busybox

mirror of https://git.busybox.net/busybox synced 2025-10-16 15:13:44 +00:00

History

Denys Vlasenko f5e1bf966b archival/libarchive: sanitize filenames on output (prevent control sequence attacks This fixes CVE-2025-46394 (terminal escape sequence injection) Original credit: Ian.Norton at entrust.com function old new delta header_list 9 15 +6 header_verbose_list 239 244 +5 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0) Total: 11 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>		2025-09-24 03:30:12 +02:00
..
libarchive	archival/libarchive: sanitize filenames on output (prevent control sequence attacks	2025-09-24 03:30:12 +02:00
ar.c	libbb: eliminate a static data array in bb_mode_string()	2021-09-17 01:18:31 +02:00
bbunzip.c	libbb/archival: make setup_unzip_on_fd() return bytes read if not compressed	2025-04-20 23:49:33 +02:00
bbunzip_test.sh
bbunzip_test2.sh
bbunzip_test3.sh
bzip2.c	*: --help tweaks	2021-06-14 20:47:20 +02:00
chksum_and_xwrite_tar_header.c	tar,smemcap: silence compiler warning	2021-08-22 15:44:57 +02:00
Config.src	archival: disallow path traversals (CVE-2023-39810)	2025-04-16 03:03:17 +02:00
cpio.c	cpio: map -F to --file long option	2025-07-02 00:07:18 +02:00
dpkg.c	*: style fix	2022-08-30 16:41:17 +02:00
dpkg_deb.c	Update applet size estimates	2023-07-10 17:25:21 +02:00
gzip.c	*: --help tweaks	2021-06-14 20:47:20 +02:00
Kbuild.src
lzop.c	Update applet size estimates	2023-07-10 17:25:21 +02:00
rpm.c	rpm2cpio: extract cpio even if compression is not known	2025-04-20 23:59:38 +02:00
rpm.h
tar.c	libbb/archival: make setup_unzip_on_fd() return bytes read if not compressed	2025-04-20 23:49:33 +02:00
tar_symlink_attack
unzip.c	unzip: document some options we might support	2023-02-23 12:00:36 +01:00