GNU bug report logs - #61201
Installation hint crashes when user names contain at sign

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Tue, 31 Jan 2023 17:06:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #19 received at 61201-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 61749-done <at> debbugs.gnu.org
Cc: 61201-done <at> debbugs.gnu.org
Subject: Re: bug#61749: [PATCH] ui: 'display-hint' quotes extra arguments
 for Texinfo.
Date: Mon, 27 Feb 2023 23:55:16 +0100

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Fixes <https://issues.guix.gnu.org/61201>.
>
> Previously, common practice was to splice arbitrary strings (user names,
> file names, etc.) into Texinfo snippets passed to 'display-hint'.  This
> is unsafe in the general case because at signs and braces need to be
> escaped to produced valid Texinfo.  This commit addresses that.
>
> * guix/ui.scm (texinfo-quote): New procedure.
> (display-hint): When ARGUMENTS is non-empty, pass it to 'texinfo-quote'
> and call 'format'.
> (report-unbound-variable-error, check-module-matches-file)
> (display-collision-resolution-hint, run-guix-command): Remove explicit
> 'format' call; pass 'format' arguments as extra arguments to 'display-hint'.
> * gnu/services/monitoring.scm (zabbix-front-end-config): Likewise.
> * guix/scripts.scm (warn-about-disk-space): Likewise.
> * guix/scripts/build.scm (%standard-cross-build-options)
> (%standard-native-build-options): Likewise.
> * guix/scripts/describe.scm (display-checkout-info): Likewise.
> * guix/scripts/environment.scm (suggest-command-name): Likewise.
> * guix/scripts/home.scm (process-command): Likewise.
> * guix/scripts/home/edit.scm (service-type-not-found): Likewise.
> * guix/scripts/import.scm (guix-import): Likewise.
> * guix/scripts/package.scm (display-search-path-hint): Likewise.
> * guix/scripts/pull.scm (build-and-install): Likewise.
> * guix/scripts/shell.scm (auto-detect-manifest): Likewise.
> * guix/scripts/system.scm (check-file-system-availability): Likewise.
> (guix-system): Likewise.
> * guix/scripts/system/edit.scm (service-type-not-found): Likewise.
> * guix/status.scm (print-build-event): Likewise.

Pushed as 43c36c5c9f7a31649eb059fd16ed82bde20da3fc.

Ludo’.
This bug report was last modified 2 years and 87 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.