libarchive: merge from vendor branch

Libarchive 3.7.4 + three fixes from master

Security fixes:
#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
#2145 zip: Fix out of boundary access
#2148 rar: Fix OOB in rar delta filter
#2149 rar: Fix OOB in rar audio filter

Important bugfixes:
#2131 7zip: Limit amount of properties
#2110 bsdtar: Fix error handling around strtol() usages
#2116 passphrase: Never allow empty passwords
#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
#2123 xar: Avoid infinite link loop
#2150 xar: Fix another infinite loop and expat error handling
#2108 zip: Update AppleDouble support for directories
#2071 zstd: Implement core detectiongit

PR: 278588 (exp-run)
MFC after: 1 day

libarchive: merge from vendor branch

Libarchive 3.7.3

New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173

Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives

PR: 278315 (exp-run)
MFC after: 1 week

libarchive: merge from vendor branch

Libarchive 3.7.1

Important changes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
PR #1731 tar: respect --strip-components and -s patterns in cru modes

MFC after: 1 week

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives

MFC after: 2 weeks
PR: 272567 (exp-run)

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: merge from vendor branch

Libarchive 3.7.3

New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173

Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives

PR: 278315 (exp-run)
MFC after: 1 week

libarchive: merge from vendor branch

Libarchive 3.7.1

Important changes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
PR #1731 tar: respect --strip-components and -s patterns in cru modes

MFC after: 1 week

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives

MFC after: 2 weeks
PR: 272567 (exp-run)

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: merge from vendor branch

Libarchive 3.7.1

Important changes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
PR #1731 tar: respect --strip-components and -s patterns in cru modes

MFC after: 1 week

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives

MFC after: 2 weeks
PR: 272567 (exp-run)

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives

MFC after: 2 weeks
PR: 272567 (exp-run)

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: cherry-pick bugfix from vendor

Vendor commit message (ede459d2e):
archive_write_disk_posix: fix writing fflags broken in 8a1bd5c

The fixup list was erroneously assumed to be directories only.
Only in the case of critical file flags modification (e.g.
SF_IMMUTABLE on BSD systems), other file types (e.g. regular files
or symbolic links) may be added to the fixup list. We still need to
verify that we are writing to the correct file type, so compare the
archive entry file type with the file type of the file to be
modified.

Fixes vendor issue #1617:
Immutable flag no longer preserved during tar extraction on FreeBSD

MFC after: 3 days
Reported by: markjdb
Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230

libarchive: import bugfix from upstream

Reworked bugfix for upstream issue #1566:
Do not follow symlinks when processing the fixup list

MFC after: 2 weeks

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
MFC after: 1 week

MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after: 1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

Revert r304869

This commit was incorrect and will be re-committed asap.

MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after: 3 days

MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after: 3 days

MFV r302264:

Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c

MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

Fix return type of extattr_set_* and fix rmextattr(8) utility.

extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after: 1 week

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

Backport NFSv4 ACL fix from libarchive master branch.

Source:
https://github.com/libarchive/libarchive/commit/f67370d5

Obtained from: libarchive (master branch)

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

MFV r358511,r358532:

Sync libarchive with vendor.

Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling

MFC after: 1 week

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)

MFC after: 2 weeks

MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages

MFC after: 1 week

MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
- version bumped to 3.4.0

MFC after: 2 weeks

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)

PR: 236300
MFC after: 2 weeks

MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after: 2 weeks

MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files

MFC after: 1 week

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

MFV r316454,316455:

Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.

MFC after: 1 week

MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with: 315636

MFV r315633, 315635:

Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2

MFC after: 1 week

MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after: 2 weeks

MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after: 1 week
X-MFC with: 310866, 310868, 310870, 311899

MFV r310798:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after: 2 weeks