From nobody Mon Nov 03 09:29:44 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d0RBJ4j3lz6FGKj;
	Mon, 03 Nov 2025 09:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d0RBJ4QBCz3rHZ;
	Mon, 03 Nov 2025 09:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1762162184;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mXOUs1yu0Jh76qk25gAOGs9HGRqZvBF+cmraR0pYONk=;
	b=h3Ct6NhDKrhW9xj7lYjFVGLjRZXBBvRoc+DkrX8Y6v9aWdHWqt8ZS4EFd2cAx9EXNBbfs6
	Nhz3SbLHKxc3R/v6McMY8P3wdld2pL9ZmP13VY4ImBiQITwyfbn8MeEnHsB6H6E8f+wB1H
	wLOf4WFtJkc3MASYkVarhkiBtlSmbfApk9wghJJhojJVc2i8mD8SDa6E40i5/7ZxQ49tAD
	6SakBhrH0ZIPRW14+YM5MZ8uQaL6mMZk7b0A4LmfXkxWDVd2RO2pyU00pWRKE0N4AwDQyh
	DAl3/2CH5KapIu8DjMmGkhiz5MkbU3nA1saJ4m4rM9iqxLTGMwsF6CqfXxJC5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1762162184;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mXOUs1yu0Jh76qk25gAOGs9HGRqZvBF+cmraR0pYONk=;
	b=AuHwVlV5HBCiWWOlk8OUVY2HZLJO4wfQdum6YVRDh+kHoCEt97zVaGJ3jYbcFBvuNm3Sph
	aCDOIP4h7gfZOUKhaiwdRFNgFA1KQBMRVpBUgWtO45bAT8U31GNdX2tbxlNUglX0ub8IEG
	x5+LXl94nk0reKu4Ulf5bSfcJTdn9JJGuJtAl1KcBdhhMIq5Ff/3TaKpy3lnukgE8/anu7
	KcCUpECvmyJBK/ez6Fyp/pGQVCFJihj5X/9e8yWBZ106K6S2N6gQVnLu8Pvgfdqi/NdJry
	TbaHH4QzoH8pO6gMFyD2UWhEVixhCeDBcYVg9pnWwFv2D0QjgpXIzSJKbqZukQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762162184; a=rsa-sha256; cv=none;
	b=NnTvQGvvZrNl6EI0QxjHS4fprBz7pXdXFdusd2ou83ITunirF6XHdQOwOXLZzeou6amxPP
	cJo6Qz2ARlWXbsG2N4tn0AV6g+YB1xNX8U9RoakrxrA/4zrvvxRPlxUGMrkgxNiSc7H3W4
	xaZjscGOauHYc82Q4Jq/FdRXvWOHGNKUm0bsCpvYdEVCjstp5dXYUEBmH5ALAy2hIXV8vo
	QVMws1YpxNOQrmFAnrvs4mQ5W1x4PlFSKESon8+8A+fJ4aBkGWKIfI/yCsPH1LjW/tNU75
	XIizOox795DjTBQnAXXOyrPNV0zTvHrlybfNQ29pXPPbHCuKXu1J/m+8t94MIg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d0RBJ41CTz15Dl;
	Mon, 03 Nov 2025 09:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5A39TiMY010934;
	Mon, 3 Nov 2025 09:29:44 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5A39TiPM010931;
	Mon, 3 Nov 2025 09:29:44 GMT
	(envelope-from git)
Date: Mon, 3 Nov 2025 09:29:44 GMT
Message-Id: <202511030929.5A39TiPM010931@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Martin Matuska <mm@FreeBSD.org>
Subject: git: 1955c8f6293f - stable/14 - libarchive: merge from
  vendor branch
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mm
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1955c8f6293fd8188c208bf03debc67b0ad7c615
Auto-Submitted: auto-generated

The branch stable/14 has been updated by mm:

URL: https://cgit.FreeBSD.org/src/commit/?id=1955c8f6293fd8188c208bf03debc67b0ad7c615

commit 1955c8f6293fd8188c208bf03debc67b0ad7c615
Author:     Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2025-10-21 14:10:15 +0000
Commit:     Martin Matuska <mm@FreeBSD.org>
CommitDate: 2025-11-03 09:29:25 +0000

    libarchive: merge from vendor branch
    
    Update libarchive to 3.8.2
    
    Important bugfixes:
     #2477 tar writer: fix replacing a regular file with a dir for
           ARCHIVE_EXTRACT_SAFE_WRITES
     #2659 lib: improve filter process handling
     #2664 zip writer: fix a memory leak if write callback error early
     #2665 lib: archive_read_data: handle sparse holes at end of file correctly
     #2668 7zip: Fix out of boundary access
     #2670 zip writer: fix writing with ZSTD compression
     #2672 lib: fix error checking in writing files
     #2678 zstd write filter: enable Zstandard's checksum feature
     #2679 lib: handle possible errors from system calls
     #2707 lib: avoid leaking file descriptors into subprocesses
     #2713 RAR5 reader: fix multiple issues in extra field parsing function
     #2716 RAR5 reader: early fail when file declares data for a dir entry
     #2717 bsdtar: Allow filename to have CRLF endings
     #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
     #2737 tar reader: fix an infinite loop when parsing V headers
     #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
           enough
    
    Obtained from:  libarchive
    Vendor commit:  7f53fce04e4e672230f4eb80b219af17975e4f83
    Security:       CVE-2025-25724
    PR:             290303 (exp-run, main)
    
    (cherry picked from commit 401026e4825a05abba6f945cf1b74b3328876fa2)
---
 contrib/libarchive/NEWS                            |   2 +
 contrib/libarchive/SECURITY.md                     |   2 +-
 .../github_actions/install-macos-dependencies.sh   |   3 +
 contrib/libarchive/cat/bsdcat.c                    |  15 +-
 contrib/libarchive/cat/cmdline.c                   |   2 +-
 contrib/libarchive/cpio/cmdline.c                  |   2 +-
 contrib/libarchive/cpio/cpio.c                     |  14 +-
 contrib/libarchive/cpio/test/test_owner_parse.c    |   2 +-
 contrib/libarchive/libarchive/archive.h            |   4 +-
 contrib/libarchive/libarchive/archive_acl.c        |  23 +++
 .../libarchive/libarchive/archive_check_magic.c    |   9 +-
 contrib/libarchive/libarchive/archive_cryptor.c    |   8 +-
 .../libarchive/archive_cryptor_private.h           |  11 +-
 contrib/libarchive/libarchive/archive_entry.h      |   2 +-
 .../libarchive/libarchive/archive_entry_paths.3    |   2 +-
 contrib/libarchive/libarchive/archive_entry_stat.c |   6 +-
 contrib/libarchive/libarchive/archive_parse_date.c |   4 +-
 contrib/libarchive/libarchive/archive_platform.h   |  10 --
 .../libarchive/libarchive/archive_platform_stat.h  |  45 ++++++
 contrib/libarchive/libarchive/archive_private.h    |   1 +
 contrib/libarchive/libarchive/archive_read.c       |   7 +-
 .../libarchive/archive_read_disk_entry_from_file.c |  12 +-
 .../libarchive/archive_read_disk_posix.c           | 157 ++-------------------
 .../libarchive/libarchive/archive_read_open_fd.c   |  23 +--
 .../libarchive/libarchive/archive_read_open_file.c |  16 ++-
 .../libarchive/archive_read_open_filename.c        |  31 ++--
 .../libarchive/archive_read_set_format.c           |  32 ++---
 .../archive_read_support_filter_program.c          |   7 +-
 .../libarchive/archive_read_support_format_7zip.c  |   7 +-
 .../libarchive/archive_read_support_format_mtree.c |  23 ++-
 .../libarchive/archive_read_support_format_rar.c   |   8 +-
 .../libarchive/archive_read_support_format_rar5.c  |  66 +++++++--
 .../libarchive/archive_read_support_format_tar.c   |  70 ++++++---
 .../libarchive/archive_read_support_format_warc.c  |   2 +-
 .../libarchive/archive_read_support_format_xar.c   |   2 +-
 .../libarchive/archive_read_support_format_zip.c   |   4 +-
 contrib/libarchive/libarchive/archive_string.c     |   5 +-
 .../libarchive/libarchive/archive_string_sprintf.c |   2 +-
 contrib/libarchive/libarchive/archive_util.c       |  38 ++++-
 contrib/libarchive/libarchive/archive_write.c      |  30 ++--
 .../libarchive/archive_write_add_filter_bzip2.c    |   4 +
 .../libarchive/archive_write_add_filter_gzip.c     |  55 +++++---
 .../libarchive/archive_write_add_filter_program.c  |  11 +-
 .../libarchive/archive_write_add_filter_zstd.c     |   2 +
 .../libarchive/archive_write_disk_posix.c          |  16 ++-
 .../libarchive/libarchive/archive_write_open_fd.c  |   2 +-
 .../libarchive/archive_write_open_file.c           |  14 +-
 .../libarchive/archive_write_open_filename.c       |   3 +-
 .../libarchive/archive_write_set_format_7zip.c     |   2 +-
 .../libarchive/archive_write_set_format_mtree.c    |  19 ++-
 .../libarchive/archive_write_set_format_xar.c      |   6 +-
 .../libarchive/archive_write_set_format_zip.c      |  25 +++-
 contrib/libarchive/libarchive/filter_fork_posix.c  |  37 ++++-
 contrib/libarchive/libarchive/test/test_acl_nfs4.c |   7 +
 .../libarchive/libarchive/test/test_acl_posix1e.c  |   5 +
 .../libarchive/test/test_archive_parse_date.c      |   2 +
 .../test/test_archive_string_conversion.c          |  10 ++
 contrib/libarchive/libarchive/test/test_entry.c    |  11 ++
 .../test/test_read_filter_gzip_recursive.c         |   4 +-
 .../libarchive/test/test_read_format_7zip.c        |  81 +++++++----
 .../libarchive/test/test_read_format_rar5.c        |  66 +++++++++
 .../test/test_read_format_rar5_dirdata.rar.uu      |   6 +
 ...rmat_rar5_invalid_hash_valid_htime_exfld.rar.uu |   6 +
 .../test_read_format_rar5_only_crypt_exfld.rar.uu  |   7 +
 .../test_read_format_rar5_unsupported_exfld.rar.uu |   6 +
 .../test/test_read_format_tar_V_negative_size.c    |  48 +++++++
 .../test_read_format_tar_V_negative_size.tar.uu    |  20 +++
 .../libarchive/test/test_read_set_format.c         |   7 +-
 .../libarchive/test/test_write_filter_bzip2.c      |  29 ++++
 .../libarchive/test/test_write_filter_gzip.c       |  12 +-
 .../test/test_write_filter_gzip_timestamp.c        |   7 +-
 .../libarchive/libarchive_fe/{err.c => lafe_err.c} |   2 +-
 .../libarchive/libarchive_fe/{err.h => lafe_err.h} |   0
 contrib/libarchive/libarchive_fe/line_reader.c     |   2 +-
 contrib/libarchive/libarchive_fe/passphrase.c      |   2 +-
 contrib/libarchive/tar/bsdtar.c                    |   7 +-
 contrib/libarchive/tar/bsdtar.h                    |   8 +-
 contrib/libarchive/tar/cmdline.c                   |   2 +-
 contrib/libarchive/tar/creation_set.c              |   2 +-
 contrib/libarchive/tar/read.c                      |   2 +-
 contrib/libarchive/tar/subst.c                     |   2 +-
 contrib/libarchive/tar/test/test_crlf_mtree.c      |  74 ++++++++++
 .../libarchive/tar/test/test_option_safe_writes.c  |   5 +-
 contrib/libarchive/tar/util.c                      |   7 +-
 contrib/libarchive/tar/write.c                     |  29 +++-
 contrib/libarchive/test_utils/test_common.h        |  10 +-
 contrib/libarchive/test_utils/test_main.c          | 156 +++++---------------
 contrib/libarchive/unzip/bsdunzip.c                |  15 +-
 contrib/libarchive/unzip/cmdline.c                 |   2 +-
 contrib/libarchive/unzip/test/test_C.c             |   4 +
 contrib/libarchive/unzip/test/test_L.c             |   4 +
 contrib/libarchive/unzip/test/test_P_encryption.c  |  12 +-
 contrib/libarchive/unzip/test/test_basic.c         |   4 +
 contrib/libarchive/unzip/test/test_d.c             |   8 ++
 contrib/libarchive/unzip/test/test_doubledash.c    |   4 +
 contrib/libarchive/unzip/test/test_glob.c          |   4 +
 contrib/libarchive/unzip/test/test_j.c             |   4 +
 contrib/libarchive/unzip/test/test_n.c             |   4 +
 contrib/libarchive/unzip/test/test_o.c             |   4 +
 contrib/libarchive/unzip/test/test_p.c             |   4 +
 contrib/libarchive/unzip/test/test_q.c             |   4 +
 contrib/libarchive/unzip/test/test_singlefile.c    |   4 +
 contrib/libarchive/unzip/test/test_t.c             |   4 +
 contrib/libarchive/unzip/test/test_x.c             |  12 ++
 lib/libarchive/tests/Makefile                      |   6 +
 usr.bin/bsdcat/Makefile                            |   2 +-
 usr.bin/cpio/Makefile                              |   2 +-
 usr.bin/cpio/tests/Makefile                        |   2 +-
 usr.bin/tar/Makefile                               |   2 +-
 usr.bin/tar/tests/Makefile                         |   1 +
 usr.bin/unzip/Makefile                             |   2 +-
 usr.bin/unzip/tests/Makefile                       |   2 +-
 112 files changed, 1119 insertions(+), 546 deletions(-)

diff --git a/contrib/libarchive/NEWS b/contrib/libarchive/NEWS
index caca7d5cbdb9..f2dd4102fa04 100644
--- a/contrib/libarchive/NEWS
+++ b/contrib/libarchive/NEWS
@@ -1,3 +1,5 @@
+Oct 15, 2026: libarchive 3.8.2 released
+
 Jun 01, 2026: libarchive 3.8.1 released
 
 May 20, 2025: libarchive 3.8.0 released
diff --git a/contrib/libarchive/SECURITY.md b/contrib/libarchive/SECURITY.md
index 6ca188b603fe..f2f60e792a57 100644
--- a/contrib/libarchive/SECURITY.md
+++ b/contrib/libarchive/SECURITY.md
@@ -16,4 +16,4 @@ Please provide the following information in your report:
 - How to reproduce the issue
 
 This project is maintained by volunteers on a reasonable-effort basis. As such, we ask
-that you give me 90 days to work on a fix before public exposure.
+that you give us 90 days to work on a fix before public exposure.
diff --git a/contrib/libarchive/build/ci/github_actions/install-macos-dependencies.sh b/contrib/libarchive/build/ci/github_actions/install-macos-dependencies.sh
index 2aa4823fc3d0..b33aed5e5562 100755
--- a/contrib/libarchive/build/ci/github_actions/install-macos-dependencies.sh
+++ b/contrib/libarchive/build/ci/github_actions/install-macos-dependencies.sh
@@ -5,6 +5,9 @@ set -eux
 #brew update > /dev/null
 #brew upgrade > /dev/null
 
+# Workaround for cmake in local/pinned tap issue
+brew uninstall cmake
+
 # This does an upgrade if the package is already installed
 brew install \
 	autoconf \
diff --git a/contrib/libarchive/cat/bsdcat.c b/contrib/libarchive/cat/bsdcat.c
index 731621fa9b75..2e78870ae50e 100644
--- a/contrib/libarchive/cat/bsdcat.c
+++ b/contrib/libarchive/cat/bsdcat.c
@@ -7,6 +7,9 @@
 
 #include "bsdcat_platform.h"
 
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
 #include <stdio.h>
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
@@ -22,7 +25,7 @@
 #include <archive_entry.h>
 
 #include "bsdcat.h"
-#include "err.h"
+#include "lafe_err.h"
 
 #define	BYTES_PER_BLOCK	(20*512)
 
@@ -105,6 +108,16 @@ main(int argc, char **argv)
 	bsdcat = &bsdcat_storage;
 	memset(bsdcat, 0, sizeof(*bsdcat));
 
+#if defined(HAVE_SIGACTION) && defined(SIGCHLD)
+	{ /* Do not ignore SIGCHLD. */
+		struct sigaction sa;
+		sa.sa_handler = SIG_DFL;
+		sigemptyset(&sa.sa_mask);
+		sa.sa_flags = 0;
+		sigaction(SIGCHLD, &sa, NULL);
+	}
+#endif
+
 	lafe_setprogname(*argv, "bsdcat");
 
 	bsdcat->argv = argv;
diff --git a/contrib/libarchive/cat/cmdline.c b/contrib/libarchive/cat/cmdline.c
index 8ecd74aa95e4..5a5fcaf0263f 100644
--- a/contrib/libarchive/cat/cmdline.c
+++ b/contrib/libarchive/cat/cmdline.c
@@ -22,7 +22,7 @@
 #endif
 
 #include "bsdcat.h"
-#include "err.h"
+#include "lafe_err.h"
 
 /*
  * Short options for bsdcat.  Please keep this sorted.
diff --git a/contrib/libarchive/cpio/cmdline.c b/contrib/libarchive/cpio/cmdline.c
index c67519947dbc..db06c03c011d 100644
--- a/contrib/libarchive/cpio/cmdline.c
+++ b/contrib/libarchive/cpio/cmdline.c
@@ -26,7 +26,7 @@
 #endif
 
 #include "cpio.h"
-#include "err.h"
+#include "lafe_err.h"
 
 /*
  * Short options for cpio.  Please keep this sorted.
diff --git a/contrib/libarchive/cpio/cpio.c b/contrib/libarchive/cpio/cpio.c
index 2bf1bfa2985a..262db510568b 100644
--- a/contrib/libarchive/cpio/cpio.c
+++ b/contrib/libarchive/cpio/cpio.c
@@ -60,7 +60,7 @@
 #endif
 
 #include "cpio.h"
-#include "err.h"
+#include "lafe_err.h"
 #include "line_reader.h"
 #include "passphrase.h"
 
@@ -124,13 +124,21 @@ main(int argc, char *argv[])
 	cpio->buff_size = sizeof(buff);
 
 
-#if defined(HAVE_SIGACTION) && defined(SIGPIPE)
-	{ /* Ignore SIGPIPE signals. */
+#if defined(HAVE_SIGACTION)
+	{
 		struct sigaction sa;
 		sigemptyset(&sa.sa_mask);
 		sa.sa_flags = 0;
+#ifdef SIGPIPE
+		/* Ignore SIGPIPE signals. */
 		sa.sa_handler = SIG_IGN;
 		sigaction(SIGPIPE, &sa, NULL);
+#endif
+#ifdef SIGCHLD
+		/* Do not ignore SIGCHLD. */
+		sa.sa_handler = SIG_DFL;
+		sigaction(SIGCHLD, &sa, NULL);
+#endif
 	}
 #endif
 
diff --git a/contrib/libarchive/cpio/test/test_owner_parse.c b/contrib/libarchive/cpio/test/test_owner_parse.c
index dfc78ca77aec..bd68f21cec9b 100644
--- a/contrib/libarchive/cpio/test/test_owner_parse.c
+++ b/contrib/libarchive/cpio/test/test_owner_parse.c
@@ -7,7 +7,7 @@
 #include "test.h"
 
 #include "../cpio.h"
-#include "err.h"
+#include "lafe_err.h"
 
 #if !defined(_WIN32)
 #define ROOT "root"
diff --git a/contrib/libarchive/libarchive/archive.h b/contrib/libarchive/libarchive/archive.h
index 002190a24663..98d7674e18f1 100644
--- a/contrib/libarchive/libarchive/archive.h
+++ b/contrib/libarchive/libarchive/archive.h
@@ -34,7 +34,7 @@
  * assert that ARCHIVE_VERSION_NUMBER >= 2012108.
  */
 /* Note: Compiler will complain if this does not match archive_entry.h! */
-#define	ARCHIVE_VERSION_NUMBER 3008001
+#define	ARCHIVE_VERSION_NUMBER 3008002
 
 #include <sys/stat.h>
 #include <stddef.h>  /* for wchar_t */
@@ -177,7 +177,7 @@ __LA_DECL int		archive_version_number(void);
 /*
  * Textual name/version of the library, useful for version displays.
  */
-#define	ARCHIVE_VERSION_ONLY_STRING "3.8.1"
+#define	ARCHIVE_VERSION_ONLY_STRING "3.8.2"
 #define	ARCHIVE_VERSION_STRING "libarchive " ARCHIVE_VERSION_ONLY_STRING
 __LA_DECL const char *	archive_version_string(void);
 
diff --git a/contrib/libarchive/libarchive/archive_acl.c b/contrib/libarchive/libarchive/archive_acl.c
index 9e71f5ee5610..362e3308f43f 100644
--- a/contrib/libarchive/libarchive/archive_acl.c
+++ b/contrib/libarchive/libarchive/archive_acl.c
@@ -270,6 +270,19 @@ acl_new_entry(struct archive_acl *acl,
 {
 	struct archive_acl_entry *ap, *aq;
 
+	/* Reject an invalid type */
+	switch (type) {
+	case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
+	case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+	case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
+	case ARCHIVE_ENTRY_ACL_TYPE_DENY:
+	case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
+	case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
+		break;
+	default:
+		return (NULL);
+	}
+
 	/* Type argument must be a valid NFS4 or POSIX.1e type.
 	 * The type must agree with anything already set and
 	 * the permset must be compatible. */
@@ -822,6 +835,9 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type,
 		wname = NULL;
 		id = -1;
 		break;
+	default:
+		**wp = '\0';
+		break;
 	}
 	*wp += wcslen(*wp);
 	*(*wp)++ = L':';
@@ -878,6 +894,7 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type,
 			wcscpy(*wp, L"alarm");
 			break;
 		default:
+			*(*wp) = L'\0';
 			break;
 		}
 		*wp += wcslen(*wp);
@@ -1057,6 +1074,9 @@ append_entry(char **p, const char *prefix, int type,
 		name = NULL;
 		id = -1;
 		break;
+	default:
+		**p = '\0';
+		break;
 	}
 	*p += strlen(*p);
 	*(*p)++ = ':';
@@ -1112,6 +1132,9 @@ append_entry(char **p, const char *prefix, int type,
 		case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
 			strcpy(*p, "alarm");
 			break;
+		default:
+			*(*p) = '\0';
+			break;
 		}
 		*p += strlen(*p);
 	}
diff --git a/contrib/libarchive/libarchive/archive_check_magic.c b/contrib/libarchive/libarchive/archive_check_magic.c
index d12f0c496e27..6b8e0c5595f4 100644
--- a/contrib/libarchive/libarchive/archive_check_magic.c
+++ b/contrib/libarchive/libarchive/archive_check_magic.c
@@ -30,6 +30,7 @@
 #endif
 
 #include <stdio.h>
+#include <errno.h>
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
@@ -54,8 +55,14 @@ errmsg(const char *m)
 
 	while (s > 0) {
 		written = write(2, m, s);
-		if (written <= 0)
+		if (written == 0)
 			return;
+		if (written < 0)
+		{
+			if (errno == EINTR)
+				continue;
+			return;
+		}
 		m += written;
 		s -= written;
 	}
diff --git a/contrib/libarchive/libarchive/archive_cryptor.c b/contrib/libarchive/libarchive/archive_cryptor.c
index 1825af4dc510..9f03f9ca6dd0 100644
--- a/contrib/libarchive/libarchive/archive_cryptor.c
+++ b/contrib/libarchive/libarchive/archive_cryptor.c
@@ -151,7 +151,7 @@ pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt,
 	(void)rounds; /* UNUSED */
 	(void)derived_key; /* UNUSED */
 	(void)derived_key_len; /* UNUSED */
-	return -1; /* UNSUPPORTED */
+	return CRYPTOR_STUB_FUNCTION; /* UNSUPPORTED */
 }
 
 #endif
@@ -439,14 +439,14 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
 	(void)ctx; /* UNUSED */
 	(void)key; /* UNUSED */
 	(void)key_len; /* UNUSED */
-	return -1;
+	return CRYPTOR_STUB_FUNCTION;
 }
 
 static int
 aes_ctr_encrypt_counter(archive_crypto_ctx *ctx)
 {
 	(void)ctx; /* UNUSED */
-	return -1;
+	return CRYPTOR_STUB_FUNCTION;
 }
 
 static int
@@ -469,7 +469,7 @@ aes_ctr_update(archive_crypto_ctx *ctx, const uint8_t * const in,
 	(void)out; /* UNUSED */
 	(void)out_len; /* UNUSED */
 	aes_ctr_encrypt_counter(ctx); /* UNUSED */ /* Fix unused function warning */
-	return -1;
+	return CRYPTOR_STUB_FUNCTION;
 }
 
 #else
diff --git a/contrib/libarchive/libarchive/archive_cryptor_private.h b/contrib/libarchive/libarchive/archive_cryptor_private.h
index 4b3c6c161433..1dbc5c17a01a 100644
--- a/contrib/libarchive/libarchive/archive_cryptor_private.h
+++ b/contrib/libarchive/libarchive/archive_cryptor_private.h
@@ -43,7 +43,7 @@ int __libarchive_cryptor_build_hack(void);
 #ifdef __APPLE__
 # include <AvailabilityMacros.h>
 # if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
-#  define ARCHIVE_CRYPTOR_USE_Apple_CommonCrypto
+#  define ARCHIVE_CRYPTOR_USE_Apple_CommonCrypto 1
 # endif
 #endif
 
@@ -144,9 +144,15 @@ typedef struct {
 
 #else
 
+#if defined(ARCHIVE_CRYPTO_MD5_WIN)    ||\
+	defined(ARCHIVE_CRYPTO_SHA1_WIN)   ||\
+	defined(ARCHIVE_CRYPTO_SHA256_WIN) ||\
+	defined(ARCHIVE_CRYPTO_SHA384_WIN) ||\
+	defined(ARCHIVE_CRYPTO_SHA512_WIN)
 #if defined(_WIN32) && !defined(__CYGWIN__) && !(defined(HAVE_BCRYPT_H) && _WIN32_WINNT >= _WIN32_WINNT_VISTA)
 #define ARCHIVE_CRYPTOR_USE_WINCRYPT 1
 #endif
+#endif
 
 #define AES_BLOCK_SIZE	16
 #define AES_MAX_KEY_SIZE 32
@@ -172,6 +178,9 @@ typedef int archive_crypto_ctx;
 #define archive_encrypto_aes_ctr_release(ctx) \
   __archive_cryptor.encrypto_aes_ctr_release(ctx)
 
+/* Stub return value if no encryption support exists. */
+#define CRYPTOR_STUB_FUNCTION	-2
+
 /* Minimal interface to cryptographic functionality for internal use in
  * libarchive */
 struct archive_cryptor
diff --git a/contrib/libarchive/libarchive/archive_entry.h b/contrib/libarchive/libarchive/archive_entry.h
index 2b917b3fde8e..344f33bffac2 100644
--- a/contrib/libarchive/libarchive/archive_entry.h
+++ b/contrib/libarchive/libarchive/archive_entry.h
@@ -28,7 +28,7 @@
 #define	ARCHIVE_ENTRY_H_INCLUDED
 
 /* Note: Compiler will complain if this does not match archive.h! */
-#define	ARCHIVE_VERSION_NUMBER 3008001
+#define	ARCHIVE_VERSION_NUMBER 3008002
 
 /*
  * Note: archive_entry.h is for use outside of libarchive; the
diff --git a/contrib/libarchive/libarchive/archive_entry_paths.3 b/contrib/libarchive/libarchive/archive_entry_paths.3
index 0f849c9ebb35..f739b172308d 100644
--- a/contrib/libarchive/libarchive/archive_entry_paths.3
+++ b/contrib/libarchive/libarchive/archive_entry_paths.3
@@ -64,7 +64,7 @@ Streaming Archive Library (libarchive, -larchive)
 .Ft void
 .Fn archive_entry_copy_hardlink "struct archive_entry *a" "const char *path"
 .Ft void
-.Fn archive_entry_copy_hardlink_w "struct archive_entry *a "const wchar_t *path"
+.Fn archive_entry_copy_hardlink_w "struct archive_entry *a" "const wchar_t *path"
 .Ft int
 .Fn archive_entry_update_hardlink_utf8 "struct archive_entry *a" "const char *path"
 .Ft void
diff --git a/contrib/libarchive/libarchive/archive_entry_stat.c b/contrib/libarchive/libarchive/archive_entry_stat.c
index c4906838ed0f..345d3d29b2f2 100644
--- a/contrib/libarchive/libarchive/archive_entry_stat.c
+++ b/contrib/libarchive/libarchive/archive_entry_stat.c
@@ -38,6 +38,7 @@
 const struct stat *
 archive_entry_stat(struct archive_entry *entry)
 {
+	int64_t size;
 	struct stat *st;
 	if (entry->stat == NULL) {
 		entry->stat = calloc(1, sizeof(*st));
@@ -74,7 +75,10 @@ archive_entry_stat(struct archive_entry *entry)
 	st->st_ino = (ino_t)archive_entry_ino64(entry);
 	st->st_nlink = archive_entry_nlink(entry);
 	st->st_rdev = archive_entry_rdev(entry);
-	st->st_size = (off_t)archive_entry_size(entry);
+	size = archive_entry_size(entry);
+	st->st_size = (off_t)size;
+	if (st->st_size < 0 || (int64_t)st->st_size != size)
+		st->st_size = 0;
 	st->st_mode = archive_entry_mode(entry);
 
 	/*
diff --git a/contrib/libarchive/libarchive/archive_parse_date.c b/contrib/libarchive/libarchive/archive_parse_date.c
index cda0b11a555f..d9e968387d34 100644
--- a/contrib/libarchive/libarchive/archive_parse_date.c
+++ b/contrib/libarchive/libarchive/archive_parse_date.c
@@ -703,9 +703,7 @@ Convert(time_t Month, time_t Day, time_t Year,
 		Year += 1900;
 	DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
 	    ? 29 : 28;
-	/* Checking for 2038 bogusly assumes that time_t is 32 bits.  But
-	   I'm too lazy to try to check for time_t overflow in another way.  */
-	if (Year < EPOCH || Year >= 2038
+	if (Year < EPOCH || (sizeof(time_t) <= 4 && Year >= 2038)
 	    || Month < 1 || Month > 12
 	    /* Lint fluff:  "conversion from long may lose accuracy" */
 	    || Day < 1 || Day > DaysInMonth[(int)--Month]
diff --git a/contrib/libarchive/libarchive/archive_platform.h b/contrib/libarchive/libarchive/archive_platform.h
index f30df1104c83..33dc5582b7ed 100644
--- a/contrib/libarchive/libarchive/archive_platform.h
+++ b/contrib/libarchive/libarchive/archive_platform.h
@@ -183,16 +183,6 @@
 #define	CAN_RESTORE_METADATA_FD
 #endif
 
-/*
- * glibc 2.24 deprecates readdir_r
- * bionic c deprecates readdir_r too
- */
-#if defined(HAVE_READDIR_R) && (!defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || __GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 24)) && (!defined(__ANDROID__))
-#define	USE_READDIR_R	1
-#else
-#undef	USE_READDIR_R
-#endif
-
 /* Set up defaults for internal error codes. */
 #ifndef ARCHIVE_ERRNO_FILE_FORMAT
 #if HAVE_EFTYPE
diff --git a/contrib/libarchive/libarchive/archive_platform_stat.h b/contrib/libarchive/libarchive/archive_platform_stat.h
new file mode 100644
index 000000000000..5432b2f6433a
--- /dev/null
+++ b/contrib/libarchive/libarchive/archive_platform_stat.h
@@ -0,0 +1,45 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2025 Tobias Stoeckmann
+ * All rights reserved.
+ */
+
+/* !!ONLY FOR USE INTERNALLY TO LIBARCHIVE!! */
+
+#ifndef ARCHIVE_PLATFORM_STAT_H_INCLUDED
+#define ARCHIVE_PLATFORM_STAT_H_INCLUDED
+
+#ifndef __LIBARCHIVE_BUILD
+#error This header is only to be used internally to libarchive.
+#endif
+
+#if defined(_WIN32) && !defined(__CYGWIN__)
+/* We use _lseeki64() on Windows. */
+typedef int64_t la_seek_t;
+
+struct la_seek_stat {
+	int64_t		st_mtime;
+	ino_t		st_ino;
+	unsigned short	st_mode;
+	uint32_t	st_nlink;
+	gid_t		st_gid;
+	la_seek_t	st_size;
+	uid_t		st_uid;
+	dev_t		st_dev;
+	dev_t		st_rdev;
+};
+typedef struct la_seek_stat la_seek_stat_t;
+
+#define la_seek_fstat(fd, st)	__la_seek_fstat((fd), (st))
+#define la_seek_stat(fd, st)	__la_seek_stat((fd), (st))
+
+#else
+typedef off_t la_seek_t;
+typedef struct stat la_seek_stat_t;
+
+#define la_seek_fstat(fd, st)	fstat((fd), (st))
+#define la_seek_stat(fd, st)	stat((fd), (st))
+#endif
+
+#endif	/* !ARCHIVE_PLATFORM_STAT_H_INCLUDED */
diff --git a/contrib/libarchive/libarchive/archive_private.h b/contrib/libarchive/libarchive/archive_private.h
index 050fc63c0b2e..3a926c6886ad 100644
--- a/contrib/libarchive/libarchive/archive_private.h
+++ b/contrib/libarchive/libarchive/archive_private.h
@@ -158,6 +158,7 @@ int	__archive_check_magic(struct archive *, unsigned int magic,
 __LA_NORETURN void	__archive_errx(int retvalue, const char *msg);
 
 void	__archive_ensure_cloexec_flag(int fd);
+int	__archive_get_tempdir(struct archive_string *);
 int	__archive_mktemp(const char *tmpdir);
 #if defined(_WIN32) && !defined(__CYGWIN__)
 int	__archive_mkstemp(wchar_t *templates);
diff --git a/contrib/libarchive/libarchive/archive_read.c b/contrib/libarchive/libarchive/archive_read.c
index 50db87017706..c9b9d5981516 100644
--- a/contrib/libarchive/libarchive/archive_read.c
+++ b/contrib/libarchive/libarchive/archive_read.c
@@ -575,8 +575,7 @@ choose_filters(struct archive_read *a)
 			return (ARCHIVE_OK);
 		}
 
-		filter
-		    = calloc(1, sizeof(*filter));
+		filter = calloc(1, sizeof(*filter));
 		if (filter == NULL)
 			return (ARCHIVE_FATAL);
 		filter->bidder = best_bidder;
@@ -834,7 +833,9 @@ archive_read_data(struct archive *_a, void *buff, size_t s)
 			r = archive_read_data_block(a, &read_buf,
 			    &a->read_data_remaining, &a->read_data_offset);
 			a->read_data_block = read_buf;
-			if (r == ARCHIVE_EOF)
+			if (r == ARCHIVE_EOF &&
+			    a->read_data_offset == a->read_data_output_offset &&
+			    a->read_data_remaining == 0)
 				return (bytes_read);
 			/*
 			 * Error codes are all negative, so the status
diff --git a/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c b/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
index 19d049770b78..42af4034b07e 100644
--- a/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
+++ b/contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
@@ -338,7 +338,7 @@ setup_mac_metadata(struct archive_read_disk *a,
 	int ret = ARCHIVE_OK;
 	void *buff = NULL;
 	int have_attrs;
-	const char *name, *tempdir;
+	const char *name;
 	struct archive_string tempfile;
 
 	(void)fd; /* UNUSED */
@@ -357,13 +357,11 @@ setup_mac_metadata(struct archive_read_disk *a,
 	if (have_attrs == 0)
 		return (ARCHIVE_OK);
 
-	tempdir = NULL;
-	if (issetugid() == 0)
-		tempdir = getenv("TMPDIR");
-	if (tempdir == NULL)
-		tempdir = _PATH_TMP;
 	archive_string_init(&tempfile);
-	archive_strcpy(&tempfile, tempdir);
+	if (__archive_get_tempdir(&tempfile) != ARCHIVE_OK) {
+		ret = ARCHIVE_WARN;
+		goto cleanup;
+	}
 	archive_strcat(&tempfile, "tar.md.XXXXXX");
 	tempfd = mkstemp(tempfile.s);
 	if (tempfd < 0) {
diff --git a/contrib/libarchive/libarchive/archive_read_disk_posix.c b/contrib/libarchive/libarchive/archive_read_disk_posix.c
index a7a98e9cb1cd..54a8e66188f8 100644
--- a/contrib/libarchive/libarchive/archive_read_disk_posix.c
+++ b/contrib/libarchive/libarchive/archive_read_disk_posix.c
@@ -168,9 +168,6 @@ struct filesystem {
 	int		synthetic;
 	int		remote;
 	int		noatime;
-#if defined(USE_READDIR_R)
-	size_t		name_max;
-#endif
 	long		incr_xfer_size;
 	long		max_xfer_size;
 	long		min_xfer_size;
@@ -203,10 +200,6 @@ struct tree {
 	DIR			*d;
 #define	INVALID_DIR_HANDLE NULL
 	struct dirent		*de;
-#if defined(USE_READDIR_R)
-	struct dirent		*dirent;
-	size_t			 dirent_allocated;
-#endif
 	int			 flags;
 	int			 visit_type;
 	/* Error code from last failed operation. */
@@ -869,7 +862,7 @@ next_entry(struct archive_read_disk *a, struct tree *t,
 			tree_enter_initial_dir(t);
 			return (ARCHIVE_FATAL);
 		case TREE_ERROR_DIR:
-			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+			archive_set_error(&a->archive, t->tree_errno,
 			    "%s: Couldn't visit directory",
 			    tree_current_path(t));
 			tree_enter_initial_dir(t);
@@ -1578,9 +1571,6 @@ setup_current_filesystem(struct archive_read_disk *a)
 #  endif
 #endif
 	int r, xr = 0;
-#if !defined(HAVE_STRUCT_STATFS_F_NAMEMAX)
-	long nm;
-#endif
 
 	t->current_filesystem->synthetic = -1;
 	t->current_filesystem->remote = -1;
@@ -1647,35 +1637,6 @@ setup_current_filesystem(struct archive_read_disk *a)
 #endif
 		t->current_filesystem->noatime = 0;
 
-#if defined(USE_READDIR_R)
-	/* Set maximum filename length. */
-#if defined(HAVE_STRUCT_STATFS_F_NAMEMAX)
-	t->current_filesystem->name_max = sfs.f_namemax;
-#else
-# if defined(_PC_NAME_MAX)
-	/* Mac OS X does not have f_namemax in struct statfs. */
-	if (tree_current_is_symblic_link_target(t)) {
-		if (tree_enter_working_dir(t) != 0) {
-			archive_set_error(&a->archive, errno, "fchdir failed");
-			return (ARCHIVE_FAILED);
-		}
-		nm = pathconf(tree_current_access_path(t), _PC_NAME_MAX);
-	} else
-		nm = fpathconf(tree_current_dir_fd(t), _PC_NAME_MAX);
-# else
-	nm = -1;
-# endif
-	if (nm == -1)
-		t->current_filesystem->name_max = NAME_MAX;
-	else
-		t->current_filesystem->name_max = nm;
-#endif
-	if (t->current_filesystem->name_max == 0) {
-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-		    "Cannot determine name_max");
-		return (ARCHIVE_FAILED);
-	}
-#endif /* USE_READDIR_R */
 	return (ARCHIVE_OK);
 }
 
@@ -1863,19 +1824,6 @@ setup_current_filesystem(struct archive_read_disk *a)
 #endif
 		t->current_filesystem->noatime = 0;
 
-#if defined(USE_READDIR_R)
-	/* Set maximum filename length. */
-#if defined(HAVE_STATVFS)
-	t->current_filesystem->name_max = svfs.f_namemax;
-#else
-	t->current_filesystem->name_max = sfs.f_namelen;
-#endif
-	if (t->current_filesystem->name_max == 0) {
-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-		    "Cannot determine name_max");
-		return (ARCHIVE_FAILED);
-	}
-#endif
 	return (ARCHIVE_OK);
 }
 
@@ -1953,15 +1901,6 @@ setup_current_filesystem(struct archive_read_disk *a)
 #endif
 		t->current_filesystem->noatime = 0;
 
-#if defined(USE_READDIR_R)
-	/* Set maximum filename length. */
-	t->current_filesystem->name_max = svfs.f_namemax;
-	if (t->current_filesystem->name_max == 0) {
-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-		    "Cannot determine name_max");
-		return (ARCHIVE_FAILED);
-	}
-#endif
 	return (ARCHIVE_OK);
 }
 
@@ -1975,9 +1914,6 @@ static int
 setup_current_filesystem(struct archive_read_disk *a)
 {
 	struct tree *t = a->tree;
-#if defined(_PC_NAME_MAX) && defined(USE_READDIR_R)
-	long nm;
-#endif
 	t->current_filesystem->synthetic = -1;/* Not supported */
 	t->current_filesystem->remote = -1;/* Not supported */
 	t->current_filesystem->noatime = 0;
@@ -1987,40 +1923,6 @@ setup_current_filesystem(struct archive_read_disk *a)
 	t->current_filesystem->min_xfer_size = -1;
 	t->current_filesystem->incr_xfer_size = -1;
 
-#if defined(USE_READDIR_R)
-	/* Set maximum filename length. */
-#  if defined(_PC_NAME_MAX)
-	if (tree_current_is_symblic_link_target(t)) {
-		if (tree_enter_working_dir(t) != 0) {
-			archive_set_error(&a->archive, errno, "fchdir failed");
-			return (ARCHIVE_FAILED);
-		}
-		nm = pathconf(tree_current_access_path(t), _PC_NAME_MAX);
-	} else
-		nm = fpathconf(tree_current_dir_fd(t), _PC_NAME_MAX);
-	if (nm == -1)
-#  endif /* _PC_NAME_MAX */
-		/*
-		 * Some systems (HP-UX or others?) incorrectly defined
-		 * NAME_MAX macro to be a smaller value.
-		 */
-#  if defined(NAME_MAX) && NAME_MAX >= 255
-		t->current_filesystem->name_max = NAME_MAX;
-#  else
-		/* No way to get a trusted value of maximum filename
-		 * length. */
-		t->current_filesystem->name_max = PATH_MAX;
-#  endif /* NAME_MAX */
-#  if defined(_PC_NAME_MAX)
-	else
-		t->current_filesystem->name_max = nm;
-#  endif /* _PC_NAME_MAX */
-	if (t->current_filesystem->name_max == 0) {
-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-		    "Cannot determine name_max");
-		return (ARCHIVE_FAILED);
-	}
-#endif /* USE_READDIR_R */
 	return (ARCHIVE_OK);
 }
 
@@ -2112,8 +2014,11 @@ tree_dup(int fd)
 	}
 #endif /* F_DUPFD_CLOEXEC */
 	new_fd = dup(fd);
-	__archive_ensure_cloexec_flag(new_fd);
-	return (new_fd);
+	if (new_fd != -1) {
+		__archive_ensure_cloexec_flag(new_fd);
+		return (new_fd);
+	}
+	return (-1);
 }
 
 /*
@@ -2235,11 +2140,16 @@ tree_reopen(struct tree *t, const char *path, int restore_time)
 	 * so try again for execute. The consequences of not opening this are
 	 * unhelpful and unnecessary errors later.
 	 */
-	if (t->initial_dir_fd < 0)
+	if (t->initial_dir_fd < 0) {
 		t->initial_dir_fd = open(".", o_flag | O_CLOEXEC);
+		if (t->initial_dir_fd < 0)
+			return NULL;
+	}
 #endif
 	__archive_ensure_cloexec_flag(t->initial_dir_fd);
 	t->working_dir_fd = tree_dup(t->initial_dir_fd);
+	if (t->working_dir_fd < 0)
+		return NULL;
 	return (t);
 }
 
@@ -2449,12 +2359,11 @@ tree_dir_next_posix(struct tree *t)
 	size_t namelen;
 
 	if (t->d == NULL) {
-#if defined(USE_READDIR_R)
-		size_t dirent_size;
-#endif
 
 #if defined(HAVE_FDOPENDIR)
-		t->d = fdopendir(tree_dup(t->working_dir_fd));
+		int fd = tree_dup(t->working_dir_fd);
+		if (fd != -1)
+			t->d = fdopendir(fd);
 #else /* HAVE_FDOPENDIR */
 		if (tree_enter_working_dir(t) == 0) {
 			t->d = opendir(".");
@@ -2470,45 +2379,12 @@ tree_dir_next_posix(struct tree *t)
 			t->visit_type = r != 0 ? r : TREE_ERROR_DIR;
 			return (t->visit_type);
 		}
-#if defined(USE_READDIR_R)
-		dirent_size = offsetof(struct dirent, d_name) +
-		  t->filesystem_table[t->current->filesystem_id].name_max + 1;
-		if (t->dirent == NULL || t->dirent_allocated < dirent_size) {
-			free(t->dirent);
-			t->dirent = malloc(dirent_size);
-			if (t->dirent == NULL) {
-				closedir(t->d);
-				t->d = INVALID_DIR_HANDLE;
-				(void)tree_ascend(t);
-				tree_pop(t);
-				t->tree_errno = ENOMEM;
-				t->visit_type = TREE_ERROR_DIR;
-				return (t->visit_type);
-			}
-			t->dirent_allocated = dirent_size;
-		}
-#endif /* USE_READDIR_R */
 	}
 	for (;;) {
 		errno = 0;
-#if defined(USE_READDIR_R)
-		r = readdir_r(t->d, t->dirent, &t->de);
-#ifdef _AIX
-		/* Note: According to the man page, return value 9 indicates
-		 * that the readdir_r was not successful and the error code
-		 * is set to the global errno variable. And then if the end
-		 * of directory entries was reached, the return value is 9
-		 * and the third parameter is set to NULL and errno is
-		 * unchanged. */
-		if (r == 9)
-			r = errno;
-#endif /* _AIX */
-		if (r != 0 || t->de == NULL) {
-#else
 		t->de = readdir(t->d);
 		if (t->de == NULL) {
 			r = errno;
-#endif
 			closedir(t->d);
 			t->d = INVALID_DIR_HANDLE;
 			if (r != 0) {
@@ -2747,9 +2623,6 @@ tree_free(struct tree *t)
 	if (t == NULL)
 		return;
 	archive_string_free(&t->path);
-#if defined(USE_READDIR_R)
-	free(t->dirent);
-#endif
 	free(t->sparse_list);
 	for (i = 0; i < t->max_filesystem_id; i++)
 		free(t->filesystem_table[i].allocation_ptr);
diff --git a/contrib/libarchive/libarchive/archive_read_open_fd.c b/contrib/libarchive/libarchive/archive_read_open_fd.c
index dc7c9e52c6f6..c85a62a3e2d7 100644
--- a/contrib/libarchive/libarchive/archive_read_open_fd.c
+++ b/contrib/libarchive/libarchive/archive_read_open_fd.c
@@ -48,6 +48,7 @@
 #endif
 
 #include "archive.h"
+#include "archive_platform_stat.h"
 
 struct read_fd_data {
 	int	 fd;
@@ -65,12 +66,12 @@ static int64_t	file_skip(struct archive *, void *, int64_t request);
 int
 archive_read_open_fd(struct archive *a, int fd, size_t block_size)
*** 3269 LINES SKIPPED ***