[Bug 290303] [exp-run] libarchive 3.8.2
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 290303] [exp-run] libarchive 3.8.2"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 03 Nov 2025 10:51:26 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290303
--- Comment #5 from commit-hook@FreeBSD.org ---
A commit in branch stable/13 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1b969a57d0d1cd8d4505984820a365f721e6efc6
commit 1b969a57d0d1cd8d4505984820a365f721e6efc6
Author: Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2025-10-21 14:10:15 +0000
Commit: Martin Matuska <mm@FreeBSD.org>
CommitDate: 2025-11-03 09:30:24 +0000
libarchive: merge from vendor branch
Update libarchive to 3.8.2
Important bugfixes:
#2477 tar writer: fix replacing a regular file with a dir for
ARCHIVE_EXTRACT_SAFE_WRITES
#2659 lib: improve filter process handling
#2664 zip writer: fix a memory leak if write callback error early
#2665 lib: archive_read_data: handle sparse holes at end of file correctly
#2668 7zip: Fix out of boundary access
#2670 zip writer: fix writing with ZSTD compression
#2672 lib: fix error checking in writing files
#2678 zstd write filter: enable Zstandard's checksum feature
#2679 lib: handle possible errors from system calls
#2707 lib: avoid leaking file descriptors into subprocesses
#2713 RAR5 reader: fix multiple issues in extra field parsing function
#2716 RAR5 reader: early fail when file declares data for a dir entry
#2717 bsdtar: Allow filename to have CRLF endings
#2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
#2737 tar reader: fix an infinite loop when parsing V headers
#2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
enough
Obtained from: libarchive
Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83
Security: CVE-2025-25724
PR: 290303 (exp-run, main)
(cherry picked from commit 401026e4825a05abba6f945cf1b74b3328876fa2)
contrib/libarchive/NEWS | 2 +
contrib/libarchive/SECURITY.md | 2 +-
.../github_actions/install-macos-dependencies.sh | 3 +
contrib/libarchive/cat/bsdcat.c | 15 +-
contrib/libarchive/cat/cmdline.c | 2 +-
contrib/libarchive/cpio/cmdline.c | 2 +-
contrib/libarchive/cpio/cpio.c | 14 +-
contrib/libarchive/cpio/test/test_owner_parse.c | 2 +-
contrib/libarchive/libarchive/archive.h | 4 +-
contrib/libarchive/libarchive/archive_acl.c | 23 +++
.../libarchive/libarchive/archive_check_magic.c | 9 +-
contrib/libarchive/libarchive/archive_cryptor.c | 8 +-
.../libarchive/archive_cryptor_private.h | 11 +-
contrib/libarchive/libarchive/archive_entry.h | 2 +-
.../libarchive/libarchive/archive_entry_paths.3 | 2 +-
contrib/libarchive/libarchive/archive_entry_stat.c | 6 +-
contrib/libarchive/libarchive/archive_parse_date.c | 4 +-
contrib/libarchive/libarchive/archive_platform.h | 10 --
.../libarchive/archive_platform_stat.h (new) | 45 ++++++
contrib/libarchive/libarchive/archive_private.h | 1 +
contrib/libarchive/libarchive/archive_read.c | 7 +-
.../libarchive/archive_read_disk_entry_from_file.c | 12 +-
.../libarchive/archive_read_disk_posix.c | 157 ++-------------------
.../libarchive/libarchive/archive_read_open_fd.c | 23 +--
.../libarchive/libarchive/archive_read_open_file.c | 16 ++-
.../libarchive/archive_read_open_filename.c | 31 ++--
.../libarchive/archive_read_set_format.c | 32 ++---
.../archive_read_support_filter_program.c | 7 +-
.../libarchive/archive_read_support_format_7zip.c | 7 +-
.../libarchive/archive_read_support_format_mtree.c | 23 ++-
.../libarchive/archive_read_support_format_rar.c | 8 +-
.../libarchive/archive_read_support_format_rar5.c | 66 +++++++--
.../libarchive/archive_read_support_format_tar.c | 70 ++++++---
.../libarchive/archive_read_support_format_warc.c | 2 +-
.../libarchive/archive_read_support_format_xar.c | 2 +-
.../libarchive/archive_read_support_format_zip.c | 4 +-
contrib/libarchive/libarchive/archive_string.c | 5 +-
.../libarchive/libarchive/archive_string_sprintf.c | 2 +-
contrib/libarchive/libarchive/archive_util.c | 38 ++++-
contrib/libarchive/libarchive/archive_write.c | 30 ++--
.../libarchive/archive_write_add_filter_bzip2.c | 4 +
.../libarchive/archive_write_add_filter_gzip.c | 55 +++++---
.../libarchive/archive_write_add_filter_program.c | 11 +-
.../libarchive/archive_write_add_filter_zstd.c | 2 +
.../libarchive/archive_write_disk_posix.c | 16 ++-
.../libarchive/libarchive/archive_write_open_fd.c | 2 +-
.../libarchive/archive_write_open_file.c | 14 +-
.../libarchive/archive_write_open_filename.c | 3 +-
.../libarchive/archive_write_set_format_7zip.c | 2 +-
.../libarchive/archive_write_set_format_mtree.c | 19 ++-
.../libarchive/archive_write_set_format_xar.c | 6 +-
.../libarchive/archive_write_set_format_zip.c | 25 +++-
contrib/libarchive/libarchive/filter_fork_posix.c | 37 ++++-
contrib/libarchive/libarchive/test/test_acl_nfs4.c | 7 +
.../libarchive/libarchive/test/test_acl_posix1e.c | 5 +
.../libarchive/test/test_archive_parse_date.c | 2 +
.../test/test_archive_string_conversion.c | 10 ++
contrib/libarchive/libarchive/test/test_entry.c | 11 ++
.../test/test_read_filter_gzip_recursive.c | 4 +-
.../libarchive/test/test_read_format_7zip.c | 81 +++++++----
.../libarchive/test/test_read_format_rar5.c | 66 +++++++++
.../test_read_format_rar5_dirdata.rar.uu (new) | 6 +
...ar5_invalid_hash_valid_htime_exfld.rar.uu (new) | 6 +
..._read_format_rar5_only_crypt_exfld.rar.uu (new) | 7 +
...read_format_rar5_unsupported_exfld.rar.uu (new) | 6 +
.../test_read_format_tar_V_negative_size.c (new) | 48 +++++++
...st_read_format_tar_V_negative_size.tar.uu (new) | 20 +++
.../libarchive/test/test_read_set_format.c | 7 +-
.../libarchive/test/test_write_filter_bzip2.c | 29 ++++
.../libarchive/test/test_write_filter_gzip.c | 12 +-
.../test/test_write_filter_gzip_timestamp.c | 7 +-
.../libarchive/libarchive_fe/{err.c => lafe_err.c} | 2 +-
.../libarchive/libarchive_fe/{err.h => lafe_err.h} | 0
contrib/libarchive/libarchive_fe/line_reader.c | 2 +-
contrib/libarchive/libarchive_fe/passphrase.c | 2 +-
contrib/libarchive/tar/bsdtar.c | 7 +-
contrib/libarchive/tar/bsdtar.h | 8 +-
contrib/libarchive/tar/cmdline.c | 2 +-
contrib/libarchive/tar/creation_set.c | 2 +-
contrib/libarchive/tar/read.c | 2 +-
contrib/libarchive/tar/subst.c | 2 +-
.../libarchive/tar/test/test_crlf_mtree.c (new) | 74 ++++++++++
.../libarchive/tar/test/test_option_safe_writes.c | 5 +-
contrib/libarchive/tar/util.c | 7 +-
contrib/libarchive/tar/write.c | 29 +++-
contrib/libarchive/test_utils/test_common.h | 10 +-
contrib/libarchive/test_utils/test_main.c | 156 +++++---------------
contrib/libarchive/unzip/bsdunzip.c | 15 +-
contrib/libarchive/unzip/cmdline.c | 2 +-
contrib/libarchive/unzip/test/test_C.c | 4 +
contrib/libarchive/unzip/test/test_L.c | 4 +
contrib/libarchive/unzip/test/test_P_encryption.c | 12 +-
contrib/libarchive/unzip/test/test_basic.c | 4 +
contrib/libarchive/unzip/test/test_d.c | 8 ++
contrib/libarchive/unzip/test/test_doubledash.c | 4 +
contrib/libarchive/unzip/test/test_glob.c | 4 +
contrib/libarchive/unzip/test/test_j.c | 4 +
contrib/libarchive/unzip/test/test_n.c | 4 +
contrib/libarchive/unzip/test/test_o.c | 4 +
contrib/libarchive/unzip/test/test_p.c | 4 +
contrib/libarchive/unzip/test/test_q.c | 4 +
contrib/libarchive/unzip/test/test_singlefile.c | 4 +
contrib/libarchive/unzip/test/test_t.c | 4 +
contrib/libarchive/unzip/test/test_x.c | 12 ++
lib/libarchive/tests/Makefile | 6 +
usr.bin/bsdcat/Makefile | 2 +-
usr.bin/cpio/Makefile | 2 +-
usr.bin/cpio/tests/Makefile | 2 +-
usr.bin/tar/Makefile | 2 +-
usr.bin/tar/tests/Makefile | 1 +
usr.bin/unzip/Makefile | 2 +-
usr.bin/unzip/tests/Makefile | 2 +-
112 files changed, 1119 insertions(+), 546 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.