Only extract rulefiles which are located in a rules directory and/or in the archive root.

This prevents us from extracting experimental or binary rules etc. which often are located in corresponding sub-directories.

Reference: #12794.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/cfgroot/ids-functions.pl | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 7223e6bea..2736363a5 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -533,6 +533,9 @@ sub extractruleset ($) {

# Handle rules files. } elsif ($file =~ m/.rules$/) { + # Skip rule files which are not located in the rules directory or archive root. + next unless(($packed_file =~ /^rules//) || ($packed_file !~ ///)); + my $rulesfilename;

# Splitt the filename into chunks.