From owner-svn-src-head@freebsd.org Mon Jun 17 13:36:12 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7299615BA442; Mon, 17 Jun 2019 13:36:12 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (mail.vx.sk [IPv6:2a01:4f8:191:9029::4]) by mx1.freebsd.org (Postfix) with ESMTP id 055D369B46; Mon, 17 Jun 2019 13:36:12 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (localhost [127.0.0.1]) by mail.vx.sk (Postfix) with ESMTP id 99F2E1944CC; Mon, 17 Jun 2019 15:36:09 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk by mail.vx.sk (amavisd-new, unix socket) with LMTP id 0YPStIJ127tR; Mon, 17 Jun 2019 15:36:09 +0200 (CEST) Received: from [10.10.77.184] (unknown [145.243.199.37]) by mail.vx.sk (Postfix) with ESMTPSA id 5A76F1944C8; Mon, 17 Jun 2019 15:36:09 +0200 (CEST) Subject: Re: svn commit: r349135 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests To: Cy Schubert Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201906171217.x5HCH3ik057008@slippy.cwsent.com> From: Martin Matuska Message-ID: Date: Mon, 17 Jun 2019 15:36:08 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: <201906171217.x5HCH3ik057008@slippy.cwsent.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 055D369B46 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.982,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2019 13:36:12 -0000 Due to lack of resources we (libarchive) are currently not publishing CVE information. Most of our security fixes are patches for issues discovered by Google's OSS-Fuzz project. These issues are made public 30 days after they have been detected as fixed or 90 days after being discovered. I can provide links to published issues at OSS-Fuzz. Am 17.06.19 um 14:17 schrieb Cy Schubert: > In message <201906171146.x5HBkbCC019178@repo.freebsd.org>, Martin > Matuska write > s: >> Author: mm >> Date: Mon Jun 17 11:46:37 2019 >> New Revision: 349135 >> URL: https://svnweb.freebsd.org/changeset/base/349135 >> >> Log: >> MFV r349134: >> Sync libarchive with vendor. >> >> Relevant vendor changes: >> PR #1212: RAR5 reader - window_mask was not updated correctly >> (OSS-Fuzz 15278) >> OSS-Fuzz 15120: RAR reader - extend use after free bugfix > Did our upline document a CVE for this? > >> >> MFC after: 1 week (together with r348993) >> >> Added: >> head/contrib/libarchive/libarchive/test/test_read_format_rar5_different_win >> dow_size.rar.uu >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/ >> test_read_format_rar5_different_window_size.rar.uu >> head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_after >> _free2.rar.uu >> - copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/ >> test_read_format_rar_ppmd_use_after_free2.rar.uu >> Modified: >> head/contrib/libarchive/libarchive/archive_read_support_format_rar.c >> head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c >> head/contrib/libarchive/libarchive/test/test_read_format_rar.c >> head/contrib/libarchive/libarchive/test/test_read_format_rar5.c >> head/lib/libarchive/tests/Makefile >> Directory Properties: >> head/contrib/libarchive/ (props changed) >> > [...] > >