src/contrib/libarchive/libarchive_fe, branch main FreeBSD source tree libarchive: merge from vendor branch 2026-04-13T13:47:17+00:00 Martin Matuska mm@FreeBSD.org 2026-04-13T13:47:17+00:00 eb5165bb491138f60d9004bc4c781490016d9288 libarchive 3.8.7 Important bugfixes: #2871 libarchive: fix handling of option failures #2897 iso9660: fix undefined behavior #2898 RAR: fix LZSS window size mismatch after PPMd block #2900 CAB: fix NULL pointer dereference during skip #2911 libarchive: do not continue with truncated numbers #2919 CAB: Fix Heap OOB Write in CAB LZX decoder #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems #2939 cpio: Fix -R memory leak #2947 libarchive: lzop and grzip filter support Important bugfixes between 3.8.5 and 3.8.6: #2860 bsdunzip: fix ISO week year and Gregorian year confusion #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation #2875 7zip: fix out-of-bounds access on ELF 64-bit header #2877 RAR5 reader: fix infinite loop in rar5 decompression #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775) #2892 RAR5 reader: fix potential memory leak #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice #2895 CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab Obtained from: libarchive Vendor commit: ded82291ab41d5e355831b96b0e1ff49e24d8939 MFC after: 1 week 
libarchive 3.8.7

Important bugfixes:
 #2871 libarchive: fix handling of option failures
 #2897 iso9660: fix undefined behavior
 #2898 RAR: fix LZSS window size mismatch after PPMd block
 #2900 CAB: fix NULL pointer dereference during skip
 #2911 libarchive: do not continue with truncated numbers
 #2919 CAB: Fix Heap OOB Write in CAB LZX decoder
 #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
 #2939 cpio: Fix -R memory leak
 #2947 libarchive: lzop and grzip filter support

Important bugfixes between 3.8.5 and 3.8.6:
 #2860 bsdunzip: fix ISO week year and Gregorian year confusion
 #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
 #2875 7zip: fix out-of-bounds access on ELF 64-bit header
 #2877 RAR5 reader: fix infinite loop in rar5 decompression
 #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup
       (CWE-775)
 #2892 RAR5 reader: fix potential memory leak
 #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
       twice
 #2895 CAB reader: fix memory leak on repeated calls to
       archive_read_support_format_cab

Obtained from:	libarchive
Vendor commit:	ded82291ab41d5e355831b96b0e1ff49e24d8939
MFC after:	1 week
libarchive: merge from vendor branch 2026-01-05T20:16:19+00:00 Martin Matuska mm@FreeBSD.org 2026-01-05T20:14:54+00:00 4b047c3af3fec1607ba1cfe04e1d442a17fc1cf6 libarchive 3.8.5 Important bugfixes: #2809 bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix Obtained from: libarchive Vendor commit: dd897a78c662a2c7a003e7ec158cea7909557bee MFC after: 1 week 
libarchive 3.8.5

Important bugfixes:
 #2809 bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix

Obtained from:	libarchive
Vendor commit:  dd897a78c662a2c7a003e7ec158cea7909557bee
MFC after:	1 week
libarchive: merge from vendor branch 2025-10-21T15:52:44+00:00 Martin Matuska mm@FreeBSD.org 2025-10-21T14:10:15+00:00 401026e4825a05abba6f945cf1b74b3328876fa2 Update vendor/libarchive to 3.8.2 Important bugfixes: #2477 tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES #2659 lib: improve filter process handling #2664 zip writer: fix a memory leak if write callback error early #2665 lib: archive_read_data: handle sparse holes at end of file correctly #2668 7zip: Fix out of boundary access #2670 zip writer: fix writing with ZSTD compression #2672 lib: fix error checking in writing files #2678 zstd write filter: enable Zstandard's checksum feature #2679 lib: handle possible errors from system calls #2707 lib: avoid leaking file descriptors into subprocesses #2713 RAR5 reader: fix multiple issues in extra field parsing function #2716 RAR5 reader: early fail when file declares data for a dir entry #2717 bsdtar: Allow filename to have CRLF endings #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724) #2737 tar reader: fix an infinite loop when parsing V headers #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big enough Obtained from: libarchive Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83 Security: CVE-2025-25724 PR: 290303 (exp-run) MFC after: 1 week 
Update vendor/libarchive to 3.8.2

Important bugfixes:
 #2477 tar writer: fix replacing a regular file with a dir for
       ARCHIVE_EXTRACT_SAFE_WRITES
 #2659 lib: improve filter process handling
 #2664 zip writer: fix a memory leak if write callback error early
 #2665 lib: archive_read_data: handle sparse holes at end of file correctly
 #2668 7zip: Fix out of boundary access
 #2670 zip writer: fix writing with ZSTD compression
 #2672 lib: fix error checking in writing files
 #2678 zstd write filter: enable Zstandard's checksum feature
 #2679 lib: handle possible errors from system calls
 #2707 lib: avoid leaking file descriptors into subprocesses
 #2713 RAR5 reader: fix multiple issues in extra field parsing function
 #2716 RAR5 reader: early fail when file declares data for a dir entry
 #2717 bsdtar: Allow filename to have CRLF endings
 #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
 #2737 tar reader: fix an infinite loop when parsing V headers
 #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
       enough

Obtained from:	libarchive
Vendor commit:	7f53fce04e4e672230f4eb80b219af17975e4f83
Security:	CVE-2025-25724
PR:		290303 (exp-run)
MFC after:	1 week
libarchive: merge from vendor branch 2025-06-01T20:54:46+00:00 Martin Matuska mm@FreeBSD.org 2025-06-01T20:16:26+00:00 2e113ef82465598b8c26e0ca415fbe90677fbd47 libarchive 3.8.1 New features: #2088 7-zip reader: improve self-extracting archive detection #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support #2403 zip writer: added LZMA + RISCV BCJ filter #2601 bsdtar: support --mtime and --clamp-mtime #2602 libarchive: mbedtls 3.x compatibility Security fixes: #2422 tar reader: Handle truncation in the middle of a GNU long linkname CVE-2024-57970 #2532 tar reader: fix unchecked return value in list_item_verbose() CVE-2025-25724 #2532 unzip: fix null pointer dereference CVE-2025-1632 #2568 warc: prevent signed integer overflow #2584 rar: do not skip past EOF while reading #2588 tar: fix overflow in build_ustar_entry #2598 rar: fix double free with over 4 billion nodes #2599 rar: fix heap-buffer-overflow Important bugfixes: #2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings #2634 tar: Support negative time values with pax #2637 tar: Keep block alignment after pax error #2642 libarchive: fix FILE_skip regression #2643 tar: Handle extra bytes after sparse entries #2649 compress: Prevent call stack overflow #2651 iso9660: always check archive_string_ensure return value CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724 PR: 286944 (exp-run, 3.8.0) MFC after: 2 weeks 
libarchive 3.8.1

New features:
 #2088 7-zip reader: improve self-extracting archive detection
 #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
 #2403 zip writer: added LZMA + RISCV BCJ filter
 #2601 bsdtar: support --mtime and --clamp-mtime
 #2602 libarchive: mbedtls 3.x compatibility

Security fixes:
 #2422 tar reader: Handle truncation in the middle of a GNU long linkname
       CVE-2024-57970
 #2532 tar reader: fix unchecked return value in list_item_verbose()
       CVE-2025-25724
 #2532 unzip: fix null pointer dereference
       CVE-2025-1632
 #2568 warc: prevent signed integer overflow
 #2584 rar: do not skip past EOF while reading
 #2588 tar: fix overflow in build_ustar_entry
 #2598 rar: fix double free with over 4 billion nodes
 #2599 rar: fix heap-buffer-overflow

Important bugfixes:
 #2399 7-zip reader: add SPARC filter support for non-LZMA compressors
 #2405 tar reader: ignore ustar size when pax size is present
 #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
 #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
 #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
 #2539 libarchive: add missing seeker function to archive_read_open_FILE()
 #2544 gzip: allow setting the original filename for gzip compressed files
 #2564 libarchive: improve lseek handling
 #2582 rar: support large headers on 32 bit systems
 #2587 bsdtar: don't hardlink negative inode files together
 #2596 rar: support large headers on 32 bit systems
 #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
 #2634 tar: Support negative time values with pax
 #2637 tar: Keep block alignment after pax error
 #2642 libarchive: fix FILE_skip regression
 #2643 tar: Handle extra bytes after sparse entries
 #2649 compress: Prevent call stack overflow
 #2651 iso9660: always check archive_string_ensure return value

CVE:		CVE-2024-57970, CVE-2025-1632, CVE-2025-25724
PR:		286944 (exp-run, 3.8.0)
MFC after:	2 weeks
libarchive: merge from vendor branch 2024-04-29T08:17:53+00:00 Martin Matuska mm@FreeBSD.org 2024-04-29T08:15:04+00:00 13d826ff947d9026f98e317e7385b22abfc0eace Libarchive 3.7.4 + three fixes from master Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day 
Libarchive 3.7.4 + three fixes from master

Security fixes:
 #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 #2145 zip: Fix out of boundary access
 #2148 rar: Fix OOB in rar delta filter
 #2149 rar: Fix OOB in rar audio filter

Important bugfixes:
 #2131 7zip: Limit amount of properties
 #2110 bsdtar: Fix error handling around strtol() usages
 #2116 passphrase: Never allow empty passwords
 #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 #2123 xar: Avoid infinite link loop
 #2150 xar: Fix another infinite loop and expat error handling
 #2108 zip: Update AppleDouble support for directories
 #2071 zstd: Implement core detectiongit

PR:		278588 (exp-run)
MFC after:	1 day
libarchive: merge from vendor branch 2024-04-16T21:39:31+00:00 Martin Matuska mm@FreeBSD.org 2024-04-16T21:39:31+00:00 b9128a37faafede823eb456aa65a11ac69997284 Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week 
Libarchive 3.7.3

New features:
  #1941 uudecode filter: support file name and file mode in raw mode
  #1943 7-zip reader: translate Windows permissions into UNIX
        permissions
  #1962 zstd filter now supports the "long" write option
  #2012 add trailing letter b to bsdtar(1) substitute pattern
  #2031 PCRE2 support
  #2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
  #2101 Fix possible vulnerability in tar error reporting introduced
        in f27c173

Important bugfixes:
  #1974 ISO9660: preserve the natural order of links
  #2105 rar5: fix infinite loop if during rar5 decompression the last
        block produced no data
  #2027 xz filter: fix incorrect eof at the end of an lzip member
  #2043 zip: fix end-of-data marker processing when decompressing zip
        archives

PR:		278315 (exp-run)
MFC after:	1 week
libarchive: merge from vendor branch 2023-07-24T05:42:43+00:00 Martin Matuska mm@FreeBSD.org 2023-07-24T05:42:43+00:00 e64fe029e9d3ce476e77a478318e0c3cd201ff08 Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run) 
Libarchive 3.7.0

Important changes (relevant to FreeBSD):
  #1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
  #1818 Add ability to produce multi-frame zstd archives
  #1840 year 2038 fix for pax archives on platforms with 64-bit time_t
  #1860 Make single bit bitfields unsigned to avoid clang 16 warning
  #1869 Fix FreeBSD builds with WARNS=6
  #1873 bsdunzip ported to libarchive from FreeBSD
  #1894 read support for zstd compression in 7zip archives
  #1918 ARM64 filter support in 7zip archives

MFC after:	2 weeks
PR:		272567 (exp-run)
MFV r357783: 2020-02-12T00:16:56+00:00 Martin Matuska mm@FreeBSD.org 2020-02-12T00:16:56+00:00 f976241773df2260e6170317080761d1c5814fe5 Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week 
Update libarchive to 3.4.2

Relevant vendor changes:
  PR #1289: atomic extraction support (bsdtar -x --safe-writes)
  PR #1308: big endian fix for UTF16 support in LHA reader
  PR #1326: reject RAR5 files that declare invalid header flags
  Issue #987: fix support 7z archive entries with Delta filter
  Issue #1317: fix compression output buffer handling in XAR writer
  Issue #1319: fix uname or gname longer than 32 characters in pax writer
  Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
  Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With:	r356212,r356365,r356416
MFC after:	1 week
MFV r348971,r348977: 2019-06-12T13:34:12+00:00 Martin Matuska mm@FreeBSD.org 2019-06-12T13:34:12+00:00 fae5c36e4c7198d1c86ad3e35eaa470d485a937b Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks 
Sync libarchive with vendor.

Relevant vendor changes:
  - check_symlinks_fsobj() without chdir() and fchdir()
  - bsdtar.1 manpage fixes
  - patches from OpenBSD to libarchive_fe/passphrase.c
  - version bumped to 3.4.0

MFC after:	2 weeks
MFV r302264: 2016-06-30T08:51:50+00:00 Martin Matuska mm@FreeBSD.org 2016-06-30T08:51:50+00:00 ae5876ea1970031e0c41afb2c85dda9dc2095197 Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs) 
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
  test_write_format_gnutar_filenames.c

MFC after:	1 week
PR:		204157 (1)
Approved by:	re (hrs)