archive/tar, archive/zip: disable insecure file name checks with GODEBUG

Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings
to disable file name validation.

For #55356.

Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/452495
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/doc/go1.20.html b/doc/go1.20.html
index 1cbc993087..ebefbe6e06 100644
--- a/doc/go1.20.html
+++ b/doc/go1.20.html
@@ -293,6 +293,10 @@ proxyHandler := &httputil.ReverseProxy{
       Programs that want to operate on archives containing insecure file names may
       ignore this error.
     </p>
+    <p>
+      Insecure tar file name checks may be entirely disabled by setting the
+      <code>GODEBUG=tarinsecurepath=1</code> environment variable.
+    </p>
   </dd>
 </dl><!-- archive/tar -->
 
@@ -308,6 +312,10 @@ proxyHandler := &httputil.ReverseProxy{
       Programs that want to operate on archives containing insecure file names may
       ignore this error.
     </p>
+    <p>
+      Insecure zip file name checks may be entirely disabled by setting the
+      <code>GODEBUG=zipinsecurepath=1</code> environment variable.
+    </p>
     <p><!-- CL 449955 -->
       Reading from a directory file that contains file data will now return an error.
       The zip specification does not permit directory files to contain file data,