From 818aad3ec44473b5b3d08191488c824688653ba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 6 Nov 2016 22:13:35 +0100 Subject: [PATCH 1/4] Detect and disallow base32 hash overflow Example (before this commit): $ nix-hash --type sha256 --to-base16 4n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 \ | xargs nix-hash --type sha256 --to-base32 0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 It's a real-life example: https://github.com/NixOS/nixpkgs/pull/20208/files#r86695567 --- src/libutil/hash.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc index 81aced0fd..aa50fceb9 100644 --- a/src/libutil/hash.cc +++ b/src/libutil/hash.cc @@ -165,7 +165,13 @@ Hash parseHash32(HashType ht, const string & s) unsigned int i = b / 8; unsigned int j = b % 8; hash.hash[i] |= digit << j; - if (i < hash.hashSize - 1) hash.hash[i + 1] |= digit >> (8 - j); + + if (i < hash.hashSize - 1) { + hash.hash[i + 1] |= digit >> (8 - j); + } else { + if (digit >> (8 - j)) + throw BadHash(format("invalid base-32 hash ‘%1%’") % s); + } } return hash; From 41d6523ef57c3b35483eeef7cb85eb6c6a84aeb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 9 Dec 2016 20:40:55 +0100 Subject: [PATCH 2/4] Document builtins.match, fixes #1145 --- doc/manual/expressions/builtins.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/doc/manual/expressions/builtins.xml b/doc/manual/expressions/builtins.xml index 9517f2010..063bc04be 100644 --- a/doc/manual/expressions/builtins.xml +++ b/doc/manual/expressions/builtins.xml @@ -210,6 +210,35 @@ if builtins ? getEnv then builtins.getEnv "PATH" else "" + builtins.match + regex str + + Returns a list if + regex matches + str precisely, otherwise returns null. + Each item in the list is a regex group. + + +builtins.match "ab" "abc" + + +Evaluates to null. + + +builtins.match "abc" "abc" + + +Evaluates to [ ]. + + +builtins.match "a(b)(c)" "abc" + + +Evaluates to [ "b" "c" ]. + + + + builtins.elem x xs From 6b30e1462e95b5dae1f09dc33651180efafed817 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Sun, 11 Dec 2016 17:13:18 +0000 Subject: [PATCH 3/4] Add missing DBD::SQLite to shell.nix --- shell.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/shell.nix b/shell.nix index 272627692..dd4484105 100644 --- a/shell.nix +++ b/shell.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation { customMemoryManagement = false; }) autoreconfHook + perlPackages.DBDSQLite ]; configureFlags = From bb5a6c0085a12221849e51568198121157a02f49 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Sun, 11 Dec 2016 17:13:37 +0000 Subject: [PATCH 4/4] Document path-search behaviour --- doc/manual/expressions/language-values.xml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/doc/manual/expressions/language-values.xml b/doc/manual/expressions/language-values.xml index b90baac50..67da688a4 100644 --- a/doc/manual/expressions/language-values.xml +++ b/doc/manual/expressions/language-values.xml @@ -167,7 +167,16 @@ stdenv.mkDerivation { user's home directory. e.g. ~/foo would be equivalent to /home/edolstra/foo for a user whose home directory is /home/edolstra. - + + + Paths can also be specified between angle brackets, e.g. + <nixpkgs>. This means that the directories + listed in the environment variable + NIX_PATH will be searched + for the given file or directory name. + + + Booleans with values true and