Skip to content

[beta 1.95] Update tar to 0.4.45#16770

Merged
epage merged 2 commits intorust-lang:rust-1.95.0from
ehuss:tar-update-beta-1.95
Mar 20, 2026
Merged

[beta 1.95] Update tar to 0.4.45#16770
epage merged 2 commits intorust-lang:rust-1.95.0from
ehuss:tar-update-beta-1.95

Conversation

@ehuss
Copy link
Copy Markdown
Contributor

@ehuss ehuss commented Mar 20, 2026

This updates tar to 0.4.45 to fix CVE-2026-33055 and CVE-2026-33056.

ehuss added 2 commits March 15, 2026 08:36
@ehuss
Add a test for a tar file with a symlink and directory of the same name
23e2412 
This adds a test for a registry package where it has a symlink and a
directory with the same name. The `tar` crate is incorrectly changing
the permissions of the destination of the symlink (which can be anywhere
on the filesystem).
@ehuss
Update tar to 0.4.45
e1fc8be 
This updates tar to 0.4.45 to fix CVE-2026-33055 and CVE-2026-33056.
@rustbot rustbot added A-testing-cargo-itself Area: cargo's tests S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 20, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Mar 20, 2026

r? @weihanglo

rustbot has assigned @weihanglo.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ehuss, @epage, @weihanglo
  • @ehuss, @epage, @weihanglo expanded to ehuss, epage, weihanglo
  • Random selection from epage, weihanglo

@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Mar 20, 2026

⚠️ Warning ⚠️

  • Pull requests are usually filed against the master branch for this repo, but this one is against rust-1.95.0. Please double check that you specified the right target!

@epage epage enabled auto-merge March 20, 2026 00:28
@epage epage merged commit 8b15816 into rust-lang:rust-1.95.0 Mar 20, 2026
31 checks passed
@rustbot rustbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Mar 20, 2026
ehuss added a commit to ehuss/rust that referenced this pull request Mar 25, 2026
@ehuss
Update cargo submodule
5b5a9cf 
2 commits in e8eb8435d5cad936237a1ee798c2f983624d0825..f2d3ce0bd7f24a49f8f72d9000448f8838c4e850
2026-03-06 12:51:00 -0600 to 2026-03-21 06:43:08 -0500
- [beta 1.95] Fix symlink_and_directory when running in a long target dir name (rust-lang/cargo#16776)
- [beta 1.95] Update tar to 0.4.45 (rust-lang/cargo#16770)
@rustbot rustbot added this to the 1.95.0 milestone Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@epage epage epage approved these changes

Assignees

@weihanglo weihanglo

Labels

A-testing-cargo-itself Area: cargo's tests

Projects

None yet

Milestone

1.95.0

Development

Successfully merging this pull request may close these issues.

4 participants

@ehuss @rustbot @epage @weihanglo