Update vendor/libarchive to git 92366744a52f3fa83c3899e375e415a5080a05f2

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

Security: CVE-2017-14166, CVE-2017-14502

8 files changed, 153 insertions, 1 deletions

diff --git a/cpio/bsdcpio.1 b/cpio/bsdcpio.1
index e52546e6f761..786a717097ed 100644
--- a/cpio/bsdcpio.1
+++ b/cpio/bsdcpio.1
@@ -187,6 +187,11 @@ In input mode, this option is ignored.
 Compress the archive with lz4-compatible compression before writing it.
 In input mode, this option is ignored; lz4 compression is recognized
 automatically on input.
+.It Fl Fl zstd
+(o mode only)
+Compress the archive with zstd-compatible compression before writing it.
+In input mode, this option is ignored; zstd compression is recognized
+automatically on input.
 .It Fl Fl lzma
 (o mode only)
 Compress the file with lzma-compatible compression before writing it.
diff --git a/cpio/cmdline.c b/cpio/cmdline.c
index 0c10b2cdcf8c..c8fc30ea773a 100644
--- a/cpio/cmdline.c
+++ b/cpio/cmdline.c
@@ -92,6 +92,7 @@ static const struct option {
 	{ "verbose",			0, 'v' },
 	{ "version",			0, OPTION_VERSION },
 	{ "xz",				0, 'J' },
+	{ "zstd",			0, OPTION_ZSTD },
 	{ NULL, 0, 0 }
 };
 
diff --git a/cpio/cpio.c b/cpio/cpio.c
index 5beedd0d16bc..e80a0f3bcf44 100644
--- a/cpio/cpio.c
+++ b/cpio/cpio.c
@@ -269,6 +269,7 @@ main(int argc, char *argv[])
 		case OPTION_LZ4:
 		case OPTION_LZMA: /* GNU tar, others */
 		case OPTION_LZOP: /* GNU tar, others */
+		case OPTION_ZSTD:
 			cpio->compress = opt;
 			break;
 		case 'm': /* POSIX 1997 */
@@ -546,6 +547,9 @@ mode_out(struct cpio *cpio)
 	case OPTION_LZOP:
 		r = archive_write_add_filter_lzop(cpio->archive);
 		break;
+	case OPTION_ZSTD:
+		r = archive_write_add_filter_zstd(cpio->archive);
+		break;
 	case 'j': case 'y':
 		r = archive_write_add_filter_bzip2(cpio->archive);
 		break;
diff --git a/cpio/cpio.h b/cpio/cpio.h
index 1036dece93b0..abf3628bfaee 100644
--- a/cpio/cpio.h
+++ b/cpio/cpio.h
@@ -111,7 +111,8 @@ enum {
 	OPTION_PRESERVE_OWNER,
 	OPTION_QUIET,
 	OPTION_UUENCODE,
-	OPTION_VERSION
+	OPTION_VERSION,
+	OPTION_ZSTD,
 };
 
 int	cpio_getopt(struct cpio *cpio);
diff --git a/cpio/test/CMakeLists.txt b/cpio/test/CMakeLists.txt
index 4c3fb88a61fd..d0927a81e8a8 100644
--- a/cpio/test/CMakeLists.txt
+++ b/cpio/test/CMakeLists.txt
@@ -23,6 +23,7 @@ IF(ENABLE_CPIO AND ENABLE_TEST)
     test_extract_cpio_lzma
     test_extract_cpio_lzo
     test_extract_cpio_xz
+    test_extract_cpio_zstd
     test_format_newc.c
     test_gcpio_compat.c
     test_missing_file.c
@@ -53,6 +54,7 @@ IF(ENABLE_CPIO AND ENABLE_TEST)
     test_option_xz.c
     test_option_y.c
     test_option_z.c
+    test_option_zstd.c
     test_owner_parse.c
     test_passthrough_dotdot.c
     test_passthrough_reverse.c
diff --git a/cpio/test/test_extract.cpio.zst.uu b/cpio/test/test_extract.cpio.zst.uu
new file mode 100644
index 000000000000..5ec854b85d28
--- /dev/null
+++ b/cpio/test/test_extract.cpio.zst.uu
@@ -0,0 +1,6 @@
+begin 644 test_extract.cpio.zst
+M*+4O_01090,`,@41%X")&@#'G6T\K16_MR)#=DK)5:.1,2J0HY2"!(1!`!7R
+M$(UB`2"*D41;J2UF&)<0!Y7X'TU<%W.\W^R]GO-WW^OO^QX0`%P<]30-!#U`
+?!KD!`#XP,_`U4`HT3+RF:#!7Y\V@R)5"7P"^;WEUK@``
+`
+end
diff --git a/cpio/test/test_extract_cpio_zstd.c b/cpio/test/test_extract_cpio_zstd.c
new file mode 100644
index 000000000000..289f33d0583c
--- /dev/null
+++ b/cpio/test/test_extract_cpio_zstd.c
@@ -0,0 +1,48 @@
+/*-
+ * Copyright (c) 2017 Sean Purcell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+__FBSDID("$FreeBSD$");
+
+DEFINE_TEST(test_extract_cpio_zstd)
+{
+	const char *reffile = "test_extract.cpio.zst";
+	int f;
+
+	extract_reference_file(reffile);
+	f = systemf("%s -it < %s >test.out 2>test.err", testprog, reffile);
+	if (f == 0 || canZstd()) {
+		assertEqualInt(0, systemf("%s -i < %s >test.out 2>test.err",
+		    testprog, reffile));
+
+		assertFileExists("file1");
+		assertTextFileContents("contents of file1.\n", "file1");
+		assertFileExists("file2");
+		assertTextFileContents("contents of file2.\n", "file2");
+		assertEmptyFile("test.out");
+		assertTextFileContents("1 block\n", "test.err");
+	} else {
+		skipping("It seems zstd is not supported on this platform");
+	}
+}
diff --git a/cpio/test/test_option_zstd.c b/cpio/test/test_option_zstd.c
new file mode 100644
index 000000000000..29b8c78b94aa
--- /dev/null
+++ b/cpio/test/test_option_zstd.c
@@ -0,0 +1,85 @@
+/*-
+ * Copyright (c) 2017 Sean Purcell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+__FBSDID("$FreeBSD$");
+
+DEFINE_TEST(test_option_zstd)
+{
+	char *p;
+	int r;
+	size_t s;
+
+	/* Create a file. */
+	assertMakeFile("f", 0644, "a");
+
+	/* Archive it with zstd compression. */
+	r = systemf("echo f | %s -o --zstd >archive.out 2>archive.err",
+	    testprog);
+	p = slurpfile(&s, "archive.err");
+	p[s] = '\0';
+	if (r != 0) {
+		if (strstr(p, "Unsupported compression") != NULL) {
+			skipping("This version of bsdcpio was compiled "
+			    "without zstd support");
+			goto done;
+		}
+		/* POSIX permits different handling of the spawnp
+		 * system call used to launch the subsidiary
+		 * program: */
+		/* Some systems fail immediately to spawn the new process. */
+		if (strstr(p, "Can't launch") != NULL && !canZstd()) {
+			skipping("This version of bsdcpio uses an external zstd program "
+			    "but no such program is available on this system.");
+			goto done;
+		}
+		/* Some systems successfully spawn the new process,
+		 * but fail to exec a program within that process.
+		 * This results in failure at the first attempt to
+		 * write. */
+		if (strstr(p, "Can't write") != NULL && !canZstd()) {
+			skipping("This version of bsdcpio uses an external zstd program "
+			    "but no such program is available on this system.");
+			goto done;
+		}
+		/* On some systems the error won't be detected until closing
+		   time, by a 127 exit error returned by waitpid. */
+		if (strstr(p, "Error closing") != NULL && !canZstd()) {
+			skipping("This version of bsdcpio uses an external zstd program "
+			    "but no such program is available on this system.");
+			return;
+		}
+		failure("--zstd option is broken: %s", p);
+		assertEqualInt(r, 0);
+		goto done;
+	}
+	free(p);
+	/* Check that the archive file has an zstd signature. */
+	p = slurpfile(&s, "archive.out");
+	assert(s > 2);
+	assertEqualMem(p, "\x28\xb5\x2f\xfd", 4);
+
+done:
+	free(p);
+}