libarchive/3.7.8 package update

[octo-sts]

[octo-sts]

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Let me analyze the error and provide a solution:

• Detected Error:

Reversed (or previously applied) patch detected!  Assume -R? [n]
Apply anyway? [n]
Skipping patch.
Hunk #1 ignored at 1146.

• Error Category: Build/Patch

• Failure Point: The patch step is failing because the patch appears to be already applied or in reverse format

• Root Cause Analysis:
The patch system is detecting that the CVE patch being applied either has:

1. Already been applied to the source code
2. Is in reverse format
3. The patch context doesn't match the source file

• Suggested Fix:

1. Remove the existing patches from the patch section since they appear to be included in version 3.7.8:

  - uses: patch
    with:
      patches: CVE-2024-57970.patch CVE-2025-1632_CVE-2025-25724.patch

• Explanation:
Based on the patch date (Dec 9, 2024) and the version being built (3.7.8), it appears these CVE fixes are already included in the upstream release. Version 3.7.8 likely already contains these security fixes, making the patches unnecessary and causing conflicts.

• Additional Notes:

• Always check if newer versions include security fixes before applying patches
• The version number and patch dates suggest these fixes are already incorporated
• If these CVEs still need to be addressed, verify against the official security advisories that they're not already fixed in 3.7.8

• References:

• Original Issue Reference: add docker-credential-acr-env #2415 (mentioned in patch)
• Patch Author: Tim Kientzle
• Date of Patch: Dec 9, 2024
• Related Pull Request: openssl/3.1.1 package update #2422