diff options
| author | mm <mm@FreeBSD.org> | 2017-01-02 01:41:31 +0000 |
|---|---|---|
| committer | mm <mm@FreeBSD.org> | 2017-01-02 01:41:31 +0000 |
| commit | 2be976c431c41e0320222e05d7250deb9000ea9c (patch) | |
| tree | 0fc32b7468bd2cd3eef79d161728a328a04e894f /contrib/libxo | |
| parent | 00aa695ecabfc4421b3d0e6aa35d222745e3d6d5 (diff) | |
| download | FreeBSD-src-2be976c431c41e0320222e05d7250deb9000ea9c.zip FreeBSD-src-2be976c431c41e0320222e05d7250deb9000ea9c.tar.gz | |
MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:
Sync libarchive with vendor.
Fixed vendor issues (relevant to FreeBSD)
#825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields
#830, #831, #833, #846: Spelling fixes
#850: Fix issues with reading certain jar files
Fixed issues found by Google OSS-Fuzz:
OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec()
OSS-Fuzz #16: Fix possible hang in uudecode_filter_read()
OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid()
OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename
larger than 1MB
OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free()
OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives
OSS-Fuzz #286: Bugfix in archive_strncat_l()
More information:
https://github.com/libarchive/libarchive/issues/[libarchive_issue_number]
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number]
Diffstat (limited to 'contrib/libxo')
0 files changed, 0 insertions, 0 deletions
