Libarchive 3.2.0 released
393 views
Skip to first unread message
Tim Kientzle
May 1, 2016, 1:08:06 PM5/1/16
to libarchiv...@googlegroups.com
Libarchive 3.2.0 is a feature, bug fix, and security release.
This includes nearly 3 years of accumulated changes since the release of libarchive 3.1.2, including the following:
Security Fixes
CVE-2016-1541, aka TALOS-CAN-155: Libarchive 3.1.2 and early mishandle the "compressed" and "uncompressed" sizes in certain Zip archive entries in a way that would allow someone to overwrite parts of the heap in a controlled fashion.
Features
* bsdcat: New command-line program automatically detects and decompresses a variety of files
* LZ4 compression
* Warc format support
* 'Raw' format writer
* Zip: Support archives >4GB, entries >4GB
* Zip: Support encrypting and decrypting entries
* Zip: Support experimental streaming extension
* Identify encrypted entries in several formats
* Libarchive now builds on AIX
* Libarchive now builds for Android
* New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files
* New --ignore-zeros option to bsdtar to handle concatenated tar archives
* Use multi-threaded LZMA decompression if liblzma supports it
* Expose version info for libraries used by libarchive
Notable Bug Fixes
* Many crash bugs fixed
* Many test bugs fixed
* Fixes to several formats to correctly handle empty filenames
* Limit recursion when selecting decompression; don't crash on quines
* Improved handling of sparse files, including files that consist of only a single large hole
* Improved test for extraction through symlinks
* Remove some properties from "restricted pax" that prevent using libarchive to build bit-for-bit identical results.
* Reduce memory usage when reading corrupted RAR archives
* Warn if hardlink extraction fails due to a missing target
* Limit recursion when assembling directories from ISO images
This includes nearly 3 years of accumulated changes since the release of libarchive 3.1.2, including the following:
Security Fixes
CVE-2016-1541, aka TALOS-CAN-155: Libarchive 3.1.2 and early mishandle the "compressed" and "uncompressed" sizes in certain Zip archive entries in a way that would allow someone to overwrite parts of the heap in a controlled fashion.
Features
* bsdcat: New command-line program automatically detects and decompresses a variety of files
* LZ4 compression
* Warc format support
* 'Raw' format writer
* Zip: Support archives >4GB, entries >4GB
* Zip: Support encrypting and decrypting entries
* Zip: Support experimental streaming extension
* Identify encrypted entries in several formats
* Libarchive now builds on AIX
* Libarchive now builds for Android
* New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files
* New --ignore-zeros option to bsdtar to handle concatenated tar archives
* Use multi-threaded LZMA decompression if liblzma supports it
* Expose version info for libraries used by libarchive
Notable Bug Fixes
* Many crash bugs fixed
* Many test bugs fixed
* Fixes to several formats to correctly handle empty filenames
* Limit recursion when selecting decompression; don't crash on quines
* Improved handling of sparse files, including files that consist of only a single large hole
* Improved test for extraction through symlinks
* Remove some properties from "restricted pax" that prevent using libarchive to build bit-for-bit identical results.
* Reduce memory usage when reading corrupted RAR archives
* Warn if hardlink extraction fails due to a missing target
* Limit recursion when assembling directories from ISO images
Tim Kientzle
May 1, 2016, 2:33:59 PM5/1/16
to libarchiv...@googlegroups.com
Revised: I omitted the download link in the initial announcement email.
Libarchive 3.2.0 is a feature, bug fix, and security release.
The source can be downloaded from libarchive.org:
http://libarchive.org/downloads/libarchive-3.2.0.tar.gz
--
You received this message because you are subscribed to the Google Groups "libarchive-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libarchive-anno...@googlegroups.com.
To post to this group, send email to libarchiv...@googlegroups.com.
Visit this group at https://groups.google.com/group/libarchive-announce.
For more options, visit https://groups.google.com/d/optout.
Libarchive 3.2.0 is a feature, bug fix, and security release.
http://libarchive.org/downloads/libarchive-3.2.0.tar.gz
You received this message because you are subscribed to the Google Groups "libarchive-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libarchive-anno...@googlegroups.com.
To post to this group, send email to libarchiv...@googlegroups.com.
Visit this group at https://groups.google.com/group/libarchive-announce.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages