On 10/30/25 08:00, Petr Sumbera wrote:
Is there any progress with this please?
Still working on it. The patch you sent fixes that test case, but it doesn't fix all the attacks and it's too slow and leaks memory. We need something better.
In the meantime if you follow the instructions in the manual (extract untrusted tarballs only into empty directories) you should be OK. The problem occurs only with users who don't follow the instructions.
