libarchive: merge from vendor branchHEADmain

Libarchive 3.7.7

Security fixes:
 #2158 rpm: calculate huge header sizes correctly
 #2160 util: fix out of boundary access in mktemp functions
 #2168 uu: stop processing if lines are too long
 #2174 lzop: prevent integer overflow
 #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
 #2175 unzip: unify EOF handling
 #2179 rar4: fix out of boundary access with large files
 #2203 rar4: fix OOB access with unicode filenames
 #2210 rar4: add boundary checks to rgb filter
 #2248 rar4: fix OOB in delta filter
 #2249 rar4: fix OOB in audio filter
 #2256 fix multiple vulnerabilities identified by SAST
 #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
 #2265 rar5: clear 'data ready' cache on window buffer reallocs
 #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
 #2330 iso: be more cautious about parsing ISO-9660 timestamps
 #2343 tar: clean up linkpath between entries
 #2364 tar: don't crash on truncated tar archives
 #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
 #2377 tar: fix two leaks in tar header parsing

Important bugfixes:
 #2096 rar5: report encrypted entries
 #2150 xar: fix another infinite loop and expat error handling
 #2173 shar: check strdup return value
 #2161 lha: fix integer truncation on 32-bit systems
 #2338 tar: fix memory leaks when processing symlinks or parsing pax headers
 #2245 7zip: fix issue when skipping first file in 7zip archive that
       is a multiple of 65536 bytes
 #2252 7-zip: read/write symlink paths as UTF-8
 #2259 rar5: don't try to read rediculously long names
 #2290 ar: fix archive entries having no type
 #2360 tar: fix truncation of entry pathnames in specific archives

CVE:		CVE-2024-20696, CVE-2024-26256
PR:		282047 (exp-run)
MFC after:	1 week

0 files changed, 0 insertions, 0 deletions