git: f10f65999fe5 - main - libarchive: merge security fix from vendor branch

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Martin Matuska <mm_at_FreeBSD.org>
Date: Thu, 07 Sep 2023 15:24:15 UTC

The branch main has been updated by mm:

URL: https://cgit.FreeBSD.org/src/commit/?id=f10f65999fe56e92f00b5bc5d27ac342cfea5364

commit f10f65999fe56e92f00b5bc5d27ac342cfea5364
Merge: 2afef29b2c0b a5913a473bb0
Author:     Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2023-09-07 15:18:12 +0000
Commit:     Martin Matuska <mm@FreeBSD.org>
CommitDate: 2023-09-07 15:22:34 +0000

    libarchive: merge security fix from vendor branch
    
    This commit fixes a couple of security vulnerabilities in the PAX writer:
    1. Heap overflow in url_encode() in archive_write_set_format_pax.c
    2. NULL dereference in archive_write_pax_header_xattrs()
    3. Another NULL dereference in archive_write_pax_header_xattrs()
    4. NULL dereference in archive_write_pax_header_xattr()
    
    Security:       No known reference yet
    Obtained from:  https://github.com/libarchive/libarchive/commit/1b4e0d0f9
    MFC after:      3 days

 .../libarchive/archive_write_set_format_pax.c      | 35 +++++++++++++++-------
 1 file changed, 25 insertions(+), 10 deletions(-)