Date: Mon, 20 Jun 2016 23:55:33 +0000 (UTC) From: Martin Matuska <mm@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r302037 - in vendor/libarchive/dist: . build libarchive libarchive/test Message-ID: <201606202355.u5KNtXAj071708@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mm Date: Mon Jun 20 23:55:33 2016 New Revision: 302037 URL: https://svnweb.freebsd.org/changeset/base/302037 Log: Update vendor/libarchive to git 139d0576b51a253732a5ab1f66805dffbf8b00af tag v3.2.1 Fixed vendor issues: Issue 521: Properly check reading from lzss decompression buffer Issue 717: Fix integer overflow when computing location of volume descriptor Issue 718: Security fix TALOS-CAN-152 Issue 719: Security fix TALOS-CAN-154 Security: TALOS-CAN-152, TALOS-CAN-154 Modified: vendor/libarchive/dist/Makefile.am vendor/libarchive/dist/NEWS vendor/libarchive/dist/build/version vendor/libarchive/dist/configure.ac vendor/libarchive/dist/libarchive/archive.h vendor/libarchive/dist/libarchive/archive_entry.h vendor/libarchive/dist/libarchive/archive_ppmd7.c vendor/libarchive/dist/libarchive/archive_read_support_format_7zip.c vendor/libarchive/dist/libarchive/archive_read_support_format_iso9660.c vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c vendor/libarchive/dist/libarchive/test/CMakeLists.txt vendor/libarchive/dist/libarchive/test/test_write_format_gnutar_filenames.c Modified: vendor/libarchive/dist/Makefile.am ============================================================================== --- vendor/libarchive/dist/Makefile.am Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/Makefile.am Mon Jun 20 23:55:33 2016 (r302037) @@ -454,6 +454,7 @@ libarchive_test_SOURCES= \ libarchive/test/test_read_format_rar_encryption_data.c \ libarchive/test/test_read_format_rar_encryption_partially.c \ libarchive/test/test_read_format_rar_encryption_header.c \ + libarchive/test/test_read_format_rar_invalid1.c \ libarchive/test/test_read_format_raw.c \ libarchive/test/test_read_format_tar.c \ libarchive/test/test_read_format_tar_concatenated.c \ @@ -747,6 +748,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_rar_encryption_data.rar.uu \ libarchive/test/test_read_format_rar_encryption_header.rar.uu \ libarchive/test/test_read_format_rar_encryption_partially.rar.uu \ + libarchive/test/test_read_format_rar_invalid1.rar.uu \ libarchive/test/test_read_format_rar_multi_lzss_blocks.rar.uu \ libarchive/test/test_read_format_rar_multivolume.part0001.rar.uu \ libarchive/test/test_read_format_rar_multivolume.part0002.rar.uu \ Modified: vendor/libarchive/dist/NEWS ============================================================================== --- vendor/libarchive/dist/NEWS Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/NEWS Mon Jun 20 23:55:33 2016 (r302037) @@ -1,3 +1,8 @@ +Jun 20, 2016: libarchive 3.2.1 released + This fixes a handful of security and other critical issues with 3.2.0 + +May 01, 2016: libarchive 3.2.0 released + Apr 09, 2016: libarchive 3.1.901a released Another test release in preparation for 3.2.0 Modified: vendor/libarchive/dist/build/version ============================================================================== --- vendor/libarchive/dist/build/version Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/build/version Mon Jun 20 23:55:33 2016 (r302037) @@ -1 +1 @@ -3002000 +3002001 Modified: vendor/libarchive/dist/configure.ac ============================================================================== --- vendor/libarchive/dist/configure.ac Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/configure.ac Mon Jun 20 23:55:33 2016 (r302037) @@ -4,8 +4,8 @@ dnl First, define all of the version num dnl In particular, this allows the version macro to be used in AC_INIT dnl These first two version numbers are updated automatically on each release. -m4_define([LIBARCHIVE_VERSION_S],[3.2.0]) -m4_define([LIBARCHIVE_VERSION_N],[3002000]) +m4_define([LIBARCHIVE_VERSION_S],[3.2.1]) +m4_define([LIBARCHIVE_VERSION_N],[3002001]) dnl bsdtar and bsdcpio versioning tracks libarchive m4_define([BSDTAR_VERSION_S],LIBARCHIVE_VERSION_S()) Modified: vendor/libarchive/dist/libarchive/archive.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive.h Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive.h Mon Jun 20 23:55:33 2016 (r302037) @@ -36,7 +36,7 @@ * assert that ARCHIVE_VERSION_NUMBER >= 2012108. */ /* Note: Compiler will complain if this does not match archive_entry.h! */ -#define ARCHIVE_VERSION_NUMBER 3002000 +#define ARCHIVE_VERSION_NUMBER 3002001 #include <sys/stat.h> #include <stddef.h> /* for wchar_t */ @@ -155,7 +155,7 @@ __LA_DECL int archive_version_number(vo /* * Textual name/version of the library, useful for version displays. */ -#define ARCHIVE_VERSION_ONLY_STRING "3.2.0" +#define ARCHIVE_VERSION_ONLY_STRING "3.2.1" #define ARCHIVE_VERSION_STRING "libarchive " ARCHIVE_VERSION_ONLY_STRING __LA_DECL const char * archive_version_string(void); Modified: vendor/libarchive/dist/libarchive/archive_entry.h ============================================================================== --- vendor/libarchive/dist/libarchive/archive_entry.h Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive_entry.h Mon Jun 20 23:55:33 2016 (r302037) @@ -29,7 +29,7 @@ #define ARCHIVE_ENTRY_H_INCLUDED /* Note: Compiler will complain if this does not match archive.h! */ -#define ARCHIVE_VERSION_NUMBER 3002000 +#define ARCHIVE_VERSION_NUMBER 3002001 /* * Note: archive_entry.h is for use outside of libarchive; the Modified: vendor/libarchive/dist/libarchive/archive_ppmd7.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_ppmd7.c Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive_ppmd7.c Mon Jun 20 23:55:33 2016 (r302037) @@ -126,6 +126,11 @@ static Bool Ppmd7_Alloc(CPpmd7 *p, UInt3 { if (p->Base == 0 || p->Size != size) { + /* RestartModel() below assumes that p->Size >= UNIT_SIZE + (see the calculation of m->MinContext). */ + if (size < UNIT_SIZE) { + return False; + } Ppmd7_Free(p, alloc); p->AlignOffset = #ifdef PPMD_32BIT Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_7zip.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_support_format_7zip.c Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive_read_support_format_7zip.c Mon Jun 20 23:55:33 2016 (r302037) @@ -2153,6 +2153,9 @@ read_SubStreamsInfo(struct archive_read return (-1); if (UMAX_ENTRY < f[i].numUnpackStreams) return (-1); + if (unpack_streams > SIZE_MAX - UMAX_ENTRY) { + return (-1); + } unpack_streams += (size_t)f[i].numUnpackStreams; } if ((p = header_bytes(a, 1)) == NULL) Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_iso9660.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_support_format_iso9660.c Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive_read_support_format_iso9660.c Mon Jun 20 23:55:33 2016 (r302037) @@ -1091,7 +1091,7 @@ choose_volume(struct archive_read *a, st /* This condition is unlikely; by way of caution. */ vd = &(iso9660->joliet); - skipsize = LOGICAL_BLOCK_SIZE * vd->location; + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; skipsize = __archive_read_consume(a, skipsize); if (skipsize < 0) return ((int)skipsize); @@ -1129,7 +1129,7 @@ choose_volume(struct archive_read *a, st && iso9660->seenJoliet) { /* Switch reading data from primary to joliet. */ vd = &(iso9660->joliet); - skipsize = LOGICAL_BLOCK_SIZE * vd->location; + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; skipsize -= iso9660->current_position; skipsize = __archive_read_consume(a, skipsize); if (skipsize < 0) Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c Mon Jun 20 23:55:33 2016 (r302037) @@ -2127,6 +2127,12 @@ parse_codes(struct archive_read *a) rar->range_dec.Stream = &rar->bytein; __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context); + if (rar->dictionary_size == 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid zero dictionary size"); + return (ARCHIVE_FATAL); + } + if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context, rar->dictionary_size, &g_szalloc)) { @@ -2884,11 +2890,10 @@ copy_from_lzss_window(struct archive_rea } windowoffs = lzss_offset_for_position(&rar->lzss, startpos); - if(windowoffs + length <= lzss_size(&rar->lzss)) + if(windowoffs + length <= lzss_size(&rar->lzss)) { memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], length); - else - { + } else if (length <= lzss_size(&rar->lzss)) { firstpart = lzss_size(&rar->lzss) - windowoffs; if (firstpart < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, @@ -2900,9 +2905,14 @@ copy_from_lzss_window(struct archive_rea &rar->lzss.window[windowoffs], firstpart); memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], &rar->lzss.window[0], length - firstpart); - } else + } else { memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], length); + } + } else { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Bad RAR file data"); + return (ARCHIVE_FATAL); } rar->unp_offset += length; if (rar->unp_offset >= rar->unp_buffer_size) Modified: vendor/libarchive/dist/libarchive/test/CMakeLists.txt ============================================================================== --- vendor/libarchive/dist/libarchive/test/CMakeLists.txt Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/test/CMakeLists.txt Mon Jun 20 23:55:33 2016 (r302037) @@ -143,6 +143,7 @@ IF(ENABLE_TEST) test_read_format_rar_encryption_data.c test_read_format_rar_encryption_header.c test_read_format_rar_encryption_partially.c + test_read_format_rar_invalid1.c test_read_format_raw.c test_read_format_tar.c test_read_format_tar_concatenated.c Modified: vendor/libarchive/dist/libarchive/test/test_write_format_gnutar_filenames.c ============================================================================== --- vendor/libarchive/dist/libarchive/test/test_write_format_gnutar_filenames.c Mon Jun 20 23:17:00 2016 (r302036) +++ vendor/libarchive/dist/libarchive/test/test_write_format_gnutar_filenames.c Mon Jun 20 23:55:33 2016 (r302037) @@ -33,7 +33,7 @@ __FBSDID("$FreeBSD$"); * reads back to verify it. */ -static char filename[1024]; +static char filename[2048]; DEFINE_TEST(test_write_format_gnutar_filenames) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606202355.u5KNtXAj071708>