629614c7a3
https://github.com/libarchive/libarchive/pull/2101 * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive/fixed): New variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Change-Id: I939e9b842b10d1a78125da4a4599c38d9c037079
47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
Remove code added by 'JiaT75', the malicious actor that backdoored `xz`:
|
|
|
|
https://github.com/libarchive/libarchive/pull/2101
|
|
|
|
At libarchive, they are reviewing all code contributed by this actor:
|
|
|
|
https://github.com/libarchive/libarchive/issues/2103
|
|
|
|
See the original disclosure and subsequent discussion for more
|
|
information about this incident:
|
|
|
|
https://seclists.org/oss-sec/2024/q1/268
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942
|
|
|
|
From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
|
|
From: Ed Maste <emaste@freebsd.org>
|
|
Date: Fri, 29 Mar 2024 18:02:06 -0400
|
|
Subject: [PATCH] tar: make error reporting more robust and use correct errno
|
|
(#2101)
|
|
|
|
As discussed in #1609.
|
|
---
|
|
tar/read.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/tar/read.c b/tar/read.c
|
|
index af3d3f42..a7f14a07 100644
|
|
--- a/tar/read.c
|
|
+++ b/tar/read.c
|
|
@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
|
|
if (r != ARCHIVE_OK) {
|
|
if (!bsdtar->verbose)
|
|
safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
|
|
- fprintf(stderr, ": %s: ", archive_error_string(a));
|
|
- fprintf(stderr, "%s", strerror(errno));
|
|
+ safe_fprintf(stderr, ": %s: %s",
|
|
+ archive_error_string(a),
|
|
+ strerror(archive_errno(a)));
|
|
if (!bsdtar->verbose)
|
|
fprintf(stderr, "\n");
|
|
bsdtar->return_value = 1;
|
|
--
|
|
2.41.0
|
|
|