44 строки
1.8 KiB
Diff
44 строки
1.8 KiB
Diff
|
From d02be38fc6c54828d5eec15efe058c61f3df4a60 Mon Sep 17 00:00:00 2001
|
||
|
From: Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com>
|
||
|
Date: Thu, 30 May 2024 16:33:17 -0700
|
||
|
Subject: [PATCH] backport patch CVE-2024-26147. Based off commit https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af
|
||
|
|
||
|
---
|
||
|
vendor/helm.sh/helm/v3/pkg/plugin/plugin.go | 4 ++++
|
||
|
vendor/helm.sh/helm/v3/pkg/repo/index.go | 4 ++++
|
||
|
2 files changed, 8 insertions(+)
|
||
|
|
||
|
diff --git a/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go b/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
|
||
|
index 1399b71..df580db 100644
|
||
|
--- a/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
|
||
|
+++ b/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
|
||
|
@@ -173,6 +173,10 @@ var validPluginName = regexp.MustCompile("^[A-Za-z0-9_-]+$")
|
||
|
|
||
|
// validatePluginData validates a plugin's YAML data.
|
||
|
func validatePluginData(plug *Plugin, filepath string) error {
|
||
|
+ // When metadata section missing, initialize with no data
|
||
|
+ if plug.Metadata == nil {
|
||
|
+ plug.Metadata = &Metadata{}
|
||
|
+ }
|
||
|
if !validPluginName.MatchString(plug.Metadata.Name) {
|
||
|
return fmt.Errorf("invalid plugin name at %q", filepath)
|
||
|
}
|
||
|
diff --git a/vendor/helm.sh/helm/v3/pkg/repo/index.go b/vendor/helm.sh/helm/v3/pkg/repo/index.go
|
||
|
index 60cfe58..94852bb 100644
|
||
|
--- a/vendor/helm.sh/helm/v3/pkg/repo/index.go
|
||
|
+++ b/vendor/helm.sh/helm/v3/pkg/repo/index.go
|
||
|
@@ -347,6 +347,10 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
|
||
|
log.Printf("skipping loading invalid entry for chart %q from %s: empty entry", name, source)
|
||
|
continue
|
||
|
}
|
||
|
+ // When metadata section missing, initialize with no data
|
||
|
+ if cvs[idx].Metadata == nil {
|
||
|
+ cvs[idx].Metadata = &chart.Metadata{}
|
||
|
+ }
|
||
|
if cvs[idx].APIVersion == "" {
|
||
|
cvs[idx].APIVersion = chart.APIVersionV1
|
||
|
}
|
||
|
--
|
||
|
2.34.1
|
||
|
|