[go/release-branch.go1.25] [release-branch.go1.25] cmd/pack: refuse to extract files with directory components
0 views
Skip to first unread message
Michael Pratt (Gerrit)
Apr 29, 2026, 4:16:12 PM (21 hours ago) Apr 29
to Michael Pratt, Damien Neil, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Nicholas Husin, Nicholas Husin, golang-co...@googlegroups.com
Michael Pratt submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[release-branch.go1.25] cmd/pack: refuse to extract files with directory components
Do not write to /etc/passwd when running "go tool pack x evil.a"
on an archive containing a file named /etc/passwd.
For #78778
Fixes #78790
Change-Id: I4cf69b81af62321ffbb41ace679672a86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767520
Reviewed-by: Nicholas Husin <n...@golang.org>
LUCI-TryBot-Result: golang...@luci-project-accounts.iam.gserviceaccount.com <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <hu...@google.com>
(cherry picked from commit 7409ada33f99c0d74db2b0389c51a15de116e48d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767660
Files:
- M src/cmd/pack/pack.go
- M src/cmd/pack/pack_test.go
Change size: S
Delta: 2 files changed, 49 insertions(+), 0 deletions(-)
Branch: refs/heads/release-branch.go1.25
Submit Requirements:
Code-Review: +2 by Nicholas Husin, +1 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by golang...@luci-project-accounts.iam.gserviceaccount.com
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Pratt (Gerrit)
Apr 29, 2026, 4:16:18 PM (21 hours ago) Apr 29
to Michael Pratt, Damien Neil, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Nicholas Husin, Nicholas Husin, golang-co...@googlegroups.com
Michael Pratt submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[release-branch.go1.26] cmd/pack: refuse to extract files with directory components
Do not write to /etc/passwd when running "go tool pack x evil.a"
on an archive containing a file named /etc/passwd.
For #78778
Fixes #78791
Change-Id: I4cf69b81af62321ffbb41ace679672a86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767520
Reviewed-by: Nicholas Husin <n...@golang.org>
LUCI-TryBot-Result: golang...@luci-project-accounts.iam.gserviceaccount.com <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <hu...@google.com>
(cherry picked from commit 7409ada33f99c0d74db2b0389c51a15de116e48d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767661
Files:
- M src/cmd/pack/pack.go
- M src/cmd/pack/pack_test.go
Change size: S
Delta: 2 files changed, 49 insertions(+), 0 deletions(-)
Branch: refs/heads/release-branch.go1.26
Submit Requirements:
Code-Review: +1 by Nicholas Husin, +2 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by golang...@luci-project-accounts.iam.gserviceaccount.com
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages