busybox

mirror of https://git.busybox.net/busybox synced 2025-05-10 04:33:59 +02:00

History

Denys Vlasenko 9a8796436b archival: disallow path traversals (CVE-2023-39810) Create new configure option for archival/libarchive based extractions to disallow path traversals. As this is a paranoid option and might introduce backward incompatibility, default it to no. Fixes: CVE-2023-39810 Based on the patch by Peter Kaestle <peter.kaestle@nokia.com> function old new delta data_extract_all 921 945 +24 strip_unsafe_prefix 101 102 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0) Total: 25 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>		2025-04-16 03:03:17 +02:00
..
.gitignore	add .gitignore files	2009-05-05 09:05:30 -04:00
BIG.FAT.WARNING	Remove 'busybox' word from configuration programs	2008-05-28 11:59:32 +00:00
check-lxdialog.sh	archival: disallow path traversals (CVE-2023-39810)	2025-04-16 03:03:17 +02:00
checklist.c	build system overhaul	2006-10-05 10:17:08 +00:00
colors.h	build system overhaul	2006-10-05 10:17:08 +00:00
dialog.h	build system overhaul	2006-10-05 10:17:08 +00:00
inputbox.c	build system overhaul	2006-10-05 10:17:08 +00:00
lxdialog.c	build system: fix compiler warnings	2019-01-06 20:12:16 +01:00
Makefile	- forgot to pass in the HOST_EXTRACFLAGS	2008-08-28 14:29:54 +00:00
menubox.c	whitespace fixes (leading spaces to tab)	2007-01-13 21:06:21 +00:00
msgbox.c	build system overhaul	2006-10-05 10:17:08 +00:00
textbox.c	get rid of several "variable 'x' set but not used" warnings	2011-05-01 14:43:53 +02:00
util.c	dont use obsolete function index() as pointed out by src.obsolete.funcs	2007-03-17 06:29:05 +00:00
yesno.c	build system overhaul	2006-10-05 10:17:08 +00:00