The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=f9f46294d6af2a937afa74938bd4bb6826cbb921
commit f9f46294d6af2a937afa74938bd4bb6826cbb921 Author: Ed Maste <[email protected]> AuthorDate: 2026-05-27 13:29:21 +0000 Commit: Ed Maste <[email protected]> CommitDate: 2026-05-28 13:03:45 +0000 bsdinstall: Use libarchive secure flags for extract This doesn't really matter, as we trust that the installer tarballs are not malicious, but it doesn't hurt to set these flags. Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57274 --- usr.sbin/bsdinstall/distextract/distextract.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.sbin/bsdinstall/distextract/distextract.c b/usr.sbin/bsdinstall/distextract/distextract.c index 32bd9453eb80..35cf19aae33f 100644 --- a/usr.sbin/bsdinstall/distextract/distextract.c +++ b/usr.sbin/bsdinstall/distextract/distextract.c @@ -291,6 +291,8 @@ extract_files(struct bsddialog_fileminibar *file) /* If that went well, perform the extraction */ if (retval == ARCHIVE_OK) retval = archive_read_extract(archive, entry, + ARCHIVE_EXTRACT_SECURE_NODOTDOT | + ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS | ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_OWNER | ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL | ARCHIVE_EXTRACT_XATTR | ARCHIVE_EXTRACT_FFLAGS);
