Commit Graph

412 Commits

Author SHA1 Message Date
Tim Kientzle
9695c83ff5 Track version # from the portable release. 2008-01-23 05:48:07 +00:00
Tim Kientzle
991a64e41e Explain a subtle API change that was made recently.
Even though I believe this is a good change, it does
have the potential to break certain clients, so it's
good to document the reasoning behind the change.
2008-01-23 05:47:08 +00:00
Tim Kientzle
1466a90ac6 Properly pad symlinks when writing cpio "newc" format.
Thanks to: Jesse Barker for reporting this.
MFC after: 7 days
2008-01-23 05:43:26 +00:00
Tim Kientzle
91c3a77c57 I misread the Tinderbox error; this should really unbreak 64-bit builds.
Pointy hats, yep, keep 'em coming.  ;-/
2008-01-18 06:16:08 +00:00
Tim Kientzle
c19af48f40 Fix 64-bit build after my last commit. <sigh> 2008-01-18 06:08:39 +00:00
Tim Kientzle
22177dd3e6 The previous commit caused the archive_write_disk interface to
start obeying filesize limits; this test wasn't properly setting
file sizes before trying to write file data.
2008-01-18 05:48:50 +00:00
Tim Kientzle
2adbd7ee43 Issues with hardlinks in newc-format files prompted me to
write a new test to exercise the hardlink strategies used
by different archive formats (tar, old cpio, new cpio).
This uncovered two problems, both fixed by this commit:

1) Enforce file size when writing files to disk.

2) When restoring hardlink entries, if they have data associated, go
   ahead and open the file so we can write the data.

In particular, this fixes bsdtar/bsdcpio extraction of new cpio
formats where the "original" is empty and the subsequent "hardlink"
entry actually carries the data.  It also provides correct behavior
for old cpio archives where hardlinked entries have their bodies
stored multiple times in the archive; the last body should always be
the one that ends up in the final file.  The new pax format also
permits (but does not require) hardlinks to carry file data; again,
the last contents should always win.

Note that with any of these, a size of zero on a hardlink simply means
that the hardlink carries no data; it does not mean that the file has
zero size.  A non-zero size on a hardlink does provide the file size.

Thanks to: John Baldwin, for reminding me about this long-standing bug
    and sending me a simple example archive that prompted this test case
2008-01-18 05:05:58 +00:00
Tim Kientzle
23b11f239a Reconnect the progress callback. It may not get called
as often as you might expect, but at least it will get called
now.

Thanks to: David Topham for asking how this got disconnected.
2008-01-18 04:53:45 +00:00
Tim Kientzle
f432a1c5bc Handle Zip archives that are "multi-part archives with only
one part" by simply ignoring the marker at the beginning
of the file.  (Zip archivers reserve four bytes at the beginning
of each part of a multi-part archive, if it happens to only
require one part, those four bytes get filled with a placeholder
that can be ignored.)

Thanks to: Marius Nuennerich,
	 for pointing me to a Zip archive that libarchive couldn't handle
MFC after: 7 days
2008-01-15 16:27:15 +00:00
Tim Kientzle
a8f2d755d0 Support uppercase hex digits in cpio archives.
Thanks to: Joshua Kwan
MFC after: 7 days
2008-01-15 04:56:48 +00:00
Tim Kientzle
a0751a90e6 Since the tar bidder can never get called more than once, it
doesn't need to compensate for this situation.

While here, fix a minor longstanding bug that empty tar archives
(which begin with at least 512 zero bytes) never properly reported
their format.  In particular, this fixes the output of:
   bsdtar tvvf /dev/zero

And, of course, a new test to verify that libarchive correctly
recognizes the format of such files.
2008-01-13 23:50:30 +00:00
Dag-Erling Smørgrav
aa1b83ec5a Crib {be,le}{16,32,64}{dec,enc} from src/sys/sys/endian.h and use it instead
of home-rolled [iu][248] in the ZIP support code.

Approved by:	kientzle
2008-01-03 18:30:37 +00:00
Dag-Erling Smørgrav
4823b3de93 Add an internal utility function to simplify the many, many places where
the number of bytes read is actually not important as long as we have at
least what we ask for.  Illustrate its benefits by using it throughout
the ZIP support code, except for the few cases where it doesn't apply.

Approved by:	kientzle
2008-01-03 17:54:26 +00:00
Tim Kientzle
2a5e8d812c Extensive improvements to the libarchive_test test program that
exercises and verifies the libarchive APIs:

* Improved error reporting; hexdumps are now provided for
  many file/memory content differences.
* Overall status more clearly counts "tests" and "assertions"
* Reference files can now be stored on disk instead of having
  to be compiled into the test program itself.  A couple of
  tests have been converted to this more natural structure.
* Several memory leaks corrected so that leaks within libarchive
  itself can be more easily detected and diagnosed.
* New test: GNU tar compatibility
* New test: Zip compatibility
* New test: Zero-byte writes to a compressed archive entry
* New test: archive_entry_strmode() format verification
* New test: mtree reader
* New test: write/read of large (2G - 1TB) entries to tar archives
  (thanks to recent performance work, this test only requires a few seconds)
* New test: detailed format verification of cpio odc and newc writers
* Many minor additions/improvements to existing tests as well.
2008-01-01 22:28:04 +00:00
Tim Kientzle
db267e0b5d The mtree.5 file has been moved to src/usr.sbin/mtree. 2008-01-01 06:17:05 +00:00
Tim Kientzle
9dd49f960f Update libarchive to 2.4.10. This includes a number of improvements
that I've been working on but put off committing until after the
RELENG_7 branch, including:

* New manpages: cpio.5 mtree.5
* New archive_entry_strmode()
* New archive_entry_link_resolver()
* New read support: mtree format
* Internal API change:  read format auction only runs once
* Running the auction only once allowed simplifying a lot of bid logic.
* Cpio robustness:  search for next header after a sync error
* Support device nodes on ISO9660 images
* Eliminate a lot of unnecessary copies for uncompressed archives
* Corrected handling of new GNU --sparse --posix formats
* Correctly handle a zero-byte write to a compressed archive
* Fixed memory leaks

Many of these improvements were motivated by the upcoming bsdcpio
front-end.

There have also been extensive improvements to the libarchive_test
test harness, which I'll commit separately.
2007-12-30 04:58:22 +00:00
Tim Kientzle
f4c8548d52 If a Zip entry has the "length at end" flag set, then just ignore
a length field of zero; it does not mean the body is empty.

Thanks to: Lapo Luchini for sending me a JAR archive that demonstrated this bug
MFC after: 3 days
2007-12-04 06:32:12 +00:00
Tim Kientzle
c383d82e4d When skipping input data, don't overflow a 32-bit size_t.
This can only happen on 32-bit systems when you're reading
an uncompressed archive and the skip request is an exact
multiple of 4G (e.g., skipping a tar entry with an 8G body).

The symptom is that the read_ahead() ends up returning zero
bytes, and the extraction stops with a premature end-of-file.

Using '1' here is more correct anyway, as it allows read_ahead()
to function opportunistically and minimize copying.

MFC after: 5 days
2007-10-27 22:45:40 +00:00
Tim Kientzle
6fa30d2b87 Fix reading of files that use pax 'size' attribute to store size.
In particular, bsdtar uses the pax 'size' attribute for any file
over 8G.

MFC after: 3 days
2007-10-24 04:01:31 +00:00
Tim Kientzle
a3ac45275d Correct the cpio writers to not accept data for non-regular files.
In particular, the previous code led to archives that had
non-empty bodies following directory entries.  Not a fatal
problem, as bsdtar and GNU cpio are both happy to just skip
this bogus data, but it still shouldn't be there.

MFC after: 3 days
2007-10-12 04:11:31 +00:00
Tim Kientzle
04a832627b Correct the return values of the final zero-length block at EOF.
Return EOF immediately if an entry in a ZIP archive has no body.
In particular, the latter issue was causing bsdtar to emit spurious
warnings when extracting directory entries from ZIP archives.

MFC after: 3 days
2007-10-12 04:08:28 +00:00
Tim Kientzle
016e328d16 Fix the archive_write_data() function so it always returns
number of bytes written, even when used to write files to
disk.  Extend the test suite to verify the correct return
values for archive_write_data() and archive_write_data_block().

Thanks to: Bruce Mah, for stepping in promptly to back out the
   earlier broken version of this fix
Thanks to: Colin Percival, for pointing out the correct fix
MFC after: 5 days
Approved by: re (ksmith)
Pointy hat: \me
2007-09-21 04:52:43 +00:00
Tim Kientzle
d2d0f66a30 Fill in a missing 'e'
Thanks to: Kai Wang, for pointing this out
Approved by: re (bmah)
MFC after: 3 days
2007-09-19 16:37:45 +00:00
Bruce A. Mah
7b7b893394 Revert the last commit to libarchive. It introduced some regresssions,
most noticably the incorrect extraction of files by bsdtar.

This commit reverts:

	src/lib/libarchive/archive_write_disk.c 1.15
	src/lib/libarchive/test/test_write_disk.c 1.4

Approved by:	re (implicitly)
2007-09-18 20:20:37 +00:00
Tim Kientzle
8f3ba4ccf4 Correct the return value from archive_write_data()
(when used to restore files to disk) to match:
  * The documentation
  * The return values of this function when used
    to write files into an archive.

Approved by: re (bmah)
Pointy hat: \me
MFC after: 5 days
2007-09-18 04:20:21 +00:00
Tim Kientzle
68f0154dcf This commit updates libarchive to be compatible with
GNU tar 1.17's implementation of --posix --sparse,
at the cost of losing compatibility with GNU tar 1.16.
Fortunately, the 1.17 implementation actually makes sense,
so the libarchive code is now a bit more straightforward
than before.

Background:  GNU tar 1.16 defined a new way to store
sparse files in --posix archives.  Unfortunately,
the implementation incorrectly inserted several
blocks of null padding after each such entry.
As a result, non-GNU tar implementations saw the
archive as truncated after any sparse entry.
This was fixed in GNU tar 1.17 at the cost of
losing compatibility with GNU tar 1.16 for this
new format (which is not the default, so hopefully
rarely used).  Libarchive recently gained support
for reading the GNU tar 1.16 formats; this commit
updates it to read the GNU tar 1.17 variant instead.

Approved by: re (ksmith for libarchive portion)
Approved by: re (blanket for libarchive_test portion)
MFC after: 5 days
2007-08-18 21:53:25 +00:00
Tim Kientzle
9136384dc2 Make suid/sgid restore be "opportunistic" if
owner restore is not requested.  If you ask
for permissions to be restored but not owner,
you will now get no error if suid/sgid bits
cannot be set.  (It's a security hole to restore
suid/sgid bits if the owner/group aren't restored.)

This fixes an obscure problem where a simple
"tar -xf" with no other options will sometimes
fail gratuitously because of suid/sgid bits.
This is causing occasional problems for people
using bsdtar as a drop-in replacement for
"that other tar program." ;-)

Note: If you do ask for owner restore, then suid/sgid
restore failures still issue an error.  This
only suppresses the error in the case where an
suid/sgid bit restore fails because of an owner
mismatch and owner restore was not requested.

Approved by: re (bmah)
MFC after: 7 days
2007-08-12 17:35:05 +00:00
Tim Kientzle
f6d19aee04 Update the tests for reading the various GNU tar sparse formats.
In particular:
  * Include a second entry in all of the test archives (to catch errors
    with intermediate padding)
  * Test the GNU tar 1.17 version of "posix sparse format 1.0"
    instead of the GNU tar 1.16 version (the latter is no longer
    supported by GNU tar).

Right now, libarchive fails this test because I originally
implemented the GNU tar 1.16 version of "posix sparse format 1.0".
I'll fix libarchive shortly.

Approved by: re (blanket, libarchive testing)
2007-08-12 01:16:19 +00:00
Tim Kientzle
9e3fd30bac Two minor nits:
* Allow libarchive_test to compile on Interix again.
  * Track the test name (not just line number) when counting skipped tests.

Thanks to: Joerg Sonnenberger
Approved by: re (blanket; libarchive testing)
2007-07-31 05:03:27 +00:00
Tim Kientzle
8ea9716c0c Fix a strict aliasing warning from GCC 4.1.
Thanks to: Joerg Sonnenberger
Approved by: re (hrs)
MFC after: 3 days
2007-07-20 01:28:50 +00:00
Tim Kientzle
d3bb697513 archive_string_ensure() used to call exit(3) if it
couldn't allocate more memory for a string.  Change
this so it returns NULL in that case, and update
all of its callers to handle the error.  Some of
those callers can now return errors back to the
client instead of calling exit(3).

Approved by: re (bmah)
2007-07-15 19:13:59 +00:00
Tim Kientzle
75d0856ca5 Add archive_entry_copy_gname() and archive_entry_copy_uname()
functions.

Approved by: re (bmah)
MFC after: 3 days
2007-07-15 19:10:34 +00:00
Tim Kientzle
58bdc3275c Clarify one test.
Approved by: re (blanket, libarchive testing)
2007-07-15 17:16:42 +00:00
Tim Kientzle
a902b04074 Use an uncompressed test archive for gtar sparse format 1.0 format,
as that better exercises some internal read-combining logic than the
compressed archive.

Approved by: re (blanket, libarchive testing)
2007-07-14 17:54:14 +00:00
Tim Kientzle
2e4e46b540 Report each failed test once, but keep a count and report that count
if there was more than one.  In particular, this simplifies
test_tar_filenames.c, which has a tendency to be very noisy otherwise.

Approved by: re (blanket, libarchive testing)
2007-07-14 17:52:01 +00:00
Tim Kientzle
46dd1e6ee7 Restore the 'break' that was inadvertently removed in 1.57 of this file.
Without this, hardlinks get returned as symlinks.

Approved by: re (Ken Smith)
MFC after: 2 days
2007-07-14 05:53:51 +00:00
Tim Kientzle
f7f698bb22 Extend the basic tar reading test to exercise most types of
entries.  This doesn't cover everything yet, but it's a big improvement.

Approved by:  re (blanket, libarchive testing)
2007-07-14 05:35:17 +00:00
Tim Kientzle
99d4bb3999 Make the test for reading gtar sparse entries more robust;
it now verifies that the returned blocks have the correct data
at the correct file offsets, ignoring any null padding that
may exist.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:16:26 +00:00
Tim Kientzle
ceab112df6 New test suite test_read_pax_truncated probes libarchive
behavior with truncated or damaged pax archives.  This
tests most of the cases covered by the recent security advisory.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:14:35 +00:00
Tim Kientzle
8ed6656123 New file "read_open_memory.c" is a custom variant of
archive_read_open_memory.c that tries to test border
cases.  In particular, it copies over each returned block
so that formats or decompressors that read past the end
of a returned block will break.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:12:52 +00:00
Tim Kientzle
4b0489dd31 Fix running individual tests via "libarchive_test <number> <number> ..."
Approved by: re (blanket)
2007-07-13 15:09:07 +00:00
Colin Percival
612c3e7724 Correct multiple security issues in how libarchive handles corrupt
tar archives, including a potentially exploitable buffer overflow.

Approved by:	re (kensmith, security blanket)
Reviewed by:	kientzle
Security:	FreeBSD-SA-07:05.libarchive
2007-07-12 15:00:28 +00:00
Tim Kientzle
ed3ba42250 Fix installworld: /usr/bin/printf isn't available then,
so use awk's printf for the formatting here instead.

Pointy hat: Yours Truly
Approved by: re
2007-07-07 16:55:42 +00:00
Tim Kientzle
dbb4eb7d9c Make test suite work with libarchive 1.3.1: Take advantage of
ARCHIVE_VERSION_STAMP to selectively disable tests that don't
apply to that version; new "skipping()" function reports skipped
tests; modify final summary to report component test failures and
skips.

Note:  I don't currently intend to MFC the test suite itself;
anyone interested should just checkout and use this version
of the test suite, which should work for any library version.

Approved by: re (Ken Smith, blanket)
2007-07-06 15:43:11 +00:00
Tim Kientzle
ab16ac785a New "version stamp" simplifies determining the exact version
of libarchive being used.  I've been taking advantage of this
with a recent round of updates to libarchive_test so that it
can test older and newer versions of the library.

Approved by: re (Ken Smith)
2007-07-06 15:36:38 +00:00
Tim Kientzle
3f6c3bcd84 Fix 'bsdtar -t' on tape drives. Libarchive uses the
skip() callback to skip over data when reading uncompressed
archives.  This gets invoked, for example, during tar -t
or tar -x with a filename argument.  The revised code
only calls [lf]seek() on regular files, instead of depending
on the kernel to return an error.

Thanks to: bde for explaining the implementation of lseek()
Thanks to: Daniel O'Connor for testing
Approved by: re (Ken Smith)
MFC after: 5 days
2007-06-26 03:06:48 +00:00
Tim Kientzle
734f944a06 Ouch. I partially screwed up the last commit by
enabling a test that's not ready yet. <sigh>

Pointy hat: /me
Approved by: re@
2007-06-22 05:49:13 +00:00
Tim Kientzle
17e60e6230 Support for writing the 'newc' cpio format, plus a minimal test harness
for the cpio formats.

Thanks to: Rudolf Marek
Approved by: re@
2007-06-22 05:47:00 +00:00
Tim Kientzle
7faa61e65d Track whether the current read stream supports seek(). For now, we
assume yes unless seek has previously failed, but I fear I'll have to
avoid seeks under other circumstances.  (For instance, tape drives on
FreeBSD seem to return garbage from lseek().)  Also, optimize away
zero-byte skips.
2007-06-18 00:36:54 +00:00
Tim Kientzle
d02e3c38ab Make 'ar' write test a tad more portable. 2007-06-13 03:40:02 +00:00