From owner-svn-src-all@freebsd.org  Mon Jun 17 14:17:16 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF94D15BB0F9;
 Mon, 17 Jun 2019 14:17:15 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 86C186B4CC;
 Mon, 17 Jun 2019 14:17:14 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id csRVhUVYIo7SQcsRXh9XGZ; Mon, 17 Jun 2019 08:17:07 -0600
X-Authority-Analysis: v=2.3 cv=Go88BX9C c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=kj9zAlcOel0A:10 a=dq6fvYVFJ5YA:10
 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=VxmjJ2MpAAAA:8 a=9tKOXVWixAHr62aoFLAA:9
 a=CjuIK1q_8ugA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22
 a=7gXAzLPJhVmCkEl4_tsf:22
Received: from slippy.cwsent.com (slippy8 [10.2.2.6])
 by spqr.komquats.com (Postfix) with ESMTPS id 6F3F41BC;
 Mon, 17 Jun 2019 07:17:05 -0700 (PDT)
Received: from slippy.cwsent.com (localhost [127.0.0.1])
 by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x5HEH5OZ071458;
 Mon, 17 Jun 2019 07:17:05 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Received: from slippy (cy@localhost)
 by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x5HEH4Z0071450;
 Mon, 17 Jun 2019 07:17:05 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Message-Id: <201906171417.x5HEH4Z0071450@slippy.cwsent.com>
X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Cy Schubert <Cy.Schubert@cschubert.com>
cc: Martin Matuska <mm@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject: Re: svn commit: r349135 - in head: contrib/libarchive/libarchive
 contrib/libarchive/libarchive/test lib/libarchive/tests
In-Reply-To: Message from Cy Schubert <Cy.Schubert@cschubert.com> of "Mon,
 17 Jun 2019 07:07:14 -0700." <201906171407.x5HE7EN5036160@slippy.cwsent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 17 Jun 2019 07:17:04 -0700
X-CMAE-Envelope: MS4wfATb25h87w2R2k8YkeyATZGLnQeP3JgpervTOUyCoBRbnBKYxwSOk9lMKsdgFK/MorZ3oXN37Xsn0vewD1cm5isZhePxhzCxDKKte/PEqLNmNFjKTU1I
 Ms1EGL9Qt2djgEWjy3TZUHuZsP1JLwsodGIvkyTTR+sdzlfPYisXTYS/MN7cUfNtqFqQ9PPMl5ubPug/oqYBHvb0fPWWgzG87N3GM27KUG4qSpV8u3B4MvWN
 4JrOLdi0SgzOiA+bSUvbnCWsI52VcQMZppS5ReJ0sOkXlB+xgN+BqglNqi5pUWxK
X-Rspamd-Queue-Id: 86C186B4CC
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-5.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_XAW(0.00)[];
 RCPT_COUNT_FIVE(0.00)[5];
 MX_GOOD(-0.01)[cached: spqr.komquats.com];
 NEURAL_HAM_SHORT(-0.92)[-0.920,0]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 RCVD_TLS_LAST(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 RCVD_COUNT_FIVE(0.00)[5];
 RCVD_IN_DNSWL_LOW(-0.10)[138.136.59.64.list.dnswl.org : 127.0.5.1];
 FROM_HAS_DN(0.00)[]; REPLYTO_EQ_FROM(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 IP_SCORE(-2.47)[ip: (-6.45), ipnet: 64.59.128.0/20(-3.27), asn: 6327(-2.53),
 country: CA(-0.09)]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 R_SPF_NA(0.00)[]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 14:17:16 -0000

Even this was inappropriate. My apologies.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.



In message <201906171407.x5HE7EN5036160@slippy.cwsent.com>, Cy Schubert 
writes:
> I could say something rhetorical and in bad taste here. This speaks for 
> itself.
>
>
> -- 
> Cheers,
> Cy Schubert <Cy.Schubert@cschubert.com>
> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
>
> 	The need of the many outweighs the greed of the few.
>
>
> In message <e29de4d9-5c15-778c-f953-2799e9ae9b14@FreeBSD.org>, Martin 
> Matuska w
> rites:
> > Due to lack of resources we (libarchive) are currently not publishing 
> > CVE information.
> > Most of our security fixes are patches for issues discovered by Google's 
> > OSS-Fuzz project.
> > These issues are made public 30 days after they have been detected as 
> > fixed or 90 days after being discovered.
> >
> > I can provide links to published issues at OSS-Fuzz.
> >
> > Am 17.06.19 um 14:17 schrieb Cy Schubert:
> > > In message <201906171146.x5HBkbCC019178@repo.freebsd.org>, Martin
> > > Matuska write
> > > s:
> > >> Author: mm
> > >> Date: Mon Jun 17 11:46:37 2019
> > >> New Revision: 349135
> > >> URL: https://svnweb.freebsd.org/changeset/base/349135
> > >>
> > >> Log:
> > >>    MFV r349134:
> > >>    Sync libarchive with vendor.
> > >>    
> > >>    Relevant vendor changes:
> > >>      PR #1212: RAR5 reader - window_mask was not updated correctly
> > >>                (OSS-Fuzz 15278)
> > >>      OSS-Fuzz 15120: RAR reader - extend use after free bugfix
> > > Did our upline document a CVE for this?
> > >
> > >>    
> > >>    MFC after:	1 week (together with r348993)
> > >>
> > >> Added:
> > >>    head/contrib/libarchive/libarchive/test/test_read_format_rar5_differe
> nt
> > _win
> > >> dow_size.rar.uu
> > >>       - copied unchanged from r349134, vendor/libarchive/dist/libarchive
> /t
> > est/
> > >> test_read_format_rar5_different_window_size.rar.uu
> > >>    head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use
> _a
> > fter
> > >> _free2.rar.uu
> > >>       - copied unchanged from r349134, vendor/libarchive/dist/libarchive
> /t
> > est/
> > >> test_read_format_rar_ppmd_use_after_free2.rar.uu
> > >> Modified:
> > >>    head/contrib/libarchive/libarchive/archive_read_support_format_rar.c
> > >>    head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
> > >>    head/contrib/libarchive/libarchive/test/test_read_format_rar.c
> > >>    head/contrib/libarchive/libarchive/test/test_read_format_rar5.c
> > >>    head/lib/libarchive/tests/Makefile
> > >> Directory Properties:
> > >>    head/contrib/libarchive/   (props changed)
> > >>
> > > [...]
> > >
> > >
>