-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Ant team is proud to announce the first release of the compress Ant
library.
The compress Ant library[1] is a library of tasks and types that use
Apache Commons Compress[2] to read and write AR, CPIO, TAR and ZIP
archives as well as BZIP2 and
On 2010-09-17, Chris Bamford wrote:
I am developing Java code to handle archives using commons compress
and am currently focusing on ZIP files. I understand that ZIPs can be
encrypted in two ways:
(a) the contained entries can be plain text or encrypted
(b) the whole ZIP itself can
On 2011-01-07, Lin Sun wrote:
While reading the user doc for the commons compress project -
http://commons.apache.org/compress/examples.html
Under tar section, it says -
The tar package does not support the full POSIX tar standard nor more
modern GNU extension of said standard. It cannot
On 2011-01-07, Lin Sun wrote:
Do you know if this sentence is still valid -
The tar package does not support the full POSIX tar standard nor more
modern GNU extension of said standard
Absoluetly, yes.
since you think compress project should support up to 8GB? I am
hoping it is no longer
On 2011-02-07, Simone Tripodi wrote:
do you know is there any way to protect with a password the produced
zip archive, with [compress] APIs?
No, compress currently doesn't support any of the various encryption
options of the ZIP format.
https://issues.apache.org/jira/browse/COMPRESS-88
Note
On 2011-03-30, Alexander Gubin wrote:
Does commons-compress support appending to compressed files?
In general the compression formats don't support appending.
Many algorithms are block based (bzip is one) and if your original
data's length isn't an exact multiple of the block size (which in
On 2011-04-16, Stevo Slavić wrote:
Is there a reason why ZipFile shouldn't call it's closeQuietly or just
close on finalize?
Not really. Added to trunk in svn revision 1094224.
Of course you should always make sure that your code closes all
resources properly rather than relying on the GC.
On 2011-06-15, Albretch Mueller wrote:
based on the data definifion of the struct holding TarArchiveEntry's
properties:
http://commons.apache.org/compress/apidocs/org/apache/commons/compress/archivers/tar/TarArchiveEntry.html
TarArchive entries, as zip ones, should have some checksum
On 2011-07-20, Chris Bamford wrote:
Can someone please tell me the status of Zip64 support in commons:compress?
No support at all, sorry.
I read that it was supposed to go into 1.1, but I don't know how to tell.
The people (myself included) who thought they might find time to do it
ran out
On 2011-07-20, Jörg Schaible wrote:
Stefan Bodewig wrote:
On 2011-07-20, Chris Bamford wrote:
Can someone please tell me the status of Zip64 support in
commons:compress?
No support at all, sorry.
I read that it was supposed to go into 1.1, but I don't know how to tell.
The people
website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org
On 2011-08-12, Emmanouil Batsis (Manos) wrote:
Consider a zip archive containing the following folder and files:
rootfolder
+ file1.doc
+ file2.pdf
Shouldnt the entries enum bellow contain an entry for the root folder?
ZipFile zipFile = new ZipFile(tmpZipFile);
Enumeration entries =
On 2011-08-12, Emmanouil Batsis (Manos) wrote:
On 08/12/2011 10:09 PM, Stefan Bodewig wrote:
On 2011-08-12, Emmanouil Batsis (Manos) wrote:
Consider a zip archive containing the following folder and files:
rootfolder
file1.doc
file2.pdf
Shouldnt the entries enum bellow contain an entry
On 2011-08-13, Emmanouil Batsis (Manos) wrote:
On 08/13/2011 07:19 AM, Stefan Bodewig wrote:
If you use some ZIP tool with a UI like Windows Compressed Folders,
WinZip, 7ZIP or PKZIP they will show you the folders even if those are
not part of the archive - they simply don't have any other
Hi,
the Compress team is working on Zip64 support and our current trunk
looks promising. We've run interop tests with all we could get our
hands on and things are looking pretty good so far. The major interop
target missing is PKZIP itself as nobody of us has access to it.
If anybody around
On 2011-08-14, Sarel Botha wrote:
I have it. This would be an old DOS version. Looks like it won't run
on Win7 64 bit, but I have a WinXP virtual machine I can use for this.
It would have to be at least version 4.5 (or one that supports the spec
of version 4.5, not sure which version of PKZIP
On 2011-08-14, Stefan Bodewig wrote:
If anybody around here has a version of PKZIP and would be willing to
help, please contact me off-list and we go from there.
Unfortunately Sarel's version of PKZIP turned out to be too old, so I'm
still looking for a volunteer.
Cheers
Stefan
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
On 2012-03-01, cowwoc wrote:
Do you plan on releasing version 1.4 in the near future?
Before we can release 1.4 I'd personally like to get the remaining tar
issues fixed properly (support for big/negative values in all numeric
header fields). But once that is done I intend to propose a
.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
[1] http
http://ant.apache.org/security.html
Stefan Bodewig
pgpZrvVr8g5QS.pgp
Description: PGP signature
Hi Marcel,
On 2012-05-25, Marcel Bruch wrote:
I'm looking for a archive format and library that allows to update a
archive entry w/o copying the whole file as necessary with zip file
format.
From what I've seen, tar may be possible but the compress API does not
state this use case
On 2012-05-25, Marcel Bruch wrote:
is there any support for just appending new entries to an existing file?
Since you decide about the stream you pass in to the ArchiveOutputStream
yourself you can hand over a FileOutputStream that is appending. This
should work for tar, cpio and ar but won't
On 2013-01-27, Rico Harnisch wrote:
I tried to write the following two files to a TarArchiveOutputStream,
I have the option LONGFILE_POSIX enabled. The two files listed are the
only ones that should be written to the output stream.
instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlFCA
On 2013-06-06, liter...@centrum.cz wrote:
I realized that trunk has support for reading 7z archive.
And even read support is incomplete, we currently lack LZMA support
(only LZMA2 is present). The good news is that XZ for Java's trunk now
supports LZMA directly so we are on our way to complete
On 2013-06-06, Leos Literak wrote:
I understand Stephan. I am happy to see the first partial java
implementation. The situation is bad - no java support, unix version
lacks some features (multi volume support).
Well, I don't expect us to support everything either. We don't support
multiple
On 2013-09-22, Jie CDL Zhang wrote:
This is Calvin from IBM. I am making a product that need to use the 7z
archive function. I am very lucky to find that commons-compress supports
it! But the bad news is the latest release 1.5 does not contain those part.
How can I get a new release jar file
On 2013-09-22, Stefan Bodewig wrote:
One thing holding up the release is that I personally would love to have
LZMA support for 7z in as well - this is the compression method used for
header fields by default and without it 7z support is pretty much
limited. This one depends on XZ for Java
BEHR.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN
On 2013-11-02, yogeshrai wrote:
M trying to use extra field support in apache.commons.compress.archivers
version 1.5.Some how its not getting set since m not able to view it in hex
editor and even after extracting using default ubuntu archive manager,last
modified time is still set as server
On 2013-11-03, Stefan Bodewig wrote:
This is a bit inconvenient and I'll simplify the API in trunk soonish.
https://issues.apache.org/jira/browse/COMPRESS-242
It would be good if you could verify that explicitly setting the flags
field fixes your problem.
Stefan
On 2013-11-03, yogeshrai wrote:
Thnx a lot Stefan for prompt reply.I did made necessary change as suggested
by u.Still even when i set all 3 date types to old date and then try to
extract via default archive manager , m stuck with current date time for
individual files bundled in.
I may have
On 2013-11-12, org.apache.comm...@io7m.com wrote:
The 7z file format is (supposedly) a random access format, much like
zip archives. However, The SevenZFile class seems to only expose a
sequential interface (where I'm expected to seek over entries one at a
time, presumably whilst unpacking
On 2013-11-25, Vladislav Rassokhin wrote:
Hi,
I see that 1.6 release have 7z support, but there no SevenZInputStream,
moreover files in org.apache.commons.compress.archivers.sevenz package
doesn't have any reference to 'ArchiveInputStream'.
Do you have plans to create SevenZInputStream?
information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version
On 2014-02-28, Vatsyayan, Abhijat wrote:
I could not locate maven repository or downloads for commons
pipeline.
pipeline is a Sandbox component, as such it hasn't seen enough developer
interest to become a proper component and cannot make releases.
AFAICT it hasn't seen any code change in more
Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlMhRewACgkQohFa4V9ri3JILACgqpPksDdKQPHq+U9gAQ2yZYTA
OqcAnRQcpMPZT6mFHchKTUGkYzzCsw/i
=NgWC
-END PGP
On 2014-05-25, He Shiming wrote:
According to
http://commons.apache.org/proper/commons-compress/apidocs/src-html/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.html,
the exception is thrown while detecting a 'bz2' file header of 'BZh' +
'1'. On top of that, there
Hi all
we wrote
http://commons.apache.org/proper/commons-compress/zip.html#Encoding back
when Windows XP was state of the art. In there we claim the compressed
folders feature didn't recognize the language encoding flag and advised
people to use the platform's native encoding when targeting
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlQ4Bi0ACgkQohFa4V9ri3JTfgCePodWpLt1EAh0S0qPfl0IN3sC
On 2015-06-11, Gary Gregory wrote:
On Wed, Jun 10, 2015 at 9:29 PM, Stefan Bodewig bode...@apache.org wrote:
External attributes are stored inside the central directory which is
at the end of the archive. When using ZipArchiveInputStream the
central directory is only ever reached once all
On 2015-06-10, Kristina Chodorow wrote:
ZipArchiveEntry.getExternalAttributes() is always returning 0 for me. I
have pasted a hex dump of the zip file I'm testing with at the bottom of
email: 2 files of 0 bytes, one named x and one named y. Both of their
external attributes are 33184 (a081
. Thanks to Damjan Jovanovic.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
that relied
on the finalizer.
Issue: COMPRESS-357.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf
directory.
Issue: COMPRESS-321.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
On 2016-05-24, Jochen Wiedmann wrote:
> Doesn't work for my Github User (jochenw):
> $ git push
> Username for 'https://github.com':
> Password for 'https://joch...@github.com':
> remote: Permission to apache/commons-fileupload.git denied to jochenw.
> fatal: unable to access
>
On 2016-05-04, Allison, Timothy B. wrote:
> And the internet has answers...according to
> http://fileformats.archiveteam.org/wiki/IWA
> "However, the variant of Snappy that is used does not comply with the
> spec for that format, omitting the stream identifier and checksum."
Why? I'm not asking
instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Email 1.0 to 1.4.
Description:
When a call-site passes a subject for an email that
On 2017-08-08, Daron Clay wrote:
> I have an application using the existing tar and gzip output streams.
> I would like to be able to specify the equivalent of gzip --rsyncable
> when creating the tgz.
> Is this possible? I didn't see a way to do it in the doc.
There is no way to do this,
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Hi Benedikt
I'm sure my response is incomplete.
On 2017-05-18, Benedikt Tröster wrote:
> As far as I can tell there haven't been many security vulnerabilities
> with this lib.
Likely because it only provides an API that's pretty much low-level, the
dangerous parts are about to happen inside
On 2017-09-15, Simo Chiegang, Boris Arthur wrote:
> So, we develop a special kind of image file with the following structure:
> - Header file [offset 0 to 4096 bytes]
> - Stripe 1 [4096 - 2 bytes] (LZ4 block compressed)
> - Empty bloc [2 - 22000 bytes]
> -
On 2017-10-05, Simo Chiegang, Boris Arthur wrote:
> I tried simple to compress a byte array using the LZ4 compression:
> int numberReaded = tifFile.readEncodedStrip( 49, pointer, -1 );
> byte[] byteResult = pointer.getByteArray( 0, numberReaded); // The array
> has a length of 4194048 so 4Mb
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlsUJ8cACgkQohFa4V9ri3Jt0ACgxxCmC8KTY+GAK3FWGtwga/bZ
and can now also be used to preserve the
drive letter on Windows.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig
/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlp++c4ACgkQohFa4V9ri3ITDQCgnxr2jMWoIfvfXXUPLJ5zCuYp
8SsAn389h66E2zJL+xq8ualWDSWew/HH
=SaGD
-END PGP SIGNATURE
On 2018-07-20, Jason Harrop wrote:
> Given a ZipFile, its easy to read the size of ZipArchiveEntry
> How to do this when using ZipArchiveInputStream?
> The documentation says: ZipFile has access to the central directory and can
> extract entries using the data descriptor reliably. The same is
On 2018-08-04, Dan Tran wrote:
> here is the stack trace
> Caused by: java.io.IOException: Bad 7z signature
> at
> org.apache.commons.compress.archivers.sevenz.SevenZFile.readHeaders(SevenZFile.java:326)
This means Commons Compress doesn't recognize the file as a 7z
archive. A 7z
On 2018-08-05, Dan Tran wrote:
> Thanks for the explanation
> my vmware's vmdk file starts out with 'KDMV'. This explains about the
> stack trace.
> additional info
> * 7z for windows can uncompress it, but not 7z for linux, and winzip for
> windows
> * commons-vfs does not support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2018-11771: Apache Commons Compress 1.7 to 1.17 denial of service
vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.7 to 1.17
Description:
When reading a specially crafted ZIP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.18.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
On 2018-07-04, Luís Filipe Nassif wrote:
> I am trying to create a zip file saving its entries accessTime and
> CreationTime, but when I open the zip file with 7zip, those dates are not
> shown,
...
> entry.setLastAccessTime(FileTime.fromMillis(System.currentTimeMillis()));
...
> Any idea why
On 2018-07-05, Luís Filipe Nassif wrote:
> X000A_NTFS worked for 7zip!
Great.
I've opened https://issues.apache.org/jira/browse/COMPRESS-458 but it
will have to wait for Compress to be based on Java8.
Stefan
-
To
Hello Karl-Heinz
On 2018-03-13, Karl Heinz Marbaise wrote:
> Is there an option to have a callback function / listener which can be
> used to produce a kind of progress during decompressing archives
> (zip's, tar, gz, etc.) ?
No, there isn't.
There is an enhancement request to add something
CVE-2018-1324: Apache Commons Compress denial of service vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.11 to 1.15
Description:
A specially crafted ZIP archive can be used to cause an infinite loop
inside of Compress' extra field
On 2018-04-09, Andreas Beeker wrote:
> Just a short update on this - I've provided a patch for POI to use
> commons compress [1] So now we can focus on how the zip bomb handling
> can be provided by commons compress, i.e. as you already have
> mentioned with "InputStream will be a
On 2018-03-31, kiwiwings wrote:
> Stefan Bodewig wrote
>> ... then the compressed and uncompressed sizes of each
>> ZipArchiveEntry are known before you try to read the stream. Can't you
>> simply reject reading entries who's uncompressed size is too big?
> Are those size
On 2018-03-31, Dominik Stadler wrote:
> Apache POI is opening zip-files on a regular basis because Microsoft
> Excel/Word/... files are zip-files in their newer format. In order to
> prevent some types of denial-of-service-attacks, we have added
> functionality when opening Zip-files to not read
On 2018-03-17, Karl Heinz Marbaise wrote:
> On 14/03/18 09:03, Stefan Bodewig wrote:
>> On 2018-03-13, Karl Heinz Marbaise wrote:
>>> Is there an option to have a callback function / listener which can be
>>> used to produce a kind of progress during decompressing a
On 2019-01-21, Albretch Mueller wrote:
> I downloaded this file using wget:
>
>
> http://dumps.wikimedia.your.org/other/static_html_dumps/2008-06/en/wikipedia-en-html.tar.7z
>
> and it seems to be fine:
...
> $ 7z l "${_IFL}"
>
...
>Date TimeAttr Size Compressed
On 2019-01-23, Stefan Bodewig wrote:
> On 2019-01-21, Albretch Mueller wrote:
>> I downloaded this file using wget:
>>
>> http://dumps.wikimedia.your.org/other/static_html_dumps/2008-06/en/wikipedia-en-html.tar.7z
>> and it seems to be fine:
> ...
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.19.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Re-Sending with fixed subject, sorry]
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.19.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include:
://commons.apache.org/proper/commons-compress/security-reports.html
Stefan Bodewig
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAl1lgKIACgkQohFa4V9ri3IsSwCg0tYlFA5WXy6EuHFtRjsbVofR
WjAAn2uNwEELGpIR2JiRO+jEAyxQJZvV
=Ds0n
-END PGP SIGNATURE
[thanks to sebb for changing the subject line]
On 2019-09-28, Christopher Schultz wrote:
> According to
> https://commons.apache.org/proper/commons-compress/limitations.html,
> ZIP support does not include AES encryption when *writing* archives.
You must have looked at the entry for 7z.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.20.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
On 2020-06-11, Tim Allison wrote:
> We recently made TikaInputStream's skip() inherently strict so that it
> throws an EOF if a parser tries to skip past the end of a file. We didn't
> notice any problems in our regression tests (aside from some likely
> truncated mp4s), but we recently got an
Severity: low
Description:
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
Mitigation:
Severity: low
Description:
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress'
Description:
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
Description:
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
On 2021-07-05, Evgeny Bovykin wrote:
> Is there any date on when 1.21 will be released? Or will it be at
> least released in 2021?
Likely :-)
https://lists.apache.org/thread.html/ra92c3a25b0cdfc4c2a070f7febbba3d034b27e152b42337c679f3f04%40%3Cdev.commons.apache.org%3E
Plan is to have the
85 matches
Mail list logo