summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgjb <gjb@FreeBSD.org>2015-04-28 18:12:03 +0000
committergjb <gjb@FreeBSD.org>2015-04-28 18:12:03 +0000
commite66d470bac2fe06f148f088cb0a8d26d9ecd2a90 (patch)
tree47a619b46c4abca21bb49a5a83ba4ad240fca466
parenta8eeb1fd3cf65b0855fb155b81d0e203ae3e373c (diff)
downloadFreeBSD-src-e66d470bac2fe06f148f088cb0a8d26d9ecd2a90.zip
FreeBSD-src-e66d470bac2fe06f148f088cb0a8d26d9ecd2a90.tar.gz
Document r281936, disallow ar(1) directory traversal.
Sponsored by: The FreeBSD Foundation
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/article.xml7
1 files changed, 7 insertions, 0 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.xml b/release/doc/en_US.ISO8859-1/relnotes/article.xml
index d6ca94c..f856f3b 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.xml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.xml
@@ -192,6 +192,13 @@
sponsor="&limelight;">A new flag, <literal>-R</literal>, has
been added to the &man.netstat.8; utility, which is used to
dump <acronym>RSS</acronym>/flow information.</para>
+
+ <para revision="281936" contrib="sponsor" sponsor="&ff;">The
+ &man.ar.1; utility has been updated to set
+ <literal>ARCHIVE_EXTRACT_SECURE_SYMLINKS</literal> and
+ <literal>ARCHIVE_EXTRACT_SECURE_NODOTDOT</literal> to disallow
+ directory traversal when extracting an archive, similar to
+ &man.tar.1;.</para>
</sect2>
<sect2 xml:id="userland-contrib">
OpenPOWER on IntegriCloud