Update dependency libarchive/libarchive to v3.7.7 - autoclosed
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| libarchive/libarchive | patch |
3.7.5 -> 3.7.7
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
libarchive/libarchive (libarchive/libarchive)
v3.7.7: Libarchive 3.7.7
Libarchive 3.7.7 is a bugfix and security release
Security fixes:
- gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz)
- tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
- tar: fix two leaks in tar header parsing (#2377)
Important bugfixes:
- 7-zip: read/write symlink paths as UTF-8 (#2252)
- cpio: exit with an error code if an entry could not be extracted (#2371)
- rar5: report encrypted entries (#2096)
- tar: fix truncation of entry pathnames in specific archives (#2360)
- windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363)
Full Changelog: https://github.com/libarchive/libarchive/compare/v3.7.6...v3.7.7
Thanks to all contributors and bug reporters!
v3.7.6: Libarchive 3.7.6
Libarchive 3.7.6 is a bugfix and security release. This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337)
Important bugfixes.
- tar: clean up linkpath between entries (#2343)
- tar: fix memory leaks when processing symlinks or parsing pax headers (#2338)
- iso: be more cautious about parsing ISO-9660 timestamps (#2330)
Full Changelog: https://github.com/libarchive/libarchive/compare/v3.7.5...v3.7.6
Thanks to all contributors and bug reporters!
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.