar: Precalculate decode_table of base64_decode

This avoids all possible concurrency issues.

As a bonus, turn the whole array const to move it into read-only
section.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 weeks agorar: Add test of large staticdatalen in header
i1011 [Tue, 2 Jun 2026 17:29:49 +0000 (01:29 +0800)] 
rar: Add test of large staticdatalen in header

3 weeks agoMerge pull request #3045 from datauwu/iso9660-joliet-patch
Martin Matuška [Tue, 2 Jun 2026 13:06:34 +0000 (15:06 +0200)] 
Merge pull request #3045 from datauwu/iso9660-joliet-patch

iso9660: bound duplicate identifier extension placement

3 weeks agoMerge pull request #3073 from stoeckmann/lz4_zstd_32
Martin Matuška [Tue, 2 Jun 2026 13:05:42 +0000 (15:05 +0200)] 
Merge pull request #3073 from stoeckmann/lz4_zstd_32

lz4/zstd: Fix 32 bit platform endless loop and OOB access during bidding

3 weeks agoMerge pull request #3091 from yPin9/fix/rar5-consume-remaining
Martin Matuška [Tue, 2 Jun 2026 13:04:44 +0000 (15:04 +0200)] 
Merge pull request #3091 from yPin9/fix/rar5-consume-remaining

rar5: skip unconsumed block bytes before ARCHIVE_RETRY

3 weeks agoMerge pull request #3103 from stoeckmann/uu_32_oob
Martin Matuška [Tue, 2 Jun 2026 13:04:00 +0000 (15:04 +0200)] 
Merge pull request #3103 from stoeckmann/uu_32_oob

uu: Extend range checks to avoid 32 bit OOB

3 weeks agoMerge pull request #2837 from mmatuska/ci-firecracker
Martin Matuška [Tue, 2 Jun 2026 13:03:35 +0000 (15:03 +0200)] 
Merge pull request #2837 from mmatuska/ci-firecracker

CI: add FreeBSD 15 build via firecracker VM to GitHub Actions

3 weeks agoMerge pull request #3081 from stoeckmann/tests_i686_asan
Tobias Stoeckmann [Tue, 2 Jun 2026 06:12:43 +0000 (08:12 +0200)] 
Merge pull request #3081 from stoeckmann/tests_i686_asan

tests: Skip checks on low memory systems

3 weeks agoMerge pull request #3104 from stoeckmann/uu_cleanup
Tobias Stoeckmann [Tue, 2 Jun 2026 06:12:22 +0000 (08:12 +0200)] 
Merge pull request #3104 from stoeckmann/uu_cleanup

uu: Minor code cleanups

4 weeks agouu: Fix grammar in comments 3104/head
Tobias Stoeckmann [Mon, 1 Jun 2026 21:05:36 +0000 (23:05 +0200)] 
uu: Fix grammar in comments

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agouu: Extend range checks to avoid 32 bit OOB 3103/head
Tobias Stoeckmann [Mon, 1 Jun 2026 20:38:37 +0000 (22:38 +0200)] 
uu: Extend range checks to avoid 32 bit OOB

It is possible to trigger an out of boundary write on 32 bit systems
with around 1 GB of data (with a line consuming most of that data) when
opened with archive_read_open_memory.

Cap the amount of data read at once at 2 * UUENCODE_BID_MAX_READ to
allow range checks to take place before a possible SSIZE_MAX overflow
can occur through avail_in. Also, discard any line longer than
UUENCODE_BID_MAX_READ since this should definitely be more than
enough, especially since in_cnt check already takes care of that.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agouu: Fix formatting
Tobias Stoeckmann [Mon, 1 Jun 2026 20:53:16 +0000 (22:53 +0200)] 
uu: Fix formatting

No functional change, but clarify where this if-block belongs to.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agouu: Remove unneeded code
Tobias Stoeckmann [Mon, 1 Jun 2026 20:52:56 +0000 (22:52 +0200)] 
uu: Remove unneeded code

We know that ptr is NULL, so no need to call free on it.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agoMerge pull request #3082 from stoeckmann/bzip2_dead
Dustin L. Howett [Mon, 1 Jun 2026 20:15:06 +0000 (15:15 -0500)] 
Merge pull request #3082 from stoeckmann/bzip2_dead

The check for end of file (`avail == 0`) happens after the check for a `NULL` return value of `__archive_read_filter_ahead`.

Remove it, because at this stage, it's definitely truncated, not just end of file.

4 weeks agoMerge pull request #3102 from DHowett/bug/7z-build
Dustin L. Howett [Mon, 1 Jun 2026 19:02:14 +0000 (14:02 -0500)] 
Merge pull request #3102 from DHowett/bug/7z-build

7zip: fix a number of issues in zstd detection

- -Wunused-function when ZSTD_compressStream is unavailable
- Incorrect automatic selection of 7Z_ZSTD when ZSTD_compressStream is unavailable
- Other instances of HAVE_ZSTD_H not matching HAVE_LIBZSTD

Co-authored-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks ago7zip: Support old zstd versions as well 3102/head
Tobias Stoeckmann [Mon, 1 Jun 2026 18:15:31 +0000 (20:15 +0200)] 
7zip: Support old zstd versions as well

Use ZSTD_DStream only if it's available, which should always be the
case.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agoMerge pull request #3090 from DHowett/ci/cygwin
Dustin L. Howett [Mon, 1 Jun 2026 17:54:56 +0000 (12:54 -0500)] 
Merge pull request #3090 from DHowett/ci/cygwin

ci: migrate Windows Cygwin to GitHub Actions

4 weeks ago7zip: only fall back to 7Z_ZSTD if we can actually use zstd
Dustin L. Howett [Mon, 1 Jun 2026 17:38:07 +0000 (13:38 -0400)] 
7zip: only fall back to 7Z_ZSTD if we can actually use zstd

Without this fix, the 7zip writer will fall back to zstd (when it is the
last available option) even if it could not be linked, then fail at
runtime with an unexpected error message.

4 weeks ago7zip: fix -Wunused-function if zstd.h exists but zstd can't be linked
Dustin L. Howett [Thu, 28 May 2026 22:40:05 +0000 (17:40 -0500)] 
7zip: fix -Wunused-function if zstd.h exists but zstd can't be linked

4 weeks agoMerge pull request #3094 from i1011/xar-redundant-dec-fix
Dustin L. Howett [Mon, 1 Jun 2026 11:50:50 +0000 (06:50 -0500)] 
Merge pull request #3094 from i1011/xar-redundant-dec-fix

4 weeks agoci: add the new cygwin-gcc backend to the GitHub CI workflow 3090/head
Dustin L. Howett [Thu, 28 May 2026 21:37:35 +0000 (16:37 -0500)] 
ci: add the new cygwin-gcc backend to the GitHub CI workflow

4 weeks agoci: add support for cygwin-gcc to the github CI script
Dustin L. Howett [Thu, 28 May 2026 21:47:56 +0000 (16:47 -0500)] 
ci: add support for cygwin-gcc to the github CI script

4 weeks agoCI: add FreeBSD-15-amd64 build via firecracker 2837/head
Martin Matuska [Mon, 1 Jun 2026 08:06:05 +0000 (10:06 +0200)] 
CI: add FreeBSD-15-amd64 build via firecracker

4 weeks agoMerge pull request #3089 from mostynb/remove_cirrus_ci
Martin Matuška [Mon, 1 Jun 2026 07:58:42 +0000 (09:58 +0200)] 
Merge pull request #3089 from mostynb/remove_cirrus_ci

Remove Cirrus CI setup, it is shutting down in a few days

4 weeks agoMerge pull request #3093 from stoeckmann/lz4_skip
Martin Matuška [Mon, 1 Jun 2026 07:55:02 +0000 (09:55 +0200)] 
Merge pull request #3093 from stoeckmann/lz4_skip

lz4: Improve truncated input stream detection

4 weeks agoMerge pull request #3095 from stoeckmann/afio_header
Martin Matuška [Mon, 1 Jun 2026 07:54:26 +0000 (09:54 +0200)] 
Merge pull request #3095 from stoeckmann/afio_header

cpio: Improve afio header detection

4 weeks agoMerge pull request #3096 from stoeckmann/filters_comments
Martin Matuška [Mon, 1 Jun 2026 07:53:36 +0000 (09:53 +0200)] 
Merge pull request #3096 from stoeckmann/filters_comments

filters: Update comments

4 weeks agoMerge pull request #3097 from stoeckmann/typos
Martin Matuška [Mon, 1 Jun 2026 07:53:20 +0000 (09:53 +0200)] 
Merge pull request #3097 from stoeckmann/typos

Fix typos in comments and error message

4 weeks agoMerge pull request #3099 from stoeckmann/7zip_seek
Martin Matuška [Mon, 1 Jun 2026 07:51:32 +0000 (09:51 +0200)] 
Merge pull request #3099 from stoeckmann/7zip_seek

7zip: Extend support for filtered input

4 weeks agoMerge pull request #3100 from stoeckmann/lz4_xxh32
Martin Matuška [Mon, 1 Jun 2026 07:50:34 +0000 (09:50 +0200)] 
Merge pull request #3100 from stoeckmann/lz4_xxh32

lz4: Check `XXH32_init` result

4 weeks agolz4: Check XXH32_init result 3100/head
Tobias Stoeckmann [Sun, 31 May 2026 15:41:41 +0000 (17:41 +0200)] 
lz4: Check XXH32_init result

The XXH32_init function allocates memory. Check if the allocation was
successful and return ARCHIVE_FATAL on error.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agofilters: Update comments 3096/head
Tobias Stoeckmann [Sun, 31 May 2026 09:02:55 +0000 (11:02 +0200)] 
filters: Update comments

Some filter comments were not updated when the execution of external
filter programs was introduced.

Sync them with reality, including the actually performed commands.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agoFix typo in manual page 3097/head
Tobias Stoeckmann [Sun, 31 May 2026 15:13:50 +0000 (17:13 +0200)] 
Fix typo in manual page

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
4 weeks agoread: Fix typo in error message
Tobias Stoeckmann [Sun, 31 May 2026 09:06:39 +0000 (11:06 +0200)] 
read: Fix typo in error message

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>