Update dependency libarchive/libarchive to v3.7.5
requested to merge gitlab-renovate-forks/omnibus-gitlab:renovate/libarchive-libarchive-3.x into master
This MR contains the following updates:
Package | Update | Change |
---|---|---|
libarchive/libarchive | patch |
3.7.4 -> 3.7.5
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
libarchive/libarchive (libarchive/libarchive)
v3.7.5
: Libarchive 3.7.5
Libarchive 3.7.5 is a bugfix and security release
Security fixes:
- fix multiple vulnerabilities identified by SAST (#2251, #2256)
- cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
- lzop: prevent integer overflow (#2174)
- rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
- rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
- rar4: fix OOB in delta and audio filter (#2148, #2149)
- rar4: fix out of boundary access with large files (#2179)
- rar4: add boundary checks to rgb filter (#2210)
- rar4: fix OOB access with unicode filenames (#2203)
- rar5: clear 'data ready' cache on window buffer reallocs (#2265)
- rpm: calculate huge header sizes correctly (#2158)
- unzip: unify EOF handling (#2175)
- util: fix out of boundary access in mktemp functions (#2160)
- uu: stop processing if lines are too long (#2168)
Important bugfixes:
- 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes (#2245)
- ar: fix archive entries having no type (#2290)
- lha: do not allow negative file sizes (#2155)
- lha: fix integer truncation on 32-bit systems (#2161)
- shar: check strdup return value (#2173)
- rar5: don't try to read rediculously long names (#2259)
- xar: fix another infinite loop and expat error handling (#2150)
- many Windows fixes, cleanups and improvements
Thanks to all contributors and bug reporters!
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.