libarchive: Update to version 3.7.7

- Update from version 3.7.4 to 3.7.7
- Update of rootfile
- Fixes for 3 CVE's in 3.7.5
- Changelog
    3.7.7
	Security fixes:
	    gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz)
	    tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
	    tar: fix two leaks in tar header parsing (#2377)
	Important bugfixes:
	    7-zip: read/write symlink paths as UTF-8 (#2252)
	    cpio: exit with an error code if an entry could not be extracted (#2371)
	    rar5: report encrypted entries (#2096)
	    tar: fix truncation of entry pathnames in specific archives (#2360)
	    windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363)
    3.7.6
	This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337)
	Important bugfixes.
	    tar: clean up linkpath between entries (#2343)
	    tar: fix memory leaks when processing symlinks or parsing pax headers (#2338)
	    iso: be more cautious about parsing ISO-9660 timestamps (#2330)
    3.7.5
	Security fixes:
	    fix multiple vulnerabilities identified by SAST (#2251, #2256)
	    cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
	    lzop: prevent integer overflow (#2174)
	    rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
	    rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
	    rar4: fix OOB in delta and audio filter (#2148, #2149)
	    rar4: fix out of boundary access with large files (#2179)
	    rar4: add boundary checks to rgb filter (#2210)
	    rar4: fix OOB access with unicode filenames (#2203)
	    rar5: clear 'data ready' cache on window buffer reallocs (#2265)
	    rpm: calculate huge header sizes correctly (#2158)
	    unzip: unify EOF handling (#2175)
	    util: fix out of boundary access in mktemp functions (#2160)
	    uu: stop processing if lines are too long (#2168)
	Important bugfixes:
	    7zip: fix issue when skipping first file in 7zip archive that is a
		  multiple of 65536 bytes (#2245)
	    ar: fix archive entries having no type (#2290)
	    lha: do not allow negative file sizes (#2155)
	    lha: fix integer truncation on 32-bit systems (#2161)
	    shar: check strdup return value (#2173)
	    rar5: don't try to read rediculously long names (#2259)
	    xar: fix another infinite loop and expat error handling (#2150)
	    many Windows fixes, cleanups and improvements

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index 2f38c29a712d4de5a3e96025c252849389a10016..0e6d2087b95cd412bec68061c8bd5df45098e8bc 100644 (file)
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@
 #usr/lib/libarchive.la
 #usr/lib/libarchive.so
 usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.7.4
+usr/lib/libarchive.so.13.7.7
 #usr/lib/pkgconfig/libarchive.pc
 #usr/share/man/man1/bsdcat.1
 #usr/share/man/man1/bsdcpio.1

diff --git a/lfs/libarchive b/lfs/libarchive
index 668f2a87e4c20b57ad8f686214e8f39701b7557d..3f4eccff0266a30a35fa13eb032914825ad69adf 100644 (file)
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.7.4
+VER        = 3.7.7
 
 THISAPP    = libarchive-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 128f72235da61e112201046c0cfe62a8c580cf73b426c4cfe270ae913356f6ad430ba33a663dcd617b082c7baf45ada8d1c9928c45fea16fd57e8020693a60bc
+$(DL_FILE)_BLAKE2 = e118c693f7a78e86ab868fc6c2c77beba539cf5c7d5999e270cdceb225e9f85c68c938ec6ce3a33f75b2a44a6f7debe2c280d2573c1bcf05806300e8dce1a4f0
 
 install : $(TARGET)