Backport libarchive#2101

[jjerphan]

Checklist

• [x] Used a personal fork of the feedstock to propose changes
• [x] Bumped the build number (if the version is unchanged)
• [ ] Reset the build number to 0 (if the version changed)
• [x] Re-rendered with the latest conda-smithy (Use the phrase code>@<space/conda-forge-admin, please rerender in a comment in this PR for automated rerendering)
• [x] Ensured the license file is being packaged.

Preventively backport https://github.com/libarchive/libarchive/pull/2101 to revert changes of https://github.com/libarchive/libarchive/pull/1609 which might be related to the xz Backdoor (i.e. CVE-2024-3094).

Fix https://github.com/conda-forge/libarchive-feedstock/issues/84.

[conda-forge-webservices[bot]]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.

[jjerphan]

@conda-forge-admin, please rerender

[jjerphan]

FYI, several distributions have back ported this change or revert the original PR, including:

• Gentoo
• MacPorts
• homebrew-core
• archlinux

[beckermr]

It appears all commits were re-reviewed and only the patch above has been applied?

https://github.com/libarchive/libarchive/issues/2103

[beckermr]

There was an associated bugfix in the same code areas but not specifically touched: https://github.com/libarchive/libarchive/pull/2104/files

[beckermr]

What do you think @conda-forge/core? Should we wait for the next release or go ahead with this patch and the one from https://github.com/libarchive/libarchive/pull/2104?

Maybe if the libarchive maintainers thought there was something to patch, they would have pushed a bugfix release?

[isuruf]

Please keep the discussion in #84.