Package: tar Version: 1.29b-1.1 Severity: normal The previous tar version 1.29b-1 has cast away the leading '../' on extract, so I can put the files in an arbitrary subdir. With the new behavior in 1.29b-1.1 (ignore files with '..') I need to use the option --absolute-names. Thereby I spread the files and directories outside my target subdir. Even worse, if I extract by mistake a malicious tar file with a leading '/' I maybe destroy existing settings (let's say within /etc).
Can You please restore the ancient behavior? For me practicable is also an additional tar option which will throw out leading '..' I tried to use '--transform', but the error on pathname will strike before. Thank You very much. Greetings, Volker -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages tar depends on: ii libacl1 2.2.52-3+b1 ii libc6 2.24-10 ii libselinux1 2.6-3+b1 tar recommends no packages. Versions of packages tar suggests: ii bzip2 1.0.6-8.1 pn ncompress <none> pn tar-scripts <none> ii xz-utils 5.2.2-1.2+b1 -- no debconf information
