[D7] Update Archive_Tar to 1.4.13

Created on 28 April 2021, about 3 years ago
Updated 10 April 2024, 2 months ago

Problem/Motivation

We backported one recent hardening of Archive_Tar in #3195939: hardening of destructor in Archive_Tar β†’ but a few other changes have been made recently which D7 is now out-of-sync with.

Note that this is not a security release - see: #3211037: Inaccurate github security advisory re Archive_Tar and CVE-2020-36193 β†’ .

Steps to reproduce

diff the 1.4.13 release of Archive_Tar's Tar.php with D7's current system.tar.inc

Proposed resolution

Bring system.tar.inc up-to-date with all upstream changes.

Remaining tasks

There is one remaining whitespace only difference, but I think D7 has the correct indentation. I'll file a follow-up with Archive_Tar to fix that upstream.

User interface changes

None.

API changes

Legitimate symlinks within archives will be allowed again, but only if the appropriate option is passed to Archive_Tar's methods. Core doesn't do this so symlinks are not allowed in core's direct use of the class.

Data model changes

None.

Release notes snippet

Not sure we need one.

πŸ“Œ Task
Status

Closed: outdated

Version

7.0 ⚰️

Component
SystemΒ  β†’

Last updated 2 days ago

No maintainer
Created by

πŸ‡¬πŸ‡§United Kingdom mcdruid πŸ‡¬πŸ‡§πŸ‡ͺπŸ‡Ί

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024