From 7b4b4208f7c560ff39ddd1d1ee9b418b78d7e398 Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Sat, 6 Apr 2024 00:52:20 +0200
Subject: [PATCH] backport upstream patch to fix possibly malicious past commit
 (see https://github.com/libarchive/libarchive/pull/2101 ) [release
 3.7.2-2mamba;Fri Apr 05 2024]

---
 ...tar_make_error_reporting_more_robust.patch | 27 +++++++++++++++++++
 libarchive.spec                               |  9 +++++--
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch

diff --git a/libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch b/libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch
new file mode 100644
index 0000000..6a351ba
--- /dev/null
+++ b/libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch
@@ -0,0 +1,27 @@
+From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
+From: Ed Maste <emaste@freebsd.org>
+Date: Fri, 29 Mar 2024 18:02:06 -0400
+Subject: [PATCH] tar: make error reporting more robust and use correct errno
+ (#2101)
+
+As discussed in #1609.
+---
+ tar/read.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tar/read.c b/tar/read.c
+index af3d3f423..a7f14a07b 100644
+--- a/tar/read.c
++++ b/tar/read.c
+@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
+ 			if (r != ARCHIVE_OK) {
+ 				if (!bsdtar->verbose)
+ 					safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
+-				fprintf(stderr, ": %s: ", archive_error_string(a));
+-				fprintf(stderr, "%s", strerror(errno));
++				safe_fprintf(stderr, ": %s: %s",
++				    archive_error_string(a),
++				    strerror(archive_errno(a)));
+ 				if (!bsdtar->verbose)
+ 					fprintf(stderr, "\n");
+ 				bsdtar->return_value = 1;
diff --git a/libarchive.spec b/libarchive.spec
index dde6ae2..19a9b38 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -1,6 +1,6 @@
 Name:          libarchive
 Version:       3.7.2
-Release:       1mamba
+Release:       2mamba
 Summary:       Single library to read/write tar, cpio, pax, zip, iso9660, etc.
 Group:         System/Libraries
 Vendor:        openmamba
@@ -8,11 +8,11 @@ Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://libarchive.org/
 Source:        https://github.com/libarchive/libarchive.git/v%{version}/libarchive-%{version}.tar.bz2
+Patch0:        libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch
 License:       BSD
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
 BuildRequires: libacl-devel
-BuildRequires: libattr-devel
 BuildRequires: libb2-devel
 BuildRequires: libbzip2-devel
 BuildRequires: libgomp-devel
@@ -60,6 +60,8 @@ This package contains the following programs built on libarchive:
 
 %prep
 %setup -q
+%patch 0 -p1 -b .backport_bsdtar_make_error_reporting_more_robust
+
 autoreconf -f -i
 
 %build
@@ -120,6 +122,9 @@ mv %{buildroot}%{_mandir}/man5/tar.5 %{buildroot}%{_mandir}/man5/archive_tar.5
 %{_mandir}/man1/bsdunzip.1*
 
 %changelog
+* Fri Apr 05 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 3.7.2-2mamba
+- backport upstream patch to fix possibly malicious past commit (see https://github.com/libarchive/libarchive/pull/2101 )
+
 * Tue Sep 12 2023 Automatic Build System <autodist@mambasoft.it> 3.7.2-1mamba
 - automatic version update by autodist