Skip to content

chore(deps): update rust crate tar to v0.4.45#154396

Merged
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
xtqqczze:deps/tar
Mar 28, 2026
Merged

chore(deps): update rust crate tar to v0.4.45#154396
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
xtqqczze:deps/tar

Conversation

@xtqqczze
Copy link
Copy Markdown
Contributor

@xtqqczze xtqqczze commented Mar 26, 2026

Fix RUSTSEC-2026-0068: tar-rs incorrectly ignores PAX size headers if header size is nonzero
Fix RUSTSEC-2026-0067: unpack_in can chmod arbitrary directories by following symlinks

@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Mar 26, 2026

Some changes occurred in src/tools/clippy

cc @rust-lang/clippy

Some changes occurred in src/tools/opt-dist

cc @Kobzol

These commits modify the Cargo.lock file. Unintentional changes to Cargo.lock can be introduced when switching branches and rebasing PRs.

If this was unintentional then you should revert the changes before this PR is merged.
Otherwise, you can ignore this comment.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-clippy Relevant to the Clippy team. labels Mar 26, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Mar 26, 2026

r? @clubby789

rustbot has assigned @clubby789.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: bootstrap
  • bootstrap expanded to 6 candidates
  • Random selection from Mark-Simulacrum, clubby789, jieyouxu

@clubby789
Copy link
Copy Markdown
Contributor

clubby789 commented Mar 27, 2026

LGTM, except that the changes to Clippy should be made to https://github.com/rust-lang/rust-clippy instead.

@samueltardieu
Copy link
Copy Markdown
Member

samueltardieu commented Mar 27, 2026

LGTM, except that the changes to Clippy should be made to https://github.com/rust-lang/rust-clippy instead.

Indeed, especially since AFAIK lintcheck is not tested nor run by the CI inside the r-l/r repository.

@xtqqczze
Copy link
Copy Markdown
Contributor Author

xtqqczze commented Mar 27, 2026

LGTM, except that the changes to Clippy should be made to https://github.com/rust-lang/rust-clippy instead.

rust-lang/rust-clippy#16771

clubby789
clubby789 approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@clubby789 clubby789 left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me when green

View changes since this review

@xtqqczze
Copy link
Copy Markdown
Contributor Author

xtqqczze commented Mar 27, 2026

LGTM, except that the changes to Clippy should be made to https://github.com/rust-lang/rust-clippy instead.

rebased; it would be helpful if rustbot could explain that a subtree was changed.

@clubby789 clubby789 mentioned this pull request Mar 27, 2026
Open
@clubby789
Copy link
Copy Markdown
Contributor

clubby789 commented Mar 27, 2026

@bors r+ rollup

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors bot commented Mar 27, 2026

📌 Commit afe3ab6 has been approved by clubby789

It is now in the queue for this repository.

@rust-bors rust-bors bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 27, 2026
@Zalathar Zalathar mentioned this pull request Mar 28, 2026
Merged
rust-bors bot pushed a commit that referenced this pull request Mar 28, 2026
@bors
Auto merge of #154489 - Zalathar:rollup-wBQK8Wt, r=Zalathar
a4018a2 
Rollup of 9 pull requests

Successful merges:

 - #154357 (uefi: extend comment for TcpStream Send impl)
 - #154410 (Clean up the API for opening/checking incremental-compilation files )
 - #154081 (format safety doc of Rc/Arc::from_raw/from_raw_in)
 - #154110 (Change "error finalizing incremental compilation" text and emit it as a note, not a warning)
 - #154196 (Make `Ipv6Addr::multicast_scope()` exhaustive)
 - #154221 (`vec::as_mut_slice()`: use lowercase "isize" in safety comment)
 - #154234 (Use common Timestamp impl in Hermit (attempt 2))
 - #154396 (chore(deps): update rust crate tar to v0.4.45)
 - #154488 (Revert "Unstable book options parser")
rust-bors bot pushed a commit that referenced this pull request Mar 28, 2026
@bors
Auto merge of #154489 - Zalathar:rollup-wBQK8Wt, r=Zalathar
79531c5 
Rollup of 9 pull requests

Successful merges:

 - #154357 (uefi: extend comment for TcpStream Send impl)
 - #154410 (Clean up the API for opening/checking incremental-compilation files )
 - #154081 (format safety doc of Rc/Arc::from_raw/from_raw_in)
 - #154110 (Change "error finalizing incremental compilation" text and emit it as a note, not a warning)
 - #154196 (Make `Ipv6Addr::multicast_scope()` exhaustive)
 - #154221 (`vec::as_mut_slice()`: use lowercase "isize" in safety comment)
 - #154234 (Use common Timestamp impl in Hermit (attempt 2))
 - #154396 (chore(deps): update rust crate tar to v0.4.45)
 - #154488 (Revert "Unstable book options parser")
@rust-bors rust-bors bot merged commit 624c3c0 into rust-lang:main Mar 28, 2026
11 checks passed
@rustbot rustbot added this to the 1.96.0 milestone Mar 28, 2026
rust-timer added a commit that referenced this pull request Mar 28, 2026
@rust-timer
Unrolled build for #154396
1341aae 
Rollup merge of #154396 - xtqqczze:deps/tar, r=clubby789

chore(deps): update rust crate tar to v0.4.45

Fix [RUSTSEC-2026-0068](https://rustsec.org/advisories/RUSTSEC-2026-0068.html): tar-rs incorrectly ignores PAX size headers if header size is nonzero
Fix [RUSTSEC-2026-0067](https://rustsec.org/advisories/RUSTSEC-2026-0067.html): `unpack_in` can chmod arbitrary directories by following symlinks
@xtqqczze xtqqczze deleted the deps/tar branch March 28, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clubby789 clubby789 clubby789 approved these changes

Assignees

@clubby789 clubby789

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-clippy Relevant to the Clippy team.

Projects

None yet

Milestone

1.96.0

Development

Successfully merging this pull request may close these issues.

4 participants

@xtqqczze @rustbot @clubby789 @samueltardieu