[Bug 286944] [exp-run] libarchive 3.8.0
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 286944] [exp-run] libarchive 3.8.0"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 08 Aug 2025 00:40:00 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286944
--- Comment #7 from commit-hook@FreeBSD.org ---
A commit in branch releng/13.5 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=798b7b161a71282aff73d532ffe381b65dd04251
commit 798b7b161a71282aff73d532ffe381b65dd04251
Author: Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2025-06-01 20:16:26 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2025-08-07 23:50:06 +0000
libarchive: merge from vendor branch
libarchive 3.8.1
New features:
#2088 7-zip reader: improve self-extracting archive detection
#2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
#2403 zip writer: added LZMA + RISCV BCJ filter
#2601 bsdtar: support --mtime and --clamp-mtime
#2602 libarchive: mbedtls 3.x compatibility
Security fixes:
#2422 tar reader: Handle truncation in the middle of a GNU long linkname
(CVE-2024-57970)
#2532 tar reader: fix unchecked return value in list_item_verbose()
(CVE-2025-25724)
#2532 unzip: fix null pointer dereference (CVE-2025-1632)
#2568 warc: prevent signed integer overflow (CVE-2025-5916)
#2584 rar: do not skip past EOF while reading (CVE-2025-5918)
#2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917)
#2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914)
#2599 rar: fix heap-buffer-overflow (CVE-2025-5915)
Important bugfixes:
#2399 7-zip reader: add SPARC filter support for non-LZMA compressors
#2405 tar reader: ignore ustar size when pax size is present
#2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
#2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
#2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
#2539 libarchive: add missing seeker function to archive_read_open_FILE()
#2544 gzip: allow setting the original filename for gzip compressed files
#2564 libarchive: improve lseek handling
#2582 rar: support large headers on 32 bit systems
#2587 bsdtar: don't hardlink negative inode files together
#2596 rar: support large headers on 32 bit systems
#2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
#2634 tar: Support negative time values with pax
#2637 tar: Keep block alignment after pax error
#2642 libarchive: fix FILE_skip regression
#2643 tar: Handle extra bytes after sparse entries
#2649 compress: Prevent call stack overflow
#2651 iso9660: always check archive_string_ensure return value
CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724,
CVE-2025-5914, CVE-2025-5915, CVE-2025-5916,
CVE-2025-5917, CVE-2025-5918
PR: 286944 (exp-run on main, libarchive 3.8.0)
Approved by: so
Security: FreeBSD-SA-25:07.libarchive
(cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47)
(cherry picked from commit f47afeb2ce1eb04a787a4b8c1a6d7752940268da)
contrib/libarchive/COPYING | 2 +-
contrib/libarchive/NEWS | 8 +
contrib/libarchive/README.md | 9 +-
.../install-macos-dependencies.sh (new +x) | 19 +
contrib/libarchive/cpio/cpio.c | 2 +-
contrib/libarchive/cpio/test/test_format_newc.c | 12 +-
contrib/libarchive/cpio/test/test_option_a.c | 2 +-
contrib/libarchive/cpio/test/test_option_c.c | 8 +-
contrib/libarchive/libarchive/archive.h | 57 +-
contrib/libarchive/libarchive/archive_acl.c | 14 +-
.../libarchive/libarchive/archive_acl_private.h | 2 +-
contrib/libarchive/libarchive/archive_cmdline.c | 2 +-
.../libarchive/archive_cryptor_private.h | 8 +
contrib/libarchive/libarchive/archive_digest.c | 344 +-
.../libarchive/libarchive/archive_digest_private.h | 35 +-
.../libarchive/archive_disk_acl_freebsd.c | 4 +-
contrib/libarchive/libarchive/archive_entry.c | 54 +-
contrib/libarchive/libarchive/archive_entry.h | 84 +-
.../libarchive/archive_entry_link_resolver.c | 8 +
.../libarchive/libarchive/archive_entry_locale.h | 2 +-
.../libarchive/libarchive/archive_entry_private.h | 13 +-
.../libarchive/libarchive/archive_hmac_private.h | 2 +-
contrib/libarchive/libarchive/archive_match.c | 102 +-
contrib/libarchive/libarchive/archive_options.c | 4 +-
.../libarchive/archive_options_private.h | 4 +-
contrib/libarchive/libarchive/archive_pack_dev.h | 2 +-
.../{archive_getdate.c => archive_parse_date.c} | 65 +-
contrib/libarchive/libarchive/archive_platform.h | 5 +
.../libarchive/libarchive/archive_platform_acl.h | 2 +-
.../libarchive/libarchive/archive_platform_xattr.h | 2 +-
contrib/libarchive/libarchive/archive_ppmd7.c | 11 +-
contrib/libarchive/libarchive/archive_ppmd8.c | 15 +-
.../libarchive/libarchive/archive_ppmd_private.h | 18 +-
.../libarchive/libarchive/archive_random_private.h | 2 +-
contrib/libarchive/libarchive/archive_rb.h | 2 +-
contrib/libarchive/libarchive/archive_read.c | 6 -
.../libarchive/archive_read_append_filter.c | 4 +
.../libarchive/archive_read_disk_entry_from_file.c | 2 +-
.../libarchive/archive_read_disk_posix.c | 9 +-
.../libarchive/archive_read_disk_private.h | 7 +-
.../libarchive/libarchive/archive_read_format.3 | 15 +
.../libarchive/libarchive/archive_read_open_fd.c | 42 +-
.../libarchive/libarchive/archive_read_open_file.c | 121 +-
.../libarchive/archive_read_open_filename.c | 61 +-
.../archive_read_support_filter_by_code.c | 14 -
.../archive_read_support_filter_compress.c | 3 +-
.../libarchive/archive_read_support_filter_lz4.c | 1 -
.../libarchive/archive_read_support_format_7zip.c | 445 +-
.../archive_read_support_format_by_code.c | 15 -
.../libarchive/archive_read_support_format_cab.c | 7 +-
.../libarchive/archive_read_support_format_cpio.c | 22 +-
.../archive_read_support_format_iso9660.c | 4 +-
.../libarchive/archive_read_support_format_lha.c | 73 +-
.../libarchive/archive_read_support_format_rar.c | 184 +-
.../libarchive/archive_read_support_format_rar5.c | 101 +-
.../libarchive/archive_read_support_format_tar.c | 409 +-
.../libarchive/archive_read_support_format_warc.c | 7 +-
.../libarchive/archive_read_support_format_xar.c | 355 +-
.../libarchive/archive_read_support_format_zip.c | 33 +-
contrib/libarchive/libarchive/archive_string.c | 141 +-
.../libarchive/archive_string_composition.h | 3 +-
.../libarchive/libarchive/archive_string_sprintf.c | 11 +-
contrib/libarchive/libarchive/archive_time.c (new) | 163 +
.../{archive_getdate.h => archive_time_private.h} | 26 +-
contrib/libarchive/libarchive/archive_util.c | 76 +-
.../libarchive/archive_version_details.c | 405 +-
contrib/libarchive/libarchive/archive_write.c | 2 +-
.../archive_write_add_filter_b64encode.c | 2 +-
.../libarchive/archive_write_add_filter_gzip.c | 19 +-
.../libarchive/archive_write_add_filter_uuencode.c | 2 +-
.../libarchive/archive_write_disk_posix.c | 15 +-
.../libarchive/archive_write_open_filename.c | 8 +-
.../libarchive/archive_write_set_format_7zip.c | 298 +-
.../libarchive/archive_write_set_format_gnutar.c | 16 +-
.../libarchive/archive_write_set_format_iso9660.c | 25 +-
.../libarchive/archive_write_set_format_mtree.c | 123 +-
.../libarchive/archive_write_set_format_pax.c | 6 +-
.../libarchive/archive_write_set_format_xar.c | 692 +-
.../libarchive/archive_write_set_format_zip.c | 986 +-
.../libarchive/archive_write_set_options.3 | 43 +-
contrib/libarchive/libarchive/libarchive-formats.5 | 20 +-
.../libarchive/libarchive/test/read_open_memory.c | 2 +-
.../libarchive/test/test_7zip_filename_encoding.c | 200 +-
contrib/libarchive/libarchive/test/test_acl_pax.c | 8 +-
.../libarchive/test/test_acl_platform_nfs4.c | 10 +-
.../libarchive/test/test_acl_platform_posix1e.c | 3 +-
.../libarchive/libarchive/test/test_acl_posix1e.c | 8 +-
contrib/libarchive/libarchive/test/test_acl_text.c | 2 +-
.../libarchive/test/test_archive_match_time.c | 71 +-
...archive_getdate.c => test_archive_parse_date.c} | 21 +-
.../test/test_archive_string_conversion.c | 4 +-
.../libarchive/test/test_compat_gtar_large.c (new) | 224 +
.../libarchive/test/test_compat_solaris_tar_acl.c | 4 +-
.../libarchive/test/test_compat_star_acl.c | 6 +-
contrib/libarchive/libarchive/test/test_entry.c | 2 +-
.../libarchive/libarchive/test/test_open_file.c | 9 +-
.../test/test_read_disk_directory_traversals.c | 2 +-
.../libarchive/test/test_read_format_7zip.c | 315 +-
...st_read_format_7zip_deflate_powerpc.7z.uu (new) | 55 +
.../test_read_format_7zip_extract_second.7z.uu | 22 +-
...test_read_format_7zip_lzma2_powerpc.7z.uu (new) | 48 +
.../test_read_format_7zip_lzma2_riscv.7z.uu (new) | 49 +
.../test_read_format_7zip_lzma2_sparc.7z.uu (new) | 51 +
.../test_read_format_7zip_sfx_elf.elf.uu (new) | 9442 ++++++++++++++++++++
...t_read_format_7zip_sfx_modified_pe.exe.uu (new) | 109 +
.../test/test_read_format_7zip_sfx_pe.exe.uu (new) | 4751 ++++++++++
.../test_read_format_7zip_zstd_sparc.7z.uu (new) | 59 +
.../test/test_read_format_gtar_redundant_L.c (new) | 40 +
...est_read_format_gtar_redundant_L.tar.Z.uu (new) | 16 +
.../libarchive/test/test_read_format_gtar_sparse.c | 8 +-
.../test_read_format_gtar_sparse_length.c (new) | 53 +
...t_read_format_gtar_sparse_length.tar.Z.uu (new) | 12 +
...est_read_format_gtar_sparse_skip_entry.tar.Z.uu | 18 +-
.../libarchive/test/test_read_format_rar.c | 74 +-
.../libarchive/test/test_read_format_rar5.c | 29 +-
.../test/test_read_format_rar5_unicode.rar.uu | 18 +-
.../test/test_read_format_rar_encryption.c | 4 +-
.../test_read_format_rar_endarc_huge.rar.uu (new) | 4 +
.../test_read_format_rar_newsub_huge.rar.uu (new) | 5 +
.../test/test_read_format_rar_overflow.c (new) | 48 +
.../test_read_format_rar_overflow.rar.uu (new) | 11 +
.../test_read_format_rar_symlink_huge.rar.uu (new) | 5 +
.../test_read_format_tar_empty_with_gnulabel.c | 2 +-
.../test/test_read_format_tar_mac_metadata.c (new) | 85 +
...est_read_format_tar_mac_metadata_1.tar.uu (new) | 231 +
.../test/test_read_format_tar_pax_g_large.c (new) | 53 +
.../test_read_format_tar_pax_g_large.tar.uu (new) | 49 +
.../test_read_format_tar_pax_negative_time.c (new) | 68 +
..._read_format_tar_pax_negative_time.tar.uu (new) | 60 +
.../libarchive/test/test_read_format_warc.c | 24 +
.../test_read_format_warc_incomplete.warc.uu (new) | 10 +
.../libarchive/test/test_read_format_zip.c | 5 +-
.../test/test_read_pax_empty_val_no_nl.c (new) | 65 +
.../test_read_pax_empty_val_no_nl.tar.uu (new) | 60 +
.../libarchive/test/test_read_position.c | 2 +-
.../libarchive/libarchive/test/test_sparse_basic.c | 8 +-
.../libarchive/libarchive/test/test_tar_large.c | 2 +-
.../libarchive/test/test_write_disk_perms.c | 8 +-
.../test/test_write_disk_secure_noabsolutepaths.c | 4 +-
.../libarchive/test/test_write_filter_gzip.c | 5 +-
.../libarchive/test/test_write_format_7zip.c | 6 +
.../libarchive/test/test_write_format_7zip_large.c | 6 +
.../libarchive/test/test_write_format_gnutar.c | 29 +-
.../test_write_format_mtree_preset_digests.c (new) | 2107 +++++
.../libarchive/test/test_write_format_tar_sparse.c | 4 +-
.../libarchive/test/test_write_format_xar.c | 39 +
.../test/test_write_format_zip64_stream.c | 192 +-
...test_write_format_zip_compression_bzip2.c (new) | 362 +
...est_write_format_zip_compression_lzmaxz.c (new) | 425 +
.../test/test_write_format_zip_compression_store.c | 277 +-
.../test_write_format_zip_compression_zstd.c (new) | 366 +
.../test/test_write_format_zip_entry_size_unset.c | 150 +-
.../libarchive/test/test_write_format_zip_file.c | 164 +-
.../test/test_write_format_zip_file_zip64.c | 192 +-
.../libarchive/test/test_write_format_zip_large.c | 35 +-
.../libarchive/test/test_write_format_zip_stream.c | 156 +-
contrib/libarchive/libarchive_fe/passphrase.c | 10 +-
contrib/libarchive/tar/bsdtar.1 | 74 +-
contrib/libarchive/tar/bsdtar.c | 35 +-
contrib/libarchive/tar/bsdtar.h | 12 +-
contrib/libarchive/tar/cmdline.c | 2 +
contrib/libarchive/tar/subst.c | 1 +
contrib/libarchive/tar/test/test_list_item.c (new) | 63 +
.../tar/test/test_list_item.tar.uu (new) | 169 +
contrib/libarchive/tar/test/test_option_C_mtree.c | 4 +-
.../{test_option_P.c => test_option_P_upper.c} | 0
.../libarchive/tar/test/test_option_ignore_zeros.c | 4 +-
.../libarchive/tar/test/test_option_mtime.c (new) | 82 +
contrib/libarchive/tar/test/test_option_s.c | 14 +-
contrib/libarchive/tar/test/test_stdio.c | 48 +-
contrib/libarchive/tar/util.c | 57 +-
contrib/libarchive/tar/write.c | 4 +
contrib/libarchive/test_utils/test_common.h | 2 +-
contrib/libarchive/test_utils/test_main.c | 192 +-
contrib/libarchive/test_utils/test_utils.c | 48 +
contrib/libarchive/test_utils/test_utils.h | 11 +-
contrib/libarchive/unzip/bsdunzip.c | 21 +-
contrib/libarchive/unzip/la_getline.h (new) | 16 +
lib/libarchive/Makefile | 3 +-
lib/libarchive/tests/Makefile | 35 +-
usr.bin/tar/tests/Makefile | 5 +-
181 files changed, 25587 insertions(+), 2345 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.