Thanks, in my haste I misread. I removed the part claiming it didn't do what it says, though I maintain the changes made simultaneously is very suspect as there is no apparent motivation
the motivation is probably "get foot in the door". the attacker also made a few documentation-only PRs in various repos, but having code PR will make him more creditable, and also would help to add more backdoors to libarchive in the future
and librachive is now part of Windows 10, being used as a universal archive decompression library in the Explorer
