7zip reader: translate windows permissions to unix permissions (#1943)
7z archives created on windows 7zip can lack unix permission info. In
this case, we need to translate the windows permissions into reasonable
unix equivalents.
Martin Matuska [Thu, 17 Aug 2023 22:28:39 +0000 (00:28 +0200)]
pax writer: fix multiple security vulnerabilities
Security vulnerabilities:
1. Heap overflow in url_encode() in archive_write_set_format_pax.c
2. NULL dereference in archive_write_pax_header_xattrs()
3. Another NULL dereference in archive_write_pax_header_xattrs()
4. NULL dereference in archive_write_pax_header_xattr()
The vulnerabilities can be triggered when writing pax archives
with extended attributes (SCHILY or LIBARCHIVE) by feeding attribute
names longer than INT_MAX or attribute names that fail to be encoded
properly.
Michał Górny [Wed, 19 Jul 2023 08:22:25 +0000 (10:22 +0200)]
Makefile: add mkdirs for all */test/list.h targets (#1923)
Add missing mkdir calls to `cat/test/list.h` and `unzip/test/list.h`
invocations, making them consistent with the other rules. Otherwise,
the build fails when configured with `--disable-dependency-tracking`,
as configure does not create the directories automatically then.
7-Zip 23.00 added a new ARM64 filter, which is also supported by recent
versions of liblzma. This PR adds support for this filter for both lzma
and non-lzma encoders.
Peter Kaestle [Mon, 3 Apr 2023 11:35:35 +0000 (13:35 +0200)]
README: vulnerability on implicite directory creation
There's a race condition with the umask() execution in multi-threaded
use of the libarchive.
It's the users responsibility to mutex archive_write_disk_header()
call.
Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
Steve Lhomme [Fri, 26 May 2023 07:57:40 +0000 (09:57 +0200)]
Use CreateFile2 instead of CreateFileW on Win8+ builds
CreateFileW is not allowed in Universal Windows Platform (UWP) builds but
CreateFile2 is available. We could just enable this code for UWP but
it's probably to use it going forward so the code is properly tested on
both sides.
Steve Lhomme [Wed, 24 May 2023 13:23:14 +0000 (15:23 +0200)]
Don't call GetOEMCP() in Universal Windows Platform builds
It's not available [1] [2]. However we can use the intermediate CP_OEMCP
value. It can be used to compare charsets in create_sconv_object().
It won't work with comparing charsets in archive_string_default_conversion_for_read()
and archive_string_default_conversion_for_write(). current_codepage being
an actual CodePage value.
Usually it's built-in but make sure we have it on by default.
We don't need to rename the windows static library when it's the only one built.
This will also allow proper usage of the pkg-config file in this case. Otherwise
there is no way to select the static library that way.
Note that test_read_format_7zip_lzma2_arm passes, while
test_read_format_7zip_zstd_arm fails, I believe because
liblzma implements these filters internally for itself, unlike the
other compression libraries.
These two archives contain a linux C hello world executable, built for
gnueabihf. They were created like so (the first one using a fork of
7-zip with zstandard support):
7z a -t7z -m0=zstd -mf=ARM libarchive/test/test_read_format_7zip_zstd_arm.7z hw-gnueabihf
and
7z a -t7z -m0=lzma2 -mf=ARM libarchive/test/test_read_format_7zip_lzma2_arm.7z hw-gnueabihf
7zip reader: add support for zstandard compression in 7z archives
Zstandard support is not yet available in 7-Zip, though it is planned
for a future release:
https://sourceforge.net/p/sevenzip/feature-requests/1580/
The compression ID used here (4F71101) is copied from a popular 7-Zip
fork, which added ZSTD support back in 2017, and is mentioned in the
upstream 7-Zip ticket linked above:
https://github.com/mcmilk/7-Zip-zstd.git
Note that this does not add write support for Zstandard compression
in 7z archives.
There is a popular 7-Zip fork with zstandard support, with releases as
far back as 2017:
https://github.com/mcmilk/7-Zip-zstd.git
Zstandard support is not yet available in 7-Zip, though it is planned
for a future release:
https://sourceforge.net/p/sevenzip/feature-requests/1580/
This change adds a couple of tests for reading 7-Zip archives which
use zstandard compression. They are expected to fail until support is
added in the following commit.
Luke Mewburn [Sat, 10 Jun 2023 10:44:52 +0000 (11:44 +0100)]
setup_current_filesystem: fail if name_max is 0
Add error handling to the USE_READDIR_R code paths that set name_max
from struct statfs or statvfs; if the determined name_max == 0
then return an error.
Avoids a crash in tree_dir_next_posix() when the calculation of
dirent_size from name_max is too small for the memory allocated
for struct dirent.
This may fix Github issue #1149
This may fix NetBSD PR https://gnats.netbsd.org/56080
Enji Cooper [Sat, 13 May 2023 04:11:07 +0000 (21:11 -0700)]
Fix FreeBSD builds with WARNS=6 (#1869)
WARNS=6 on FreeBSD passes several CFLAGS that causes the previous code
to fail with `-Wincompatible-pointer-types-discards-qualifiers` when
compiled with clang.
This particular change adjusts the code to be
`-Wincompatible-pointer-types-discards-qualifiers` clean. This change
changes the calls to use OSSL_PARAM macro abbreviated calls, instead of
calling more verbose (and less documented) callers.
While here, also address a `mac` object leak if `ctx` cannot be
allocated cleanly by always free'ing `mac` after it's been attached to
`ctx`.
Co-authored-by: Pierre Pronchery <pierre@freebsdfoundation.org>
Sponsored by: The FreeBSD Foundation
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
Make single bit bitfields unsigned to avoid clang 16 warning (#1860)
Clang 16 introduced a warning about single bit bitfields in structs,
which is triggered by a few libarchive formats:
libarchive/archive_write_set_format_7zip.c:1541:13: error: implicit
truncation from 'int' to a one-bit wide bit-field changes value from 1
to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
file->dir = 1;
^ ~
This is because single bit bitfields only support values -1 and 0, if
they are signed.
For bitfields with two or more bits this can be intentional, but single
bit bitfields are typically used as booleans, so it is better to make
them unsigned.
Without this patch, `bsdcpio_test_option_c` failed after 2038-01-19 with
```
.../libarchive-3.6.2/cpio/test/test_option_c.c:143: Assertion failed: t >= now - 2
.../libarchive-3.6.2/cpio/test/test_option_c.c:169: Assertion failed: t >= now - 2
.../libarchive-3.6.2/cpio/test/test_option_c.c:205: Assertion failed: t >= now - 2
```
Background:
As part of my work on reproducible builds for openSUSE, I check that
software still gives identical build results in the future.
The usual offset is +16 years, because that is how long I expect some
software will be used in some places.
This showed up failing tests in our package build.
See https://reproducible-builds.org/ for why this matters.
When the `zstd:frame-per-file` option is specified, the zstd filter will start a new frame when flushed, i.e. for each file in the archive.
The `zstd:min-frame-size=N` option modifies the `zstd:frame-per-file` option in that it will not start a new frame unless the current one exceeds `N` bytes.
When the `zstd:max-frame-size=N` option is specified, the zstd filter will start a new frame any time the compressed size of the previous one exceeds `N` bytes.
These options decrease compression efficiency by a varying amount (depending on the exact composition of its contents) but render the tarball seekable, to a certain extent.