Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Differential Revision: https://reviews.freebsd.org/D1524
Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Approved by: delphij
Obtained from: ELF tool chain ar, Ticket #474
MFC after: 1 week
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
ar(1)'s dependencies on compressor libraries -lz, -lbz2 and -llzma and
fixes building HEAD on some versions of FreeBSD[78]. Option -j and -z
is now accepted but ignored.
Compressed ar(1) archives are not useful without a ld(1) that can read
them. Also, the current ar(1) compression scheme prevents random
access of archive members and needs to be redesigned anyway.
Submitted by: kientzle (original patch)
Reviewed by: delphij
Discussed on: -current mailing list
Reviewed by: jkoshy
Approved by: jkoshy (mentor)
Tested by: erwin (ports build test on pointyhat)
Sponsored by: Google Summer of Code 2007
Reviewed by (earlier version): Jaakko Heinonen <jh[AT]saunalahti.fi>
Tested by (earlier version): Steve Kargl <sgk[AT]troutmask.apl.washington.edu>
Tested by (earlier version): Martin Voros <martin_voros[AT]yahoo.com>
Tested by (earlier version): swell.k[AT]gmail.com
Tested by (earlier version): joel
Tested by (earlier version): Alexey Shuvaev <shuvaev[AT]physik.uni-wuerzburg.de>
Tested by (earlier version): Arjan van Leeuwen <avleeuwen[AT]gmail.com>
Thanks to gabor@ for building ports for it.
Thanks to erwin@ and kris@ for scheduling the ports build test on pointyhat.
And thanks to many others for their feedback.
