From d7477941dbaca1a8f2916a367c2926e5fd74c7e6 Mon Sep 17 00:00:00 2001
From: mm <mm@FreeBSD.org>
Date: Sat, 11 Feb 2017 00:56:18 +0000
Subject: MFC r310866,310868,310870,311903,313074: Sync libarchive with vendor.

MFC r310866:
  PR #771: Add NFSv4 ACL support to pax and restricted pax

  NFSv4 ACL information may now be stored to and restored from tar archives.
  ACL must be non-trivial and supported by the underlying filesystem, e.g.
  natively by ZFS or by UFS with the NFSv4 ACL enable flag set.

MFC r310868:
  PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
  PR #851: Spelling fixes
  Fix two protoypes in manual page archive_read_disk.3

MFC r310870:
  Use __LA_DEPRECATED macro with functions deprecated in 379867e

MFC r311903:
  #691: Support for SCHILY.xattr extended attributes
  #854: Spelling fixes

  Multiple fixes in ACL code:
  - prefer acl_set_fd_np() to acl_set_fd()
  - if acl_set_fd_np() fails, do no fallback to acl_set_file()
  - do not warn if trying to write ACLs to a filesystem without ACL support
  - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs

MFC r313074:
  - support extracting NFSv4 ACLs from Solaris tar archives
  - bugfixes and optimizations in the ACL code
  - multiple fixes in the test suite
  - typo and other small bugfixes

  Security fixes:
  - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
  - LHA reader: heap-buffer-overflow in lha_read_file_header_1()
    (CVE-2017-5601)
  - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
    (OSS-Fuzz 453)
  - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
  - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

  Memory leak fixes:
  - ACL support: free memory allocated by acl_get_qualifier()
  - disk writer: missing free in create_filesystem_object()
  - file reader: fd leak (Coverity 1016755)
  - gnutar writer: fix free in archive_write_gnutar_header()
    (Coverity 101675)
  - iso 9660 reader: missing free in parse_file_info()
    (partial Coverity 1016754)
  - program reader: missing free in __archive_read_program()
  - program writer: missing free in __archive_write_program_free()
  - xar reader: missing free in xar_cleanup()
  - xar reader: missing frees in expat_xmlattr_setup()
    (Coverity 1229979-1229981)
  - xar writer: missing free in file_free()
  - zip reader: missing free in zip_read_local_file_header()

List of all libarchive issues at OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=libarchive

Security:	CVE-2017-5601
---
 ObsoleteFiles.inc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ObsoleteFiles.inc')

diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index 51b7ed2..cca3c71 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -38,6 +38,8 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20170211: libarchive ACL pax test renamed to test_acl_pax_posix1e.tar.uu
+OLD_FILES+=usr/tests/lib/libarchive/test_acl_pax.tar.uu
 # 20161229: Three files from gnop tests consolidated into one
 OLD_FILES+=usr/tests/sys/geom/class/nop/1_test
 OLD_FILES+=usr/tests/sys/geom/class/nop/2_test
-- 
cgit v1.1