Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.16] fix installing roles with symlinks containing '..' (#82165) #82323

Merged
merged 1 commit into from
Jan 18, 2024
Merged

[2.16] fix installing roles with symlinks containing '..' (#82165) #82323

merged 1 commit into from
Jan 18, 2024

Conversation

s-hertel
Copy link
Contributor

SUMMARY

Backporting #82165

Set the tarfile attribute to a normalized value from unfrackpath instead of validating path parts and omiting potentially invald parts

Allow tarfile paths/links containing '..', '$', '~' as long as the normalized realpath is in the tarfile's role directory

(cherry picked from commit 3a42a00)

ISSUE TYPE
  • Bugfix Pull Request

@s-hertel
Targeted fix for installing roles with symlinks containing '..' (ansi…
90a23c8 
…ble#82165)

Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts

Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory

(cherry picked from commit 3a42a00)
@ansibot ansibot added bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. backport This PR does not target the devel branch. labels Nov 30, 2023
@webknjaz
Copy link
Member

webknjaz commented Dec 1, 2023

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Dec 15, 2023
@nitzmahone
Copy link
Member

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ansibot ansibot removed the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Jan 18, 2024
@sivel sivel merged commit a25fe10 into ansible:stable-2.16 Jan 18, 2024
78 checks passed
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Jan 22, 2024
@ansible ansible locked and limited conversation to collaborators Feb 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
backport This PR does not target the devel branch. bug This issue/PR relates to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@s-hertel @webknjaz @nitzmahone @sivel @ansibot