Re: git: 833a452e9f08 - main - libarchive: import changes from upstream

On Wed, Feb 9, 2022 at 5:52 PM Martin Matuska <mm@freebsd.org> wrote:
>
> The branch main has been updated by mm:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=833a452e9f082a7982a31c21f0da437dbbe0a39d
>
> commit 833a452e9f082a7982a31c21f0da437dbbe0a39d
> Merge: 17a56f3fabdf 84631082f67b
> Author:     Martin Matuska <mm@FreeBSD.org>
> AuthorDate: 2022-02-09 23:35:42 +0000
> Commit:     Martin Matuska <mm@FreeBSD.org>
> CommitDate: 2022-02-09 23:35:42 +0000
>
>     libarchive: import changes from upstream
>
>     Libarchive 3.6.0
>
>     New features:
>     PR #1614: tar: new option "--no-read-sparse"
>     PR #1503: RAR reader: filter support
>     PR #1585: RAR5 reader: self-extracting archive support
>
>     New features (not used in FreeBSD base):
>     PR #1567: tar: threads support for zstd (#1567)
>     PR #1518: ZIP reader: zstd decompression support
>
>     Security Fixes:
>     PR #1491, #1492, #1493, CVE-2021-36976:
>        fix invalid memory access and out of bounds read in RAR5 reader
>     PR #1566, #1618, CVE-2021-31566:
>        extended fix for following symlinks when processing the fixup list
>
>     Other notable bugfixes and improvements:
>     PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
>     PR #1625: reduced size of application binaries
>
>     MFC after:      2 weeks
>     Relnotes:       yes
>

Hi,

This commit makes pkg angry when trying to use zstd support -- I
tracked it down to libarchive wanting to shell out now, because this
conditional changed:

https://cgit.freebsd.org/src/tree/contrib/libarchive/libarchive/archive_write_add_filter_zstd.c#n112

We should probably make pkg accept ARCHIVE_WARN since shelling out
isn't so bad, but I have this diff to fix base libarchive:

https://people.freebsd.org/~kevans/libarchive.diff

I didn't quite check if there were any other surprises like this,
though. Is this sufficient and OK to commit?

Thanks,

Kyle Evans