CBL-Mariner/SPECS/cert-manager/CVE-2024-26147.patch

44 строки
1.8 KiB
Diff
Исходник Обычный вид История

From d02be38fc6c54828d5eec15efe058c61f3df4a60 Mon Sep 17 00:00:00 2001
From: Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com>
Date: Thu, 30 May 2024 16:33:17 -0700
Subject: [PATCH] backport patch CVE-2024-26147. Based off commit https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af
---
vendor/helm.sh/helm/v3/pkg/plugin/plugin.go | 4 ++++
vendor/helm.sh/helm/v3/pkg/repo/index.go | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go b/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
index 1399b71..df580db 100644
--- a/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
+++ b/vendor/helm.sh/helm/v3/pkg/plugin/plugin.go
@@ -173,6 +173,10 @@ var validPluginName = regexp.MustCompile("^[A-Za-z0-9_-]+$")
// validatePluginData validates a plugin's YAML data.
func validatePluginData(plug *Plugin, filepath string) error {
+ // When metadata section missing, initialize with no data
+ if plug.Metadata == nil {
+ plug.Metadata = &Metadata{}
+ }
if !validPluginName.MatchString(plug.Metadata.Name) {
return fmt.Errorf("invalid plugin name at %q", filepath)
}
diff --git a/vendor/helm.sh/helm/v3/pkg/repo/index.go b/vendor/helm.sh/helm/v3/pkg/repo/index.go
index 60cfe58..94852bb 100644
--- a/vendor/helm.sh/helm/v3/pkg/repo/index.go
+++ b/vendor/helm.sh/helm/v3/pkg/repo/index.go
@@ -347,6 +347,10 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
log.Printf("skipping loading invalid entry for chart %q from %s: empty entry", name, source)
continue
}
+ // When metadata section missing, initialize with no data
+ if cvs[idx].Metadata == nil {
+ cvs[idx].Metadata = &chart.Metadata{}
+ }
if cvs[idx].APIVersion == "" {
cvs[idx].APIVersion = chart.APIVersionV1
}
--
2.34.1