fix(deps): update module github.com/vbatts/tar-split to v0.11.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
(cherry picked from commit e5f427b4ce)
Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
This commit is contained in:
Daniel J Walsh
Ayato Tokubi
parent
3d75bd3f50
commit
b78c0cb4aa
2
go.mod
2
go.mod
|
|
@ -29,7 +29,7 @@ require (
|
|||
github.com/stretchr/testify v1.9.0
|
||||
github.com/tchap/go-patricia/v2 v2.3.1
|
||||
github.com/ulikunitz/xz v0.5.12
|
||||
github.com/vbatts/tar-split v0.11.6
|
||||
github.com/vbatts/tar-split v0.11.7
|
||||
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
|
||||
golang.org/x/sys v0.26.0
|
||||
gotest.tools v2.2.0+incompatible
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -116,8 +116,8 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG
|
|||
github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
|
||||
github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
|
||||
github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
|
||||
github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs=
|
||||
github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI=
|
||||
github.com/vbatts/tar-split v0.11.7 h1:ixZ93pO/GmvaZw4Vq9OwmfZK/kc2zKdPfu0B+gYqs3U=
|
||||
github.com/vbatts/tar-split v0.11.7/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ func TestListOptsWithoutValidator(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestListOptsWithValidator(t *testing.T) {
|
||||
// Re-using logOptsvalidator (used by MapOpts)
|
||||
// Reusing logOptsvalidator (used by MapOpts)
|
||||
o := opts.NewListOpts(logOptsValidator)
|
||||
err := o.Set("foo")
|
||||
assert.EqualError(t, err, "invalid key foo")
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error
|
|||
// This should be used to prevent a potential attacker from manipulating `dest`
|
||||
// such that it would provide access to files outside of `dest` through things
|
||||
// like symlinks. Normally `ResolveSymlinksInScope` would handle this, however
|
||||
// sanitizing symlinks in this manner is inherrently racey:
|
||||
// sanitizing symlinks in this manner is inherently racey:
|
||||
// ref: CVE-2018-15664
|
||||
func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
|
||||
return untarHandler(tarArchive, dest, options, true, root)
|
||||
|
|
|
|||
|
|
@ -143,6 +143,10 @@ const (
|
|||
blockSize = 512 // Size of each block in a tar stream
|
||||
nameSize = 100 // Max length of the name field in USTAR format
|
||||
prefixSize = 155 // Max length of the prefix field in USTAR format
|
||||
|
||||
// Max length of a special file (PAX header, GNU long name or link).
|
||||
// This matches the limit used by libarchive.
|
||||
maxSpecialFileSize = 1 << 20
|
||||
)
|
||||
|
||||
// blockPadding computes the number of bytes needed to pad offset up to the
|
||||
|
|
|
|||
|
|
@ -144,7 +144,7 @@ func (tr *Reader) next() (*Header, error) {
|
|||
continue // This is a meta header affecting the next header
|
||||
case TypeGNULongName, TypeGNULongLink:
|
||||
format.mayOnlyBe(FormatGNU)
|
||||
realname, err := io.ReadAll(tr)
|
||||
realname, err := readSpecialFile(tr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -338,7 +338,7 @@ func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) {
|
|||
// parsePAX parses PAX headers.
|
||||
// If an extended header (type 'x') is invalid, ErrHeader is returned
|
||||
func parsePAX(r io.Reader) (map[string]string, error) {
|
||||
buf, err := io.ReadAll(r)
|
||||
buf, err := readSpecialFile(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -889,6 +889,16 @@ func tryReadFull(r io.Reader, b []byte) (n int, err error) {
|
|||
return n, err
|
||||
}
|
||||
|
||||
// readSpecialFile is like io.ReadAll except it returns
|
||||
// ErrFieldTooLong if more than maxSpecialFileSize is read.
|
||||
func readSpecialFile(r io.Reader) ([]byte, error) {
|
||||
buf, err := io.ReadAll(io.LimitReader(r, maxSpecialFileSize+1))
|
||||
if len(buf) > maxSpecialFileSize {
|
||||
return nil, ErrFieldTooLong
|
||||
}
|
||||
return buf, err
|
||||
}
|
||||
|
||||
// discard skips n bytes in r, reporting an error if unable to do so.
|
||||
func discard(tr *Reader, n int64) error {
|
||||
var seekSkipped, copySkipped int64
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ github.com/ulikunitz/xz
|
|||
github.com/ulikunitz/xz/internal/hash
|
||||
github.com/ulikunitz/xz/internal/xlog
|
||||
github.com/ulikunitz/xz/lzma
|
||||
# github.com/vbatts/tar-split v0.11.6
|
||||
# github.com/vbatts/tar-split v0.11.7
|
||||
## explicit; go 1.17
|
||||
github.com/vbatts/tar-split/archive/tar
|
||||
github.com/vbatts/tar-split/tar/asm
|
||||
|
|
|
|||
Loading…
Reference in New Issue