Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive

George L. Yermulnik

unread,

Oct 10, 2016, 5:22:08 PM10/10/16

to freebsd-...@freebsd.org

Hello!

On Mon, 10 Oct 2016 at 07:52:02 (+0000), FreeBSD Security Advisories wrote:

> 2) To update your vulnerable system via a source code patch:

> The following patches have been verified to apply to the applicable
> FreeBSD release branches.

> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.

> # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
> # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc
> # gpg --verify libarchive.patch.asc

#> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found

--
George L. Yermulnik
[YZ-RIPE]
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"

Gleb Smirnoff

unread,

Oct 10, 2016, 5:24:15 PM10/10/16

to George L. Yermulnik, freebsd-...@freebsd.org

George,

On Mon, Oct 10, 2016 at 11:44:56PM +0300, George L. Yermulnik wrote:
G> > 2) To update your vulnerable system via a source code patch:
G>
G> > The following patches have been verified to apply to the applicable
G> > FreeBSD release branches.
G>
G> > a) Download the relevant patch from the location below, and verify the
G> > detached PGP signature using your PGP utility.
G>
G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc
G> > # gpg --verify libarchive.patch.asc
G>
G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found

Should be either of this:

https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch
https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch
https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch

--
Totus tuus, Glebius.

George L. Yermulnik

unread,

Oct 10, 2016, 5:51:02 PM10/10/16

to Gleb Smirnoff, freebsd-...@freebsd.org

Hello!

On Mon, 10 Oct 2016 at 14:23:42 (-0700), Gleb Smirnoff wrote:

> G> > a) Download the relevant patch from the location below, and verify the
> G> > detached PGP signature using your PGP utility.
> G>
> G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
> G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc
> G> > # gpg --verify libarchive.patch.asc
> G>
> G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
> G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found

> Should be either of this:

> https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch
> https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch
> https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch

Thanx. I found that already, but Security Advisory is incorrect and that's the point.
Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections,
so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository
to be able to rebuild world.

--
George L. Yermulnik
[YZ-RIPE]

George L. Yermulnik

unread,

Oct 10, 2016, 6:06:04 PM10/10/16

to Gleb Smirnoff, freebsd-...@freebsd.org

Hello!

On Tue, 11 Oct 2016 at 00:37:43 (+0300), George L. Yermulnik wrote:

> > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch
> > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch
> > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch

> Thanx. I found that already, but Security Advisory is incorrect and that's the point.
> Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections,
> so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository
> to be able to rebuild world.

Though I'm not able:
[--- cut ---]
--- archive_read_disk_posix.So ---
cc -fpic -DPIC -DHAVE_ICONV=1 -DHAVE_ICONV_H=1 -DICONV_CONST= -O2 -pipe -DHAVE_BZLIB_H=1 -DHAVE_L
IBLZMA=1 -DHAVE_LZMA_H=1 -DPLATFORM_CONFIG_H=\"/usr/src/lib/libarchive/config_freebsd.h\" -I/usr/obj
/usr/src/lib/libarchive -DWITH_OPENSSL -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-hea
ders -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes
-Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wch
ar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wmissing-variable-
declarations -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -c /
usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c -o archive_read
_disk_posix.So
/usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c:1577:37: error
: incompatible pointer types passing 'struct vfsconf *' to parameter of type 'struct xvfsconf *' [-W
error,-Wincompatible-pointer-types]
r = getvfsbyname(sfs.f_fstypename, &vfc);
^~~~
/usr/obj/usr/src/tmp/usr/include/sys/mount.h:947:49: note: passing argument to parameter here
int getvfsbyname(const char *, struct xvfsconf *);
^
1 error generated.
*** [archive_read_disk_posix.So] Error code 1
[--- cut ---]

FreeBSD 10.3-STABLE i386

Gleb Smirnoff

unread,

Oct 10, 2016, 7:30:31 PM10/10/16

to George L. Yermulnik, freebsd-...@freebsd.org

On Tue, Oct 11, 2016 at 12:46:25AM +0300, George L. Yermulnik wrote:
G> Hello!
G>
G> On Tue, 11 Oct 2016 at 00:37:43 (+0300), George L. Yermulnik wrote:
G>
G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch
G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch
G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch
G>
G> > Thanx. I found that already, but Security Advisory is incorrect and that's the point.
G> > Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections,
G> > so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository
G> > to be able to rebuild world.
G>
G> Though I'm not able:
G> [--- cut ---]
G> --- archive_read_disk_posix.So ---
G> cc -fpic -DPIC -DHAVE_ICONV=1 -DHAVE_ICONV_H=1 -DICONV_CONST= -O2 -pipe -DHAVE_BZLIB_H=1 -DHAVE_L
G> IBLZMA=1 -DHAVE_LZMA_H=1 -DPLATFORM_CONFIG_H=\"/usr/src/lib/libarchive/config_freebsd.h\" -I/usr/obj
G> /usr/src/lib/libarchive -DWITH_OPENSSL -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-hea
G> ders -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes
G> -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wch
G> ar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wmissing-variable-
G> declarations -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -c /
G> usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c -o archive_read
G> _disk_posix.So
G> /usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c:1577:37: error
G> : incompatible pointer types passing 'struct vfsconf *' to parameter of type 'struct xvfsconf *' [-W
G> error,-Wincompatible-pointer-types]
G> r = getvfsbyname(sfs.f_fstypename, &vfc);
G> ^~~~
G> /usr/obj/usr/src/tmp/usr/include/sys/mount.h:947:49: note: passing argument to parameter here
G> int getvfsbyname(const char *, struct xvfsconf *);
G> ^
G> 1 error generated.
G> *** [archive_read_disk_posix.So] Error code 1
G> [--- cut ---]
G>
G> FreeBSD 10.3-STABLE i386

If it is a 10.3-STABLE system, you should just 'svn up' and rebuild, because patch
is already included into the stable/10 branch.

The patches are for those who run releases.

--
Totus tuus, Glebius.