| Age | Commit message (Collapse) | Author |
|---|
|
noted by tb@
|
|
value that merits a warning in the manpage and using 2 billion will get
you practically the same effect, so delete the -E none support
|
|
reduce and sort #includes
|
|
|
|
<sys/time.h> is unnecessary; sort the #includes
|
|
|
|
<sys/time.h> and <unistd.h> are unnecessary, but <time.h> is; sort #includes
|
|
<sys/time.h>, <errno.h> and <unistd.h> are unnecessary; sort #includes
|
|
<sys/time.h> is unnecessary; sort #includes
|
|
|
|
<unistd.h> and <sys/time.h> are unneeded here
ok by general acclaim
|
|
group_from_gid(). Eliminate some superfluous strncpy() calls.
ok millert@
|
|
Simplify the recognition of -f- and TAPE=- as meaning stdin/stdout.
ok millert@
|
|
ok millert@
|
|
in a separate variable
ok deraadt@
|
|
duplication of warning messages
ok krw@
|
|
From Sevan Janiyan <venture37 at geeklan dot co dot uk>.
Verified using the CSRG archive CD.
|
|
both ILP32 and LP64.
ok millert@
|
|
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.
ok millert@
|
|
diff from trondd at kagu-tsuchi com, enhanced by me for reordering promises
ok deraadt@
|
|
this is easier to see and self documenting.
ok openbsd
|
|
Use syswarn() in more places which set errno and regularize the error messages.
Skip empty lines in the input read for tar -T, cpio -E, and cpio stdin.
based on diff from mmcc@
ok millert@
|
|
avoid infinite loop when creating intermediate directories
Fix based on diff by Nicolas Bedos (nicolas.bedos (at) gmail.com)
ok millert@ ok and tweak zhuk@,
|
|
split it on a slash other than the leading one.
Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)
|
|
|
|
|
|
|
|
NOTE: dpath requires a fairly new kernel
ok semarie
|
|
ok deraadt, mmcc, tedu
|
|
ok guenther@, deraadt@
|
|
(gzip, compress, bzip2) rather than following the user's path. This
seems easier than hardcoding the paths elsewhere and using basename().
pax/tar is pledged itself, but it can spawn one of these programs if
asked. The three found at the strict path use pledge "stdio" very early
during startup, providing a warm fuzzy pledge->exec->no-pledge->pledge
interlock. For bzip2, this assumes use of the ports/packages version
installed to /usr/local/bin, which has been pledged by sthen@.
Doing a 'tar tvfz hostile.tgz' becomes a bit safer, since an attacker
finding a buffer overflow or use after free has significantly fewer
system calls available (only pledge "stdio" in the decompressor).
ok millert sthen
|
|
shouldn't do things with filesystem.
ok deraadt@ millert@
|
|
A pledged program is not allowed to change user/group for others.
"I think that makes the most sense" @sthen
|
|
Otherwise, lay the groundwork for whether a gzip program may be run or not.
After such a gzip program is started, pledge the program will not exec
again. Took a few iterations to get this going... it is looking good.
with guenther.
|
|
noted by trondd(at)kagu-tsuchi.com
ok deraadt@
|
|
Some scripts and GUI ssh clients assume that tar writes to standard output by
default. This changes allows enforcing such behavior by setting TAPE="-" in
user profile.
Also, this makes parsing argument to "-f" option and contents of TAPE
environment variable consistent.
OK guenther@, jmc@ and sthen@
|
|
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
|
|
Adjust the conditions to correct that.
ok millert@
|
|
and a basis for support of mtime and atime values in pax-format extended
header records.
ok millert@
|
|
ok millert@
|
|
|
|
pax-like -o write_opt=nodir.
ok millert@ otto@
|
|
but if you *did* succeed anyway, truncate it?
|
|
|
|
What's worse, the tzfile.h that gets installed is over 20 years old
and doesn't match the real tzfile.h in libc/time. This makes the
tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE
define has been moved to time.h temporarily until its usage is
replaced by 1900 in the tree. Actual removal of tzfile.h is pending
a ports build. Based on a diff from deraadt@
|
|
like compress, gzip, bzip2, or xz output. If so then error out with
a useful message directing the user to the correct option and error
out instead of scanning forward for an embedded tar/cpio header.
wording help from sobrado@
ok millert@ deraadt@
|
|
|
|
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).
* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive
Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)
* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().
* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.
previously ok millert@ deraadt@
|
|
requested by deraadt@
|
|
directory listed twice with nothing created inside the directory
in between the two instances of the directory. The other fixes
extracting symlinks when the -C option is used. From guenther@
OK krw@
|
