Re: git: 833a452e9f08 - main - libarchive: import changes from upstream
- In reply to: Kyle Evans : "Re: git: 833a452e9f08 - main - libarchive: import changes from upstream"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 08 Apr 2022 07:40:12 UTC
On Thu, Apr 07, 2022 at 10:13:30PM -0500, Kyle Evans wrote: > On Wed, Feb 9, 2022 at 5:52 PM Martin Matuska <mm@freebsd.org> wrote: > > > > The branch main has been updated by mm: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=833a452e9f082a7982a31c21f0da437dbbe0a39d > > > > Merge: 17a56f3fabdf 84631082f67b > > Author: Martin Matuska <mm@FreeBSD.org> > > AuthorDate: 2022-02-09 23:35:42 +0000 > > Commit: Martin Matuska <mm@FreeBSD.org> > > CommitDate: 2022-02-09 23:35:42 +0000 > > > > libarchive: import changes from upstream > > > > Libarchive 3.6.0 > > > > New features: > > PR #1614: tar: new option "--no-read-sparse" > > PR #1503: RAR reader: filter support > > PR #1585: RAR5 reader: self-extracting archive support > > > > New features (not used in FreeBSD base): > > PR #1567: tar: threads support for zstd (#1567) > > PR #1518: ZIP reader: zstd decompression support > > > > Security Fixes: > > PR #1491, #1492, #1493, CVE-2021-36976: > > fix invalid memory access and out of bounds read in RAR5 reader > > PR #1566, #1618, CVE-2021-31566: > > extended fix for following symlinks when processing the fixup list > > > > Other notable bugfixes and improvements: > > PR #1620: tar: respect "--ignore-zeros" in c, r and u modes > > PR #1625: reduced size of application binaries > > > > MFC after: 2 weeks > > Relnotes: yes > > > > Hi, > > This commit makes pkg angry when trying to use zstd support -- I > tracked it down to libarchive wanting to shell out now, because this > conditional changed: > > https://cgit.freebsd.org/src/tree/contrib/libarchive/libarchive/archive_write_add_filter_zstd.c#n112 > > We should probably make pkg accept ARCHIVE_WARN since shelling out > isn't so bad, but I have this diff to fix base libarchive: > > https://people.freebsd.org/~kevans/libarchive.diff > > I didn't quite check if there were any other surprises like this, > though. Is this sufficient and OK to commit? > > Thanks, > > Kyle Evans > It is not the first time, an update of libarchive breaks many things in particular pkg, we have asked many time if a request for exp-run could be made before any sync with upstream, but years are passing and libarchive continues to be updated without prior exp-run. This is painful. Making pkg accept ARCHIVE_WARN is not acceptable, in some places we are extracting inside a capsicum sandbox which will prevent any shelling out. Best regards, Bapt