From owner-svn-src-all@freebsd.org  Thu Sep 29 11:23:17 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C8BEC02570
 for <svn-src-all@mailman.ysv.freebsd.org>;
 Thu, 29 Sep 2016 11:23:17 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com
 [IPv6:2a00:1450:400c:c09::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 32680DF9
 for <svn-src-all@freebsd.org>; Thu, 29 Sep 2016 11:23:17 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: by mail-wm0-x22b.google.com with SMTP id w72so5703134wmf.0
 for <svn-src-all@freebsd.org>; Thu, 29 Sep 2016 04:23:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=OwA3IYlraljbMdmIo/aV3Fr8EuBFee4M30sCAU8nz/8=;
 b=vM5PKkFwmyZfKppJU7j6HdnKvQYl1Sj+WaCdAFcSWZFAehZU67z4o7MUWoZ13Eozi5
 2XIUO1vM7hMceA+Mgeu6/HD1q6dp4wQJW/Qwq4BV+3MA7QUzTtH5QTBX1smWI8OZz/it
 d/HWkfDVQYFZm3v9vvsA+iCpTsGr7+0SdbOu/k82LVDc4mPzMlv32k09cAydqMMKmNXI
 TyDZq8EEwd5Eqp/sf8MNkFQD8e9ErviRSxGuZT80jRVzQgE1MJyJVXFlSQu5Fp0jHt6y
 lf1x9CwdSLdcyxTxHr90LFZGmtL8gdaacI/yEJk2h3HyzHENR1STiSvDYAO0pkGJKTcd
 mj1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=OwA3IYlraljbMdmIo/aV3Fr8EuBFee4M30sCAU8nz/8=;
 b=bTssnZKxV9oRekv08nv6/OOHwCbq+x2TZJdomu3/LXFycuZORfqn+eG6lLVTzzyeyv
 hxKC8IJDMbXLJMgU98+4MRusN5GC3yc0nL9dz73Dd4hZHneiGaJnJs7yDEyZlO73jeNX
 f5RBzxfhIq+CMzxWMiwAz15BE/rQfXyDHHf26bWVC7fjBwFE/Ic6Scn0CnQTA5PSPN0E
 S9ulIOP9KGPmRn1wbqly6RGuBiHsxrS+jylUSXeWB5nL/Udclj5IbSS8knR/9jGNrlAx
 XXpbehkGVJKlCJ6xEnAR/S4S5lYNoRymlKCaHPL7iOdcx6SLo/7udTp0m7Xai8aLcSaN
 uJMg==
X-Gm-Message-State: AA6/9Rl7F58jvfjevMpQbb3+eVjUbe6XLn84xEX2GST6e/m3gMVwujDrrHY2hfyiw/FK3TcFCAXzEerYeALKGy1U
X-Received: by 10.28.214.83 with SMTP id n80mr12280979wmg.121.1475148195606;
 Thu, 29 Sep 2016 04:23:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.139.208 with HTTP; Thu, 29 Sep 2016 04:23:15 -0700 (PDT)
In-Reply-To: <20160929083232.GB45358@mutt-hardenedbsd>
References: <201609142115.u8ELF1t1019804@repo.freebsd.org>
 <20160929083232.GB45358@mutt-hardenedbsd>
From: Oliver Pinter <oliver.pinter@hardenedbsd.org>
Date: Thu, 29 Sep 2016 13:23:15 +0200
Message-ID: <CAPQ4ffvkOp8ES39qhB3vjiBOvBh7+H5mcAT2Y1xaTSxE81-GYw@mail.gmail.com>
Subject: Re: svn commit: r305819 - in head: contrib/libarchive/libarchive
 contrib/libarchive/libarchive/test lib/libarchive/tests
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: Martin Matuska <mm@freebsd.org>,
 "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, 
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, 
 "src-committers@freebsd.org" <src-committers@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 11:23:17 -0000

On Thursday, September 29, 2016, Shawn Webb <shawn.webb@hardenedbsd.org>
wrote:

> On Wed, Sep 14, 2016 at 09:15:01PM +0000, Martin Matuska wrote:
> > Author: mm
> > Date: Wed Sep 14 21:15:01 2016
> > New Revision: 305819
> > URL: https://svnweb.freebsd.org/changeset/base/305819
> >
> > Log:
> >   MFV r305816:
> >   Sync libarchive with vendor including important security fixes.
> >
> >   Issues fixed (FreeBSD):
> >   PR #778: ACL error handling
> >   Issue #745: Symlink check prefix optimization is too aggressive
> >   Issue #746: Hard links with data can evade sandboxing restrictions
> >
> >   This update fixes the vulnerability #3 and vulnerability #4 as
> reported in
> >   "non-cryptanalytic attacks against FreeBSD update components".
> >   https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
> >
> >   Fix for vulnerability #2 has already been merged in r304989.
> >
> >   MFC after:  1 week
> >   Security: http://gist.github.com/anonymous/
> e48209b03f1dd9625a992717e7b89c4f
>
> Hey Martin,
>
> Any plans to release a security announcement?
>
>
I expect that at the same time, as 11.0-RELEASE is announced.  It would be
logical.


> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
>