src/lib/libarchive, branch main FreeBSD source tree libarchive: Update configuration 2026-04-18T08:25:31+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2026-04-18T08:25:31+00:00 05bbe5e3883492dd2afa52039da1fac45c5059a0 PR: 294577 MFC after: 1 week Reviewed by: mm Differential Revision: https://reviews.freebsd.org/D56468 
PR:		294577
MFC after:	1 week
Reviewed by:	mm
Differential Revision:	https://reviews.freebsd.org/D56468
libarchive: merge from vendor branch 2026-04-13T13:47:17+00:00 Martin Matuska mm@FreeBSD.org 2026-04-13T13:47:17+00:00 eb5165bb491138f60d9004bc4c781490016d9288 libarchive 3.8.7 Important bugfixes: #2871 libarchive: fix handling of option failures #2897 iso9660: fix undefined behavior #2898 RAR: fix LZSS window size mismatch after PPMd block #2900 CAB: fix NULL pointer dereference during skip #2911 libarchive: do not continue with truncated numbers #2919 CAB: Fix Heap OOB Write in CAB LZX decoder #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems #2939 cpio: Fix -R memory leak #2947 libarchive: lzop and grzip filter support Important bugfixes between 3.8.5 and 3.8.6: #2860 bsdunzip: fix ISO week year and Gregorian year confusion #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation #2875 7zip: fix out-of-bounds access on ELF 64-bit header #2877 RAR5 reader: fix infinite loop in rar5 decompression #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775) #2892 RAR5 reader: fix potential memory leak #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice #2895 CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab Obtained from: libarchive Vendor commit: ded82291ab41d5e355831b96b0e1ff49e24d8939 MFC after: 1 week 
libarchive 3.8.7

Important bugfixes:
 #2871 libarchive: fix handling of option failures
 #2897 iso9660: fix undefined behavior
 #2898 RAR: fix LZSS window size mismatch after PPMd block
 #2900 CAB: fix NULL pointer dereference during skip
 #2911 libarchive: do not continue with truncated numbers
 #2919 CAB: Fix Heap OOB Write in CAB LZX decoder
 #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
 #2939 cpio: Fix -R memory leak
 #2947 libarchive: lzop and grzip filter support

Important bugfixes between 3.8.5 and 3.8.6:
 #2860 bsdunzip: fix ISO week year and Gregorian year confusion
 #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
 #2875 7zip: fix out-of-bounds access on ELF 64-bit header
 #2877 RAR5 reader: fix infinite loop in rar5 decompression
 #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup
       (CWE-775)
 #2892 RAR5 reader: fix potential memory leak
 #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
       twice
 #2895 CAB reader: fix memory leak on repeated calls to
       archive_read_support_format_cab

Obtained from:	libarchive
Vendor commit:	ded82291ab41d5e355831b96b0e1ff49e24d8939
MFC after:	1 week
tests: Simplify libarchive tests 2026-02-13T12:40:57+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2025-12-06T13:48:32+00:00 394201ce5b4e2f84f1e39a7ce8bdc3f5a5ef8390 The ATF tests work by first running the test program with an invalid flag, which causes it to print an error message, a summary of options, and a list of available test cases. Switch to the new -l option which simply prints the list, and simplify the awk script used to parse the output. No functional change. MFC after: 1 week 
The ATF tests work by first running the test program with an invalid
flag, which causes it to print an error message, a summary of options,
and a list of available test cases.  Switch to the new -l option which
simply prints the list, and simplify the awk script used to parse the
output.  No functional change.

MFC after:	1 week
libarchive: merge from vendor branch 2025-11-19T13:53:24+00:00 Martin Matuska mm@FreeBSD.org 2025-11-19T13:33:40+00:00 007679a138089676aadc9a712277f4004403b905 libarchive 3.8.3 Important bugfixes: #2753 lib: Create temporary files in the target directory #2768 lha: Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET] #2769 7-zip: Fix a buffer overrun when reading truncated 7zip headers #2771 lz4 and zstd: Support both lz4 and zstd data with leading skippable frames Obtained from: libarchive Vendor commit: 1368b08875351df8aa268237b882c8f4ceb0882d MFC after: 1 week 
libarchive 3.8.3

Important bugfixes:
 #2753 lib: Create temporary files in the target directory
 #2768 lha: Fix for an out-of-bounds buffer overrun when using
       p[H_LEVEL_OFFSET]
 #2769 7-zip: Fix a buffer overrun when reading truncated 7zip headers
 #2771 lz4 and zstd: Support both lz4 and zstd data with leading
       skippable frames

Obtained from:	libarchive
Vendor commit:	1368b08875351df8aa268237b882c8f4ceb0882d
MFC after:	1 week
packages: Install development manpages in the -dev package 2025-10-26T02:26:06+00:00 Lexi Winter ivy@FreeBSD.org 2025-10-25T17:33:04+00:00 031e711647c3edc3021c1029496d6798a632697e Add a new per-group SUBPACKAGE option to bsd.man.mk. When MANSPLITPKG is enabled, this is forced to "-man", otherwise it defaults to empty but can be overridden by the caller. Use this in bsd.lib.mk to install library manpages in the -dev package instead of the base package. This is nearly always preferable, since library manpages are usually in section 2 or 3 and are only relevant to people with development packages installed. For manpages which should be installed in the base package even for libraries, add a new MANNODEV group in bsd.lib.mk. Update existing Makefiles to use this where appropriate. MFC after: 3 days Discussed with: olce Reviewed by: olce Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52832 
Add a new per-group SUBPACKAGE option to bsd.man.mk.  When MANSPLITPKG
is enabled, this is forced to "-man", otherwise it defaults to empty
but can be overridden by the caller.

Use this in bsd.lib.mk to install library manpages in the -dev package
instead of the base package.  This is nearly always preferable, since
library manpages are usually in section 2 or 3 and are only relevant
to people with development packages installed.

For manpages which should be installed in the base package even for
libraries, add a new MANNODEV group in bsd.lib.mk.  Update existing
Makefiles to use this where appropriate.

MFC after:	3 days
Discussed with:	olce
Reviewed by:	olce
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D52832
libarchive: merge from vendor branch 2025-10-21T15:52:44+00:00 Martin Matuska mm@FreeBSD.org 2025-10-21T14:10:15+00:00 401026e4825a05abba6f945cf1b74b3328876fa2 Update vendor/libarchive to 3.8.2 Important bugfixes: #2477 tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES #2659 lib: improve filter process handling #2664 zip writer: fix a memory leak if write callback error early #2665 lib: archive_read_data: handle sparse holes at end of file correctly #2668 7zip: Fix out of boundary access #2670 zip writer: fix writing with ZSTD compression #2672 lib: fix error checking in writing files #2678 zstd write filter: enable Zstandard's checksum feature #2679 lib: handle possible errors from system calls #2707 lib: avoid leaking file descriptors into subprocesses #2713 RAR5 reader: fix multiple issues in extra field parsing function #2716 RAR5 reader: early fail when file declares data for a dir entry #2717 bsdtar: Allow filename to have CRLF endings #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724) #2737 tar reader: fix an infinite loop when parsing V headers #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big enough Obtained from: libarchive Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83 Security: CVE-2025-25724 PR: 290303 (exp-run) MFC after: 1 week 
Update vendor/libarchive to 3.8.2

Important bugfixes:
 #2477 tar writer: fix replacing a regular file with a dir for
       ARCHIVE_EXTRACT_SAFE_WRITES
 #2659 lib: improve filter process handling
 #2664 zip writer: fix a memory leak if write callback error early
 #2665 lib: archive_read_data: handle sparse holes at end of file correctly
 #2668 7zip: Fix out of boundary access
 #2670 zip writer: fix writing with ZSTD compression
 #2672 lib: fix error checking in writing files
 #2678 zstd write filter: enable Zstandard's checksum feature
 #2679 lib: handle possible errors from system calls
 #2707 lib: avoid leaking file descriptors into subprocesses
 #2713 RAR5 reader: fix multiple issues in extra field parsing function
 #2716 RAR5 reader: early fail when file declares data for a dir entry
 #2717 bsdtar: Allow filename to have CRLF endings
 #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
 #2737 tar reader: fix an infinite loop when parsing V headers
 #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
       enough

Obtained from:	libarchive
Vendor commit:	7f53fce04e4e672230f4eb80b219af17975e4f83
Security:	CVE-2025-25724
PR:		290303 (exp-run)
MFC after:	1 week
libarchive: Stop using readdir_r() 2025-08-01T23:11:56+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2025-08-01T23:11:18+00:00 01e42ce81f751ccbeeddc4bc2716e6bd634cf5f8 It cannot be used safely, though libarchive goes to ridiculous lengths to attempt to do so. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D51679 
It cannot be used safely, though libarchive goes to ridiculous lengths
to attempt to do so.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D51679
libarchive: fix duplicate entry in tests Makefile 2025-06-02T12:56:05+00:00 Martin Matuska mm@FreeBSD.org 2025-06-02T12:55:00+00:00 331f2c1c46584510fa9104c86f31f44ece3838c5 Reported by: des MFC after: 2 weeks (together with 2e113ef82) 
Reported by:	des
MFC after:	2 weeks (together with 2e113ef82)
libarchive: merge from vendor branch 2025-06-01T20:54:46+00:00 Martin Matuska mm@FreeBSD.org 2025-06-01T20:16:26+00:00 2e113ef82465598b8c26e0ca415fbe90677fbd47 libarchive 3.8.1 New features: #2088 7-zip reader: improve self-extracting archive detection #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support #2403 zip writer: added LZMA + RISCV BCJ filter #2601 bsdtar: support --mtime and --clamp-mtime #2602 libarchive: mbedtls 3.x compatibility Security fixes: #2422 tar reader: Handle truncation in the middle of a GNU long linkname CVE-2024-57970 #2532 tar reader: fix unchecked return value in list_item_verbose() CVE-2025-25724 #2532 unzip: fix null pointer dereference CVE-2025-1632 #2568 warc: prevent signed integer overflow #2584 rar: do not skip past EOF while reading #2588 tar: fix overflow in build_ustar_entry #2598 rar: fix double free with over 4 billion nodes #2599 rar: fix heap-buffer-overflow Important bugfixes: #2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings #2634 tar: Support negative time values with pax #2637 tar: Keep block alignment after pax error #2642 libarchive: fix FILE_skip regression #2643 tar: Handle extra bytes after sparse entries #2649 compress: Prevent call stack overflow #2651 iso9660: always check archive_string_ensure return value CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724 PR: 286944 (exp-run, 3.8.0) MFC after: 2 weeks 
libarchive 3.8.1

New features:
 #2088 7-zip reader: improve self-extracting archive detection
 #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
 #2403 zip writer: added LZMA + RISCV BCJ filter
 #2601 bsdtar: support --mtime and --clamp-mtime
 #2602 libarchive: mbedtls 3.x compatibility

Security fixes:
 #2422 tar reader: Handle truncation in the middle of a GNU long linkname
       CVE-2024-57970
 #2532 tar reader: fix unchecked return value in list_item_verbose()
       CVE-2025-25724
 #2532 unzip: fix null pointer dereference
       CVE-2025-1632
 #2568 warc: prevent signed integer overflow
 #2584 rar: do not skip past EOF while reading
 #2588 tar: fix overflow in build_ustar_entry
 #2598 rar: fix double free with over 4 billion nodes
 #2599 rar: fix heap-buffer-overflow

Important bugfixes:
 #2399 7-zip reader: add SPARC filter support for non-LZMA compressors
 #2405 tar reader: ignore ustar size when pax size is present
 #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
 #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
 #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
 #2539 libarchive: add missing seeker function to archive_read_open_FILE()
 #2544 gzip: allow setting the original filename for gzip compressed files
 #2564 libarchive: improve lseek handling
 #2582 rar: support large headers on 32 bit systems
 #2587 bsdtar: don't hardlink negative inode files together
 #2596 rar: support large headers on 32 bit systems
 #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
 #2634 tar: Support negative time values with pax
 #2637 tar: Keep block alignment after pax error
 #2642 libarchive: fix FILE_skip regression
 #2643 tar: Handle extra bytes after sparse entries
 #2649 compress: Prevent call stack overflow
 #2651 iso9660: always check archive_string_ensure return value

CVE:		CVE-2024-57970, CVE-2025-1632, CVE-2025-25724
PR:		286944 (exp-run, 3.8.0)
MFC after:	2 weeks
libarchive tests: Re-enable a broken test 2024-10-29T15:11:28+00:00 Mark Johnston markj@FreeBSD.org 2024-10-29T15:11:28+00:00 218f80226b82763c3cbd48de560959ad546b5e26 It passes and so appears to have been silently fixed at some point. PR: 240683 MFC after: 1 week 
It passes and so appears to have been silently fixed at some point.

PR:		240683
MFC after:	1 week