projects / rustc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15004c6) | patch
archive: Unconditionally honor PAX size (#441)
authorAlex Crichton <alex@alexcrichton.com>
Thu, 19 Mar 2026 21:56:51 +0000 (16:56 -0500)
committerFabian Grünbichler <debian@fabian.gruenbichler.email>
Wed, 8 Apr 2026 17:02:02 +0000 (19:02 +0200)
commited4cee3ef66deb575387bbd9ed0e0dd5aa081e3b
tree08f8fd2e944a08b3172d933e0fda084ef0dd316ctree | snapshot
parent15004c6a33775071a11749664398de8b2e2aea99commit | diff
archive: Unconditionally honor PAX size (#441)

This synchronizes our behavior with most other tar parsers
(including astral-tokio-tar and Go archive/tar) ensuring
that we don't parse things differently.

The problem with parsing size in particular differently is
it's easy to craft a tar archive that appears completely differently
between two parsers. This is the case with e.g. crates.io where
astral-tokio-tar is used for validation server side, but cargo uses
the `tar` crate to upload.

With this, the two projects agree.

Signed-off-by: Colin Walters <walters@verbum.org>
Co-authored-by: Colin Walters <walters@verbum.org>
FG: drop test-related changes
Signed-off-by: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Fixes: CVE-2026-33055
Gbp-Pq: Topic vendor
Gbp-Pq: Name tar-CVE-2026-33055.patch
vendor/tar-0.4.44/src/archive.rs diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.