src/lib/libarchive, branch releng/14.2 FreeBSD source tree libarchive: merge from vendor branch 2025-08-07T23:53:04+00:00 Martin Matuska mm@FreeBSD.org 2025-06-01T20:16:26+00:00 c0979bd2734f792c33bd45932f2eefe792dc74c2 libarchive 3.8.1 New features: #2088 7-zip reader: improve self-extracting archive detection #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support #2403 zip writer: added LZMA + RISCV BCJ filter #2601 bsdtar: support --mtime and --clamp-mtime #2602 libarchive: mbedtls 3.x compatibility Security fixes: #2422 tar reader: Handle truncation in the middle of a GNU long linkname (CVE-2024-57970) #2532 tar reader: fix unchecked return value in list_item_verbose() (CVE-2025-25724) #2532 unzip: fix null pointer dereference (CVE-2025-1632) #2568 warc: prevent signed integer overflow (CVE-2025-5916) #2584 rar: do not skip past EOF while reading (CVE-2025-5918) #2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917) #2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914) #2599 rar: fix heap-buffer-overflow (CVE-2025-5915) Important bugfixes: #2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings #2634 tar: Support negative time values with pax #2637 tar: Keep block alignment after pax error #2642 libarchive: fix FILE_skip regression #2643 tar: Handle extra bytes after sparse entries #2649 compress: Prevent call stack overflow #2651 iso9660: always check archive_string_ensure return value CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724, CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918 PR: 286944 (exp-run, main, libarchive 3.8.0) Approved by: so Security: FreeBSD-SA-25:07.libarchive (cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47) (cherry picked from commit 6dad4525a2910496ecf3c41de659aac906f6c1f4) 
libarchive 3.8.1

New features:
 #2088 7-zip reader: improve self-extracting archive detection
 #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
 #2403 zip writer: added LZMA + RISCV BCJ filter
 #2601 bsdtar: support --mtime and --clamp-mtime
 #2602 libarchive: mbedtls 3.x compatibility

Security fixes:
 #2422 tar reader: Handle truncation in the middle of a GNU long linkname
       (CVE-2024-57970)
 #2532 tar reader: fix unchecked return value in list_item_verbose()
       (CVE-2025-25724)
 #2532 unzip: fix null pointer dereference (CVE-2025-1632)
 #2568 warc: prevent signed integer overflow (CVE-2025-5916)
 #2584 rar: do not skip past EOF while reading (CVE-2025-5918)
 #2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917)
 #2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914)
 #2599 rar: fix heap-buffer-overflow (CVE-2025-5915)

Important bugfixes:
 #2399 7-zip reader: add SPARC filter support for non-LZMA compressors
 #2405 tar reader: ignore ustar size when pax size is present
 #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
 #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
 #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
 #2539 libarchive: add missing seeker function to archive_read_open_FILE()
 #2544 gzip: allow setting the original filename for gzip compressed files
 #2564 libarchive: improve lseek handling
 #2582 rar: support large headers on 32 bit systems
 #2587 bsdtar: don't hardlink negative inode files together
 #2596 rar: support large headers on 32 bit systems
 #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
 #2634 tar: Support negative time values with pax
 #2637 tar: Keep block alignment after pax error
 #2642 libarchive: fix FILE_skip regression
 #2643 tar: Handle extra bytes after sparse entries
 #2649 compress: Prevent call stack overflow
 #2651 iso9660: always check archive_string_ensure return value

CVE:		CVE-2024-57970, CVE-2025-1632, CVE-2025-25724,
		CVE-2025-5914, CVE-2025-5915, CVE-2025-5916,
		CVE-2025-5917, CVE-2025-5918
PR:		286944 (exp-run, main, libarchive 3.8.0)
Approved by:	so
Security:	FreeBSD-SA-25:07.libarchive

(cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47)
(cherry picked from commit 6dad4525a2910496ecf3c41de659aac906f6c1f4)
libarchive: merge from vendor branch 2024-10-27T08:45:34+00:00 Martin Matuska mm@FreeBSD.org 2024-10-20T08:22:09+00:00 2ae238160f205576f465cbbed2c397774bea3976 Libarchive 3.7.7 Security fixes: #2158 rpm: calculate huge header sizes correctly #2160 util: fix out of boundary access in mktemp functions #2168 uu: stop processing if lines are too long #2174 lzop: prevent integer overflow #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696) #2175 unzip: unify EOF handling #2179 rar4: fix out of boundary access with large files #2203 rar4: fix OOB access with unicode filenames #2210 rar4: add boundary checks to rgb filter #2248 rar4: fix OOB in delta filter #2249 rar4: fix OOB in audio filter #2256 fix multiple vulnerabilities identified by SAST #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing #2265 rar5: clear 'data ready' cache on window buffer reallocs #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256) #2330 iso: be more cautious about parsing ISO-9660 timestamps #2343 tar: clean up linkpath between entries #2364 tar: don't crash on truncated tar archives #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip #2377 tar: fix two leaks in tar header parsing Important bugfixes: #2096 rar5: report encrypted entries #2150 xar: fix another infinite loop and expat error handling #2173 shar: check strdup return value #2161 lha: fix integer truncation on 32-bit systems #2338 tar: fix memory leaks when processing symlinks or parsing pax headers #2245 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes #2252 7-zip: read/write symlink paths as UTF-8 #2259 rar5: don't try to read rediculously long names #2290 ar: fix archive entries having no type #2360 tar: fix truncation of entry pathnames in specific archives CVE: CVE-2024-20696, CVE-2024-26256 (cherry picked from commit bd66c1b43e33540205dbc1187c2f2a15c58b57ba) 
Libarchive 3.7.7

Security fixes:
 #2158 rpm: calculate huge header sizes correctly
 #2160 util: fix out of boundary access in mktemp functions
 #2168 uu: stop processing if lines are too long
 #2174 lzop: prevent integer overflow
 #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
 #2175 unzip: unify EOF handling
 #2179 rar4: fix out of boundary access with large files
 #2203 rar4: fix OOB access with unicode filenames
 #2210 rar4: add boundary checks to rgb filter
 #2248 rar4: fix OOB in delta filter
 #2249 rar4: fix OOB in audio filter
 #2256 fix multiple vulnerabilities identified by SAST
 #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
 #2265 rar5: clear 'data ready' cache on window buffer reallocs
 #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
 #2330 iso: be more cautious about parsing ISO-9660 timestamps
 #2343 tar: clean up linkpath between entries
 #2364 tar: don't crash on truncated tar archives
 #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
 #2377 tar: fix two leaks in tar header parsing

Important bugfixes:
 #2096 rar5: report encrypted entries
 #2150 xar: fix another infinite loop and expat error handling
 #2173 shar: check strdup return value
 #2161 lha: fix integer truncation on 32-bit systems
 #2338 tar: fix memory leaks when processing symlinks or parsing pax headers
 #2245 7zip: fix issue when skipping first file in 7zip archive that
       is a multiple of 65536 bytes
 #2252 7-zip: read/write symlink paths as UTF-8
 #2259 rar5: don't try to read rediculously long names
 #2290 ar: fix archive entries having no type
 #2360 tar: fix truncation of entry pathnames in specific archives

CVE:		CVE-2024-20696, CVE-2024-26256

(cherry picked from commit bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
libarchive: fix thread autodetermination for zstd compression format 2024-06-27T08:53:41+00:00 Baptiste Daroussin bapt@FreeBSD.org 2024-05-03T13:37:29+00:00 8ef92ee26b9d8e5bb76a759b6356119b5a8b8e9d The libarchive code uses sysconf(3) to determine the number of threads when 0 has been given as the number of thread to use MFC after: 3 days (cherry picked from commit a25e0ba57ee17e75ab27fdc09ac3275a8215087e) 
The libarchive code uses sysconf(3) to determine the number of threads
when 0 has been given as the number of thread to use

MFC after:	3 days

(cherry picked from commit a25e0ba57ee17e75ab27fdc09ac3275a8215087e)
libarchive: merge from vendor branch 2024-04-30T06:47:56+00:00 Martin Matuska mm@FreeBSD.org 2024-04-29T08:15:04+00:00 8774c92e32b25cb0253f1a7a0fbf5d2e6fecc4a3 Libarchive 3.7.4 + three fixes from master Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit (cherry picked from commit 13d826ff947d9026f98e317e7385b22abfc0eace) 
Libarchive 3.7.4 + three fixes from master

Security fixes:
 #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 #2145 zip: Fix out of boundary access
 #2148 rar: Fix OOB in rar delta filter
 #2149 rar: Fix OOB in rar audio filter

Important bugfixes:
 #2131 7zip: Limit amount of properties
 #2110 bsdtar: Fix error handling around strtol() usages
 #2116 passphrase: Never allow empty passwords
 #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 #2123 xar: Avoid infinite link loop
 #2150 xar: Fix another infinite loop and expat error handling
 #2108 zip: Update AppleDouble support for directories
 #2071 zstd: Implement core detectiongit

(cherry picked from commit 13d826ff947d9026f98e317e7385b22abfc0eace)
libarchive: add two missing package files to libarchive tests 2024-04-30T06:47:37+00:00 Martin Matuska mm@FreeBSD.org 2024-04-17T07:58:32+00:00 3cf9a5010e7dbd77e152b340e19e8d59ca053f2e (cherry picked from commit 7d03ec330684a4e82e6113df3f40305849e5fb6c) 
(cherry picked from commit 7d03ec330684a4e82e6113df3f40305849e5fb6c)
libarchive: merge from vendor branch 2024-04-30T06:46:59+00:00 Martin Matuska mm@FreeBSD.org 2024-04-16T21:39:31+00:00 d2539274f402248ae5091f0488af61059e1ca48f Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives (cherry picked from commit b9128a37faafede823eb456aa65a11ac69997284) 
Libarchive 3.7.3

New features:
  #1941 uudecode filter: support file name and file mode in raw mode
  #1943 7-zip reader: translate Windows permissions into UNIX
        permissions
  #1962 zstd filter now supports the "long" write option
  #2012 add trailing letter b to bsdtar(1) substitute pattern
  #2031 PCRE2 support
  #2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
  #2101 Fix possible vulnerability in tar error reporting introduced
        in f27c173

Important bugfixes:
  #1974 ISO9660: preserve the natural order of links
  #2105 rar5: fix infinite loop if during rar5 decompression the last
        block produced no data
  #2027 xz filter: fix incorrect eof at the end of an lzip member
  #2043 zip: fix end-of-data marker processing when decompressing zip
        archives

(cherry picked from commit b9128a37faafede823eb456aa65a11ac69997284)
Remove $FreeBSD$: one-line sh pattern 2023-08-16T17:55:03+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03+00:00 d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Remove $FreeBSD$: two-line .h pattern 2023-08-16T17:54:16+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:54:16+00:00 b3e7694832e81d7a904a10f525f8797b753bf0d3 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ 
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
unzip: swtich to bsdunzip from libarchive 2023-08-04T10:45:41+00:00 Martin Matuska mm@FreeBSD.org 2023-07-31T11:54:58+00:00 b5a3a89c50671a1ad29e7c43fe15e7b16feac239 Unzip from FreeBSD has been ported to libarchive. Change usr.bin/unzip to use bsdunzip from libarchive. Differential Revision: https://reviews.freebsd.org/D41239 PR: 272845 (exp-run) MFC after: 1 month 
Unzip from FreeBSD has been ported to libarchive.
Change usr.bin/unzip to use bsdunzip from libarchive.

Differential Revision:	https://reviews.freebsd.org/D41239
PR:			272845 (exp-run)
MFC after:		1 month
libarchive: merge from vendor branch 2023-07-24T05:42:43+00:00 Martin Matuska mm@FreeBSD.org 2023-07-24T05:42:43+00:00 e64fe029e9d3ce476e77a478318e0c3cd201ff08 Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run) 
Libarchive 3.7.0

Important changes (relevant to FreeBSD):
  #1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
  #1818 Add ability to produce multi-frame zstd archives
  #1840 year 2038 fix for pax archives on platforms with 64-bit time_t
  #1860 Make single bit bitfields unsigned to avoid clang 16 warning
  #1869 Fix FreeBSD builds with WARNS=6
  #1873 bsdunzip ported to libarchive from FreeBSD
  #1894 read support for zstd compression in 7zip archives
  #1918 ARM64 filter support in 7zip archives

MFC after:	2 weeks
PR:		272567 (exp-run)