HomeFreeBSD

Update vendor/libarchive to 3.8.0

Description

Update vendor/libarchive to 3.8.0

New features:
#2088 7-zip reader: improve self-extracting archive detection
#2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
#2403 zip writer: added LZMA + RISCV BCJ filter
#2601 bsdtar: support --mtime and --clamp-mtime
#2602 libarchive: mbedtls 3.x compatibility

Security fixes:
#2422 tar reader: Handle truncation in the middle of a GNU long linkname

CVE-2024-57970

#2532 tar reader: fix unchecked return value in list_item_verbose()

CVE-2025-25724

#2532 unzip: fix null pointer dereference

CVE-2025-1632

#2568 warc: prevent signed integer overflow
#2584 rar: do not skip past EOF while reading
#2588 tar: fix overflow in build_ustar_entry
#2598 rar: fix double free with over 4 billion nodes
#2599 rar: fix heap-buffer-overflow

Important bugfixes:

#2399 7-zip reader: add SPARC filter support for non-LZMA compressors
#2405 tar reader: ignore ustar size when pax size is present
#2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
#2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
#2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
#2539 libarchive: add missing seeker function to archive_read_open_FILE()
#2544 gzip: allow setting the original filename for gzip compressed files
#2564 libarchive: improve lseek handling
#2582 rar: support large headers on 32 bit systems
#2587 bsdtar: don't hardlink negative inode files together
#2596 rar: support large headers on 32 bit systems
#2606 libarchive: support @-prefixed Unix epoch timestamps as date strings

Obtained from: libarchive
Vendor commit: 70ff28fcf04ec129a1d064f96e49aa57fcc90e37
CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724

Details

Provenance
mmAuthored on May 20 2025, 10:43 AM
Parents
rGeff4ff4791c8: Update vendor/libarchive to 3.7.7
Branches
Unknown
Tags
Unknown