tags 854723 + pending thanks > diffoscope may write to arbitrary locations on disk depending on the contents > of an untrusted archive
We can actually avoid all edge-cases of sanitisation by simply not using the supplied filename and maintaining our own mapping. Given this is both safer (and has far less code) I've gone ahead and committed that here: https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=632a40828a54b399787c25e7fa243f732aef7e05 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-