Commit Graph

57 Commits

Author SHA1 Message Date
Tim Kientzle
bb8a41af51 Various fixes when creating objects on disk:
* Write xattrs last instead of first (required on platforms that use
   system xattrs for security attributes)
 * Better handling of chdir() failures
 * Don't bother trying to shorten files via seek()/write()
 * Fix build on systems that lack link()/symlink()/mknod()
 * Prefer futimens()/utimensat() when they're present
2009-12-29 05:35:40 +00:00
Tim Kientzle
946733c26e Fix a minor memory leak. 2009-04-17 00:44:03 +00:00
Tim Kientzle
e2421f7667 Merge from libarchive.googlecode.com: Mostly a bunch of
corrections to the Windows support to reconcile differences
between Visual Studio and Cygwin.  Includes parts of
revisions 757, 774, 787, 815, 817, 819, 820, 844, and 886.

Of particular note, r886 overhauled the UTF-8/Unicode conversions to
work correctly regardless of whether the local system uses 16-bit
or 32-bit wchar_t.  (I assume that systems with 16-bit wchar_t
use UTF-16 and those with 32-bit wchar_t use UCS-4.)  This revision
also added a preference for wcrtomb() (which is thread-safe) on
platforms that support it.
2009-04-12 05:33:34 +00:00
Tim Kientzle
c2a577bb0d Merge r723 from libarchive.googlecode.com: Don't try to restore
owner or SUID bits on Windows; just ignore them.
2009-03-07 03:00:44 +00:00
Tim Kientzle
eee9002fb2 Merge r552,r559 from libarchive.googlecode.com: Support high-resolution
timestamps on Tru64, AIX, and GNU Hurd.  Thanks to Björn Jacke.
2009-03-07 00:52:02 +00:00
Tim Kientzle
4797bb9435 Merge r283,r529 from libarchive.googlecode.com: Fix ext2_fs.h includes
for Linux.
2009-03-07 00:36:50 +00:00
Tim Kientzle
4bf1b0bdfa Merge r403,702,721 from libarchive.googlecode.com: Handle odd
pathnames on Windows by mapping '\\' to '/' and converting
illegal characters to '_'.
2009-03-06 05:38:53 +00:00
Tim Kientzle
ce077a6fd8 Merge r416 from libarchive.googlecode.com:
Restoring POSIX.1e Extended Attributes on FreeBSD, part 1

This implements the basic ability to restore extended attributes
on FreeBSD, including a test suite.
2009-03-06 04:55:51 +00:00
Tim Kientzle
17fcda1a0b Merge r407,r508 from libarchive.googlecode.com: Correctly handle
Zip entries that are zero length but stored with deflate.  This
is arguably a silly thing to do (deflating a zero-length file actually
makes it bigger) but apparently quite a few Zip writers do this.
This was broken in two places:  archive_write_disk disliked being asked
to write data to zero-length files (even if the write was zero-length)
and zip_read_file_header tripped over itself when non-regular files
had compressed bodies.
2009-03-06 04:50:39 +00:00
Tim Kientzle
341f2011d8 Merge r390,r391,r392,r397 from libarchive.googlecode.com: Virtualize
"close" and "finish" across both read and write interfaces.
(Someday, "finish" should be renamed to "free" to better reflect
what it actually does...)
2009-03-05 21:18:10 +00:00
Tim Kientzle
a48ae5111e Correct r189383, which mis-merged a change from libarchive.googlecode.com. 2009-03-05 01:59:49 +00:00
Tim Kientzle
32baf20434 Merge r342 from libarchive.googlecode.com: Remove some
Windows special casing.
2009-03-05 00:36:13 +00:00
Tim Kientzle
690f818afd Merge r294:337,r348:350 from libarchive.googlecode.com: A lot
of work to make libarchive work on Windows.
2009-03-03 17:02:51 +00:00
Tim Kientzle
7376ba1329 Fix ARCHIVE_EXTRACT_SPARSE handling in libarchive.
Add a test to exercise this feature.
This should fix --sparse/-S support in tar.

Thanks to:      Daichi GOTO
MFC after:	1 week
2009-01-26 05:44:40 +00:00
Tim Kientzle
53272655f6 Merge-from-Googlecode r419
In archive_write_disk:  If archive_write_header() fails to create
the file, that's a failure and should return ARCHIVE_FAILED.
Metadata restore failures still return ARCHIVE_WARN, because
that's non-critical.  Fix test_write_disk_secure test to
verify the correct return code in one case; add test_write_disk_failures
to do another very simple test of restore failure.

This should fix cpio coredumping when it tries to restore to
a write-protected directory.

Thanks to: Giorgos Keramidas
MFC after: 30 days
2009-01-21 06:55:27 +00:00
Tim Kientzle
fe7350cb22 Minor portability: Declare 'r' only within the conditional
block where it's used; S_ISLNK is more portable than S_ISLINK.
2008-12-06 05:55:46 +00:00
Tim Kientzle
758dfd70db Add test to verify ACL restores on FreeBSD, verify kern/128203 (mtime
restore fails if ACL provided), apply patch from kern/128203, and verify fix.

PR:		kern/128203
Submitted by:	Udo Schweigert
MFC after:	3 days
2008-10-19 00:18:44 +00:00
Tim Kientzle
f70105fb18 MfP4: restore birth time data to disk + more thorough tests for
time restore to disk.

MFC after:	30 days
2008-09-30 04:02:36 +00:00
Tim Kientzle
29a23c776a Choose a flag-handling strategy based on platform capabilities
rather than on platform.
2008-09-14 05:51:25 +00:00
Tim Kientzle
a2854491c4 Portability: Not everyone is lucky enough to have ftruncate() 2008-09-12 04:08:11 +00:00
Tim Kientzle
220265229d Portability: Support platforms that lack (struct stat).st_blksize or SSIZE_MAX
Of course, FreeBSD has both.
2008-09-12 04:03:34 +00:00
Tim Kientzle
11663004bd When restoring a directory, allow symlinks to be followed. The full
logic here gets a little complex, but the net effect is that the
SECURE_SYMLINKS flag will prevent us from ever following a symlink.
Without it, we'll only follow symlinks to dirs.  bsdtar specifies
SECURE_SYMLINKS by default, suppresses it for -P.

I've also beefed up the write_disk_secure test to verify this
behavior.

PR:		bin/126849
2008-09-07 05:22:33 +00:00
Tim Kientzle
a0bfb8ae3e MfP4: Handle entries with unset size properly: Regular files with
unspecified size are "unlimited" (required by Zip reader, which
sometimes does not know the uncompressed size of an entry until it
gets to the end).  Also, hardlinks with unspecified (or zero) size do
not overwrite the data on disk nor do they set metadata.  This is
compatible with GNU tar and NetBSD pax behavior.
2008-09-05 06:13:11 +00:00
Tim Kientzle
e20d272f0a MfP4: Use the set/unset tracking to determine when mtime or atime
is unavailable.  Use start_time as a substitute when one is missing;
if both are missing, skip the call to {f,l,}utime{s,}() entirely.
2008-09-05 05:55:49 +00:00
Tim Kientzle
e32c65cb17 Use the "start_time" (time at which the restore process began)
to fill in a missing atime instead of substituting mtime.

PR:		bin/124915
2008-09-01 02:50:24 +00:00
Tim Kientzle
9cfec77e7e If no atime was specified (for example, when extracting from ustar
archives), set atime == mtime.  Before this, atime would get restored
to 0.
2008-08-28 06:40:22 +00:00
Tim Kientzle
3269dc16fd Update the total archive byte counters when writing entries to disk using
archive_write_disk.
Update cpio to use this to emit block counts in -p mode.
Update cpio tests to verify these block counts.
2008-08-24 06:21:00 +00:00
Tim Kientzle
b9364a48e5 Fail copying path/.. only if SECURE_NODOTDOT was specified.
Since we already warn for any '..' elements in that case,
the extra "lastdotdot" tracking turns out to be unnecessary.

PR:		bin/124924
2008-08-24 05:42:22 +00:00
Tim Kientzle
8d14bd8cc2 Fix the cpio bug tested for by r182092 of usr.bin/cpio/test.
Since various 'find' incantations can emit container directories
in various orders, we cannot refuse to update a dir because it's
apparently the same age.

MFC after:	3 days
2008-08-24 05:01:01 +00:00
Tim Kientzle
f5a5cfb411 When ARCHIVE_EXTRACT_PERM is requested (e.g., by "tar -p"), always
schedule a chmod() fixup for directories.  In particular, this fixes
sgid handling on systems where the sgid bit is inherited from the
parent directory (which means that the actual mode of the dir
does not match the mode used in the mkdir() system call.

It may be possible to tighten this condition a bit.  In
working through this, I also found a few other places where
it looks like we can avoid a redundant syscall or two.  I've
commented those here but not yet tried to address them.
2008-07-05 01:48:33 +00:00
Tim Kientzle
4e8f10a152 Don't use the deprecated linux/ext2_fs.h include file. 2008-07-05 01:45:31 +00:00
Tim Kientzle
be5eb9821c A security-check failure here should be ARCHIVE_FAILED (cannot continue this
operation) and not ARCHIVE_WARN, since we don't actually open the file.
Both bsdtar and bsdcpio will try to copy file contents after an ARCHIVE_WARN,
which will fail loudly.
2008-06-21 19:05:29 +00:00
Tim Kientzle
fa07de5eeb MFp4: libarchive 2.5.4b. (Still 'b' until I get a bit more
feedback, but the 2.5 branch is shaping up nicely.)

In addition to many small bug fixes and code improvements:
 * Another iteration of versioning; I think I've got it right now.
 * Portability:  A lot of progress on Windows support (though I'm
   not committing all of the Windows support files to FreeBSD CVS)
 * Explicit tracking of MBS, WCS, and UTF-8 versions of strings
   in archive_entry; the archive_entry routines now correctly return
   NULL only when something is unset, setting NULL properly clears
   string values.  Most charset conversions have been pushed down to
   archive_string.
 * Better handling of charset conversion failure when writing or
   reading UTF-8 headers in pax archives
 * archive_entry_linkify() provides multiple strategies for
   hardlink matching to suit different format expectations
 * More accurate bzip2 format detection
 * Joerg Sonnenberger's extensive improvements to mtree support
 * Rough support for self-extracting ZIP archives.  Not an ideal
   approach, but it works for the archives I've tried.
 * New "sparsify" option in archive_write_disk converts blocks of nulls
   into seeks.
 * Better default behavior for the test harness; it now reports
   all failures by default instead of coredumping at the first one.
2008-05-26 17:00:24 +00:00
Tim Kientzle
d7740aea75 FreeBSD does have fstat().
Correct the nasty typo this uncovers.
2008-03-15 04:20:50 +00:00
Tim Kientzle
e29c664a4c Spelling correction, thanks to Joerg Sonnenberger. 2008-02-27 06:16:41 +00:00
Tim Kientzle
75018fc592 Portability improvements:
* If the platform can't restore char nodes, block nodes, or fifos,
don't try and just return error.
  * Include O_BINARY in most open() calls (define O_BINARY to 0 if the
platform doesn't provide a definition already)
  * Refactor the ownership restore to more cleanly support platforms
that don't have any form of {l,f,}chown() call.
  * Comment a lingering issue with older Unix-like systems that allow
root to hose the filesystem.  I don't (yet) have a good solution for
this, but I expect it will require adding more redundant stat()
calls. <sigh>

MFC after: 14 days
2008-02-19 05:39:35 +00:00
Tim Kientzle
91c3a77c57 I misread the Tinderbox error; this should really unbreak 64-bit builds.
Pointy hats, yep, keep 'em coming.  ;-/
2008-01-18 06:16:08 +00:00
Tim Kientzle
c19af48f40 Fix 64-bit build after my last commit. <sigh> 2008-01-18 06:08:39 +00:00
Tim Kientzle
2adbd7ee43 Issues with hardlinks in newc-format files prompted me to
write a new test to exercise the hardlink strategies used
by different archive formats (tar, old cpio, new cpio).
This uncovered two problems, both fixed by this commit:

1) Enforce file size when writing files to disk.

2) When restoring hardlink entries, if they have data associated, go
   ahead and open the file so we can write the data.

In particular, this fixes bsdtar/bsdcpio extraction of new cpio
formats where the "original" is empty and the subsequent "hardlink"
entry actually carries the data.  It also provides correct behavior
for old cpio archives where hardlinked entries have their bodies
stored multiple times in the archive; the last body should always be
the one that ends up in the final file.  The new pax format also
permits (but does not require) hardlinks to carry file data; again,
the last contents should always win.

Note that with any of these, a size of zero on a hardlink simply means
that the hardlink carries no data; it does not mean that the file has
zero size.  A non-zero size on a hardlink does provide the file size.

Thanks to: John Baldwin, for reminding me about this long-standing bug
    and sending me a simple example archive that prompted this test case
2008-01-18 05:05:58 +00:00
Tim Kientzle
9dd49f960f Update libarchive to 2.4.10. This includes a number of improvements
that I've been working on but put off committing until after the
RELENG_7 branch, including:

* New manpages: cpio.5 mtree.5
* New archive_entry_strmode()
* New archive_entry_link_resolver()
* New read support: mtree format
* Internal API change:  read format auction only runs once
* Running the auction only once allowed simplifying a lot of bid logic.
* Cpio robustness:  search for next header after a sync error
* Support device nodes on ISO9660 images
* Eliminate a lot of unnecessary copies for uncompressed archives
* Corrected handling of new GNU --sparse --posix formats
* Correctly handle a zero-byte write to a compressed archive
* Fixed memory leaks

Many of these improvements were motivated by the upcoming bsdcpio
front-end.

There have also been extensive improvements to the libarchive_test
test harness, which I'll commit separately.
2007-12-30 04:58:22 +00:00
Tim Kientzle
016e328d16 Fix the archive_write_data() function so it always returns
number of bytes written, even when used to write files to
disk.  Extend the test suite to verify the correct return
values for archive_write_data() and archive_write_data_block().

Thanks to: Bruce Mah, for stepping in promptly to back out the
   earlier broken version of this fix
Thanks to: Colin Percival, for pointing out the correct fix
MFC after: 5 days
Approved by: re (ksmith)
Pointy hat: \me
2007-09-21 04:52:43 +00:00
Bruce A. Mah
7b7b893394 Revert the last commit to libarchive. It introduced some regresssions,
most noticably the incorrect extraction of files by bsdtar.

This commit reverts:

	src/lib/libarchive/archive_write_disk.c 1.15
	src/lib/libarchive/test/test_write_disk.c 1.4

Approved by:	re (implicitly)
2007-09-18 20:20:37 +00:00
Tim Kientzle
8f3ba4ccf4 Correct the return value from archive_write_data()
(when used to restore files to disk) to match:
  * The documentation
  * The return values of this function when used
    to write files into an archive.

Approved by: re (bmah)
Pointy hat: \me
MFC after: 5 days
2007-09-18 04:20:21 +00:00
Tim Kientzle
9136384dc2 Make suid/sgid restore be "opportunistic" if
owner restore is not requested.  If you ask
for permissions to be restored but not owner,
you will now get no error if suid/sgid bits
cannot be set.  (It's a security hole to restore
suid/sgid bits if the owner/group aren't restored.)

This fixes an obscure problem where a simple
"tar -xf" with no other options will sometimes
fail gratuitously because of suid/sgid bits.
This is causing occasional problems for people
using bsdtar as a drop-in replacement for
"that other tar program." ;-)

Note: If you do ask for owner restore, then suid/sgid
restore failures still issue an error.  This
only suppresses the error in the case where an
suid/sgid bit restore fails because of an owner
mismatch and owner restore was not requested.

Approved by: re (bmah)
MFC after: 7 days
2007-08-12 17:35:05 +00:00
Tim Kientzle
d3bb697513 archive_string_ensure() used to call exit(3) if it
couldn't allocate more memory for a string.  Change
this so it returns NULL in that case, and update
all of its callers to handle the error.  Some of
those callers can now return errors back to the
client instead of calling exit(3).

Approved by: re (bmah)
2007-07-15 19:13:59 +00:00
Tim Kientzle
b48b40f1f8 libarchive 2.2.3
* "compression_program" support uses an external program
  * Portability: no longer uses "struct stat" as a primary
    data interchange structure internally
  * Part of the above: refactor archive_entry to separate
    out copy_stat() and stat() functions
  * More complete tests for archive_entry
  * Finish archive_entry_clone()
  * Isolate major()/minor()/makedev() in archive_entry; remove
    these from everywhere else.
  * Bug fix: properly handle decompression look-ahead at end-of-data
  * Bug fixes to 'ar' support
  * Fix memory leak in ZIP reader
  * Portability: better timegm() emulation in iso9660 reader
  * New write_disk flags to suppress auto dir creation and not
    overwrite newer files (for future cpio front-end)
  * Simplify trailing-'/' fixup when writing tar and pax
  * Test enhancements:  fix various compiler warnings, improve
    portability, add lots of new tests.
  * Documentation: document new functions, first draft of
    libarchive_internals.3

MFC after: 14 days
Thanks to: Joerg Sonnenberger (compression_program)
Thanks to: Kai Wang (ar)
Thanks to: Colin Percival (many small fixes)
Thanks to: Many others who sent me various patches and problem reports.
2007-05-29 01:00:21 +00:00
Colin Percival
51bbfbd15c Remove pointless code: Don't assign a value to a variable when we're
going to overwrite it with a new value a few lines later.

Visual inspection of the surrounding code indicates that the code does
what it's supposed to do; i.e., the pointless code wasn't supposed to
be doing something other than what it was doing.

CID:		3323
Found by:	Coverity Prevent(tm)
2007-05-21 04:22:38 +00:00
Tim Kientzle
2a5449a7ca Properly cleanup the UID/GID lookup data. 2007-04-15 04:43:12 +00:00
Tim Kientzle
a6487829da Invoke utime(2) properly. (It's only used on platforms
that lack utimes(2).)
2007-04-14 22:20:31 +00:00
Tim Kientzle
1df7aefccf More portability improvements from Martin Koeppe:
conditionally use utime() when utimes() is not available;
allow the most common wide-char functions to be replaced
when local alternatives are lacking.
2007-04-14 02:37:22 +00:00