libarchive: bump to 3.7.7 fixing a lot of security issues

libarchive fixed a lot of security issues in the last few releases, listing only
notable changes,

libarchive 3.7.5:

   * rar4: protect copy_from_lzss_window_to_unp()  CVE-2024-20696
   * rar4: fix CVE-2024-26256

libarchive 3.7.6:

   * this release fixes a tar regression introduced in libarchive 3.7.5

libarchive 3.7.7:

   * gzip: prevent a hang when processing a malformed gzip inside a gzip (OSS-Fuzz)
   * tar: don't crash on truncated tar archives (OSS-Fuzz)
   * tar: fix two leaks in tar header parsing

Link: https://github.com/libarchive/libarchive/releases
Signed-off-by: Matthias Franck <[email protected]>

diff --git a/libs/libarchive/Makefile b/libs/libarchive/Makefile
index a0a82a08d586660ae3b718422ae97f38fc34d760..d18fd57fb936a4dbaa111c875f0cdf5e5d8836c4 100644 (file)
--- a/libs/libarchive/Makefile
+++ b/libs/libarchive/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libarchive
-PKG_VERSION:=3.7.4
+PKG_VERSION:=3.7.7
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.libarchive.org/downloads
-PKG_HASH:=f887755c434a736a609cbd28d87ddbfbe9d6a3bb5b703c22c02f6af80a802735
+PKG_HASH:=879acd83c3399c7caaee73fe5f7418e06087ab2aaf40af3e99b9e29beb29faee
 
 PKG_MAINTAINER:=Johannes Morgenroth <[email protected]>
 PKG_LICENSE:=BSD-2-Clause