git.openwrt.org Git - feed/packages.git/commit

author	Petr Štetiar <ynezz@true.cz>
	Mon, 14 Apr 2025 04:20:36 +0000 (04:20 +0000)
committer	Robert Marko <robimarko@gmail.com>
	Mon, 14 Apr 2025 08:41:40 +0000 (10:41 +0200)
commit	4803944c5a8e583bb21d643d004da96fbce7c89d
tree	dc956357b1b114273c53f847eab69c88658e67c1	tree \| snapshot
parent	e67e30d0e10ed7e0bb3168c56e86a1997e5a6d87	commit \| diff

libarchive: bump to 3.7.9 fixing CVE-2025-25724, CVE-2025-1632, CVE-2024-57970

Libarchive 3.7.9 is a bugfix release, fixing a regression in libarchive
3.7.8 regarding GNU sparse entries was fixed.

Libarchive 3.7.8 is a bugfix and security release:

  Security fixes:

    * tar reader: Handle truncation in the middle of a GNU long linkname (CVE-2024-57970)
    * unzip: fix null pointer dereference (CVE-2025-1632)
    * tar reader: fix unchecked return value in list_item_verbose() (CVE-2025-25724)

  Important bugfixes:

    * 7zip reader: add SPARC and POWERPC filter support for non-LZMA compressors
    * tar reader: Ignore ustar size when pax size is present
    * tar writer: Fix bug when -s/a/b/ used more than once with b flag
    * cpio: Fix a Y2038 bug on Windows
    * libarchive: Handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
    * libarchive: Adding missing seeker function to archive_read_open_FILE()

Full Changelog: https://github.com/libarchive/libarchive/compare/v3.7.7...v3.7.8

Signed-off-by: Petr Štetiar <ynezz@true.cz>