gitweb.dragonflybsd.org Git - freebsd.git/commit

author	mm <mm@FreeBSD.org>
	Wed, 14 Sep 2016 21:15:01 +0000 (21:15 +0000)
committer	mm <mm@FreeBSD.org>
	Wed, 14 Sep 2016 21:15:01 +0000 (21:15 +0000)
commit	dfb2179f22587dff6eeae3ed56a8afc4a412b5ff
tree	456af0abb0fd50b902f66718ad7a1307ae311395	tree \| snapshot
parent	6b0578fd2763e7683a4ace0d591c945411a12274	commit \| diff

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

contrib/libarchive/libarchive/archive_platform.h		diff \| blob \| blame \| history
contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/archive_read_disk_posix.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/archive_read_support_format_tar.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/archive_write_disk_acl.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/archive_write_disk_posix.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/test/test_write_disk_secure745.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/test/test_write_disk_secure746.c		diff \| blob \| blame \| history
contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c		diff \| blob \| blame \| history
lib/libarchive/tests/Makefile		diff \| blob \| blame \| history

FreeBSD Project Source

RSS Atom