1. 25 May, 2021 2 commits
    • Ondrej Holy's avatar
      extractor: Prevent redundant path name handling for equal prefixes · b9590ab7
      Ondrej Holy authored
      Currently, redundant path name handling happens when archive files have
      a common prefix and an equal destination is returned from the `decide-destination`
      signal. In this case, the old prefix is removed and the new one (the equal one)
      is added again. Let's detect this case and prevent the redundancy.
      b9590ab7
    • Ondrej Holy's avatar
      extractor: Fix extraction of one file archives · 135053d5
      Ondrej Holy authored
      Currently, an empty folder is created when extracting an archive over
      Nautilus which contains one file with the same name as the archive.
      This is because gnome-autoar always creates the top-level folder, but
      the one file archive with the same name should be extracted directly
      without creating additional folders. Otherwise the `conflict` signal
      is emitted and Nautilus by default skips conflicting files, so only
      empty folder remains after extraction. This problem have not been
      unfortunately noticed by the `test-one-file-same-name` unit test due to
      differences in the `decide-destination` signal handling. Let's do not
      create the top-level folder at all as `g_file_make_directory_with_parents`
      is used later anyway.
      
      Fixes: #28
      135053d5
  2. 11 May, 2021 2 commits
    • Ondrej Holy's avatar
      compressor: Fix usage of uninitialized value · e1c58e6d
      Ondrej Holy authored
      The Coverity tool found usage of uninitialized value, which was unfortunatelly
      introduced by the recent commit c919227c. This might lead to segfaults when
      compressing remote files. Let's initialize the `sparse` variable to fix this.
      e1c58e6d
    • Ondrej Holy's avatar
      tests: Fix various defects reported by Coverity · f735c056
      Ondrej Holy authored
      The Coverity tool found some defects in the testing suite. Although,
      those defects don't cause any really issues, let's fix them to make
      covscan happy and the code more bullet-proof.
      f735c056
  3. 30 Apr, 2021 2 commits
  4. 26 Apr, 2021 5 commits
    • Ondrej Holy's avatar
      doap: Fix category and add some missing elements · a8dce79c
      Ondrej Holy authored
      The .doap file currently states that gnome-autoar belongs to "apps" category.
      However, gnome-autoar is a library, so "core" makes more sense here. Also
      download-page and bug-database elements are missing. Let's fix the mentioned
      issues.
      a8dce79c
    • Ondrej Holy's avatar
      Add README.md file · 8a428842
      Ondrej Holy authored
      Currently, there is no README file, so GitLab doesn't show any project
      info. Let's add one with the same info which is in doap and docs already.
      But also update the texts to not mention "gschemas" as they are not used
      already.
      
      Fixes: #13
      8a428842
    • Ondrej Holy's avatar
      compressor: Fix hardlink handling for new cpio format · 02d42901
      Ondrej Holy authored
      The new cpio format writes the file content for hardlinks the last
      time an inode is seen. To achieve this, the archive entries are
      internally stored over `archive_entry_linkify` and written later.
      In that case, `archive_entry_linkify` takes ownership of the
      `archive_entry` struct and set the pointer to `NULL`. However,
      gnome-autoar keeps using the original entry, which leads to weird
      errors. Also, after all archive entries are written,
      `archive_entry_linkify` has to be called in a loop to write all
      deffered entries. However, it is called only once currently, which
      can cause that some of the hardlinks are not written to the
      archive. Let's correctly handle the entry ownership and call
      `archive_entry_linkify` to fix hardlink handling for the new cpio
      format.
      
      Relates: #25
      02d42901
    • Ondrej Holy's avatar
      compressor: Do not set unknown attributes · 34e868ec
      Ondrej Holy authored
      Currently, various filesystem attributes are passed to libarchive
      without checks. But it may happen that not all those attributes are
      available, especially for files provided over GVfs. Let's set only
      those which are available for sure.
      
      Relates: #25
      34e868ec
    • Ondrej Holy's avatar
      compressor: Fix hardlink detection for remote files · c919227c
      Ondrej Holy authored
      Currently, all files are considered as hardlinks when compressing files provided
      by GVfs (e.g. SFTP) to TAR format, so the file content is lost for those files.
      This is because the `inode`, `device`, and/or `nlink` attributes are not set for
      those files. Let's do not call `archive_entry_linkify` in this case to not create
      broken archives.
      
      Fixes: #25
      c919227c
  5. 23 Apr, 2021 2 commits
  6. 25 Mar, 2021 1 commit
    • Ondrej Holy's avatar
      NEWS: Add CVE number · 8208609d
      Ondrej Holy authored
      The CVE number for #12 has been assigned after the
      release, so it is not part of the NEWS file. Let's add the CVE number
      additionaly at least.
      8208609d
  7. 13 Mar, 2021 1 commit
  8. 12 Mar, 2021 21 commits
    • Ondrej Holy's avatar
      tests: Add test for symlinks in parents and malformed paths · 32957ff7
      Ondrej Holy authored
      (Malicious) archives can have entries with symlink in parents. Archives
      entries can have absolute paths, or relative paths that points outside
      of the destination. Let's add test to ensure that extraction fails with
      error for symlinks in parents and tests to verify that malformed paths
      are correctly sanitized and not written outside.
      32957ff7
    • Ondrej Holy's avatar
      extractor: Fix criticals for paths that point outside · 2c8d1639
      Ondrej Holy authored
      (Malicious) archives can have malformed paths with `..` segments so they
      point outside of the destination. The `autoar_extractor_do_sanitize_pathname`
      function already sanitizes those paths to be inside of the destination,
      however, the code from `autoar_extractor_step_decide_destination` operates on
      paths, which are not yet sanitized and fails with the following criticals:
      `g_file_resolve_relative_path: assertion 'relative_path != NULL' failed`.
      Let's use the `autoar_extractor_do_sanitize_pathname` also here to fix this
      criticals.
      2c8d1639
    • Ondrej Holy's avatar
      extractor: Do not allow symlink in parents · 8109c368
      Ondrej Holy authored
      Currently, it is still possible that some files are extracted outside of
      the destination dir in case of malicious archives. The checks from commit
      adb067e6 can be still bypassed in certain cases. See file-roller#108
      for more details. After some investigation, I am convinced that it would be
      best to	simply disallow symlinks in parents. For example, `tar` fails to
      extract such files with the `ENOTDIR` error. Let's do the same here.
      
      Fixes: #12
      8109c368
    • Ondrej Holy's avatar
      c678fcd2
    • Ondrej Holy's avatar
      Revert "extractor: Do not fail if parent folders don't exist" · d0810759
      Ondrej Holy authored
      This reverts commit cc4e8b7c.
      d0810759
    • Ondrej Holy's avatar
      extractor: Reduce the number of files and size when skipping · 7f2e1868
      Ondrej Holy authored
      In case of conflict, when skipping some file, the `total_size` and `total_files`
      is not updated, but neither `completed_files` and `completed_size`. Let's
      reduce the `total_size` and `total_files`. Same approach is used in Nautilus
      when skipping.
      7f2e1868
    • Ondrej Holy's avatar
      tests: Add tests to check that link target are not overwritten · d500047d
      Ondrej Holy authored
      The symlink, or hardline should be rewriten itself, not its target.
      Let's add tests to verify this.
      d500047d
    • Ondrej Holy's avatar
      extractor: Do not follow symlinks when detecting conflicts · c4b0b9c9
      Ondrej Holy authored
      Currently, symlinks are followed when detecting conflicts. But this
      is not desired as the original file caused the conflict, not its target.
      c4b0b9c9
    • Ondrej Holy's avatar
      tests: Change test-one-file-error-file-over-directory test · df846daf
      Ondrej Holy authored
      To be honest, it is not really clear to me what is purpose of this test.
      As per the name, it should verify that error is returned when overwriting
      file over directory. However, I think that it is totally fine to overwrite
      empty directory. Anyway, the overwrite action is not explicitely chosen,
      so the skip action is used instead. Consequently, the test verifies that
      `error` is not set. So it looks to me that the test is tottaly wrong. Let's
      modify and rename the test, so it really checks that error is returned when
      somebody tries to overwrite non-empty directory.
      df846daf
    • Ondrej Holy's avatar
      extractor: Detect conflict also for directories · 88e21e8a
      Ondrej Holy authored
      Current logic doesn't detect conflics when extracting directory. This
      is ok, but only for the case when the conflic is caused by directory.
      Otherwise, the conflic should be detected and AutoarExtractor should
      try to delete the file before creating new directory.
      88e21e8a
    • Ondrej Holy's avatar
      extractor: Explicitely delete files that should be overwritten · f26d32e0
      Ondrej Holy authored
      Currently, `g_file_replace` is used to write files. However, it uses
      `G_FILE_CREATE_NONE` which keeps old permissions. It should rather use
      `G_FILE_CREATE_REPLACE_DESTINATION` instead to not keep any old permissions
      as it is among others used by File Roller. However, there is bug in
      `G_FILE_CREATE_REPLACE_DESTINATION` implementaion, see glib#2325.
      Let's explicitely delete that file and use `g_file_create` instead.
      This will also fix problems when overwriting file by directory and
      ensures that hardlinks will be replaced and not just modified.
      f26d32e0
    • Ondrej Holy's avatar
      tests: Add test to check default action for conflicts · ad85961c
      Ondrej Holy authored
      From the code, it was not really clear what is the default action
      for conflicts. Let's add test which verifies that conflicting files
      are skipped by default.
      ad85961c
    • Ondrej Holy's avatar
      tests: Fix tests for conflicts · e74a4fc0
      Ondrej Holy authored
      The tests for conflicts contains several bugs and also are not able to
      distingues between skip and overwrite actions. Let's modify the test so
      they can really verify whether the files are skipped, or overwritten.
      e74a4fc0
    • Ondrej Holy's avatar
      tests: Rename tests for conflicts · 8d579adb
      Ondrej Holy authored
      The test for conflict contains `test-one-file-` prefix which doesn't make
      much sense here and just makes the name too long. Let's use just `test-`
      prefix instead.
      8d579adb
    • Ondrej Holy's avatar
      extractor: Fix default action for conflicts · 2955faea
      Ondrej Holy authored
      The `AUTOAR_CONFLICT_OVERWRITE` is set as default value for the action
      variable when conflict occured. However, `g_signal_emit` clears that
      variable to `0` if the signal is unhandled. But `0` is currently mapped
      to `AUTOAR_CONFLICT_SKIP`. So the code is a little bit confusing. I think
      that overwrite is the right thing in most cases and also this is the
      default behavior of `tar` as an archive may contain several versions of
      some file and the last one is the newest. However, gnome-autoar allows
      extraction in the non-empty folders and has conflict API, so it would be
      really safer to use the skip action by default. Let's add the
      `AUTOAR_CONFLICT_UNHANDLED` action for better control and use the
      `AUTOAR_CONFLICT_SKIP` action by default.
      2955faea
    • Ondrej Holy's avatar
      tests: Add test for the output-is-dest property · 17297019
      Ondrej Holy authored
      A test for the `output-is-dest` property is missing currently. Let's add
      one to be sure that extra directory is not created for an archive with
      a file with a different name.
      17297019
    • Ondrej Holy's avatar
      extractor: Do not allow prefix modifications when output-is-dest · 9ba3d2da
      Ondrej Holy authored
      If the `output-is-dest` property is `TRUE`, the `prefix` is not cleared and is
      passed to `decide-destination` signal. This looks unexpected because it allows
      to change even the prefix which doesn't match archive name, which is not allowed
      even if `output-is-dest` is `FALSE`. I am conviced that it should not be allowed
      to change the `prefix` at all in this case. Let's clear the `prefix` variable to
      avoid that.
      9ba3d2da
    • Ondrej Holy's avatar
      extractor: Add debug prints for link targets · 39b9a55f
      Ondrej Holy authored
      At the beginning, the file list is printed in the debug output. However,
      it doesn't contain targets of symlinks and hardlinks. Let's print them
      as well. Also print symlink target when writing it on the disk similary
      to hardlinks.
      39b9a55f
    • Ondrej Holy's avatar
      extractor: Prevent creation of unrelated directories · b5c8efcd
      Ondrej Holy authored
      `g_file_make_directory_with_parents` is called to create `self->destination_dir`
      directory before extraction. However, the files may be written to completely
      different dir later if the they have common prefix and the prefix is consequently
      changed over `decide-destination` signal. Let's use `self->prefix_new` if it is
      set to prevent creation of unrelated directories.
      b5c8efcd
    • Ondrej Holy's avatar
      extractor: Fix leaked value from g_file_get_path · f2175bd3
      Ondrej Holy authored
      The returned value from `g_file_get_path` is not consequently freed.
      Let's use `g_file_peek_path` instead to fix the leak.
      f2175bd3
    • Ondrej Holy's avatar
      extractor: Make documentation clearer · 2f72d67d
      Ondrej Holy authored
      The documentation refers to non-existing functions and properties.
      It also contains misleading info about behavior of some functions,
      or their parameters. Let's try to make the documentation clearer.
      This also fixes some typos.
      2f72d67d
  9. 09 Mar, 2021 1 commit
    • Ondrej Holy's avatar
      extractor: Drop recursive delete on failure to prevent data loss · f4792b21
      Ondrej Holy authored and Felipe Borges's avatar Felipe Borges committed
      Recursive delete has been added by commit 58ac8fc5 to remove already created
      directories when extraction fails because of an invalid password. In fact,
      it deletes the whole `destination_dir` also in case of other failures, which
      is maybe not the best approach, but ok. However, a problem is that
      gnome-autoar allows extraction in non-empty destination, so this might remove
      also files which were not initially created by gnome-autoar. Fortunately,
      nautilus and gnome-shell currently always extracts in an extra directory. But
      what is worse is the fact, that if the files in the archive have a common
      prefix, then the `destination_dir` is actually a parent of that extra directory
      in the case of nautilus and gnome-shell (but API allows to set completely
      unrelated path)! So this can easily cause huge data loss! It would probably be
      better to create parent directories only when `archive_read_data_block`
      succeeds instead of deleting them later. Alternatively, gnome-autoar could
      track which files were written and deletes just those on that list. But for now,
      let's just remove the code for recursive delete and do not care about leftover
      files...
      f4792b21
  10. 05 Mar, 2021 1 commit
    • Matthias's avatar
      mime-types: Add back RAR support · 9356fae1
      Matthias authored and Ondrej Holy's avatar Ondrej Holy committed
      The commit 66cf03f9 dropped support for RAR archives because they were not well
      supported by libarchive. But a lot of changed since then and libarchive 3.4.0
      came with RAR 5 support. Let's add back support for RAR and bump the libarchive
      dependency accordingly.
      
      Fixes: #2
      9356fae1
  11. 12 Feb, 2021 2 commits