From a2aec39d74b0b5e8e7d11f5ab7f5289afe4caec3 Mon Sep 17 00:00:00 2001
From: Michael Gehring <mg@ebfe.org>
Date: Thu, 13 Jul 2017 07:56:47 +0000
Subject: [PATCH] lib/package_unpack.c: refuse to unpack to absolute paths

---
 README.md               | 2 +-
 include/xbps_api_impl.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ce880dc7..349d6cc1 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ To build this you'll need:
   - [pkg-config](http://www.freedesktop.org/wiki/Software/pkg-config/)
   - [zlib](http://www.zlib.net)
   - [openssl](http://www.openssl.org)
-  - [libarchive >= 2.8.0](http://www.libarchive.org)
+  - [libarchive >= 3.2.0](http://www.libarchive.org)
 
 and optionally:
 
diff --git a/include/xbps_api_impl.h b/include/xbps_api_impl.h
index 793fc888..ce74c2c9 100644
--- a/include/xbps_api_impl.h
+++ b/include/xbps_api_impl.h
@@ -47,6 +47,7 @@
 
 #define EXTRACT_FLAGS	ARCHIVE_EXTRACT_SECURE_NODOTDOT | \
 			ARCHIVE_EXTRACT_SECURE_SYMLINKS | \
+			ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS | \
 			ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_PERM | \
 			ARCHIVE_EXTRACT_UNLINK
 #define FEXTRACT_FLAGS	ARCHIVE_EXTRACT_OWNER | EXTRACT_FLAGS