mirrors/tar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When extracting, skip ".." members

Browse Source 
* NEWS: Document this.
* src/extract.c (extract_archive): Skip members whose names
contain "..".
This commit is contained in:
Paul Eggert
2016-10-29 21:04:40 -07:00
committed by Paul Eggert
parent 1d2674bacc
commit 7340f67b98
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
NEWS
View File

@@ -1,9 +1,15 @@
GNU tar NEWS - User visible changes. 2016-05-27
GNU tar NEWS - User visible changes. 2016-10-29
Please send GNU tar bug reports to <bug-tar@gnu.org>
version 1.29.90 (Git)
* Member names containing '..' components are now skipped when extracting.
This fixes tar's behavior to match its documentation, and is a bit
safer when extracting untrusted archives over old files (an unsafe
practice that the tar manual has long recommended against).
* Report erroneous use of positional options.
During archive creation or update, tar keeps track of positional