Remove code added by 'JiaT75', the malicious actor that backdoored `xz`: https://github.com/libarchive/libarchive/pull/2101 At libarchive, they are reviewing all code contributed by this actor: https://github.com/libarchive/libarchive/issues/2103 See the original disclosure and subsequent discussion for more information about this incident: https://seclists.org/oss-sec/2024/q1/268 Patch copied from upstream source repository: https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942 From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Fri, 29 Mar 2024 18:02:06 -0400 Subject: [PATCH] tar: make error reporting more robust and use correct errno (#2101) As discussed in #1609. --- tar/read.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tar/read.c b/tar/read.c index af3d3f42..a7f14a07 100644 --- a/tar/read.c +++ b/tar/read.c @@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) if (r != ARCHIVE_OK) { if (!bsdtar->verbose) safe_fprintf(stderr, "%s", archive_entry_pathname(entry)); - fprintf(stderr, ": %s: ", archive_error_string(a)); - fprintf(stderr, "%s", strerror(errno)); + safe_fprintf(stderr, ": %s: %s", + archive_error_string(a), + strerror(archive_errno(a))); if (!bsdtar->verbose) fprintf(stderr, "\n"); bsdtar->return_value = 1; -- 2.41.0