mdist: fix failure to create tar files the user asked to create

Python added a "feature" to assume tarfile extraction is meant solely for "data", i.e. it ignores many useful features of tar such as symlinks, ownership, or permission modes that are uncommon on Windows. Revert this entirely, as Meson is a "fully trusted" application. It can already execute arbitrary programs, tar files are not vulnerabilities. In theory "tar" mode exists and is not "data", but we are fully trusted so why split hairs? Fixes: https://github.com/mesonbuild/meson/issues/15142
author: Eli Schwartz <eschwartz93@gmail.com> 2025-10-19 11:47:00 -0400
committer: Eli Schwartz <eschwartz93@gmail.com> 2025-10-30 22:16:05 -0400
commit: 6b4f2c7964115fa5d12f8f2234715a2ee67ea8dd (patch)
tree: b9c1225762aebfdb197b1308959b19e94a8db190 /mesonbuild/wrap
parent: 08a78f856b38c774aef382ea97e4fc47a9cd9685 (diff)
download: meson-6b4f2c7964115fa5d12f8f2234715a2ee67ea8dd.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/mesonbuild/wrap/wrap.py b/mesonbuild/wrap/wrap.py
index e7bc4f62a..e6f390a5d 100644
--- a/mesonbuild/wrap/wrap.py
+++ b/mesonbuild/wrap/wrap.py
@@ -57,6 +57,10 @@ WHITELIST_SUBDOMAIN = 'wrapdb.mesonbuild.com'
 
 ALL_TYPES = ['file', 'git', 'hg', 'svn', 'redirect']
 
+if sys.version_info >= (3, 14):
+    import tarfile
+    tarfile.TarFile.extraction_filter = tarfile.fully_trusted_filter
+
 if mesonlib.is_windows():
     from ..programs import ExternalProgram
     from ..mesonlib import version_compare
author	Eli Schwartz <eschwartz93@gmail.com>	2025-10-19 11:47:00 -0400
committer	Eli Schwartz <eschwartz93@gmail.com>	2025-10-30 22:16:05 -0400
commit	6b4f2c7964115fa5d12f8f2234715a2ee67ea8dd (patch)
tree	b9c1225762aebfdb197b1308959b19e94a8db190 /mesonbuild/wrap
parent	08a78f856b38c774aef382ea97e4fc47a9cd9685 (diff)
download	meson-6b4f2c7964115fa5d12f8f2234715a2ee67ea8dd.tar.gz