libarchive: Update to version 3.8.8

Message ID 20260703194133.2938870-14-adolf.belka@ipfire.org
State New
Headers
Series libarchive: Update to version 3.8.8 |

Commit Message

Adolf Belka 3 Jul 2026, 7:41 p.m. UTC
- Update from version 3.8.7 to 3.8.8
- Update of rootfile
- Changelog
3.8.8
New features:
    add support for reading encrypted zipx formats (bzip2, lzma, ppmd, xz, zstd) (#2685)
Fix overview:
	build
	    build: Fix build with glibc 2.43 (#2969)
	libarchive core
	    core: Fix NULL pointer increment in archive_acl_from_text_nl (#2905)
	    core: fix archive_entry_set_mode & archive_entry_set_perm (#2942)
	    core: Fix a double-free in the link resolver (#2957)
	    core: On Darwin, get digests from libsystem (#2973)
	    core: Fix buffer overrun and wrong output for NULL-name ACL entries (#2988)
	    core: archive_read: FATAL should be sticky for all API calls (#2998, #3009)
	    core: Date parsing: reject dates with numbers of more than 4 digits (#3010)
	    core: acl: parser out-of-bounds read (#3011)
	    core: pathmatch: heap buffer over-read (#3012)
	    core: pathmatch: Treat anchors not special without flags (#2928)
	    core: archive_match: Prevent call stack overflow (#2927)
	    core: sparse: UAF in sparse_reset (#3019)
	    core: Fix a number of unchecked memory allocations (#3040)
	    core: strmode: Remove strcpy usage (#3037)
	    core: cmdline: Use free+strdup instead of realloc+strcpy (#3036)
	    core: Fix libattr version returned in archive_version_details, as well as
		a leak (#3064)
	    core: Fix integer overflow in __archive_read_filter_ahead (#3083)
	    core: read: Fix memory corruption on filtered multi-volume archives (68b6924)
	    core: Fix OOB in archive_read_open_filenames_w on some systems (#3114)
	    core: read_disk: Check if off_t can overflow size_t (#3146)
	    multiple: Fix mem leaks found with ASAN-enabled test suites (#2971)
	    windows: remove support for WinCrypt (#2739)
	    windows: util: Fix GetTempPathW TOCTOU race condition (#3044)
	filters support
	    bzip2: Support large in-memory archives (#3050)
	    filter: compress: Fix SIGSEGV when appended before open (#2526)
	    filter: Remove unneeded strcpy calls (#3033)
	    filter: Fix mismatched filter function dispatch table entry in
		archive_write_add_filter.c (#3054)
	    gzip: Support more large in-memory archives (#3085)
	    gzip: Fix OOB in writer with huge filename (#3115)
	    lz4: Check XXH32_init result (#3100)
	    lz4: Improve truncated input stream detection (#3093)
	    lz4: Fix double-free on reallocation failure (#3132)
	    uu: Extend range checks to avoid 32 bit OOB (#3103)
	    zstd: Fix 32 bit platform endless loop and OOB access during bidding (#3073)
	    zstd: Fix 32 bit platform endless loop and OOB access during bidding (#3073)
	7-ZIP reader and writer
	    7-zip: Sanity-check the number of files (#2980)
	    7-zip: Harden SFX parser (#2985)
	    7-zip: Clean up the failure path in setup_decode_folder (#3002)
	    7-zip: Fix 32 bit heap overflow (#3006)
	    7-zip: Verify that Codec ID fits into 63 bit (#2929)
	    7-zip: writer: free file->utf16name on symlink UTF-8 conversion failure
		(#3062)
	    7-zip: Support streamable reading again (#3074)
	    7-zip: Set error message in case of error (#3067)
	    7-zip: Extend support for filtered input (#3099)
	    7-zip: fix a number of issues in zstd detection (#3102)
	    7-zip: Fix range check in get_pe_sfx_offset (#3119)
	    7-zip: sanity-check FilesInfo NumFiles before allocating entries (#2923)
	CAB reader
	    cab: reader: Fix use of uninitialized values from Huffman table (#2979)
	    cab: Harden the handling of invalid headers (#3000)
	    cab: Fix multi volume parser (#3153)
	    cab: Properly limit maximum name length (#3145)
	    cab: Improve truncation detection (#3144)
	CPIO reader and writer
	    cpio: reader: Validate pathname in record_hardlink (#2984)
	    cpio: reject oversized pathnames before read-ahead (#3043)
	    cpio: Fix UAF in error path (#3055)
	    cpio: Improve afio header detection (#3095)
	    cpio: Fix writer OOB read with very long filenames (#3158)
	    cpio: fix OOB read from int pathlength truncation in newc/binary writers
		(#3168)
	iso9660 reader and writer
	    iso9660: Fix .. (dot dot) path normalization (#2968)
	    iso9660: Fix joliet pathname overflow (#2983)
	    iso9660: Fix NULL deref and Joliet ID overflow (#3017)
	    iso9660: Fix OOB during Joliet ID generation (#2974)
	    iso9660: Fix infinite loop in Joliet ID generation (#2978)
	    iso9660: Fix memory leaks on error paths (#3029)
	    iso9660: bound duplicate identifier extension placement (#3045)
	    iso9660: Fix null dereference in set_directory_record_rr (#3117)
	    iso9660: fix infinite loop on self-referencing CE entry (#3021)
	mtree reader and writer
	    mtree: Escape standard pathname matching characters (#3007)
	    mtree: Do not append '/' when basename is '.' (#3008)
	    mtree: NULL pointer deref during archive close (#3018)
	    mtree: Fix hex parser (#2982)
	    mtree: Fix time value parser truncation (#2930)
	    mtree: Port iso9660 fix for .. (dot dot) path normalization (#3032)
	    mtree: Fix null dereference for some corner cases (#3057)
	RAR reader
	    rar: avoid reading NEWSUB extended data during header parsing (#3015)
	    rar: Simplify FILE_ATTRIBUTE_DIRECTORY check (#3087)
	    rar: skip NEWSUB payloads without size cap (#3047)
	    rar: reset low-distance state for new LZ tables (#3048)
	    rar: Add missing bound check for staticdata (#3105)
	RARv5 reader
	    rar5: FAIL if the decode table is > 2^16 (#3004)
	    rar5: Avoid dangling pointers in init_unpack (#3081)
	    rar5: skip unconsumed block bytes before ARCHIVE_RETRY (#3091)
	    rar5: fix signed integer underflow in bytes_remaining (#3121)
	TAR reader and writer
	    tar: Harden timestamp parsing (#2991)
	    tar: Improve string safety in list_item_verbose (#3038)
	    tar: Fix OOB with empty wide character directory names (#3052)
	WARC reader and writer
	    warc writer: free hdr on _popul_ehdr overflow in _warc_header (#3061)
	XAR reader and writer
	    xar: Fix two UB (#3013)
	    xar: Avoid integer overflows in number parsers (#3030)
	    xar: Free XAR xattr fstype metadata during cleanup (#3028)
	    xar: Port iso9660 fix for .. (dot dot) path normalization (#3032)
	    xar: fix fflags_text leak in file_free (#3060)
	    xar: Fix writer OOB accesses with fflags (#3041)
	ZIP reader and writer
	    zip: Limit the LZMA initialization to 64MiB memory (#2981)
	    zip: Don't try to write overlong pathnames (#2993)
	    zip: Reject empty pathnames in ZIP writer (#2996)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/libarchive | 2 +-
 lfs/libarchive                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
  

Patch

diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index e39dfb50d..0b636a186 100644
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@ 
 #usr/lib/libarchive.la
 #usr/lib/libarchive.so
 usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.8.7
+usr/lib/libarchive.so.13.8.8
 #usr/lib/pkgconfig/libarchive.pc
 #usr/share/man/man1/bsdcat.1
 #usr/share/man/man1/bsdcpio.1
diff --git a/lfs/libarchive b/lfs/libarchive
index bb84841ff..08c1ce689 100644
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 3.8.7
+VER        = 3.8.8
 
 THISAPP    = libarchive-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 6ed65a679b0c55e66410454de2865e8de67eb668845ac007c7d555d6023390cf95fb93ae3d006e9fef73314f8d7c3dcb8a4a44548e48e418c4d30e15b922e828
+$(DL_FILE)_BLAKE2 = dc210097fbd6bf2db240699dc2ad9fc6030b4179ffc02fa1de96537eb59897d964470fb1a675c76bc0691aa2f138f5cb2479495ea904124c80297c7bd84effc6
 
 install : $(TARGET)