Releases: libarchive/libarchive
Libarchive 3.7.4
Libarchive 3.7.4 is a bugfix and security release
Security fixes:
- rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
- zip: Fix out of boundary access (#2145)
Important bugfixes:
- 7zip: Limit amount of properties (#2131)
- bsdtar: Fix error handling around strtol() usages (#2110)
- passphrase: Improve newline handling on Windows (#2115)
- passphrase: Never allow empty passwords (#2116)
- rar: Fix "File CRC Error" when extracting specific rar4 archives (#2124)
- xar: Avoid infinite link loop (#2123)
- zip: Update AppleDouble support for directories (#2108)
- zstd: Implement core detection (#2083, #2071)
Thanks to all contributors and bug reporters!
Libarchive 3.7.3
Libarchive 3.7.3 is a feature, security and bugfix release.
New features:
- PCRE2 support (#2031)
- add trailing letter b to bsdtar(1) substitute pattern (#2012)
- add support for long options "--group" and "--owner" to tar(1) (#2054)
Security fixes:
Important bugfixes:
- ISO9660: preserve the natural order of links (#1974)
- rar5: fix decoding unicode filenames on Windows (#1978)
- rar5: fix infinite loop if during rar5 decompression the last block produced no data (#2105)
- xz filter: fix incorrect eof at the end of an lzip member (#2027)
- zip: fix end-of-data marker processing when decompressing zip archives (#2042)
- multiple bsdunzip(1) fixes (#2022, #2030)
- filetime truncation fix on Windows (#2050)
Thanks to all contributors and bug reporters.
Libarchive 3.7.2
Libarchive 3.7.2 is a security, bugfix and feature release.
Security fixes:
- Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0)
Important bugfixes:
- bsdunzip(1) now correctly handles arguments following an -x after the zipfile
New features:
Libarchive 3.7.1
Libarchive 3.7.1 is a security, feature and bugfix release.
Security fixes:
Feature updates:
- bsdunzip updated to match latest upstream code (#1926)
Important bugfixes:
- miscellaneous functional bugfixes (#1731, #1929, #1930)
- build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933 and others)
Thanks to all contributors and bug reporters.
Libarchive 3.7.0
Libarchive 3.7.0 is a feature and bugfix release.
New features:
- bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows - 7zip reader: support for Zstandard compression (#1894)
- 7zip reader: support for ARM64 filter (#1918)
- zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
- pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
- Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
- Windows: bcrypt usage fixes and improvements (#1881, #1887)
- Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Thanks to all contributors and bug reporters.
Libarchive 3.6.2
Libarchive 3.6.2 is a bugfix and security release.
Important security fixes:
- NULL pointer dereference vulnerability in archive_write.c (#1754, #1759, CVE-2022-36227)
Important bug fixes:
Libarchive 3.6.1
Libarchive 3.6.1 is a bugfix and security release.
Security fixes:
- 7zip reader: fix PPMD read beyond boundary (#1671)
- ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
- ISO reader: fix possible heap buffer overflow in
read_children()
(OSS-Fuzz 38764, #1685) - RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
- fix heap use after free in
archive_read_format_rar_read_data()
(OSS-Fuzz 44547, 52efa50) - fix null dereference in
read_data_compressed()
(OSS-Fuzz 44843, 1271f77) - fix heap user after free in
run_filters()
(OSS-Fuzz 46279, #1715)
- fix heap use after free in
Libarchive 3.6.0
Libarchive 3.6.0 is a feature and bugfix release.
New features:
- tar: new option "--no-read-sparse" (#1614)
- tar: threads support for zstd (#1567)
- RAR reader: filter support (#1503)
- RAR5 reader: self-extracting archive support (#1585)
- ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
- tar: respect "--ignore-zeros" in c, r and u modes (#1620)
- reduced size of application binaries (#1625)
- internal code optimizations
Thanks to all contributors and bug reporters.
Libarchive 3.5.3
Libarchive 3.5.3 is a security release
Security Fixes:
- extended fix for following symlinks when processing the fixup list (#1566, #1617, CVE-2021-31566)
- fix invalid memory access and out of bounds read in RAR5 reader (#1491, #1492, #1493, CVE-2021-36976)
Thanks to all contributors and bug reporters.
Libarchive 3.5.2
Libarchive 3.5.2 is a feature and security release.
New minor features:
- CPIO: Support for PWB and v7 binary cpio formats (#1502)
- ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)
Important security fixes:
- fix handling of symbolic link ACLs on Linux (#1565)
- never follow symlinks when setting file flags on Linux (e2ad1a2)
- do not follow symlinks when processing the fixup list (#1566)
Important bugfixes:
- fix extraction of hardlinks to symlinks (#1044)
- 7zip reader and writer fixes (#1480, #1532)
- RAR reader fixes (#1504, #1521)
- ZIP reader: fix excessive read for padded zip (#1514)
- CAB reader: fix double free (#1520)
- handle short writes from archive_write_callback (#1530)
Thanks to all contributors and bug reporters.