--- Begin Message ---
|
Subject: |
[PATCH 0/4] Strengthen '.guix-channel' file handling |
|
Date: |
Wed, 17 Jul 2019 01:20:16 +0200 |
Hello Guix,
These patches change ‘.guix-channel’ parsing and handling following
the same pattern as <manifest>/read-manifest/profile-manifest and
other places where we deal with serialized data structures.
The last patch addresses a potential security issue with the
‘directory’ field of ‘.guix-channel’ that hadn’t occurred to me
while reviewing it.
Thoughts?
Ludo’.
Ludovic Courtès (4):
channels: Strictly check the version of '.guix-channel'.
channels: Remove unneeded 'version' field of <channel-metadata>.
channels: Always provide a <channel-metadata> record.
channels: Reject directories with '..' in '.guix-channel' file.
guix/channels.scm | 102 +++++++++++++++++++++++++++++----------------
tests/channels.scm | 81 +++++++++++++++++++++++++----------
2 files changed, 124 insertions(+), 59 deletions(-)
--
2.22.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: [bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling |
|
Date: |
Fri, 19 Jul 2019 11:54:49 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Hello,
Ludovic Courtès <address@hidden> skribis:
> Ludovic Courtès (4):
> channels: Strictly check the version of '.guix-channel'.
> channels: Remove unneeded 'version' field of <channel-metadata>.
> channels: Always provide a <channel-metadata> record.
> channels: Reject directories with '..' in '.guix-channel' file.
I pushed the first three patches and discarded the last one, as
discussed with Danny.
Ludo’.
--- End Message ---