Date: Fri, 8 Apr 2022 09:40:12 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Kyle Evans <kevans@freebsd.org> Cc: Martin Matuska <mm@freebsd.org>, src-committers <src-committers@freebsd.org>, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org Subject: Re: git: 833a452e9f08 - main - libarchive: import changes from upstream Message-ID: <20220408074012.cfanxlrhlj2w2e2g@aniel.nours.eu> In-Reply-To: <CACNAnaF6FAGHyyR08c8U6NFvWHkPinqSiZ_A0iy%2Bo9qopV52Mg@mail.gmail.com> References: <202202092352.219Nqprv043107@gitrepo.freebsd.org> <CACNAnaF6FAGHyyR08c8U6NFvWHkPinqSiZ_A0iy%2Bo9qopV52Mg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 07, 2022 at 10:13:30PM -0500, Kyle Evans wrote: > On Wed, Feb 9, 2022 at 5:52 PM Martin Matuska <mm@freebsd.org> wrote: > > > > The branch main has been updated by mm: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=833a452e9f082a7982a31c21f0da437dbbe0a39d > > > > Merge: 17a56f3fabdf 84631082f67b > > Author: Martin Matuska <mm@FreeBSD.org> > > AuthorDate: 2022-02-09 23:35:42 +0000 > > Commit: Martin Matuska <mm@FreeBSD.org> > > CommitDate: 2022-02-09 23:35:42 +0000 > > > > libarchive: import changes from upstream > > > > Libarchive 3.6.0 > > > > New features: > > PR #1614: tar: new option "--no-read-sparse" > > PR #1503: RAR reader: filter support > > PR #1585: RAR5 reader: self-extracting archive support > > > > New features (not used in FreeBSD base): > > PR #1567: tar: threads support for zstd (#1567) > > PR #1518: ZIP reader: zstd decompression support > > > > Security Fixes: > > PR #1491, #1492, #1493, CVE-2021-36976: > > fix invalid memory access and out of bounds read in RAR5 reader > > PR #1566, #1618, CVE-2021-31566: > > extended fix for following symlinks when processing the fixup list > > > > Other notable bugfixes and improvements: > > PR #1620: tar: respect "--ignore-zeros" in c, r and u modes > > PR #1625: reduced size of application binaries > > > > MFC after: 2 weeks > > Relnotes: yes > > > > Hi, > > This commit makes pkg angry when trying to use zstd support -- I > tracked it down to libarchive wanting to shell out now, because this > conditional changed: > > https://cgit.freebsd.org/src/tree/contrib/libarchive/libarchive/archive_write_add_filter_zstd.c#n112 > > We should probably make pkg accept ARCHIVE_WARN since shelling out > isn't so bad, but I have this diff to fix base libarchive: > > https://people.freebsd.org/~kevans/libarchive.diff > > I didn't quite check if there were any other surprises like this, > though. Is this sufficient and OK to commit? > > Thanks, > > Kyle Evans > It is not the first time, an update of libarchive breaks many things in particular pkg, we have asked many time if a request for exp-run could be made before any sync with upstream, but years are passing and libarchive continues to be updated without prior exp-run. This is painful. Making pkg accept ARCHIVE_WARN is not acceptable, in some places we are extracting inside a capsicum sandbox which will prevent any shelling out. Best regards, Bapt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220408074012.cfanxlrhlj2w2e2g>