fix(deps): update module github.com/cyphar/filepath-securejoin to v0.4.1 #2217
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
There was a problem hiding this comment.
DO NOT MERGE THIS until runc, and therefore Podman, can work with the updated filepath-securejoin.
Follow opencontainers/runc#4590 / containers/podman#25001 .
Compare #2216 .
renovate
bot
force-pushed
the
renovate/github.com-cyphar-filepath-securejoin-0.x
branch
3 times, most recently
from
1ef4b68 to
9f3c82f
Compare
|
Most probably a newer version (0.4.1?) will be released, relaxing the SecureJoin's root requirement (see cyphar/filepath-securejoin#47). Therefore, we can just skip 0.4.0. |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/github.com-cyphar-filepath-securejoin-0.x
branch
4 times, most recently
from
3b4ea2c to
89ff194
Compare
This is now done, so the breaking change is no more. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kolyshkin, renovate[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate
bot
force-pushed
the
renovate/github.com-cyphar-filepath-securejoin-0.x
branch
from
89ff194 to
d4fce61
Compare
For Podman (and therefore c/storage), the more immediate concern was the change to the So this c/storage PR should still wait until containers/podman#25001 succeeds. |
This PR contains the following updates:
v0.3.6->v0.4.1Release Notes
cyphar/filepath-securejoin (github.com/cyphar/filepath-securejoin)
v0.4.1Compare Source
This release fixes a regression introduced in one of the hardening
features added to filepath-securejoin 0.4.0.
rootpaths passed toSecureJoinin 0.4.0 wasfound to be too strict and caused some regressions when folks tried to
update, so this restriction has been relaxed to only return an error if the
path contains a
..component. We still recommend users usefilepath.Clean(and even
filepath.EvalSymlinks) on therootpath they are using, but atleast you will no longer be punished for "trivial" unclean paths. (#46)
Signed-off-by: Aleksa Sarai [email protected]
v0.4.0Compare Source
This release primarily includes a few minor breaking changes to make the
MkdirAll and SecureJoin interfaces more robust against accidental
misuse.
SecureJoin(VFS)will now return an error if the providedrootis not afilepath.Clean'd path.While it is ultimately the responsibility of the caller to ensure the root is
a safe path to use, passing a path like
/symlink/..as a root would resultin the
SecureJoin'd path being placed in/even though/symlink/..might be a different directory, and so we should more strongly discourage
such usage.
All major users of
securejoin.SecureJoinalready ensure that the paths theyprovide are safe (and this is ultimately a question of user error), but
removing this foot-gun is probably a good idea. Of course, this is
necessarily a breaking API change (though we expect no real users to be
affected by it).
Thanks to Erik Sjölund, who initially
reported this issue as a possible security issue.
MkdirAllandMkdirHandlenow take anos.FileMode-style mode argumentinstead of a raw
unix.S_*-style mode argument, which may cause compile-timetype errors depending on how you use
filepath-securejoin. For most users,there will be no change in behaviour aside from the type change (as the
bottom
0o777bits are the same in both formats, and most users are probablyonly using those bits).
However, if you were using
unix.S_ISVTXto set the sticky bit withMkdirAll(Handle)you will need to switch toos.ModeStickyotherwise youwill get a runtime error with this update. In addition, the error message you
will get from passing
unix.S_ISUIDandunix.S_ISGIDwill be different asthey are treated as invalid bits now (note that previously passing said bits
was also an error).
Thanks to the following contributors for helping make this release
possible:
Signed-off-by: Aleksa Sarai [email protected]
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.