opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-19 20:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

vendor: update github.com/go-jose/go-jose/v3 to v3.0.4

Browse Source 
Contains a fix for CVE-2025-27144

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2025-02-27 15:36:41 +01:00
parent 470669028f
commit 92c5b08ebd
5 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
vendor/github.com/go-jose/go-jose/v3/jwe.go generated vendored
View File

@ -202,10 +202,11 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
// parseEncryptedCompact parses a message in compact format.
func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
parts := strings.Split(input, ".")
if len(parts) != 5 {
// Five parts is four separators
if strings.Count(input, ".") != 4 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
}
parts := strings.SplitN(input, ".", 5)
rawProtected, err := base64URLDecode(parts[0])
if err != nil {

5
vendor/github.com/go-jose/go-jose/v3/jws.go generated vendored
View File

@ -275,10 +275,11 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
// parseSignedCompact parses a message in compact format.
func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
parts := strings.Split(input, ".")
if len(parts) != 3 {
// Three parts is two separators
if strings.Count(input, ".") != 2 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
}
parts := strings.SplitN(input, ".", 3)
if parts[1] != "" && payload != nil {
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")