src/lib/libarchive/Makefile, branch releng/14.2

libarchive: merge from vendor branch

2025-08-07T23:53:04+00:00

libarchive 3.8.1

New features:
 #2088 7-zip reader: improve self-extracting archive detection
 #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
 #2403 zip writer: added LZMA + RISCV BCJ filter
 #2601 bsdtar: support --mtime and --clamp-mtime
 #2602 libarchive: mbedtls 3.x compatibility

Security fixes:
 #2422 tar reader: Handle truncation in the middle of a GNU long linkname
       (CVE-2024-57970)
 #2532 tar reader: fix unchecked return value in list_item_verbose()
       (CVE-2025-25724)
 #2532 unzip: fix null pointer dereference (CVE-2025-1632)
 #2568 warc: prevent signed integer overflow (CVE-2025-5916)
 #2584 rar: do not skip past EOF while reading (CVE-2025-5918)
 #2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917)
 #2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914)
 #2599 rar: fix heap-buffer-overflow (CVE-2025-5915)

Important bugfixes:
 #2399 7-zip reader: add SPARC filter support for non-LZMA compressors
 #2405 tar reader: ignore ustar size when pax size is present
 #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
 #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
 #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
 #2539 libarchive: add missing seeker function to archive_read_open_FILE()
 #2544 gzip: allow setting the original filename for gzip compressed files
 #2564 libarchive: improve lseek handling
 #2582 rar: support large headers on 32 bit systems
 #2587 bsdtar: don't hardlink negative inode files together
 #2596 rar: support large headers on 32 bit systems
 #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
 #2634 tar: Support negative time values with pax
 #2637 tar: Keep block alignment after pax error
 #2642 libarchive: fix FILE_skip regression
 #2643 tar: Handle extra bytes after sparse entries
 #2649 compress: Prevent call stack overflow
 #2651 iso9660: always check archive_string_ensure return value

CVE:		CVE-2024-57970, CVE-2025-1632, CVE-2025-25724,
		CVE-2025-5914, CVE-2025-5915, CVE-2025-5916,
		CVE-2025-5917, CVE-2025-5918
PR:		286944 (exp-run, main, libarchive 3.8.0)
Approved by:	so
Security:	FreeBSD-SA-25:07.libarchive

(cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47)
(cherry picked from commit 6dad4525a2910496ecf3c41de659aac906f6c1f4)

Remove $FreeBSD$: one-line sh pattern

2023-08-16T17:55:03+00:00

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

libarchive: Remove MIPS build glue.

2023-03-29T22:05:53+00:00

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D39329

libarchive: Add missing MLINK.

2022-11-17T16:12:24+00:00

Differential Revision: https://reviews.freebsd.org/D37398

libarchive: import changes from upstream

2021-08-23T01:07:36+00:00

Libarchive 3.5.2

New features:
  PR #1502: Support for PWB and v7 binary cpio formats
  PR #1509: Support of deflate algorithm in symbolic link decompression
            for ZIP archives

Important bugfixes:
  IS #1044: fix extraction of hardlinks to symlinks
  PR #1480: Fix truncation of size values during 7zip archive
            extraction on 32bit architectures
  PR #1504: fix rar header skiming
  PR #1514: ZIP excessive disk read - fix location of central directory
  PR #1520: fix double-free in CAB reader
  PR #1521: Fixed leak of rar before ending with error
  PR #1530: Handle short writes from archive_write_callback
  PR #1532: 7zip: Use compression settings from file also for file header
  IS #1566: do not follow symlinks when processing the fixup list

MFC after:	2 weeks
Relnotes:	yes

MFV r368207:

2020-12-01T15:53:12+00:00

Update libarchive to 3.5.0

Relevant vendor changes:
  Issue #1258: add archive_read_support_filter_by_code()
  PR #1347: mtree digest reader support
  Issue #1381: skip hardlinks pointing to itself on extraction
  PR #1387: fix writing of cpio archives with hardlinks without file type
  PR #1388: fix rdev field in cpio format for device nodes
  PR #1389: completed support for UTF-8 encoding conversion
  PR #1405: more formats in archive_read_support_format_by_code()
  PR #1408: fix uninitialized size in rar5_read_data
  PR #1409: system extended attribute support
  PR #1435: support for decompression of symbolic links in zipx archives
  Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after:	1 week

libarchive: fix mismatch between library and test configuration

2020-09-18T11:22:34+00:00

I was investigating libarchive test failures on CheriBSD and it turns out
we get a reproducible SIGBUS for test_archive_m5, etc. Debugging this shows
that libarchive and the tests disagree when it comes to the definition of
archive_md5_ctx: libarchive assumes it's the OpenSSL type whereas the test
use the libmd type. The latter is not necessarily aligned enough to store
a pointer (16 bytes for CHERI RISC-V), so we were crashing when storing
EVP_MD_CTX* to an 8-byte-aligned archive_md5_ctx.

To avoid problems like this in the future, factor out the common compiler
flags into a Makefile.inc and include that from the tests Makefile.

Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D26469

Remove sparc64 specific warning suppression.

2020-02-12T06:54:34+00:00

Add native support for zstd to libarchive

2019-09-18T07:57:56+00:00

Note that old pkg will failed to build after this. A recent ports tree (one
providing pkg 1.12+) is required to build. Older already built pkg, should
continue working as expected

PR:		238797
Exp run by:	antoine
Reviewed by:	cem
Approved by:	cem
Differential Revision:	https://reviews.freebsd.org/D20752

MFV r347989:

2019-05-20T12:57:39+00:00

Sync libarchive with vendor.

Relevant vendor changes:
  Issue #795: XAR - do not try to add xattrs without an allocated name
  PR #812: non-recursive option for extract and list
  PR #958: support reading metadata from compressed files
  PR #999: add --exclude-vcs option to bsdtar
  Issue #1062: treat empty archives with a GNU volume header as valid
  PR #1074: Handle ZIP files with trailing 0s in the extra fields
            (Android APK archives)
  PR #1109: Ignore padding in Zip extra field data (Android APK archives)
  PR #1167: fix problems related to unreadable directories
  Issue #1168: fix handling of strtol() and strtoul()
  PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
  PR #1174: ZIP reader - fix of MSZIP signature parsing
  PR #1175: gzip filter - fix reading files larger than 4GB from memory
  PR #1177: gzip filter - fix memory leak with repeated header reads
  PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
  PR #1181: RAR5 - fix merge_block() recursion
            (OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
  PR #1183: fix memory leak when decompressing ZIP files with LZMA
  PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
    OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
    OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
    OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
  PR #1186: RAR5 - fix invalid type used for dictionary size mask
            (OSS-Fuzz 14537)
  PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
  PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
            (OSS-Fuzz 14574)
  PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
  OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
  OSS-Fuzz 14331: RAR5 - fix maximum owner name length
  OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

  Additional RAR5 reader changes:
    - support symlinks, hardlinks, file owner, file group, versioned files
    - change ARCHIVE_FORMAT_RAR_V5 to 0x100000
    - set correct mode for readonly directories
    - support readonly, hidden and system Windows file attributes

MFC after:	2 weeks