v0.3.1

• By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
  to do the necessary "partial lookups", Open(at)InRoot now does less work
  for both implementations (resulting in a many-fold decrease in the number of
  operations for openat2, and a modest improvement for non-openat2) and is
  far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
  behaviour.

• We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
  effectively just means that we no longer risk getting spurious errors during
  rename races. However, for our hardened procfs handler, this in theory should
  prevent mount attacks from tricking us when doing magic-link readlinks (even
  when using the unsafe host /proc handle). Unfortunately Reopen is still
  potentially vulnerable to those kinds of somewhat-esoteric attacks.

  Technically this will only work on post-2.6.39 kernels
  but it seems incredibly unlikely anyone is using filepath-securejoin on a
  pre-2011 kernel.

• Several improvements were made to the errors returned by Open(at)InRoot and
  MkdirAll when dealing with invalid paths under the emulated (ie.
  non-openat2) implementation. Previously, some paths would return the wrong
  error (ENOENT when the last component was a non-directory), and other paths
  would be returned as though they were acceptable (trailing-slash components
  after a non-directory would be ignored by Open(at)InRoot).

  These changes were done to match openat2's behaviour and purely is a
  consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai [email protected]