From owner-svn-src-all@freebsd.org Mon May 16 05:01:46 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19200B3C973; Mon, 16 May 2016 05:01:46 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF91F1395; Mon, 16 May 2016 05:01:45 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4G51jD6034700; Mon, 16 May 2016 05:01:45 GMT (envelope-from mm@FreeBSD.org) Received: (from mm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4G51ip1034695; Mon, 16 May 2016 05:01:44 GMT (envelope-from mm@FreeBSD.org) Message-Id: <201605160501.u4G51ip1034695@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mm set sender to mm@FreeBSD.org using -f From: Martin Matuska Date: Mon, 16 May 2016 05:01:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299896 - in head/contrib/libarchive: cpio libarchive X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2016 05:01:46 -0000 Author: mm Date: Mon May 16 05:01:44 2016 New Revision: 299896 URL: https://svnweb.freebsd.org/changeset/base/299896 Log: Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code. > Description of fields to fill in above: 76 columns --| > PR: If and which Problem Report is related. > Submitted by: If someone else sent in the change. > Reported by: If someone else reported the issue. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > MFH: Ports tree branch name. Request approval for merge. > Relnotes: Set to 'yes' for mention in release notes. > Security: Vulnerability reference (one per line) or description. > Sponsored by: If the change was sponsored by an organization. > Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed). > Empty fields above will be automatically removed. _M libarchive _M libarchive/cpio M libarchive/cpio/bsdcpio.1 M libarchive/cpio/cpio.c _M libarchive/libarchive M libarchive/libarchive/archive_read_support_format_cpio.c Modified: head/contrib/libarchive/cpio/bsdcpio.1 head/contrib/libarchive/cpio/cpio.c head/contrib/libarchive/libarchive/archive_read_support_format_cpio.c Directory Properties: head/contrib/libarchive/ (props changed) head/contrib/libarchive/cpio/ (props changed) head/contrib/libarchive/libarchive/ (props changed) Modified: head/contrib/libarchive/cpio/bsdcpio.1 ============================================================================== --- head/contrib/libarchive/cpio/bsdcpio.1 Mon May 16 04:47:32 2016 (r299895) +++ head/contrib/libarchive/cpio/bsdcpio.1 Mon May 16 05:01:44 2016 (r299896) @@ -156,7 +156,8 @@ See above for description. .It Fl Fl insecure (i and p mode only) Disable security checks during extraction or copying. -This allows extraction via symbolic links and path names containing +This allows extraction via symbolic links, absolute paths, +and path names containing .Sq .. in the name. .It Fl J , Fl Fl xz Modified: head/contrib/libarchive/cpio/cpio.c ============================================================================== --- head/contrib/libarchive/cpio/cpio.c Mon May 16 04:47:32 2016 (r299895) +++ head/contrib/libarchive/cpio/cpio.c Mon May 16 05:01:44 2016 (r299896) @@ -171,6 +171,7 @@ main(int argc, char *argv[]) cpio->extract_flags |= ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER; cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS; cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; cpio->extract_flags |= ARCHIVE_EXTRACT_PERM; cpio->extract_flags |= ARCHIVE_EXTRACT_FFLAGS; cpio->extract_flags |= ARCHIVE_EXTRACT_ACL; @@ -256,6 +257,7 @@ main(int argc, char *argv[]) case OPTION_INSECURE: cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_SYMLINKS; cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; break; case 'L': /* GNU cpio */ cpio->option_follow_links = 1; @@ -293,6 +295,7 @@ main(int argc, char *argv[]) "Cannot use both -p and -%c", cpio->mode); cpio->mode = opt; cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT; + cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; break; case OPTION_PASSPHRASE: cpio->passphrase = cpio->argument; Modified: head/contrib/libarchive/libarchive/archive_read_support_format_cpio.c ============================================================================== --- head/contrib/libarchive/libarchive/archive_read_support_format_cpio.c Mon May 16 04:47:32 2016 (r299895) +++ head/contrib/libarchive/libarchive/archive_read_support_format_cpio.c Mon May 16 05:01:44 2016 (r299896) @@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(str /* If this is a symlink, read the link contents. */ if (archive_entry_filetype(entry) == AE_IFLNK) { + if (cpio->entry_bytes_remaining > 1024 * 1024) { + archive_set_error(&a->archive, ENOMEM, + "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte"); + return (ARCHIVE_FATAL); + } h = __archive_read_ahead(a, (size_t)cpio->entry_bytes_remaining, NULL); if (h == NULL)