From owner-svn-src-head@freebsd.org Thu Sep 29 08:32:36 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B83B1C02990 for ; Thu, 29 Sep 2016 08:32:36 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 707CFE88 for ; Thu, 29 Sep 2016 08:32:36 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-yw0-x22c.google.com with SMTP id i129so44396693ywb.0 for ; Thu, 29 Sep 2016 01:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=K2Wl3fYebj36dUrdyUcJntkdi+W153U9RjVDgIYqc7M=; b=yot3lDVIxXh61SZPEILcjhpxfmdGXtVMzoTuiD1Cwn4nSCufCkbu20onsde8Sw8lvB HX0MwjPN+gMciCyTVJKTuljptww1QAHcayFesJSsqyXLfU9rHE7FrR0pad4533aa2YxC k61cm3OlSi+ezhxDVm22k1ctm/Hl1+X0SSskwRdoi3mT6KQnN0MehuxiLKhQEnXTtzdA DShbDY+HJa/U3LJNo9vWZyFuR6ar2qahmCwD/mgAJgdL9p/SY6Z4lVKGHjKfZ2zuniJ2 NNzszTpFHetG1kCQAvy9KtGB7Ibg8kVRZWexRnGuIlJCklG2i9wmxMp9szFWrUOAAaKB qdbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=K2Wl3fYebj36dUrdyUcJntkdi+W153U9RjVDgIYqc7M=; b=dxv3gebFGt0D0I82a7OvIGvLRiMMxmLUDIsFTmP7z26iR5NAe8FBov8oRzzPBPs2/L HmUhw0rNR/FTY8m9H5lKgyvBBpHv8tGuACQvaKNDQFJN+b+xp+bn0TBrEulLZYdVw6Wf HTctDnj3pSJ3jXnLIxaPLlMh/fYgF9WjK7Iywvzzarb+ojXrK5FREMcziXOeACm99CLF kctMWHRewbNYKkIYfgyGW3FZ1wjrwGKJW1ot982ZBFbam7orDTdesATcFmZbopHbTvjl m3AmqqSK3Hq5VJ3fVWZqypPdVAHFyGLNLP/aTxwWR1COqWbwoZ/qOdDdOOaQd6IwKlpa utCQ== X-Gm-Message-State: AA6/9Rmb0mmaiPfaorUgT/qRzNGUYV0kWZpzcTRLZpU0C6b1kzpRwJYj3KQJSfiaJpvdKx30 X-Received: by 10.129.92.215 with SMTP id q206mr121948ywb.8.1475137955745; Thu, 29 Sep 2016 01:32:35 -0700 (PDT) Received: from mutt-hardenedbsd (pool-100-16-217-83.bltmmd.fios.verizon.net. [100.16.217.83]) by smtp.gmail.com with ESMTPSA id c16sm5181173ywb.5.2016.09.29.01.32.33 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 29 Sep 2016 01:32:34 -0700 (PDT) Date: Thu, 29 Sep 2016 04:32:32 -0400 From: Shawn Webb To: Martin Matuska Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests Message-ID: <20160929083232.GB45358@mutt-hardenedbsd> References: <201609142115.u8ELF1t1019804@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="yNb1oOkm5a9FJOVX" Content-Disposition: inline In-Reply-To: <201609142115.u8ELF1t1019804@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hardenedbsd 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 08:32:36 -0000 --yNb1oOkm5a9FJOVX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote: > Author: mm > Date: Wed Sep 14 21:15:01 2016 > New Revision: 305819 > URL: https://svnweb.freebsd.org/changeset/base/305819 >=20 > Log: > MFV r305816: > Sync libarchive with vendor including important security fixes. > =20 > Issues fixed (FreeBSD): > PR #778: ACL error handling > Issue #745: Symlink check prefix optimization is too aggressive > Issue #746: Hard links with data can evade sandboxing restrictions > =20 > This update fixes the vulnerability #3 and vulnerability #4 as reported= in > "non-cryptanalytic attacks against FreeBSD update components". > https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f > =20 > Fix for vulnerability #2 has already been merged in r304989. > =20 > MFC after: 1 week > Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8= 9c4f Hey Martin, Any plans to release a security announcement? Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --yNb1oOkm5a9FJOVX Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX7NGfAAoJEGqEZY9SRW7uvuAP/1JlVp6UoUVvPeU06HAxL9rp lLPj7jrPAzM7huGv9DIipzQYeZ9RXZFRdaIPfPQE5DHxUWUsDyBaKcHQExlNfqwC mS4K68mt3uRFKRFLAF5kSigqhEnU2M3ZJ1bUFEhs4RSGvZDsbx3swbFLecIBd37r CJsDmRykqJrbFYvXSJUHqx9F9suslvv3awgcO7t5bUGNk4dL6NUuqcWMR09Kq5di 4FjMNzhXdUh+3uohY0rW45qbGfDJXZWwkFZShTTZYUgT4LlMFms8MaakcEMUC0AD va4nTcrr0qWd+9bmlGHb7JXflevzHQQHV35aFEqrfG7fNeluZ5LUOh5RpzradXT8 t+kS9pD58DuHzjA30Fn8wqKw1/iJf3AKrVZ2VICe47vDGSpS+GZfjbuVPK8nhCEb d09/AI+DULC+aDtYLJ9oWajg+CO1lwlKUROw15tLIiVcTjRG8IA2fLWN3jm9imGW 9bKqXlIUKOmOtWGTxcGak/0NkGAH/XWVBMH0Zkz44L8qw7dVunyL6CdMV5LGGoOg dZXMiP7+9iqy3zm7XtHoJqvH0ie92HKrbGfguAcApZFofemR7P0oL9U00shMUEUk F71s15BepQvqUcSOtpxuY2iib4mQPhL79GAFdilQwiHg1fU5gLhZyILkPdSPxsnj /8I5Q5CKBGzRy+dQsxht =XJbn -----END PGP SIGNATURE----- --yNb1oOkm5a9FJOVX--