refactor: security hardening + mame arcade bios updates

Browse Source

Security fixes:
- Zip-slip protection in _extract_zip_to_archive (sanitize paths)
- Hash verification for large file downloads (cache + post-download)
- Sanitize YAML destination fields against path traversal
- Size limit on ZIP entry reads (512MB cap, prevents zip bombs)
- Download size limits in auto_fetch (100MB cap)
- Reject hashless external downloads
- Sanitize filenames in place_file with basename()

MAME arcade updates from Batocera v38 pack:
- Updated naomi, naomi2, naomigd, awbios, airlbios, hod2bios, hikaru
- Old versions preserved in .variants/ for RetroBat compatibility

Batocera 675/680 (+9), all other platforms unchanged at 0 missing

...

This commit is contained in:

Abdessamad Derraz

2026-03-17 15:32:14 +01:00

parent af74fffa14

commit 5ab82a7898

26 changed files with 338 additions and 269 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

bios/Arcade/Arcade/.variants/airlbios.zip Normal file

Binary file not shown.

BIN

bios/Arcade/Arcade/.variants/hod2bios.zip Normal file

Binary file not shown.

BIN

bios/Arcade/Arcade/.variants/naomi.zip Normal file

Binary file not shown.

BIN

bios/Arcade/Arcade/.variants/naomi2.zip Normal file

Binary file not shown.

BIN

bios/Arcade/Arcade/.variants/naomigd.zip Normal file

Binary file not shown.

BIN

bios/Arcade/Arcade/airlbios.zip

Binary file not shown.

BIN

bios/Arcade/Arcade/hod2bios.zip

Binary file not shown.

BIN

bios/Arcade/Arcade/naomi.zip

Binary file not shown.

BIN

bios/Arcade/Arcade/naomi2.zip

Binary file not shown.

BIN

bios/Arcade/Arcade/naomigd.zip

Binary file not shown.