From: Matthias Franck <matthias.franck@softathome.com>
Date: Mon, 17 Mar 2025 09:08:10 +0000 (+0100)
Subject: libarchive: bump to 3.7.7 fixing a lot of security issues
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=39b1179bd663ca7d1a486df0372ed5d508156e22;p=feed%2Fpackages.git

libarchive: bump to 3.7.7 fixing a lot of security issues

libarchive fixed a lot of security issues in the last few releases, listing only
notable changes,

libarchive 3.7.5:

   * rar4: protect copy_from_lzss_window_to_unp()  CVE-2024-20696
   * rar4: fix CVE-2024-26256

libarchive 3.7.6:

   * this release fixes a tar regression introduced in libarchive 3.7.5

libarchive 3.7.7:

   * gzip: prevent a hang when processing a malformed gzip inside a gzip (OSS-Fuzz)
   * tar: don't crash on truncated tar archives (OSS-Fuzz)
   * tar: fix two leaks in tar header parsing

Link: https://github.com/libarchive/libarchive/releases

Signed-off-by: Matthias Franck <matthias.franck@softathome.com>
---

diff --git a/libs/libarchive/Makefile b/libs/libarchive/Makefile
index a0a82a08d5..d18fd57fb9 100644
--- a/libs/libarchive/Makefile
+++ b/libs/libarchive/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libarchive
-PKG_VERSION:=3.7.4
+PKG_VERSION:=3.7.7
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.libarchive.org/downloads
-PKG_HASH:=f887755c434a736a609cbd28d87ddbfbe9d6a3bb5b703c22c02f6af80a802735
+PKG_HASH:=879acd83c3399c7caaee73fe5f7418e06087ab2aaf40af3e99b9e29beb29faee
 
 PKG_MAINTAINER:=Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
 PKG_LICENSE:=BSD-2-Clause