lix/tests/functional2/store at main - scriptis/lix

History

jade 822997bd34 libstore: ban unpacking case hacked filenames from NARs There is absolutely no good reason these should show up in NARs besides misconfigured systems and as long as the case hack exists, unpacking such a NAR will cause its repacking to be wrong on systems with case hack enabled. This should not have any security impact on Lix to fix, but it was one of the vectors for CVE-2024-45593: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 Change-Id: `I85b6075aacc069ee7039240b0f525804a2d8edcb`	2024-10-09 14:47:39 -07:00
..
__init__.py	testsuite: add a NAR generator with some evil NARs	2024-10-09 14:47:39 -07:00
test_evil_nars.py	libstore: ban unpacking case hacked filenames from NARs	2024-10-09 14:47:39 -07:00

jade 822997bd34 libstore: ban unpacking case hacked filenames from NARs

There is absolutely no good reason these should show up in NARs besides
misconfigured systems and as long as the case hack exists, unpacking
such a NAR will cause its repacking to be wrong on systems with case
hack enabled.

This should not have any security impact on Lix to fix, but it was one
of the vectors for CVE-2024-45593:
https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

Change-Id: I85b6075aacc069ee7039240b0f525804a2d8edcb

2024-10-09 14:47:39 -07:00

__init__.py testsuite: add a NAR generator with some evil NARs 2024-10-09 14:47:39 -07:00

test_evil_nars.py libstore: ban unpacking case hacked filenames from NARs 2024-10-09 14:47:39 -07:00