From 0dded55f39a737f48f7b98dca312cfe314db38c0 Mon Sep 17 00:00:00 2001
From: Wouter Deconinck <wdconinc@gmail.com>
Date: Sun, 13 Oct 2024 04:37:51 -0500
Subject: libarchive: add v3.7.5, v3.7.6 (fix CVEs) (#46940)

* libarchive: add v3.7.5, v3.7.6 (fix CVEs)

* [@spackbot] updating style on behalf of wdconinc

---------

Co-authored-by: wdconinc <wdconinc@users.noreply.github.com>
---
 .../repos/builtin/packages/libarchive/package.py   | 40 ++++++++++++++++++----
 1 file changed, 34 insertions(+), 6 deletions(-)

(limited to 'var')

diff --git a/var/spack/repos/builtin/packages/libarchive/package.py b/var/spack/repos/builtin/packages/libarchive/package.py
index 196f97ad95..124b8a25f0 100644
--- a/var/spack/repos/builtin/packages/libarchive/package.py
+++ b/var/spack/repos/builtin/packages/libarchive/package.py
@@ -17,14 +17,42 @@ class Libarchive(AutotoolsPackage):
 
     license("BSD-2-Clause AND BSD-3-Clause AND Public-Domain")
 
-    version("3.7.4", sha256="7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8")
-    version("3.7.3", sha256="f27a97bc22ceb996e72502df47dc19f99f9a0f09181ae909f09f3c9eb17b67e2")
-    version("3.7.2", sha256="df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104")
-    version("3.7.1", sha256="5d24e40819768f74daf846b99837fc53a3a9dcdf3ce1c2003fe0596db850f0f0")
-    version("3.7.0", sha256="d937886a14b48c4287c4d343644feb294a14b31b7926ba9a4f1777123ce7c2cc")
-    version("3.6.2", sha256="ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3")
+    version("3.7.6", sha256="b4071807367b15b72777c2eaac80f42c8ea2d20212ab279514a19fe1f6f96ef4")
+    version("3.7.5", sha256="37556113fe44d77a7988f1ef88bf86ab68f53d11e85066ffd3c70157cc5110f1")
 
     # Deprecated versions
+    # https://nvd.nist.gov/vuln/detail/CVE-2024-48957
+    version(
+        "3.7.4",
+        sha256="7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8",
+        deprecated=True,
+    )
+    version(
+        "3.7.3",
+        sha256="f27a97bc22ceb996e72502df47dc19f99f9a0f09181ae909f09f3c9eb17b67e2",
+        deprecated=True,
+    )
+    version(
+        "3.7.2",
+        sha256="df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104",
+        deprecated=True,
+    )
+    version(
+        "3.7.1",
+        sha256="5d24e40819768f74daf846b99837fc53a3a9dcdf3ce1c2003fe0596db850f0f0",
+        deprecated=True,
+    )
+    version(
+        "3.7.0",
+        sha256="d937886a14b48c4287c4d343644feb294a14b31b7926ba9a4f1777123ce7c2cc",
+        deprecated=True,
+    )
+    version(
+        "3.6.2",
+        sha256="ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3",
+        deprecated=True,
+    )
+
     # https://nvd.nist.gov/vuln/detail/CVE-2021-31566
     version(
         "3.5.2",
-- 
cgit v1.2.3-70-g09d2