- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 33.2k
          gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing')
          #135037
        
          New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
…path(strict='allow_missing')` Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517. Co-authored-by: Petr Viktorin <[email protected]> Signed-off-by: Łukasz Langa <[email protected]>
| See also #71189. | 
Co-authored-by: Adam Turner <[email protected]>
| 
 To align with this, there'd be a  | 
| 🤖 New build scheduled with the buildbot fleet by @encukou for commit 5af66c6 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F135037%2Fmerge If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again. | 
Co-authored-by: Serhiy Storchaka <[email protected]>
This reverts commit fd2013a.
Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517.
[edit @encukou]: Also addresses CVE-2025-4435. Sorry for leaving that out of the commit messages.
Co-authored-by: Petr Viktorin [email protected]
Signed-off-by: Łukasz Langa [email protected]
filter="tar"/filter="data") #135034📚 Documentation preview 📚: https://cpython-previews--135037.org.readthedocs.build/