New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tar: make error reporting more robust and use correct errno #2101
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Beat me to it. I'm very glad to see someone more qualified take this on @emaste ... thank you for your hard work on FreeBSD |
One more note: this is particular usage is probably fine because bsdtar is a utility rather than part of the library component of libarchive, but you unfortunately can't use strerror() in libraries (or threaded applications) because it's not threadsafe. Awkward workarounds are generally required like this or this. So beware: it's one of those tempting APIs that's almost impossible to use correctly except in single-threaded programs. |
Are there plans to backport this fix to older releases? |
That may well be the case (I don't know much about coding tbh), but it's highly suspicious, because it was added in #1609, created by a known bad actor (JiaT75 recently snuck a backdoor into XZ, over a series of commits, after contributing for over a year and eventually becoming a co-maintainer) Once again, I don't know much about coding, and I definitely don't understand the specific change. I do wonder though whether it could have set the stage for an obfuscated attempt to insert malware (EDIT: or a vulnerability that a malicious program could then exploit) |
Pretty unlikely; would too hard to abuse it. |
archive_error_string(a), | ||
strerror(archive_errno(a))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These changes have mixed whitespace. Someone should probably replace the new added spaces with tabs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this follows FreeBSD style(9): tabs are 8, 2nd level indent is 4 spaces.
https://man.freebsd.org/cgi/man.cgi?query=style&sektion=9
Are there OS-level patches going to be issued to distribute these corrections to the general public? |
…sdtar_1561 Added error text to warning when untaring with bsdtar
hell yeah |
Thanks @emaste for the quick fix. Will there be a new release with this fix included soon? |
libarchive/libarchive#2101 * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive/fixed): New variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Change-Id: I939e9b842b10d1a78125da4a4599c38d9c037079
As discussed in #1609.