aboutsummaryrefslogtreecommitdiff
path: root/contrib/libarchive/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/libarchive/README.md')
-rw-r--r--contrib/libarchive/README.md21
1 files changed, 19 insertions, 2 deletions
diff --git a/contrib/libarchive/README.md b/contrib/libarchive/README.md
index d5ef70c2191d..727ed49856b6 100644
--- a/contrib/libarchive/README.md
+++ b/contrib/libarchive/README.md
@@ -7,7 +7,7 @@ command-line tools that use the libarchive library.
## Questions? Issues?
-* http://www.libarchive.org is the home for ongoing
+* https://www.libarchive.org is the home for ongoing
libarchive development, including documentation,
and links to the libarchive mailing lists.
* To report an issue, use the issue tracker at
@@ -23,6 +23,7 @@ This distribution bundle includes the following major components:
* **tar**: the 'bsdtar' program is a full-featured 'tar' implementation built on libarchive
* **cpio**: the 'bsdcpio' program is a different interface to essentially the same functionality
* **cat**: the 'bsdcat' program is a simple replacement tool for zcat, bzcat, xzcat, and such
+* **unzip**: the 'bsdunzip' program is a simple replacement tool for Info-ZIP's unzip
* **examples**: Some small example programs that you may find useful.
* **examples/minitar**: a compact sample demonstrating use of libarchive.
* **contrib**: Various items sent to me by third parties; please contact the authors with any questions.
@@ -37,6 +38,7 @@ The top-level directory contains the following information files:
* **configure** - configuration script, see INSTALL for details. If your copy of the source lacks a `configure` script, you can try to construct it by running the script in `build/autogen.sh` (or use `cmake`).
The following files in the top-level directory are used by the 'configure' script:
+
* `Makefile.am`, `aclocal.m4`, `configure.ac` - used to build this distribution, only needed by maintainers
* `Makefile.in`, `config.h.in` - templates used by configure script
@@ -71,6 +73,7 @@ know about any errors or omissions you find.
## Supported Formats
Currently, the library automatically detects and reads the following formats:
+
* Old V7 tar archives
* POSIX ustar
* GNU tar format (including GNU long filenames, long link names, and sparse files)
@@ -85,13 +88,14 @@ Currently, the library automatically detects and reads the following formats:
* ZIPX archives (with support for bzip2, ppmd8, lzma and xz compressed entries)
* GNU and BSD 'ar' archives
* 'mtree' format
- * 7-Zip archives
+ * 7-Zip archives (including archives that use zstandard compression)
* Microsoft CAB format
* LHA and LZH archives
* RAR and RAR 5.0 archives (with some limitations due to RAR's proprietary status)
* XAR archives
The library also detects and handles any of the following before evaluating the archive:
+
* uuencoded files
* files with RPM wrapper
* gzip compression
@@ -103,6 +107,7 @@ The library also detects and handles any of the following before evaluating the
* zstandard compression
The library can create archives in any of the following formats:
+
* POSIX ustar
* POSIX pax interchange format
* "restricted" pax format, which will create ustar archives except for
@@ -122,6 +127,7 @@ The library can create archives in any of the following formats:
* XAR archives
When creating archives, the result can be filtered with any of the following:
+
* uuencode
* gzip compression
* bzip2 compression
@@ -187,6 +193,17 @@ questions we are asked about libarchive:
functions. On those platforms, libarchive will use the non-thread-safe
functions. Patches to improve this are of great interest to us.
+* The function `archive_write_disk_header()` is _not_ thread safe on
+ POSIX machines and could lead to security issue resulting in world
+ writeable directories. Thus it must be mutexed by the calling code.
+ This is due to calling `umask(oldumask = umask(0))`, which sets the
+ umask for the whole process to 0 for a short time frame.
+ In case other thread calls the same function in parallel, it might
+ get interrupted by it and cause the executable to use umask=0 for the
+ remaining execution.
+ This will then lead to implicitely created directories to have 777
+ permissions without sticky bit.
+
* In particular, libarchive's modules to read or write a directory
tree do use `chdir()` to optimize the directory traversals. This
can cause problems for programs that expect to do disk access from
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 08:47:52 +0000