New submission from Artem Bulgakov :
tarfile sets FNAME field to the path given by user: Lib/tarfile.py:424
It writes full path instead of just basename if user specified absolute path.
Some archive viewer apps like 7-Zip may process file incorrectly. Also it
creates security issue because
Change by Artem Bulgakov :
--
keywords: +patch
pull_requests: +20646
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/21511
___
Python tracker
<https://bugs.python.org/issu
Artem Bulgakov added the comment:
Hi. My PR doesn't remove the possibility to add tree into tar file. It only
fixes header for GZIP compression. Any data after this header is not affected.
You can test it by creating two archives with the same data but one with my
patch and the s
