package/libarchive: security bump to version 3.7.7

Security fixes: - gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz) - tar: don't crash on truncated tar archives (#2364, OSS-Fuzz) - tar: fix two leaks in tar header parsing (#2377) Important bugfixes: - 7-zip: read/write symlink paths as UTF-8 (#2252) - cpio: exit with an error code if an entry could not be extracted (#2371) - rar5: report encrypted entries (#2096) - tar: fix truncation of entry pathnames in specific archives (#2360) Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 55d0c9a9a6f89ed5c4d2e0d25cf499f180a99ee1) [Peter: mark as security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-10-22 22:51:03 +02:00 · 2024-10-22 22:51:03 +02:00 · 3e801931dc
commit 3e801931dc
parent 6822a658e6
4 changed files with 4 additions and 4 deletions
--- a/package/libarchive/0001-Revert-Only-add-iconv-to-the-.pc-file-if-needed-1825.patch
+++ b/package/libarchive/0001-Revert-Only-add-iconv-to-the-.pc-file-if-needed-1825.patch
@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
 index 93f7af94..204a4e69 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -449,9 +449,7 @@ if test "x$with_iconv" != "xno"; then
+@@ -455,9 +455,7 @@ if test "x$with_iconv" != "xno"; then
     AC_CHECK_HEADERS([localcharset.h])
     am_save_LIBS="$LIBS"
     LIBS="${LIBS} ${LIBICONV}"
--- a/package/libarchive/0002-autotools-do-not-add-iconv-for-Requires.private.patch
+++ b/package/libarchive/0002-autotools-do-not-add-iconv-for-Requires.private.patch
@ -17,7 +17,7 @@ diff --git a/configure.ac b/configure.ac
 index 99bff20d1..f245d0c55 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -449,7 +449,6 @@ if test "x$with_iconv" != "xno"; then
+@@ -455,7 +455,6 @@ if test "x$with_iconv" != "xno"; then
     AC_CHECK_HEADERS([localcharset.h])
     am_save_LIBS="$LIBS"
     LIBS="${LIBS} ${LIBICONV}"
--- a/package/libarchive/libarchive.hash
+++ b/package/libarchive/libarchive.hash
@ -1,4 +1,4 @@
 # From https://www.libarchive.de/downloads/sha256sums
-sha256  0a2efdcb185da2eb1e7cd8421434cb9a6119f72417a13335cca378d476fd3ba0  libarchive-3.7.6.tar.xz
+sha256  879acd83c3399c7caaee73fe5f7418e06087ab2aaf40af3e99b9e29beb29faee  libarchive-3.7.7.tar.xz
 # Locally computed:
 sha256  b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba  COPYING
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBARCHIVE_VERSION = 3.7.6
+LIBARCHIVE_VERSION = 3.7.7
 LIBARCHIVE_SOURCE = libarchive-$(LIBARCHIVE_VERSION).tar.xz
 LIBARCHIVE_SITE = https://www.libarchive.de/downloads
 LIBARCHIVE_INSTALL_STAGING = YES