src/usr.bin, branch releng/14.3

src/usr.bin, branch releng/14.3 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F14.3 2025-08-07T23:57:20Z libarchive: merge from vendor branch 2025-08-07T23:57:20Z Martin Matuska mm@FreeBSD.org 2025-06-01T20:16:26Z urn:sha1:fb780a82dfbde953dae414f42b99157cade2517a libarchive 3.8.1 New features: #2088 7-zip reader: improve self-extracting archive detection #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support #2403 zip writer: added LZMA + RISCV BCJ filter #2601 bsdtar: support --mtime and --clamp-mtime #2602 libarchive: mbedtls 3.x compatibility Security fixes: #2422 tar reader: Handle truncation in the middle of a GNU long linkname (CVE-2024-57970) #2532 tar reader: fix unchecked return value in list_item_verbose() (CVE-2025-25724) #2532 unzip: fix null pointer dereference (CVE-2025-1632) #2568 warc: prevent signed integer overflow (CVE-2025-5916) #2584 rar: do not skip past EOF while reading (CVE-2025-5918) #2588 tar: fix overflow in build_ustar_entry (CVE-2025-5917) #2598 rar: fix double free with over 4 billion nodes (CVE-2025-5914) #2599 rar: fix heap-buffer-overflow (CVE-2025-5915) Important bugfixes: #2399 7-zip reader: add SPARC filter support for non-LZMA compressors #2405 tar reader: ignore ustar size when pax size is present #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter #2539 libarchive: add missing seeker function to archive_read_open_FILE() #2544 gzip: allow setting the original filename for gzip compressed files #2564 libarchive: improve lseek handling #2582 rar: support large headers on 32 bit systems #2587 bsdtar: don't hardlink negative inode files together #2596 rar: support large headers on 32 bit systems #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings #2634 tar: Support negative time values with pax #2637 tar: Keep block alignment after pax error #2642 libarchive: fix FILE_skip regression #2643 tar: Handle extra bytes after sparse entries #2649 compress: Prevent call stack overflow #2651 iso9660: always check archive_string_ensure return value CVE: CVE-2024-57970, CVE-2025-1632, CVE-2025-25724, CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918 PR: 286944 (exp-run, main, libarchive 3.8.0) Approved by: so Security: FreeBSD-SA-25:07.libarchive (cherry picked from commit 2e113ef82465598b8c26e0ca415fbe90677fbd47) (cherry picked from commit 6dad4525a2910496ecf3c41de659aac906f6c1f4) systat/top: Update ZFS sysctl names 2025-05-28T02:20:01Z Alexander Motin mav@FreeBSD.org 2025-05-25T18:23:54Z urn:sha1:93839cddbd08c5b866e83bda432da4eafd336415 Some of ARC statistic sysctls changed years ago, but those tools are still using legacy shims, that are going to be removed. Approved by: re (cperciva) (cherry picked from commit 8aad1e6148d3389df100bb0391e2d3a909f26ecf) (cherry picked from commit f23326ff2c7cad9579061291b6de7feb5ea7302a) man: Exit cleanly on SIGPIPE. 2025-05-21T17:36:41Z Dag-Erling Smørgrav des@FreeBSD.org 2025-05-16T14:56:13Z urn:sha1:84b971c9186ad241151a84bbbfb9218adc54df6c The first attempt at addressing this simply suppressed SIGPIPE, which resulted in mandoc printing out error messages instead. This was then reverted, but the pipefail was (correctly) left in, so man still returned a nonzero exit code if you quit a page before the end. Approved by: re (cperciva) PR: 223516, 279542 Fixes: 14a5c1068d37, a85d870007e7 MFC after: 1 week Reviewed by: ziaee, kevans Differential Revision: https://reviews.freebsd.org/D50302 (cherry picked from commit fbaba7aa432257a9b787edc6bfdbfbde94f2e0d5) (cherry picked from commit 2f99190a9234b119bcec1e4645e87d4e6016e5a5) MFV: xz 5.8.1. 2025-05-08T16:24:51Z Xin LI delphij@FreeBSD.org 2025-05-04T07:06:22Z urn:sha1:9679eedea94c9d60c372c67350242acfe18e2b22 PR: bin/286252 Approved by: re (cperciva) (cherry picked from commit 128836d304d93f2d00eb14069c27089ab46c38d4) (cherry picked from commit 5cf27a49a2de91ae1f369912a7bf3859fbc79355) netstat: fix table header alignment for -x 2025-05-01T19:01:47Z Michael Tuexen tuexen@FreeBSD.org 2025-04-21T16:23:19Z urn:sha1:0cd8d6dd11f87a909bcf97f0245c2672024e606e Add a missing space before R-HIWA to align the table header with the table contents. Reviewed by: rrs, cc Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D49941 (cherry picked from commit 4294f7946e4cd8face2bfa16cedc5c0bf0d6c81e) tee: try opening as a UNIX socket if open(2) fails 2025-04-27T18:59:34Z Kyle Evans kevans@FreeBSD.org 2025-04-20T16:34:52Z urn:sha1:09e0a909fb07615ed97c8648a24b541840bc1fa7 If we get EOPNOTSUPP from open() failing, then it may just be that we're looking at a unix(4) socket instead of a normal file/device or whatnot. Fallback to trying to open it as a unix(4) socket, which is a useful feature that doesn't add much complexity. Reviewed by: des, emaste, markj (cherry picked from commit 1b3748977f28c70e0b161fb476bf4e075bcc5940) time: switch to fences for siginfo_recvd 2025-04-26T03:19:49Z Kyle Evans kevans@FreeBSD.org 2025-04-21T03:19:17Z urn:sha1:8b42f57eebde72d463986bdcfddf8ee8ecadc561 This effectively reverts 6e824f3713011 ("time: siginfo_recvd needs to be marked volatile") because it was actually wrong. Switch to C11 signal fence, which provides a compiler barrier that will do the right thing. Reported by: kib Reviewed by: kib (slightly earlier version) (cherry picked from commit df1b0f580d3dc4dd165d84fbcc14d0eebd8ee2c4) bintrans: disable argument permutation for qp and base64 2025-04-26T03:19:48Z Kyle Evans kevans@FreeBSD.org 2025-04-20T18:08:09Z urn:sha1:c195ae95912ac873c62ba6325a82fc39b6aecc7a Err on the side of caution and revert to the BSD-style getopt(3) behavior for argument processing, as it's harder to go back and it's not clear that this was strictly intentional. This is the difference between allowing `base64 /COPYRIGHT -w 80` and forcing `base64 -w 80 /COPYRIGHT`. Reviewed by: emaste, pstef (cherry picked from commit d8fd551438706b3766da23e72ef077945ba43cd3) tee: minor cleanup 2025-04-26T03:19:48Z Kyle Evans kevans@FreeBSD.org 2025-04-20T16:34:51Z urn:sha1:99509fcc8733022e54bac6a9249a03d2e1489271 Pull the open flags out of the loop into a local var. They won't be changing, so this is marginally more readable. Adds some extra brackets around the loop in preparation for a future change that may try to fallback to opening the path as a socket if we get an EOPNOTSUPP. No functional change. Reviewed by: asomers, des, emaste, ngie (cherry picked from commit 414c2b8d1e5abe7186c1aa4dc3ab28147ce46f47) tee: add some basic tests 2025-04-26T03:19:48Z Kyle Evans kevans@FreeBSD.org 2025-04-20T16:34:50Z urn:sha1:00640ea3144cd6511aa05c16d20037b32e592dca The cases are ordered in such a way that we naturally progress through the functionality, with the earliest failures perhaps shedding light on any later failures. sysutils/porch is used for one test if it's available, just to cleanly check that SIGINT is being ignored properly. Reviewed by: des, emaste (cherry picked from commit 85ff0b08ee699ff323404727998993275b4d2e2a)