Remove code added by 'JiaT75', the malicious actor that backdoored `xz`:

https://github.com/libarchive/libarchive/pull/2101

At libarchive, they are reviewing all code contributed by this actor:

https://github.com/libarchive/libarchive/issues/2103

See the original disclosure and subsequent discussion for more
information about this incident:

https://seclists.org/oss-sec/2024/q1/268

Patch copied from upstream source repository:

https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942

From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@freebsd.org>
Date: Fri, 29 Mar 2024 18:02:06 -0400
Subject: [PATCH] tar: make error reporting more robust and use correct errno
 (#2101)

As discussed in #1609.
---
 tar/read.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tar/read.c b/tar/read.c
index af3d3f42..a7f14a07 100644
--- a/tar/read.c
+++ b/tar/read.c
@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
 			if (r != ARCHIVE_OK) {
 				if (!bsdtar->verbose)
 					safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
-				fprintf(stderr, ": %s: ", archive_error_string(a));
-				fprintf(stderr, "%s", strerror(errno));
+				safe_fprintf(stderr, ": %s: %s",
+				    archive_error_string(a),
+				    strerror(archive_errno(a)));
 				if (!bsdtar->verbose)
 					fprintf(stderr, "\n");
 				bsdtar->return_value = 1;
-- 
2.41.0

iff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/services/certbot.scm'>
<input type='hidden' name='id' value='fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128'>root</a>/<a href='/guix/log/gnu?id=fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128'>gnu</a>/<a href='/guix/log/gnu/services?id=fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128'>services</a>/<a href='/guix/log/gnu/services/certbot.scm?id=fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128'>certbot.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/services/certbot.scm?id=fc2b16fa9d6a0adfc3d0ded4cbaa1bfb49114128&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-09-03 13:59:33 +0200'>2024-09-03</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=b300a091654f5c07708e86c0c51af4ac8c71783f'>services: certbot: Add certbot-configuration-package to profile.</a><span class='msg-avail'>...<span class='msg-tooltip'>As the manual suggests running a certbot command to view the issued
certificates, add it to the profile.

* gnu/services/certbot.scm (certbot-service-type): Extend profile-service-type
with certbot-configuration-package.

Change-Id: I92618597bbdc8d838420b2e0f82de601b0bc609b
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Richard Sent</td></tr>
<tr><td><span title='2024-01-31 16:54:19 +0100'>2024-01-31</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=023c3e0ac44e7fc35eeebc87535a47df2cd01485'>services: certbot: Add one-shot service to renew certificates.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure.
(certbot-service-type)[extensions]: Add it to shepherd-root extension.
(certbot-command): Make connection errors return a different exit code.
(certbot-activation): Remove message with certificate renewal instructions.

Change-Id: I614ac6214a753dba0396e2385a75926c8355caa1
Signed-off-by: Clément Lassieur &lt;clement@lassieur.org&gt;
</span></span></td><td>Carlo Zancanaro</td></tr>
<tr><td><span title='2024-01-31 16:54:16 +0100'>2024-01-31</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=d4a4b12f0ac52563254d34dc1e26030b354d3f73'>services: certbot: Reload nginx in deploy hook.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.

Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur &lt;clement@lassieur.org&gt;
</span></span></td><td>Carlo Zancanaro</td></tr>
<tr><td><span title='2024-01-31 16:54:12 +0100'>2024-01-31</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=fc0ec9a3cc2707260b88c79286e91fa1a3a594cb'>services: certbot: Create self-signed certificates before certbot runs.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (&lt;certificate-configuration&gt;): Add
start-self-signed? field.
(generate-certificate-gexp): New procedure.
(certbot-activation): Generate self-signed certificates when
start-self-signed? is #t.
* doc/guix.texi (Certificate services): Document start-self-signed?.

Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d
Signed-off-by: Clément Lassieur &lt;clement@lassieur.org&gt;
</span></span></td><td>Carlo Zancanaro</td></tr>
<tr><td><span title='2024-01-31 16:54:03 +0100'>2024-01-31</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=a2b1ef903be001d5abfc47fc3e8add04fb748ff3'>services: certbot: Symlink certificates to /etc/certs.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (certbot-deploy-hook): New procedure.
(certbot-command): Pass new deploy hook to certbot.
* doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout, except in
the certbot deploy-hook description.

Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d
Signed-off-by: Clément Lassieur &lt;clement@lassieur.org&gt;
</span></span></td><td>Carlo Zancanaro</td></tr>
<tr><td><span title='2023-06-18 23:12:10 +0200'>2023-06-18</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=a82130de50d2c84d77492d9aa43e4b7f4b06b4b2'>services: certbot: Fix nginx crash when certbot is used without domains.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (certbot-nginx-server-configurations):
Don't return a broken nginx-server-configuration with empty server_name
when no certificate domains are configured. Instead add a separate
server for every certificate, so 0 certificates adds 0 servers.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
Reviewed-by: Bruno Victal &lt;mirai@makinata.eu&gt;
</span></span></td><td>Saku Laesvuori</td></tr>
<tr><td><span title='2023-01-03 16:34:44 -0500'>2023-01-03</span></td><td><a href='/guix/commit/gnu/services/certbot.scm?id=c13c890138545bfda1807ad60e70971736ddf5b5'>services: certbot: Fix broken link.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/certbot.scm (certbot-renewal-jobs): Fix broken link.

Signed-off-by: Maxim Cournoyer &lt;maxim.cournoyer@gmail.com&gt;
</span></span></td><td>jgart</td></tr>

Age	Commit message (Expand)	Author
2024-09-03	services: certbot: Add certbot-configuration-package to profile....As the manual suggests running a certbot command to view the issued certificates, add it to the profile. * gnu/services/certbot.scm (certbot-service-type): Extend profile-service-type with certbot-configuration-package. Change-Id: I92618597bbdc8d838420b2e0f82de601b0bc609b Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Richard Sent
2024-01-31	services: certbot: Add one-shot service to renew certificates....* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure. (certbot-service-type)[extensions]: Add it to shepherd-root extension. (certbot-command): Make connection errors return a different exit code. (certbot-activation): Remove message with certificate renewal instructions. Change-Id: I614ac6214a753dba0396e2385a75926c8355caa1 Signed-off-by: Clément Lassieur <clement@lassieur.org>	Carlo Zancanaro
2024-01-31	services: certbot: Reload nginx in deploy hook....* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx. * doc/guix.texi (Certificate services): Remove deploy-hook from example. Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176 Signed-off-by: Clément Lassieur <clement@lassieur.org>	Carlo Zancanaro
2024-01-31	services: certbot: Create self-signed certificates before certbot runs....* gnu/services/certbot.scm (<certificate-configuration>): Add start-self-signed? field. (generate-certificate-gexp): New procedure. (certbot-activation): Generate self-signed certificates when start-self-signed? is #t. * doc/guix.texi (Certificate services): Document start-self-signed?. Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d Signed-off-by: Clément Lassieur <clement@lassieur.org>	Carlo Zancanaro
2024-01-31	services: certbot: Symlink certificates to /etc/certs....* gnu/services/certbot.scm (certbot-deploy-hook): New procedure. (certbot-command): Pass new deploy hook to certbot. * doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout, except in the certbot deploy-hook description. Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d Signed-off-by: Clément Lassieur <clement@lassieur.org>	Carlo Zancanaro
2023-06-18	services: certbot: Fix nginx crash when certbot is used without domains....* gnu/services/certbot.scm (certbot-nginx-server-configurations): Don't return a broken nginx-server-configuration with empty server_name when no certificate domains are configured. Instead add a separate server for every certificate, so 0 certificates adds 0 servers. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reviewed-by: Bruno Victal <mirai@makinata.eu>	Saku Laesvuori
2023-01-03	services: certbot: Fix broken link....* gnu/services/certbot.scm (certbot-renewal-jobs): Fix broken link. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>	jgart