Provide a pax format specific option handler

The existing tar_opt() implements support for -o write_opt=nodir for the
old tar and ustar formats. We don't really want to support it for the
pax format, and we want to be able to implement pax format specific
options (even if there are none right now). ok millert@

Fix reading large pax extended records

512 bytes isn't enough if you want to store rather large but still
useful long file names or symbolic links destinations. The best way to
size the buffer to read those records is based upon the largest paths
pax(1) can handle, and that is PAXPATHLEN.

Reported by caspar@, input and ok millert@

Fix pasto: broken storage of symbolic link long destinations in pax format

Revert wip patch, not intended for commit

Add tar(1) -F option to select write format

We want to move towards 'pax' as the default format for writing, this
option lets users downgrade to -F ustar where the 'pax' format isn't
convenient/usable (same as -x <format> in pax(1)).

-F <format> is more generic than -o/-O. -H (GNU tar) was already used
and we don't want long options so --format (NetBSD/FreeBSD) is excluded
too.

ok sthen@ caspar@ millert@

Correctly detect 'pax' format archives in append mode

We expect that existing pax archives start with a global or extended
header. If they don't, append operations will be done using ustar
format.

Fixes append mode on pax archives where pax(1) would bail out when
appending to pax archives, falsely detecting a mismatch. Reading was
unaffected. Reported by caspar@, ok caspar@ millert@

Better formatting for pax extended header times

As specified, don't include the subsecond part if zero and drop trailing
zeros in the subsecond part. ok millert@

'pax' format support for mtime and atime

Access time can't be represented by ustar, so always include it when
using the pax format. Also include an extended header record for mtime
if the file modification time can't be fully represented by ustar (eg
subsecond resolution).

Input & ok millert@

Zap useless newline added in previous

'pax' format support for files over 8GB

ok millert@

Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name. Pasto introduced in previous.

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@

The tweaks I suggested to the previous diff resulted in the typeflag
being checked after it was overwritten by the next block read in.
Eliminate the argument aliasing that led to this being overlooked
by passing rd_xheader() the size and typeflag directly.

problem discovery and ok fgsch@

Add extended header support for ustar. Currently only path and linkpath are
handled.
input from zhuk and guenther. tested by zhuk and sthen on a bulk.
ok guenther.

Enable support for write_opt=nodir for ustar archives which helps to fix
issues with some crappy tar archive readers out there that rely on the
fact that directory entries ends up with "/" when created by GNU Tar, and
now I'm finishing this commit message by mentioning people who gave input
and okays: deraadt@ millert@ jmc@

remove some unnecessary sys/param.h inclusions

a -N option for tar that uses numeric only IDs, useful for cross system
tar file manipulation. with advice from guenther and jmc.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Properly take into account that the name and prefix field in the tar
header are not always NUL-terminated. This means there's room for 1
more byte in those field. This effectively reverts revs 1.13 and 1.14;
ok jaredy@ millert@

Avoid sign extend when writing time stamps; fixes "tar: Ustar header
field is too small for foo" error messages when writing files with
negative time stamps on 64 bit archs.
ok millert@ deraadt@

Fix writing of old-style tar headers. Filenames and linknames actually
are not NUL terminated if the fill the whole field.
ok millert@ jaredy@

Use a special crafted string copy function to copy data from ustar
headers to the generic pax structs. ustar is "funny" since some fields
are not always NUL terminated. Old-style tar headers and ustar
creation remains to be done. ok millert@ beck@

fix strlcpy abuse in pax - this commit turns potential overflows into
potential non-spec compliance - the use of these fields as strings needs
to be revisited more thouroughly.
ok millert@ otto@

add the prefix length to nlen for ustar; ok otto millert

Handle path names of exactly 100 chars correctly. Based on a diff
from espie@. ok espie@ deraadt@

If a uid or gid does not fit into into the tar header, issue a warning
and use the uid/gid of nobody. Spotted by and ok drahn@, ok millert@

spacing

Add support for expanding GNU long links from NetBSD. I've had this
in my tree for ages but didn't have a proper test case. Thanks to
otto@ for providing one.

protos. this requires changing the api for the *trail() functions a bit

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Pull in some changes from NetBSD
o When extracting GNU tar archives, honor @LongLink long links/files
o Add an option to prevent pax from prompting for the next volume
upon premature end of archive.

sprinkle const; mostly from NetBSD

Fix comment typos; most from NetBSD and FreeBSD

kill register

We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

When writing tar and ustar archives, zero out the header before we
do anything else to it. This lets us restore the strlcpy() calls
and remove a buch of memset()s that were zeroing out individual
fields of the header.

More strlcpy() backout. Various tar programs require ustar header
elements to be zero padded too.

Back out a strncpy -> strlcpy conversion. When writing old style
tar files we need to zero-pad the file name or many tars will get
a directory checksum error trying to unpack the archive.

This does not affect ustar archives (pax's default) though whether
or not padding matters there still needs to be determined.

really use strlcpy.

use strlcpy vs strncpy+a[len-1]='\0'

Get rid of NET2_FTS and NET2_REGEX #ifdefs since they are useless.
Change NET2_STAT into LONG_OFF_T for portability to systems with
a 32bit off_t.

use proper str*cpy functions instead of home grown one, spaces; millert@ ok

spelling

Work with files larger than 2 Gb; from NetBSD change by mycroft@netbsd.org

Fix off-by-one error when adding files of exactly 100 characters; wsanchez@apple.com

fix storage of paths that are exactly 100 chars; mgw@pacbell.net

i am bored enough to fix terminal space/tab uglies

#if __STDC__ --> #ifdef __STDC__

Fix usage of l_strncpy() (noticed by Theo) and make l_strncpy()
pad with NULL's like strncpy(3). This eliminates the need for
zf_strncpy(); ocurrences of zf_strncpy() have been changed to l_strncpy().

Strip leading '/' of pathnames (only in tar mode). -S option turns
this off like GNU tar.

Deal with old-style tar archives with a directory specifier (extension).

Back out my previous kludge to make tar files with short trailers work in
favor of a simpler change--never try to do a media change when invoked
as tar. This fixes problems that crop up if gzip exits unhappily and
others.

Correct handling of long filenames that has been stored with a prefix in
the archive; generate POSIXly correct padding of octal fields.

Permit single block trailers differently.

Fix uses of strncpy

update rcsid

Correct compile warnings
Rename warn() to paxwarn() so <err.h> can be included

Remove #include <ctype.h> when not needed; from FreeBSD

branches: 1.1.1;
Initial revision

Better formatting for pax extended header times

As specified, don't include the subsecond part if zero and drop trailing
zeros in the subsecond part. ok millert@

'pax' format support for mtime and atime

Access time can't be represented by ustar, so always include it when
using the pax format. Also include an extended header record for mtime
if the file modification time can't be fully represented by ustar (eg
subsecond resolution).

Input & ok millert@

Zap useless newline added in previous

'pax' format support for files over 8GB

ok millert@

Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name. Pasto introduced in previous.

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@

The tweaks I suggested to the previous diff resulted in the typeflag
being checked after it was overwritten by the next block read in.
Eliminate the argument aliasing that led to this being overlooked
by passing rd_xheader() the size and typeflag directly.

problem discovery and ok fgsch@

Add extended header support for ustar. Currently only path and linkpath are
handled.
input from zhuk and guenther. tested by zhuk and sthen on a bulk.
ok guenther.

Enable support for write_opt=nodir for ustar archives which helps to fix
issues with some crappy tar archive readers out there that rely on the
fact that directory entries ends up with "/" when created by GNU Tar, and
now I'm finishing this commit message by mentioning people who gave input
and okays: deraadt@ millert@ jmc@

remove some unnecessary sys/param.h inclusions

a -N option for tar that uses numeric only IDs, useful for cross system
tar file manipulation. with advice from guenther and jmc.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Properly take into account that the name and prefix field in the tar
header are not always NUL-terminated. This means there's room for 1
more byte in those field. This effectively reverts revs 1.13 and 1.14;
ok jaredy@ millert@

Avoid sign extend when writing time stamps; fixes "tar: Ustar header
field is too small for foo" error messages when writing files with
negative time stamps on 64 bit archs.
ok millert@ deraadt@

Fix writing of old-style tar headers. Filenames and linknames actually
are not NUL terminated if the fill the whole field.
ok millert@ jaredy@

Use a special crafted string copy function to copy data from ustar
headers to the generic pax structs. ustar is "funny" since some fields
are not always NUL terminated. Old-style tar headers and ustar
creation remains to be done. ok millert@ beck@

fix strlcpy abuse in pax - this commit turns potential overflows into
potential non-spec compliance - the use of these fields as strings needs
to be revisited more thouroughly.
ok millert@ otto@

add the prefix length to nlen for ustar; ok otto millert

Handle path names of exactly 100 chars correctly. Based on a diff
from espie@. ok espie@ deraadt@

If a uid or gid does not fit into into the tar header, issue a warning
and use the uid/gid of nobody. Spotted by and ok drahn@, ok millert@

spacing

Add support for expanding GNU long links from NetBSD. I've had this
in my tree for ages but didn't have a proper test case. Thanks to
otto@ for providing one.

protos. this requires changing the api for the *trail() functions a bit

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Pull in some changes from NetBSD
o When extracting GNU tar archives, honor @LongLink long links/files
o Add an option to prevent pax from prompting for the next volume
upon premature end of archive.

sprinkle const; mostly from NetBSD

Fix comment typos; most from NetBSD and FreeBSD

kill register

We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

When writing tar and ustar archives, zero out the header before we
do anything else to it. This lets us restore the strlcpy() calls
and remove a buch of memset()s that were zeroing out individual
fields of the header.

More strlcpy() backout. Various tar programs require ustar header
elements to be zero padded too.

Back out a strncpy -> strlcpy conversion. When writing old style
tar files we need to zero-pad the file name or many tars will get
a directory checksum error trying to unpack the archive.

This does not affect ustar archives (pax's default) though whether
or not padding matters there still needs to be determined.

really use strlcpy.

use strlcpy vs strncpy+a[len-1]='\0'

Get rid of NET2_FTS and NET2_REGEX #ifdefs since they are useless.
Change NET2_STAT into LONG_OFF_T for portability to systems with
a 32bit off_t.

use proper str*cpy functions instead of home grown one, spaces; millert@ ok

spelling

Work with files larger than 2 Gb; from NetBSD change by mycroft@netbsd.org

Fix off-by-one error when adding files of exactly 100 characters; wsanchez@apple.com

fix storage of paths that are exactly 100 chars; mgw@pacbell.net

i am bored enough to fix terminal space/tab uglies

#if __STDC__ --> #ifdef __STDC__

Fix usage of l_strncpy() (noticed by Theo) and make l_strncpy()
pad with NULL's like strncpy(3). This eliminates the need for
zf_strncpy(); ocurrences of zf_strncpy() have been changed to l_strncpy().

Strip leading '/' of pathnames (only in tar mode). -S option turns
this off like GNU tar.

Deal with old-style tar archives with a directory specifier (extension).

Back out my previous kludge to make tar files with short trailers work in
favor of a simpler change--never try to do a media change when invoked
as tar. This fixes problems that crop up if gzip exits unhappily and
others.

Correct handling of long filenames that has been stored with a prefix in
the archive; generate POSIXly correct padding of octal fields.

Permit single block trailers differently.

Fix uses of strncpy

update rcsid

Correct compile warnings
Rename warn() to paxwarn() so <err.h> can be included

Remove #include <ctype.h> when not needed; from FreeBSD

branches: 1.1.1;
Initial revision

'pax' format support for mtime and atime

Access time can't be represented by ustar, so always include it when
using the pax format. Also include an extended header record for mtime
if the file modification time can't be fully represented by ustar (eg
subsecond resolution).

Input & ok millert@

Zap useless newline added in previous

'pax' format support for files over 8GB

ok millert@

Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name. Pasto introduced in previous.

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@

The tweaks I suggested to the previous diff resulted in the typeflag
being checked after it was overwritten by the next block read in.
Eliminate the argument aliasing that led to this being overlooked
by passing rd_xheader() the size and typeflag directly.

problem discovery and ok fgsch@

Add extended header support for ustar. Currently only path and linkpath are
handled.
input from zhuk and guenther. tested by zhuk and sthen on a bulk.
ok guenther.

Enable support for write_opt=nodir for ustar archives which helps to fix
issues with some crappy tar archive readers out there that rely on the
fact that directory entries ends up with "/" when created by GNU Tar, and
now I'm finishing this commit message by mentioning people who gave input
and okays: deraadt@ millert@ jmc@

remove some unnecessary sys/param.h inclusions

a -N option for tar that uses numeric only IDs, useful for cross system
tar file manipulation. with advice from guenther and jmc.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Properly take into account that the name and prefix field in the tar
header are not always NUL-terminated. This means there's room for 1
more byte in those field. This effectively reverts revs 1.13 and 1.14;
ok jaredy@ millert@

Avoid sign extend when writing time stamps; fixes "tar: Ustar header
field is too small for foo" error messages when writing files with
negative time stamps on 64 bit archs.
ok millert@ deraadt@

Fix writing of old-style tar headers. Filenames and linknames actually
are not NUL terminated if the fill the whole field.
ok millert@ jaredy@

Use a special crafted string copy function to copy data from ustar
headers to the generic pax structs. ustar is "funny" since some fields
are not always NUL terminated. Old-style tar headers and ustar
creation remains to be done. ok millert@ beck@

fix strlcpy abuse in pax - this commit turns potential overflows into
potential non-spec compliance - the use of these fields as strings needs
to be revisited more thouroughly.
ok millert@ otto@

add the prefix length to nlen for ustar; ok otto millert

Handle path names of exactly 100 chars correctly. Based on a diff
from espie@. ok espie@ deraadt@

If a uid or gid does not fit into into the tar header, issue a warning
and use the uid/gid of nobody. Spotted by and ok drahn@, ok millert@

spacing

Add support for expanding GNU long links from NetBSD. I've had this
in my tree for ages but didn't have a proper test case. Thanks to
otto@ for providing one.

protos. this requires changing the api for the *trail() functions a bit

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Pull in some changes from NetBSD
o When extracting GNU tar archives, honor @LongLink long links/files
o Add an option to prevent pax from prompting for the next volume
upon premature end of archive.

sprinkle const; mostly from NetBSD

Fix comment typos; most from NetBSD and FreeBSD

kill register

We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

When writing tar and ustar archives, zero out the header before we
do anything else to it. This lets us restore the strlcpy() calls
and remove a buch of memset()s that were zeroing out individual
fields of the header.

More strlcpy() backout. Various tar programs require ustar header
elements to be zero padded too.

Back out a strncpy -> strlcpy conversion. When writing old style
tar files we need to zero-pad the file name or many tars will get
a directory checksum error trying to unpack the archive.

This does not affect ustar archives (pax's default) though whether
or not padding matters there still needs to be determined.

really use strlcpy.

use strlcpy vs strncpy+a[len-1]='\0'

Get rid of NET2_FTS and NET2_REGEX #ifdefs since they are useless.
Change NET2_STAT into LONG_OFF_T for portability to systems with
a 32bit off_t.

use proper str*cpy functions instead of home grown one, spaces; millert@ ok

spelling

Work with files larger than 2 Gb; from NetBSD change by mycroft@netbsd.org

Fix off-by-one error when adding files of exactly 100 characters; wsanchez@apple.com

fix storage of paths that are exactly 100 chars; mgw@pacbell.net

i am bored enough to fix terminal space/tab uglies

#if __STDC__ --> #ifdef __STDC__

Fix usage of l_strncpy() (noticed by Theo) and make l_strncpy()
pad with NULL's like strncpy(3). This eliminates the need for
zf_strncpy(); ocurrences of zf_strncpy() have been changed to l_strncpy().

Strip leading '/' of pathnames (only in tar mode). -S option turns
this off like GNU tar.

Deal with old-style tar archives with a directory specifier (extension).

Back out my previous kludge to make tar files with short trailers work in
favor of a simpler change--never try to do a media change when invoked
as tar. This fixes problems that crop up if gzip exits unhappily and
others.

Correct handling of long filenames that has been stored with a prefix in
the archive; generate POSIXly correct padding of octal fields.

Permit single block trailers differently.

Fix uses of strncpy

update rcsid

Correct compile warnings
Rename warn() to paxwarn() so <err.h> can be included

Remove #include <ctype.h> when not needed; from FreeBSD

branches: 1.1.1;
Initial revision

Zap useless newline added in previous

'pax' format support for files over 8GB

ok millert@

Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name. Pasto introduced in previous.

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@

The tweaks I suggested to the previous diff resulted in the typeflag
being checked after it was overwritten by the next block read in.
Eliminate the argument aliasing that led to this being overlooked
by passing rd_xheader() the size and typeflag directly.

problem discovery and ok fgsch@

Add extended header support for ustar. Currently only path and linkpath are
handled.
input from zhuk and guenther. tested by zhuk and sthen on a bulk.
ok guenther.

Enable support for write_opt=nodir for ustar archives which helps to fix
issues with some crappy tar archive readers out there that rely on the
fact that directory entries ends up with "/" when created by GNU Tar, and
now I'm finishing this commit message by mentioning people who gave input
and okays: deraadt@ millert@ jmc@

remove some unnecessary sys/param.h inclusions

a -N option for tar that uses numeric only IDs, useful for cross system
tar file manipulation. with advice from guenther and jmc.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Properly take into account that the name and prefix field in the tar
header are not always NUL-terminated. This means there's room for 1
more byte in those field. This effectively reverts revs 1.13 and 1.14;
ok jaredy@ millert@

Avoid sign extend when writing time stamps; fixes "tar: Ustar header
field is too small for foo" error messages when writing files with
negative time stamps on 64 bit archs.
ok millert@ deraadt@

Fix writing of old-style tar headers. Filenames and linknames actually
are not NUL terminated if the fill the whole field.
ok millert@ jaredy@

Use a special crafted string copy function to copy data from ustar
headers to the generic pax structs. ustar is "funny" since some fields
are not always NUL terminated. Old-style tar headers and ustar
creation remains to be done. ok millert@ beck@

fix strlcpy abuse in pax - this commit turns potential overflows into
potential non-spec compliance - the use of these fields as strings needs
to be revisited more thouroughly.
ok millert@ otto@

add the prefix length to nlen for ustar; ok otto millert

Handle path names of exactly 100 chars correctly. Based on a diff
from espie@. ok espie@ deraadt@

If a uid or gid does not fit into into the tar header, issue a warning
and use the uid/gid of nobody. Spotted by and ok drahn@, ok millert@

spacing

Add support for expanding GNU long links from NetBSD. I've had this
in my tree for ages but didn't have a proper test case. Thanks to
otto@ for providing one.

protos. this requires changing the api for the *trail() functions a bit

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Pull in some changes from NetBSD
o When extracting GNU tar archives, honor @LongLink long links/files
o Add an option to prevent pax from prompting for the next volume
upon premature end of archive.

sprinkle const; mostly from NetBSD

Fix comment typos; most from NetBSD and FreeBSD

kill register

We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

When writing tar and ustar archives, zero out the header before we
do anything else to it. This lets us restore the strlcpy() calls
and remove a buch of memset()s that were zeroing out individual
fields of the header.

More strlcpy() backout. Various tar programs require ustar header
elements to be zero padded too.

Back out a strncpy -> strlcpy conversion. When writing old style
tar files we need to zero-pad the file name or many tars will get
a directory checksum error trying to unpack the archive.

This does not affect ustar archives (pax's default) though whether
or not padding matters there still needs to be determined.

really use strlcpy.

use strlcpy vs strncpy+a[len-1]='\0'

Get rid of NET2_FTS and NET2_REGEX #ifdefs since they are useless.
Change NET2_STAT into LONG_OFF_T for portability to systems with
a 32bit off_t.

use proper str*cpy functions instead of home grown one, spaces; millert@ ok

spelling

Work with files larger than 2 Gb; from NetBSD change by mycroft@netbsd.org

Fix off-by-one error when adding files of exactly 100 characters; wsanchez@apple.com

fix storage of paths that are exactly 100 chars; mgw@pacbell.net

i am bored enough to fix terminal space/tab uglies

#if __STDC__ --> #ifdef __STDC__

Fix usage of l_strncpy() (noticed by Theo) and make l_strncpy()
pad with NULL's like strncpy(3). This eliminates the need for
zf_strncpy(); ocurrences of zf_strncpy() have been changed to l_strncpy().

Strip leading '/' of pathnames (only in tar mode). -S option turns
this off like GNU tar.

Deal with old-style tar archives with a directory specifier (extension).

Back out my previous kludge to make tar files with short trailers work in
favor of a simpler change--never try to do a media change when invoked
as tar. This fixes problems that crop up if gzip exits unhappily and
others.

Correct handling of long filenames that has been stored with a prefix in
the archive; generate POSIXly correct padding of octal fields.

Permit single block trailers differently.

Fix uses of strncpy

update rcsid

Correct compile warnings
Rename warn() to paxwarn() so <err.h> can be included

Remove #include <ctype.h> when not needed; from FreeBSD

branches: 1.1.1;
Initial revision

Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name. Pasto introduced in previous.

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@

The tweaks I suggested to the previous diff resulted in the typeflag
being checked after it was overwritten by the next block read in.
Eliminate the argument aliasing that led to this being overlooked
by passing rd_xheader() the size and typeflag directly.

problem discovery and ok fgsch@

Add extended header support for ustar. Currently only path and linkpath are
handled.
input from zhuk and guenther. tested by zhuk and sthen on a bulk.
ok guenther.

Enable support for write_opt=nodir for ustar archives which helps to fix
issues with some crappy tar archive readers out there that rely on the
fact that directory entries ends up with "/" when created by GNU Tar, and
now I'm finishing this commit message by mentioning people who gave input
and okays: deraadt@ millert@ jmc@

remove some unnecessary sys/param.h inclusions

a -N option for tar that uses numeric only IDs, useful for cross system
tar file manipulation. with advice from guenther and jmc.

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Properly take into account that the name and prefix field in the tar
header are not always NUL-terminated. This means there's room for 1
more byte in those field. This effectively reverts revs 1.13 and 1.14;
ok jaredy@ millert@

Avoid sign extend when writing time stamps; fixes "tar: Ustar header
field is too small for foo" error messages when writing files with
negative time stamps on 64 bit archs.
ok millert@ deraadt@

Fix writing of old-style tar headers. Filenames and linknames actually
are not NUL terminated if the fill the whole field.
ok millert@ jaredy@

Use a special crafted string copy function to copy data from ustar
headers to the generic pax structs. ustar is "funny" since some fields
are not always NUL terminated. Old-style tar headers and ustar
creation remains to be done. ok millert@ beck@

fix strlcpy abuse in pax - this commit turns potential overflows into
potential non-spec compliance - the use of these fields as strings needs
to be revisited more thouroughly.
ok millert@ otto@

add the prefix length to nlen for ustar; ok otto millert

Handle path names of exactly 100 chars correctly. Based on a diff
from espie@. ok espie@ deraadt@

If a uid or gid does not fit into into the tar header, issue a warning
and use the uid/gid of nobody. Spotted by and ok drahn@, ok millert@

spacing

Add support for expanding GNU long links from NetBSD. I've had this
in my tree for ages but didn't have a proper test case. Thanks to
otto@ for providing one.

protos. this requires changing the api for the *trail() functions a bit

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Pull in some changes from NetBSD
o When extracting GNU tar archives, honor @LongLink long links/files
o Add an option to prevent pax from prompting for the next volume
upon premature end of archive.

sprinkle const; mostly from NetBSD

Fix comment typos; most from NetBSD and FreeBSD

kill register

We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

When writing tar and ustar archives, zero out the header before we
do anything else to it. This lets us restore the strlcpy() calls
and remove a buch of memset()s that were zeroing out individual
fields of the header.

More strlcpy() backout. Various tar programs require ustar header
elements to be zero padded too.

Back out a strncpy -> strlcpy conversion. When writing old style
tar files we need to zero-pad the file name or many tars will get
a directory checksum error trying to unpack the archive.

This does not affect ustar archives (pax's default) though whether
or not padding matters there still needs to be determined.

really use strlcpy.

use strlcpy vs strncpy+a[len-1]='\0'

Get rid of NET2_FTS and NET2_REGEX #ifdefs since they are useless.
Change NET2_STAT into LONG_OFF_T for portability to systems with
a 32bit off_t.

use proper str*cpy functions instead of home grown one, spaces; millert@ ok

spelling

Work with files larger than 2 Gb; from NetBSD change by mycroft@netbsd.org

Fix off-by-one error when adding files of exactly 100 characters; wsanchez@apple.com

fix storage of paths that are exactly 100 chars; mgw@pacbell.net

i am bored enough to fix terminal space/tab uglies

#if __STDC__ --> #ifdef __STDC__

Fix usage of l_strncpy() (noticed by Theo) and make l_strncpy()
pad with NULL's like strncpy(3). This eliminates the need for
zf_strncpy(); ocurrences of zf_strncpy() have been changed to l_strncpy().

Strip leading '/' of pathnames (only in tar mode). -S option turns
this off like GNU tar.

Deal with old-style tar archives with a directory specifier (extension).

Back out my previous kludge to make tar files with short trailers work in
favor of a simpler change--never try to do a media change when invoked
as tar. This fixes problems that crop up if gzip exits unhappily and
others.

Correct handling of long filenames that has been stored with a prefix in
the archive; generate POSIXly correct padding of octal fields.

Permit single block trailers differently.

Fix uses of strncpy

update rcsid

Correct compile warnings
Rename warn() to paxwarn() so <err.h> can be included

Remove #include <ctype.h> when not needed; from FreeBSD

branches: 1.1.1;
Initial revision

Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default. People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet. Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

Zap #ifndef SMALL around pax format read support

-DSMALL has never been used to build the ramdisks, thus the support for
reading pax format archives has always been there. This is misleading,
so just zap the ifdef since we want to keep read support.

Went through a make release Just In Case(tm).

Spotted by caspar@, ok millert@ sthen@ caspar@

Copy entire st_*tim structs at once, rather than copying
the st_*time and (obsolete) st_*timensec members separately.

ok millert@

pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX. OK otto@

Support mtime/atime/ctime extended headers in !SMALL builds.
These are becoming quite common in distributed software (including
tars produced by Python and Go) and often standard timestamps are
not set, resulting in extracted files dated as the epoch.

Lots of help from tb@, ok tb@ millert@

32-bit systems incorrectly parse the (64-bit) length of ustar extended
headers (hd->size) using a 32-bit operation.
from Samanta Navarro
ok guenther

uid_from_user() and gid_from_user() return -1 when indicating error,
not arbitrary values < 0.

Use the new libc uid_from_user() and gid_from_group() instead of
the pax-specific functions in cache.c. OK guenther@

Carefully add casts to silence clang sign-compare warnings. ok millert@

there is no offical way to get the max value of time_t, but this one works
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@

Avoid clang warning and make code better by using a signed long;
with hint from millert@; ok millert@ guenther@

Don't need <sys/time.h> or "options.h" here

Replace name_{uid,gid}() with the libc routines user_from_uid() and
group_from_gid(). Eliminate some superfluous strncpy() calls.

ok millert@

Remove many unnecessary casts. Verified by comparing generated code on
both ILP32 and LP64.

ok millert@

Replace u_quad_t with unsigned long long and replace "uqd" with "ull" in
function names to match. Pull some tangled assignments out of conditions
and use >>= where possible.

ok millert@

To archive a 101 character absolute path in ustar format we must
split it on a slash other than the leading one.

Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and
Peter Bisroev (peter (at) int19h.net)

Add PAX_IS_{REG,HARDLINK,LINK} macros to simply many file type tests

ok millert@

Handle tar -o by setting the tar_nodir directly instead of faking up a
pax-like -o write_opt=nodir.

ok millert@ otto@

Unrevert post-unlock:
* Prevent an archive from esacaping the current directory by itself:
when extracting a symlink whose value is absolute or contains ".."
components, just create a zero-length normal file (with additional
tracking of the mode and hardlinks to the symlink) until everything
else is extracted, then go back and replace it with the requested
link (if it's still that zero-length placeholder).

* For tar without -P, if a path in the archive has any ".." components
then strip everything up to and including the last of them (if
it ends in ".." then it becomes ".")
This mostly follows GNU tar's behavior, except for 'tar tf' and
'tar xvf' we report the modified path that would be/was actually
created instead of the raw path from the archive

Above two fixes prompted by a report from Daniel Cegielka
(daniel.cegielka (at) gmail.com)

* For directories whose times or mode will be fixed up in the
clean-up pass, record their dev+ino and then use
open(O_DIRECTORY)+fstat() to verify that we're updating the correct
directory before using futimens() and fchmod().

* Correct buffer overflow in handling of pax extension headers,
caught by the memcpy() overlap check.


previously ok millert@ deraadt@

branches: 1.55.2;
Recent changes haven't been completely stable, so revert for the 5.7 release

requested by deraadt@

Correct buffer overflow in handling of pax extension headers, caught
by the memcpy() overlap check.

ok millert@ deraadt@

branches: 1.53.6;
Map negative mtimes to zero instead of skipping the affected files.

problem noted by miod@
ok krw@ millert@

Zap trailing whitespace

Eliminate poisonous LONG_OFF_T conditional

adjective suggested by deraadt@

Mark some functions as printf-like and fix a bogus format string

ok fgsch@

add unsigned char casts for specific calls to ctype.h macros.
ok guenther step

cpio and ustar formats store times in octal fields that are 11 characters
wide, so they support up to 33bits. Take advantage of the extra bits by
no longer forcing them into 32bit ints before the time_t conversion. This
gets us another 204 years of range once time_t changes type

ok deraadt@ tedu@