diff options
Diffstat (limited to 'contrib/libarchive/README.md')
-rw-r--r-- | contrib/libarchive/README.md | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/contrib/libarchive/README.md b/contrib/libarchive/README.md index d5ef70c2191d..727ed49856b6 100644 --- a/contrib/libarchive/README.md +++ b/contrib/libarchive/README.md @@ -7,7 +7,7 @@ command-line tools that use the libarchive library. ## Questions? Issues? -* http://www.libarchive.org is the home for ongoing +* https://www.libarchive.org is the home for ongoing libarchive development, including documentation, and links to the libarchive mailing lists. * To report an issue, use the issue tracker at @@ -23,6 +23,7 @@ This distribution bundle includes the following major components: * **tar**: the 'bsdtar' program is a full-featured 'tar' implementation built on libarchive * **cpio**: the 'bsdcpio' program is a different interface to essentially the same functionality * **cat**: the 'bsdcat' program is a simple replacement tool for zcat, bzcat, xzcat, and such +* **unzip**: the 'bsdunzip' program is a simple replacement tool for Info-ZIP's unzip * **examples**: Some small example programs that you may find useful. * **examples/minitar**: a compact sample demonstrating use of libarchive. * **contrib**: Various items sent to me by third parties; please contact the authors with any questions. @@ -37,6 +38,7 @@ The top-level directory contains the following information files: * **configure** - configuration script, see INSTALL for details. If your copy of the source lacks a `configure` script, you can try to construct it by running the script in `build/autogen.sh` (or use `cmake`). The following files in the top-level directory are used by the 'configure' script: + * `Makefile.am`, `aclocal.m4`, `configure.ac` - used to build this distribution, only needed by maintainers * `Makefile.in`, `config.h.in` - templates used by configure script @@ -71,6 +73,7 @@ know about any errors or omissions you find. ## Supported Formats Currently, the library automatically detects and reads the following formats: + * Old V7 tar archives * POSIX ustar * GNU tar format (including GNU long filenames, long link names, and sparse files) @@ -85,13 +88,14 @@ Currently, the library automatically detects and reads the following formats: * ZIPX archives (with support for bzip2, ppmd8, lzma and xz compressed entries) * GNU and BSD 'ar' archives * 'mtree' format - * 7-Zip archives + * 7-Zip archives (including archives that use zstandard compression) * Microsoft CAB format * LHA and LZH archives * RAR and RAR 5.0 archives (with some limitations due to RAR's proprietary status) * XAR archives The library also detects and handles any of the following before evaluating the archive: + * uuencoded files * files with RPM wrapper * gzip compression @@ -103,6 +107,7 @@ The library also detects and handles any of the following before evaluating the * zstandard compression The library can create archives in any of the following formats: + * POSIX ustar * POSIX pax interchange format * "restricted" pax format, which will create ustar archives except for @@ -122,6 +127,7 @@ The library can create archives in any of the following formats: * XAR archives When creating archives, the result can be filtered with any of the following: + * uuencode * gzip compression * bzip2 compression @@ -187,6 +193,17 @@ questions we are asked about libarchive: functions. On those platforms, libarchive will use the non-thread-safe functions. Patches to improve this are of great interest to us. +* The function `archive_write_disk_header()` is _not_ thread safe on + POSIX machines and could lead to security issue resulting in world + writeable directories. Thus it must be mutexed by the calling code. + This is due to calling `umask(oldumask = umask(0))`, which sets the + umask for the whole process to 0 for a short time frame. + In case other thread calls the same function in parallel, it might + get interrupted by it and cause the executable to use umask=0 for the + remaining execution. + This will then lead to implicitely created directories to have 777 + permissions without sticky bit. + * In particular, libarchive's modules to read or write a directory tree do use `chdir()` to optimize the directory traversals. This can cause problems for programs that expect to do disk access from |