| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| typos.patch | Correct some typographical errors. | Peter Pentchev <roam@ringlet.net> | yes | 2020-06-02 | ||
| upstream-cpio-hardlink-type.patch | Fix writing of cpio archives containing hardlinks without file type | Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org> | no | upstream; https://github.com/libarchive/libarchive/commit/84b27e52eb87d5d38cce9410e76e92a9d81c0318 | 2020-06-02 | |
| upstream-cpio-rdev.patch | Fix rdev field in cpio format for device nodes | Michael Forney <mforney@mforney.org> | no | upstream; https://github.com/libarchive/libarchive/commit/1ef7a57a7024af4ae165e07fa10f3984c41fb9f6 | 2020-06-02 | |
| upstream-isint-w.patch | isint_w should use long literals cut&paste from isint apparently forgot that | Marc Espie <espie@nerim.net> | no | upstream; https://github.com/libarchive/libarchive/commit/152c9234d18ab7e7b99f51f9f064547fc6273c5f | 2020-08-01 | |
| upstream-unneeded-strlen.patch | remove unneeded strlen this is obviously s, no need to recompute it each time diff --git a/libarchive/archive_check_magic.c b/libarchive/archive_check_magic.c index 288ce233..1f40072f 100644 |
Marc Espie <espie@nerim.net> | no | upstream; https://github.com/libarchive/libarchive/commit/4c9ed81759ead79b021ef42356fa55d3048c8c54 | 2020-08-01 | |
| upstream-hardlink-to-self.patch | Skip hardlinks pointing to itself and issue a warning | Martin Matuska <martin@matuska.org> | yes | upstream | upstream; https://github.com/libarchive/libarchive/commit/b3073af254a317e46ac058de47c05a55276ea14b | 2020-06-09 |
| upstream-set-format-error.patch | Set an error message for setting invalid format by code on readers The error message is consistent with `archive_read_set_format`. The absence of an error message here also means that the error message in `archive_read_set_format` is actually never used. . Writer functions does not seem to have the same issue. |
Yichao Yu <yyc1992@gmail.com> | no | upstream; https://github.com/libarchive/libarchive/commit/2778b7e7026038313c55935808a0d5a68db1f72a | 2020-08-01 | |
| upstream-rar-read-format.patch | Fix uninitialized offset & size in rar5_read_data Also: Initialize to zero only size + check for null (the next commit from the same pull request) |
Kirill Zhumarin <kirill.zhumarin@gmail.com> | no | upstream; https://github.com/libarchive/libarchive/commit/ffd55a4b7ff0d70def5c5510c22ecee6489ee8ed | 2020-08-01 | |
| upstream-memory-stdlib.patch | memory.h is a non-standard header, so use stdlib.h instead | uyjulian <uyjulian@gmail.com> | no | upstream; https://github.com/libarchive/libarchive/commit/2d0df037918ef2f917df59d353eb5652dc3f2ebc | 2020-08-01 | |
| upstream-max-comp-level.patch | Enable compression level up to 9 for xz, xar, 7zip | Adrian Ebeling <devl@adrian-ebeling.de> | no | upstream; https://github.com/libarchive/libarchive/commit/aff9809ca010305d21c61859215fb20f1c1b6267 | 2020-08-01 | |
| upstream-hardlinks-to-symlinks.patch | Fix extracting hardlinks to symlinks | Martin Matuska <martin@matuska.org> | no | upstream, https://github.com/libarchive/libarchive/commit/5e646b890fb3c59ef6f94221ef8ef9ae62a8a9d6 | ||
| upstream-symlink-acls.patch | Fix handling of symbolic link ACLs Published as CVE-2021-23177 | Martin Matuska <martin@matuska.org> | no | debian | upstream, https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad | |
| upstream-set-flags-nofollow.patch | Never follow symlinks when setting file flags on Linux Published as CVE-2021-31566 | Martin Matuska <martin@matuska.org> | no | debian | upstream, https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b | 2021-12-20 |
| upstream-fixup-nofollow.patch | Do not follow symlinks when processing the fixup list Published as CVE-2021-31566 | Martin Matuska <martin@matuska.org> | no | debian | upstream, https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 | 2021-12-20 |
| 0001-RAR5-reader-fix-invalid-memory-access-in-some-files.patch | RAR5 reader: fix invalid memory access in some files RAR5 reader uses several variables to manage the window buffer during window buffer (`window_size`), and a helper variable (`window_mask`) that is used to constrain read and write offsets to the window buffer. Some specially crafted files can force the unpacker to update the `window_mask` variable to a value that is out of sync with current buffer size. If the `window_mask` will be bigger than the actual buffer size, then an invalid access operation can happen (SIGSEGV). This commit ensures that if the `window_size` and `window_mask` will be changed, the window buffer will be reallocated to the proper size, so no invalid memory operation should be possible. This commit contains a test file from OSSFuzz #30442. |
Grzegorz Antoniak <ga@anadoxin.org> | no | 2021-02-12 | ||
| 0002-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch | ZIP reader: fix possible out-of-bounds read in zipx_lzma_alone_init() Fixes #1672 |
Tim Kientzle <kientzle@acm.org> | no | 2022-03-24 | ||
| 0003-libarchive-Handle-a-calloc-returning-NULL-fixes-1754.patch | libarchive: Handle a `calloc` returning NULL (fixes #1754) | obiwac <obiwac@gmail.com> | no | 2022-07-22 | ||
| 0004-rar4-reader-protect-copy_from_lzss_window-2172.patch | rar4 reader: protect copy_from_lzss_window() (#2172) copy_from_lzss_window unnecessarily took an `int` parameter where both of its callers were holding a `size_t`. A lzss opcode chain could be constructed that resulted in a negative copy length, which when passed into memcpy would result in a very, very large positive number. Switching copy_from_lzss_window to take a `size_t` allows it to properly bounds-check length. In addition, this patch also ensures that `length` is not itself larger than the destination buffer. |
"Dustin L. Howett" <dustin@howett.net> | no | 2024-05-09 |