Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent arbitrary symlinks from tarballs
If a tarball had a symlink pointing outside the extract directory,
it would be extracted without complain. Now, such a symlink will
generate an error.
  • Loading branch information
datacharmer committed Dec 16, 2020
1 parent 9fb4cd3 commit 548e256
Show file tree
Hide file tree
Showing 6 changed files with 229 additions and 28 deletions.
2 changes: 1 addition & 1 deletion .build/VERSION
@@ -1 +1 @@
1.58.1
1.58.2
6 changes: 6 additions & 0 deletions CHANGELOG.md
@@ -1,3 +1,9 @@
## 1.58.2 16-Dec-2020

### BUGS FIXED

* Prevent arbitrary symlinks from being extracted with tarballs

## 1.58.1 15-Dec-2020

### BUGS FIXED
Expand Down
4 changes: 2 additions & 2 deletions common/version.go
Expand Up @@ -16,9 +16,9 @@
package common

// This file was generated during build. Do not edit.
// Build time: 2020-12-14 16:00
// Build time: 2020-12-15 10:49

var VersionDef string = "1.58.1" // 2020-12-14
var VersionDef string = "1.58.2" // 2020-12-15

// Compatible version is the version used to mark compatible archives (templates, configuration).
// It is usually major.minor.0, except when we are at version 0.x, when
Expand Down
10 changes: 5 additions & 5 deletions go.mod
Expand Up @@ -8,11 +8,11 @@ require (
github.com/dustin/go-humanize v1.0.0
github.com/go-sql-driver/mysql v1.4.1
github.com/nightlyone/lockfile v0.0.0-20180618180623-0ad87eef1443
github.com/pkg/errors v0.8.1
github.com/spf13/cobra v1.0.0
github.com/spf13/pflag v1.0.3
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.1.1
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.4.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b // indirect
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
)

0 comments on commit 548e256

Please sign in to comment.