11 files changed, 167 insertions, 59 deletions
diff --git a/archival/dpkg.c b/archival/dpkg.c
index 2893cfc2d..151f0ca43 100644
--- a/archival/dpkg.c
+++ b/archival/dpkg.c
@@ -1472,12 +1472,16 @@ static void init_archive_deb_control(archive_handle_t *ar_handle)
        tar_handle->src_fd = ar_handle->src_fd;
        /* We don't care about data.tar.* or debian-binary, just control.tar.* */
+        llist_add_to(&(ar_handle->accept), (char*)"control.tar");
 #if ENABLE_FEATURE_SEAMLESS_GZ
        llist_add_to(&(ar_handle->accept), (char*)"control.tar.gz");
 #endif
 #if ENABLE_FEATURE_SEAMLESS_BZ2
        llist_add_to(&(ar_handle->accept), (char*)"control.tar.bz2");
 #endif
+#if ENABLE_FEATURE_SEAMLESS_XZ
+        llist_add_to(&(ar_handle->accept), (char*)"control.tar.xz");
+#endif
        /* Assign the tar handle as a subarchive of the ar handle */
        ar_handle->dpkg__sub_archive = tar_handle;
@@ -1492,12 +1496,19 @@ static void init_archive_deb_data(archive_handle_t *ar_handle)
        tar_handle->src_fd = ar_handle->src_fd;
        /* We don't care about control.tar.* or debian-binary, just data.tar.* */
+        llist_add_to(&(ar_handle->accept), (char*)"data.tar");
 #if ENABLE_FEATURE_SEAMLESS_GZ
        llist_add_to(&(ar_handle->accept), (char*)"data.tar.gz");
 #endif
 #if ENABLE_FEATURE_SEAMLESS_BZ2
        llist_add_to(&(ar_handle->accept), (char*)"data.tar.bz2");
 #endif
+#if ENABLE_FEATURE_SEAMLESS_LZMA
+        llist_add_to(&(ar_handle->accept), (char*)"data.tar.lzma");
+#endif
+#if ENABLE_FEATURE_SEAMLESS_XZ
+        llist_add_to(&(ar_handle->accept), (char*)"data.tar.xz");
+#endif
        /* Assign the tar handle as a subarchive of the ar handle */
        ar_handle->dpkg__sub_archive = tar_handle;
diff --git a/archival/dpkg_deb.c b/archival/dpkg_deb.c
index 13f9db991..0285273fe 100644
--- a/archival/dpkg_deb.c
+++ b/archival/dpkg_deb.c
@@ -70,6 +70,8 @@ int dpkg_deb_main(int argc, char **argv)
        ar_archive->dpkg__sub_archive = tar_archive;
        ar_archive->filter = filter_accept_list_reassign;
+        llist_add_to(&ar_archive->accept, (char*)"data.tar");
+        llist_add_to(&control_tar_llist, (char*)"control.tar");
 #if ENABLE_FEATURE_SEAMLESS_GZ
        llist_add_to(&ar_archive->accept, (char*)"data.tar.gz");
        llist_add_to(&control_tar_llist, (char*)"control.tar.gz");
@@ -82,6 +84,10 @@ int dpkg_deb_main(int argc, char **argv)
        llist_add_to(&ar_archive->accept, (char*)"data.tar.lzma");
        llist_add_to(&control_tar_llist, (char*)"control.tar.lzma");
 #endif
+#if ENABLE_FEATURE_SEAMLESS_XZ
+        llist_add_to(&ar_archive->accept, (char*)"data.tar.xz");
+        llist_add_to(&control_tar_llist, (char*)"control.tar.xz");
+#endif
        opt_complementary = "c--efXx:e--cfXx:f--ceXx:X--cefx:x--cefX";
        opt = getopt32(argv, "cefXx");
diff --git a/archival/gzip.c b/archival/gzip.c
index a93d2175a..bc1f9c60b 100644
--- a/archival/gzip.c
+++ b/archival/gzip.c
@@ -417,19 +417,46 @@ static void flush_outbuf(void)
 #define put_8bit(c) \
 do { \
        G1.outbuf[G1.outcnt++] = (c); \
-        if (G1.outcnt == OUTBUFSIZ) flush_outbuf(); \
+        if (G1.outcnt == OUTBUFSIZ) \
+                flush_outbuf(); \
 } while (0)
 /* Output a 16 bit value, lsb first */
 static void put_16bit(ush w)
 {
-        if (G1.outcnt < OUTBUFSIZ - 2) {
+        /* GCC 4.2.1 won't optimize out redundant loads of G1.outcnt
-                G1.outbuf[G1.outcnt++] = w;
+         * (probably because of fear of aliasing with G1.outbuf[]
-                G1.outbuf[G1.outcnt++] = w >> 8;
+         * stores), do it explicitly:
-        } else {
+         */
-                put_8bit(w);
+        unsigned outcnt = G1.outcnt;
-                put_8bit(w >> 8);
+        uch *dst = &G1.outbuf[outcnt];
+#if BB_UNALIGNED_MEMACCESS_OK && BB_LITTLE_ENDIAN
+        if (outcnt < OUTBUFSIZ-2) {
+                /* Common case */
+                ush *dst16 = (void*) dst;
+                *dst16 = w; /* unalinged LSB 16-bit store */
+                G1.outcnt = outcnt + 2;
+                return;
        }
+        *dst = (uch)w;
+        w >>= 8;
+#else
+        *dst = (uch)w;
+        w >>= 8;
+        if (outcnt < OUTBUFSIZ-2) {
+                /* Common case */
+                dst[1] = w;
+                G1.outcnt = outcnt + 2;
+                return;
+        }
+#endif
+        /* Slowpath: we will need to do flush_outbuf() */
+        G1.outcnt = ++outcnt;
+        if (outcnt == OUTBUFSIZ)
+                flush_outbuf();
+        put_8bit(w);
 }
 static void put_32bit(ulg n)
@@ -2007,7 +2034,7 @@ static void ct_init(void)
 * IN assertions: the input and output buffers are cleared.
 */
-static void zip(ulg time_stamp)
+static void zip(void)
 {
        ush deflate_flags = 0;  /* pkzip -es, -en or -ex equivalent */
@@ -2018,7 +2045,7 @@ static void zip(ulg time_stamp)
        /* compression method: 8 (DEFLATED) */
        /* general flags: 0 */
        put_32bit(0x00088b1f);
-        put_32bit(time_stamp);
+        put_32bit(0);           /* Unix timestamp */
        /* Write deflated file to zip file */
        G1.crc = ~0;
@@ -2044,8 +2071,6 @@ static void zip(ulg time_stamp)
 static
 IF_DESKTOP(long long) int FAST_FUNC pack_gzip(transformer_state_t *xstate UNUSED_PARAM)
 {
-        struct stat s;
        /* Clear input and output buffers */
        G1.outcnt = 0;
 #ifdef DEBUG
@@ -2077,9 +2102,23 @@ IF_DESKTOP(long long) int FAST_FUNC pack_gzip(transformer_state_t *xstate UNUSED
        G2.bl_desc.max_length  = MAX_BL_BITS;
        //G2.bl_desc.max_code    = 0;
+#if 0
+        /* Saving of timestamp is disabled. Why?
+         * - it is not Y2038-safe.
+         * - some people want deterministic results
+         *   (normally they'd use -n, but our -n is a nop).
+         * - it's bloat.
+         * Per RFC 1952, gzfile.time=0 is "no timestamp".
+         * If users will demand this to be reinstated,
+         * implement -n "don't save timestamp".
+         */
+        struct stat s;
        s.st_ctime = 0;
        fstat(STDIN_FILENO, &s);
        zip(s.st_ctime);
+#else
+        zip();
+#endif
        return 0;
 }
diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
index 968fdf8ab..b7faaf77f 100644
--- a/archival/libarchive/Kbuild.src
+++ b/archival/libarchive/Kbuild.src
@@ -30,11 +30,13 @@ COMMON_FILES:= \
 DPKG_FILES:= \
        unpack_ar_archive.o \
        filter_accept_list_reassign.o \
+        unsafe_prefix.o \
        get_header_ar.o \
        get_header_tar.o \
        get_header_tar_gz.o \
        get_header_tar_bz2.o \
        get_header_tar_lzma.o \
+        get_header_tar_xz.o \
 INSERT
@@ -43,7 +45,7 @@ lib-$(CONFIG_DPKG_DEB)                  += $(DPKG_FILES)
 lib-$(CONFIG_AR)                        += get_header_ar.o unpack_ar_archive.o
 lib-$(CONFIG_CPIO)                      += get_header_cpio.o
-lib-$(CONFIG_TAR)                       += get_header_tar.o
+lib-$(CONFIG_TAR)                       += get_header_tar.o unsafe_prefix.o
 lib-$(CONFIG_FEATURE_TAR_TO_COMMAND)    += data_extract_to_command.o
 lib-$(CONFIG_LZOP)                      += lzo1x_1.o lzo1x_1o.o lzo1x_d.o
 lib-$(CONFIG_LZOP_COMPR_HIGH)           += lzo1x_9x.o
@@ -52,7 +54,7 @@ lib-$(CONFIG_UNLZMA)                    += open_transformer.o decompress_unlzma.
 lib-$(CONFIG_UNXZ)                      += open_transformer.o decompress_unxz.o
 lib-$(CONFIG_GUNZIP)                    += open_transformer.o decompress_gunzip.o
 lib-$(CONFIG_UNCOMPRESS)                += open_transformer.o decompress_uncompress.o
-lib-$(CONFIG_UNZIP)                     += open_transformer.o decompress_gunzip.o
+lib-$(CONFIG_UNZIP)                     += open_transformer.o decompress_gunzip.o unsafe_prefix.o
 lib-$(CONFIG_RPM2CPIO)                  += open_transformer.o decompress_gunzip.o get_header_cpio.o
 lib-$(CONFIG_RPM)                       += open_transformer.o decompress_gunzip.o get_header_cpio.o
diff --git a/archival/libarchive/filter_accept_list_reassign.c b/archival/libarchive/filter_accept_list_reassign.c
index 3d19abe44..b9acfbc05 100644
--- a/archival/libarchive/filter_accept_list_reassign.c
+++ b/archival/libarchive/filter_accept_list_reassign.c
@@ -28,6 +28,10 @@ char FAST_FUNC filter_accept_list_reassign(archive_handle_t *archive_handle)
                name_ptr++;
                /* Modify the subarchive handler based on the extension */
+                if (strcmp(name_ptr, "tar") == 0) {
+                        archive_handle->dpkg__action_data_subarchive = get_header_tar;
+                        return EXIT_SUCCESS;
+                }
                if (ENABLE_FEATURE_SEAMLESS_GZ
                 && strcmp(name_ptr, "gz") == 0
                ) {
@@ -46,6 +50,12 @@ char FAST_FUNC filter_accept_list_reassign(archive_handle_t *archive_handle)
                        archive_handle->dpkg__action_data_subarchive = get_header_tar_lzma;
                        return EXIT_SUCCESS;
                }
+                if (ENABLE_FEATURE_SEAMLESS_XZ
+                 && strcmp(name_ptr, "xz") == 0
+                ) {
+                        archive_handle->dpkg__action_data_subarchive = get_header_tar_xz;
+                        return EXIT_SUCCESS;
+                }
        }
        return EXIT_FAILURE;
 }
diff --git a/archival/libarchive/get_header_cpio.c b/archival/libarchive/get_header_cpio.c
index 1a0058b63..7861d1f6f 100644
--- a/archival/libarchive/get_header_cpio.c
+++ b/archival/libarchive/get_header_cpio.c
@@ -37,7 +37,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
        }
        archive_handle->offset += 110;
-        if (strncmp(&cpio_header[0], "07070", 5) != 0
+        if (!is_prefixed_with(&cpio_header[0], "07070")
         || (cpio_header[5] != '1' && cpio_header[5] != '2')
        ) {
                bb_error_msg_and_die("unsupported cpio format, use newc or crc");
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index ba43bb073..2dbcdb50c 100644
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -17,36 +17,6 @@
 typedef uint32_t aliased_uint32_t FIX_ALIASING;
 typedef off_t    aliased_off_t    FIX_ALIASING;
-const char* FAST_FUNC strip_unsafe_prefix(const char *str)
-{
-        const char *cp = str;
-        while (1) {
-                char *cp2;
-                if (*cp == '/') {
-                        cp++;
-                        continue;
-                }
-                if (strncmp(cp, "/../"+1, 3) == 0) {
-                        cp += 3;
-                        continue;
-                }
-                cp2 = strstr(cp, "/../");
-                if (!cp2)
-                        break;
-                cp = cp2 + 4;
-        }
-        if (cp != str) {
-                static smallint warned = 0;
-                if (!warned) {
-                        warned = 1;
-                        bb_error_msg("removing leading '%.*s' from member names",
-                                (int)(cp - str), str);
-                }
-        }
-        return cp;
-}
 /* NB: _DESTROYS_ str[len] character! */
 static unsigned long long getOctal(char *str, int len)
 {
@@ -135,7 +105,7 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
                value = end + 1;
 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
-                if (!global && strncmp(value, "path=", sizeof("path=") - 1) == 0) {
+                if (!global && is_prefixed_with(value, "path=")) {
                        value += sizeof("path=") - 1;
                        free(archive_handle->tar__longname);
                        archive_handle->tar__longname = xstrdup(value);
@@ -148,7 +118,7 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
                 * This is what Red Hat's patched version of tar uses.
                 */
 # define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
-                if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
+                if (is_prefixed_with(value, SELINUX_CONTEXT_KEYWORD"=")) {
                        value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
                        free(archive_handle->tar__sctx[global]);
                        archive_handle->tar__sctx[global] = xstrdup(value);
@@ -232,7 +202,7 @@ char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
        /* Check header has valid magic, "ustar" is for the proper tar,
         * five NULs are for the old tar format  */
-        if (strncmp(tar.magic, "ustar", 5) != 0
+        if (!is_prefixed_with(tar.magic, "ustar")
         && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
             || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
        ) {
diff --git a/archival/libarchive/get_header_tar_xz.c b/archival/libarchive/get_header_tar_xz.c
new file mode 100644
index 000000000..7bf3b3b56
--- /dev/null
+++ b/archival/libarchive/get_header_tar_xz.c
@@ -0,0 +1,21 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ */
+#include "libbb.h"
+#include "bb_archive.h"
+char FAST_FUNC get_header_tar_xz(archive_handle_t *archive_handle)
+{
+        /* Can't lseek over pipes */
+        archive_handle->seek = seek_by_read;
+        fork_transformer_with_sig(archive_handle->src_fd, unpack_xz_stream, "unxz");
+        archive_handle->offset = 0;
+        while (get_header_tar(archive_handle) == EXIT_SUCCESS)
+                continue;
+        /* Can only do one file at a time */
+        return EXIT_FAILURE;
+}
diff --git a/archival/libarchive/unpack_ar_archive.c b/archival/libarchive/unpack_ar_archive.c
index 214d17e23..0bc030349 100644
--- a/archival/libarchive/unpack_ar_archive.c
+++ b/archival/libarchive/unpack_ar_archive.c
@@ -12,7 +12,7 @@ void FAST_FUNC unpack_ar_archive(archive_handle_t *ar_archive)
        char magic[7];
        xread(ar_archive->src_fd, magic, AR_MAGIC_LEN);
-        if (strncmp(magic, AR_MAGIC, AR_MAGIC_LEN) != 0) {
+        if (!is_prefixed_with(magic, AR_MAGIC)) {
                bb_error_msg_and_die("invalid ar magic");
        }
        ar_archive->offset += AR_MAGIC_LEN;
diff --git a/archival/libarchive/unsafe_prefix.c b/archival/libarchive/unsafe_prefix.c
new file mode 100644
index 000000000..9994f4d94
--- /dev/null
+++ b/archival/libarchive/unsafe_prefix.c
@@ -0,0 +1,36 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ */
+#include "libbb.h"
+#include "bb_archive.h"
+const char* FAST_FUNC strip_unsafe_prefix(const char *str)
+{
+        const char *cp = str;
+        while (1) {
+                char *cp2;
+                if (*cp == '/') {
+                        cp++;
+                        continue;
+                }
+                if (is_prefixed_with(cp, "/../"+1)) {
+                        cp += 3;
+                        continue;
+                }
+                cp2 = strstr(cp, "/../");
+                if (!cp2)
+                        break;
+                cp = cp2 + 4;
+        }
+        if (cp != str) {
+                static smallint warned = 0;
+                if (!warned) {
+                        warned = 1;
+                        bb_error_msg("removing leading '%.*s' from member names",
+                                (int)(cp - str), str);
+                }
+        }
+        return cp;
+}
diff --git a/archival/unzip.c b/archival/unzip.c
index 1ef026a9f..d370203e8 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -599,14 +599,18 @@ int unzip_main(int argc, char **argv)
                /* Skip extra header bytes */
                unzip_skip(zip_header.formatted.extra_len);
+                /* Guard against "/abspath", "/../" and similar attacks */
+                overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
                /* Filter zip entries */
                if (find_list_entry(zreject, dst_fn)
                 || (zaccept && !find_list_entry(zaccept, dst_fn))
                ) { /* Skip entry */
                        i = 'n';
-                } else { /* Extract entry */
+                } else {
-                        if (listing) { /* List entry */
+                        if (listing) {
+                                /* List entry */
                                unsigned dostime = zip_header.formatted.modtime | (zip_header.formatted.moddate << 16);
                                if (!verbose) {
                                        //      "  Length     Date   Time    Name\n"
@@ -642,9 +646,11 @@ int unzip_main(int argc, char **argv)
                                        total_size += zip_header.formatted.cmpsize;
                                }
                                i = 'n';
-                        } else if (dst_fd == STDOUT_FILENO) { /* Extracting to STDOUT */
+                        } else if (dst_fd == STDOUT_FILENO) {
+                                /* Extracting to STDOUT */
                                i = -1;
-                        } else if (last_char_is(dst_fn, '/')) { /* Extract directory */
+                        } else if (last_char_is(dst_fn, '/')) {
+                                /* Extract directory */
                                if (stat(dst_fn, &stat_buf) == -1) {
                                        if (errno != ENOENT) {
                                                bb_perror_msg_and_die("can't stat '%s'", dst_fn);
@@ -658,22 +664,27 @@ int unzip_main(int argc, char **argv)
                                        }
                                } else {
                                        if (!S_ISDIR(stat_buf.st_mode)) {
-                                                bb_error_msg_and_die("'%s' exists but is not directory", dst_fn);
+                                                bb_error_msg_and_die("'%s' exists but is not a %s",
+                                                        dst_fn, "directory");
                                        }
                                }
                                i = 'n';
-                        } else {  /* Extract file */
+                        } else {
+                                /* Extract file */
 check_file:
-                                if (stat(dst_fn, &stat_buf) == -1) { /* File does not exist */
+                                if (stat(dst_fn, &stat_buf) == -1) {
+                                        /* File does not exist */
                                        if (errno != ENOENT) {
                                                bb_perror_msg_and_die("can't stat '%s'", dst_fn);
                                        }
                                        i = 'y';
-                                } else { /* File already exists */
+                                } else {
+                                        /* File already exists */
                                        if (overwrite == O_NEVER) {
                                                i = 'n';
-                                        } else if (S_ISREG(stat_buf.st_mode)) { /* File is regular file */
+                                        } else if (S_ISREG(stat_buf.st_mode)) {
+                                                /* File is regular file */
                                                if (overwrite == O_ALWAYS) {
                                                        i = 'y';
                                                } else {
@@ -681,8 +692,10 @@ int unzip_main(int argc, char **argv)
                                                        my_fgets80(key_buf);
                                                        i = key_buf[0];
                                                }
-                                        } else { /* File is not regular file */
+                                        } else {
-                                                bb_error_msg_and_die("'%s' exists but is not regular file", dst_fn);
+                                                /* File is not regular file */
+                                                bb_error_msg_and_die("'%s' exists but is not a %s",
+                                                        dst_fn, "regular file");
                                        }
                                }
                        }