archive_tar: Fails extracting specific app archives #26708
Comments
|
This issue actually has already been fixed with 1.4.13. So I would suggest updating pear/archive_tar to this version. |
|
I have also seen there is already a dependabot merge nextcloud/3rdparty#622 for this. This MR should fix the issue. |
szaimen
added
the
0. Needs triage
|
Is this Issue still valid in NC21.0.3? If not, please close this issue. Thanks! :) |
|
I'm closing this issue since we don't seem to be running into it on the newest version anymore. Thanks! |
|
I have come across this issue again in v21: nextcloud/recognize#52 |
|
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. |
ghost
added
the
|
Should be fixed in the next release |
|
One of my users just hit this error again with v23.0.4: nextcloud/recognize#198 |
|
I have same error with v25.0.2 |
pear/archive_tar currently contains code that rejects relative symlinks with references to parent folders that are inside TAR archives as described in pear/Archive_Tar#35 and pear/Archive_Tar#37 (dupe).
This leads to apps such as Social failing to install since they are falsely detected as extracting out-of-path.
I am creating this ticket merely to track this issue until a fix is released.
The text was updated successfully, but these errors were encountered: