[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling
From: |
Ludovic Courtès |
Subject: |
[bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling |
Date: |
Wed, 17 Jul 2019 01:20:16 +0200 |
Hello Guix,
These patches change ‘.guix-channel’ parsing and handling following
the same pattern as <manifest>/read-manifest/profile-manifest and
other places where we deal with serialized data structures.
The last patch addresses a potential security issue with the
‘directory’ field of ‘.guix-channel’ that hadn’t occurred to me
while reviewing it.
Thoughts?
Ludo’.
Ludovic Courtès (4):
channels: Strictly check the version of '.guix-channel'.
channels: Remove unneeded 'version' field of <channel-metadata>.
channels: Always provide a <channel-metadata> record.
channels: Reject directories with '..' in '.guix-channel' file.
guix/channels.scm | 102 +++++++++++++++++++++++++++++----------------
tests/channels.scm | 81 +++++++++++++++++++++++++----------
2 files changed, 124 insertions(+), 59 deletions(-)
--
2.22.0
- [bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling,
Ludovic Courtès <=
bug#36699: [PATCH 0/4] Strengthen '.guix-channel' file handling, Ludovic Courtès, 2019/07/19