Fix CVE-2017-14166:

https://github.com/libarchive/libarchive/issues/935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166

Patch copied from upstream source repository:

https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71

From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
 happy.

---
 libarchive/archive_read_support_format_xar.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d..93eeacc5e 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
 	uint64_t l;
 	int digit;
 
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	digit = *p - '0';
 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
 {
 	int64_t l;
 	int digit;
-        
+
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	while (char_cnt-- > 0) {
 		if (*p >= '0' && *p <= '7')
KS?id=0674b3c96d3aa93b63cdafbf99abe87815aec55c'>commit</a><a href='/guix/diff/THANKS?id=0674b3c96d3aa93b63cdafbf99abe87815aec55c'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/THANKS'>
<input type='hidden' name='id' value='0674b3c96d3aa93b63cdafbf99abe87815aec55c'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=0674b3c96d3aa93b63cdafbf99abe87815aec55c'>root</a>/<a href='/guix/log/THANKS?id=0674b3c96d3aa93b63cdafbf99abe87815aec55c'>THANKS</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/THANKS?id=0674b3c96d3aa93b63cdafbf99abe87815aec55c&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2015-11-23 17:48:35 +0100'>2015-11-23</span></td><td><a href='/guix/commit/THANKS?id=160b0ef3fd87c73b140f4480a521ad8c80475ab3'>Thank Jan.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-11-17 09:44:52 +0100'>2015-11-17</span></td><td><a href='/guix/commit/THANKS?id=87450b12744bf1f508b6fd4ee11c00af35fcc4ee'>Thank Chris.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-10-09 20:57:24 +0200'>2015-10-09</span></td><td><a href='/guix/commit/THANKS?id=28eb956dfeb8b759e690cf3e30dfe85788561778'>Thank Chris.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-09-20 22:06:48 +0200'>2015-09-20</span></td><td><a href='/guix/commit/THANKS?id=8fcac19975b163e0e5b98d27a52cb7c541bf94d9'>Thank Petter.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-08-27 23:34:23 +0200'>2015-08-27</span></td><td><a href='/guix/commit/THANKS?id=25ae74cffaa95cc4e509e3363f6f6525ddc21672'>Thank Eric Hanchrow.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-07-23 09:42:24 +0200'>2015-07-23</span></td><td><a href='/guix/commit/THANKS?id=015878fdbbfe5e30474bea229c014677e04cc27f'>Thank Anders.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-07-22 23:47:35 +0200'>2015-07-22</span></td><td><a href='/guix/commit/THANKS?id=0e9f9f7bc23a7e7f2390eb1bbb09f36f33cda534'>Thank Malcolm.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-07-22 22:56:42 +0200'>2015-07-22</span></td><td><a href='/guix/commit/THANKS?id=31ea3ebb0570c070df578d5983bdcdce117e4376'>Thank Dave.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-07-04 12:13:01 +0300'>2015-07-04</span></td><td><a href='/guix/commit/THANKS?id=e7c48ee9519aa5cd094f3326a4caeccba072e9fd'>Clean up 'THANKS' and 'AUTHORS'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* THANKS: Add Konrad Hinsen, Cyprien Nicolas, Yakkala Yagnesh Raghava
  and Alexander Shendi.  Remove Federico Beffa, Marek Benc, John
  Darrington, rekado, Cyrill Schenkel and Andy Wingo because they are
  placed in AUTHORS.  Move Amirouche Boubekki and Alex Kost to ...
* AUTHORS: ... here.  Add Arne Babenhauserheide, Ian Denhardt, Kevin
  Lemonnier, Mathieu Lirzin, Pierre-Antoine Rault and Ben Woodcroft.
  Fix some names and emails.
</span></span></td><td>Alex Kost</td></tr>
<tr><td><span title='2015-06-07 18:15:40 +0200'>2015-06-07</span></td><td><a href='/guix/commit/THANKS?id=a647e0b8eef9931a46aded4c4d71e0413cc84340'>Thank Thomas.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-05-01 00:06:18 +0200'>2015-05-01</span></td><td><a href='/guix/commit/THANKS?id=0aaca4354c68a21b01ce5fcd7fb7f820e58fc3cb'>Thank Joshua.</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2015-04-14 23:20:26 +0200'>2015-04-14</span></td><td><a href='/guix/commit/THANKS?id=a0bcaefd0885fdca898c3e60dc22c00a581c9b30'>Thank Pjotr.</a></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2015-11-23	Thank Jan.	Ludovic Courtès
2015-11-17	Thank Chris.	Ludovic Courtès
2015-10-09	Thank Chris.	Ludovic Courtès
2015-09-20	Thank Petter.	Ludovic Courtès
2015-08-27	Thank Eric Hanchrow.	Ludovic Courtès
2015-07-23	Thank Anders.	Ludovic Courtès
2015-07-22	Thank Malcolm.	Ludovic Courtès
2015-07-22	Thank Dave.	Ludovic Courtès
2015-07-04	Clean up 'THANKS' and 'AUTHORS'....* THANKS: Add Konrad Hinsen, Cyprien Nicolas, Yakkala Yagnesh Raghava and Alexander Shendi. Remove Federico Beffa, Marek Benc, John Darrington, rekado, Cyrill Schenkel and Andy Wingo because they are placed in AUTHORS. Move Amirouche Boubekki and Alex Kost to ... * AUTHORS: ... here. Add Arne Babenhauserheide, Ian Denhardt, Kevin Lemonnier, Mathieu Lirzin, Pierre-Antoine Rault and Ben Woodcroft. Fix some names and emails.	Alex Kost
2015-06-07	Thank Thomas.	Ludovic Courtès
2015-05-01	Thank Joshua.	Ludovic Courtès
2015-04-14	Thank Pjotr.	Ludovic Courtès