GNU bug report logs - #36699
[PATCH 0/4] Strengthen '.guix-channel' file handling

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 16 Jul 2019 23:21:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#36699: closed ([PATCH 0/4] Strengthen '.guix-channel' file
 handling)
Date: Fri, 19 Jul 2019 09:55:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Fri, 19 Jul 2019 11:54:49 +0200
with message-id <87h87ie4d2.fsf <at> gnu.org>
and subject line Re: [bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling
has caused the debbugs.gnu.org bug report #36699,
regarding [PATCH 0/4] Strengthen '.guix-channel' file handling
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
36699: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=36699
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: guix-patches <at> gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 0/4] Strengthen '.guix-channel' file handling
Date: Wed, 17 Jul 2019 01:20:16 +0200

Hello Guix,

These patches change ‘.guix-channel’ parsing and handling following
the same pattern as <manifest>/read-manifest/profile-manifest and
other places where we deal with serialized data structures.

The last patch addresses a potential security issue with the
‘directory’ field of ‘.guix-channel’ that hadn’t occurred to me
while reviewing it.

Thoughts?

Ludo’.

Ludovic Courtès (4):
  channels: Strictly check the version of '.guix-channel'.
  channels: Remove unneeded 'version' field of <channel-metadata>.
  channels: Always provide a <channel-metadata> record.
  channels: Reject directories with '..' in '.guix-channel' file.

 guix/channels.scm  | 102 +++++++++++++++++++++++++++++----------------
 tests/channels.scm |  81 +++++++++++++++++++++++++----------
 2 files changed, 124 insertions(+), 59 deletions(-)

-- 
2.22.0




[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: 36699-done <at> debbugs.gnu.org
Subject: Re: [bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling
Date: Fri, 19 Jul 2019 11:54:49 +0200

Hello,

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Ludovic Courtès (4):
>   channels: Strictly check the version of '.guix-channel'.
>   channels: Remove unneeded 'version' field of <channel-metadata>.
>   channels: Always provide a <channel-metadata> record.
>   channels: Reject directories with '..' in '.guix-channel' file.

I pushed the first three patches and discarded the last one, as
discussed with Danny.

Ludo’.
This bug report was last modified 5 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.