Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Differential Revision: https://reviews.freebsd.org/D1524
Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Approved by: delphij
Obtained from: ELF tool chain ar, Ticket #474
MFC after: 1 week
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
ar(1)'s dependencies on compressor libraries -lz, -lbz2 and -llzma and
fixes building HEAD on some versions of FreeBSD[78]. Option -j and -z
is now accepted but ignored.
Compressed ar(1) archives are not useful without a ld(1) that can read
them. Also, the current ar(1) compression scheme prevents random
access of archive members and needs to be redesigned anyway.
Submitted by: kientzle (original patch)
Reviewed by: delphij
Discussed on: -current mailing list
Reviewed by: jkoshy
Approved by: jkoshy (mentor)
Tested by: erwin (ports build test on pointyhat)
Sponsored by: Google Summer of Code 2007
Reviewed by (earlier version): Jaakko Heinonen <jh[AT]saunalahti.fi>
Tested by (earlier version): Steve Kargl <sgk[AT]troutmask.apl.washington.edu>
Tested by (earlier version): Martin Voros <martin_voros[AT]yahoo.com>
Tested by (earlier version): swell.k[AT]gmail.com
Tested by (earlier version): joel
Tested by (earlier version): Alexey Shuvaev <shuvaev[AT]physik.uni-wuerzburg.de>
Tested by (earlier version): Arjan van Leeuwen <avleeuwen[AT]gmail.com>
Thanks to gabor@ for building ports for it.
Thanks to erwin@ and kris@ for scheduling the ports build test on pointyhat.
And thanks to many others for their feedback.
