Update vendor/libarchive to 3.8.0
New features:
#2088 7-zip reader: improve self-extracting archive detection
#2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
#2403 zip writer: added LZMA + RISCV BCJ filter
#2601 bsdtar: support --mtime and --clamp-mtime
#2602 libarchive: mbedtls 3.x compatibility
Security fixes:
#2422 tar reader: Handle truncation in the middle of a GNU long linkname
CVE-2024-57970
#2532 tar reader: fix unchecked return value in list_item_verbose()
CVE-2025-25724
#2532 unzip: fix null pointer dereference
CVE-2025-1632
#2568 warc: prevent signed integer overflow
#2584 rar: do not skip past EOF while reading
#2588 tar: fix overflow in build_ustar_entry
#2598 rar: fix double free with over 4 billion nodes
#2599 rar: fix heap-buffer-overflow
Important bugfixes:
#2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings
Obtained from: libarchive
Vendor commit: 70ff28fcf04ec129a1d064f96e49aa57fcc90e37
CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724