]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit - lib/libz/doc/rfc1951.txt
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 9b61efc 282f8bd)
MFV r305816:
authorMartin Matuska <mm@FreeBSD.org>
Wed, 14 Sep 2016 21:15:01 +0000 (21:15 +0000)
committerMartin Matuska <mm@FreeBSD.org>
Wed, 14 Sep 2016 21:15:01 +0000 (21:15 +0000)
commit24113d8c17fb6debc05f1a1ea86e9e6e516cec0a
tree456af0abb0fd50b902f66718ad7a1307ae311395tree | snapshot
parent9b61efccf76d604b960bd21d99b3816dc9a10952commit | diff
parent282f8bd6960fef410b548a8bec8f3f3ddfb3498ccommit | diff
MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
contrib/libarchive/libarchive/archive_platform.h diff1 | diff2 | blob | history
contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/archive_read_disk_posix.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/archive_read_support_format_tar.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/archive_write_disk_acl.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/archive_write_disk_posix.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/test/test_write_disk_secure745.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/test/test_write_disk_secure746.c diff1 | diff2 | blob | history
contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c diff1 | diff2 | blob | history
lib/libarchive/tests/Makefile diff1 | | blob | history
Unnamed repository; edit this file 'description' to name the repository.