Fix CVE-2017-14166:

https://github.com/libarchive/libarchive/issues/935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166

Patch copied from upstream source repository:

https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71

From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
 happy.

---
 libarchive/archive_read_support_format_xar.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d..93eeacc5e 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
 	uint64_t l;
 	int digit;
 
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	digit = *p - '0';
 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
 {
 	int64_t l;
 	int digit;
-        
+
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	while (char_cnt-- > 0) {
 		if (*p >= '0' && *p <= '7')
x/check-channel-news.scm?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>tree</a><a href='/guix/commit/build-aux/check-channel-news.scm?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>commit</a><a href='/guix/diff/build-aux/check-channel-news.scm?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/build-aux/check-channel-news.scm'>
<input type='hidden' name='id' value='b9ad6cb413f7de052e24654201f7a56dcb3411b0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>root</a>/<a href='/guix/log/build-aux?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>build-aux</a>/<a href='/guix/log/build-aux/check-channel-news.scm?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0'>check-channel-news.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/build-aux/check-channel-news.scm?id=b9ad6cb413f7de052e24654201f7a56dcb3411b0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-05-22 00:35:23 +0200'>2020-05-22</span></td><td><a href='/guix/commit/build-aux/check-channel-news.scm?id=1ad5209d904d471ded6cf53b4e29b64e963dea3f'>maint: Add "make check-channel-news".</a><span class='msg-avail'>...<span class='msg-tooltip'>* build-aux/check-channel-news.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
(check-channel-news): New phony rule.
* doc/contributing.texi (Commit Access): Mention "make check-channel-news".
</span></span></td><td>Ludovic Courtès</td></tr>