On Sun, 24 Apr 2005, Frederick Bruckman wrote:

> I don't have access to any hosts running current today, but I did verify that 
> the exploit I described in the PR is blocked, after pulling up the changes in 
> the message that attached to the PR, to netbsd-2-0. 
> (src/bin/pax/ar_io.c,v1.42 is a prerequisite for them, by the way.)

Maybe I spoke too soon...

I now can't untar "xscreensaver-4.21.tar.gz" without "--insecure", 
without all sorts of complaints such as:

   tar: Cannot resolve `xscreensaver-4.21/README'

There are no symlinks in the archive. The only thing that stands out 
is that there's no "./" ahead of every item in the archive.


Frederick