Libarchive Versions Save

Multi-format archive and compression library

v3.7.3

1 month ago

Libarchive 3.7.3 is a feature, security and bugfix release.

New features:

  • PCRE2 support (#2031)
  • add trailing letter b to bsdtar(1) substitute pattern (#2012)
  • add support for long options "--group" and "--owner" to tar(1) (#2054)

Security fixes:

  • Fix possible vulnerability in tar error reporting introduced in f27c173 (#2101)

Important bugfixes:

  • ISO9660: preserve the natural order of links (#1974)
  • rar5: fix decoding unicode filenames on Windows (#1978)
  • rar5: fix infinite loop if during rar5 decompression the last block produced no data (#2105)
  • xz filter: fix incorrect eof at the end of an lzip member (#2027)
  • zip: fix end-of-data marker processing when decompressing zip archives (#2042)
  • multiple bsdunzip(1) fixes (#2022, #2030)
  • filetime truncation fix on Windows (#2050)

Thanks to all contributors and bug reporters.

v3.7.2

7 months ago

Libarchive 3.7.2 is a security, bugfix and feature release.

Security fixes:

  • Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8)

Important bugfixes:

  • bsdunzip(1) now correctly handles arguments following an -x after the zipfile

New features:

  • bsdunzip(1) now supports the "--version" flag
  • 7-zip reader now translates Windows permissions into UNIX permissions (#1943)
  • uudecode filter in raw mode now supports file name and file mode
  • zstd filter now supports the "long" write option (#1962)

v3.7.1

9 months ago

Libarchive 3.7.1 is a security, feature and bugfix release.

Security fixes:

  • SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)

Feature updates:

  • bsdunzip updated to match latest upstream code (#1926)

Important bugfixes:

  • miscellaneous functional bugfixes (#1731, #1929, #1930)
  • build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933 and others)

Thanks to all contributors and bug reporters.

v3.7.0

9 months ago

Libarchive 3.7.0 is a feature and bugfix release.

New features:

  • bsdunzip: new tool ported from FreeBSD (#1873) drop-in replacement for Info-ZIP unzip, not yet ported for Windows
  • 7zip reader: support for Zstandard compression (#1894)
  • 7zip reader: support for ARM64 filter (#1918)
  • zstd filter: support for multi-frame zstd archives (#1818)

Other notable bugfixes and improvements:

  • pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
  • Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
  • Windows: bcrypt usage fixes and improvements (#1881, #1887)
  • Windows: time function usage fixes and improvements (#1820, #1824, #1830)

Thanks to all contributors and bug reporters.

v3.6.2

1 year ago

Libarchive 3.6.2 is a bugfix and security release.

Important security fixes:

  • NULL pointer dereference vulnerability in archive_write.c (#1754, #1759, CVE-2022-36227)

Important bug fixes:

  • include ZSTD in Windows builds (#1688)
  • SSL fixes on Windows (#1714, #1723, #1724)
  • rar5 reader: fix possible garbled output with bsdtar -O (#1745)
  • mtree reader: support reading mtree files with tabs (#1783)
  • various small fixes for issues found by CodeQL

v3.6.1

2 years ago

Libarchive 3.6.1 is a bugfix and security release.

Security fixes:

  • 7zip reader: fix PPMD read beyond boundary (#1671)
  • ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
  • ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
  • RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
    • fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50c69653029687bfc545703b7340b7a51e2)
    • fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f775dc917798ad7d03c3b3bd66bacad03603)
    • fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)

v3.6.0

2 years ago

Libarchive 3.6.0 is a feature and bugfix release.

New features:

  • tar: new option "--no-read-sparse" (#1614)
  • tar: threads support for zstd (#1567)
  • RAR reader: filter support (#1503)
  • RAR5 reader: self-extracting archive support (#1585)
  • ZIP reader: zstd decompression support (#1518)

Other notable bugfixes and improvements:

  • tar: respect "--ignore-zeros" in c, r and u modes (#1620)
  • reduced size of application binaries (#1625)
  • internal code optimizations

Thanks to all contributors and bug reporters.

v3.5.1

2 years ago

Libarchive 3.5.1 is a bugfix release.

Bugfixes:

  • various compilation fixes (#1461, #1462, #1463, #1464)
  • fixed undefined behavior in a function in warc reader (#1465)
  • Windows binary uses xz 5.2.5

Thanks to all contributors and bug reporters.

v3.5.3

2 years ago

Libarchive 3.5.3 is a security release

Security Fixes:

  • extended fix for following symlinks when processing the fixup list (#1566, #1617, CVE-2021-31566)
  • fix invalid memory access and out of bounds read in RAR5 reader (#1491, #1492, #1493, CVE-2021-36976)

Thanks to all contributors and bug reporters.

v3.5.2

2 years ago

Libarchive 3.5.2 is a feature and security release.

New minor features:

  • CPIO: Support for PWB and v7 binary cpio formats (#1502)
  • ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)

Important security fixes:

  • fix handling of symbolic link ACLs on Linux (#1565)
  • never follow symlinks when setting file flags on Linux (e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b)
  • do not follow symlinks when processing the fixup list (#1566)

Important bugfixes:

  • fix extraction of hardlinks to symlinks (#1044)
  • 7zip reader and writer fixes (#1480, #1532)
  • RAR reader fixes (#1504, #1521)
  • ZIP reader: fix excessive read for padded zip (#1514)
  • CAB reader: fix double free (#1520)
  • handle short writes from archive_write_callback (#1530)

Thanks to all contributors and bug reporters.