nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-22 10:19:36 +01:00
Code Activity
nix/src/libutil
History
Eelco Dolstra 0da3b18520 Fixes for GHSA-g948-229j-48j3 
Squashed commit of the following:

commit 04fff3a637d455cbb1d75937a235950e43008db9
Author: Eelco Dolstra <edolstra@gmail.com>
Date:   Thu Jun 12 12:30:32 2025 +0200

    Chown structured attr files safely

commit 5417ad445e414c649d0cfc71a05661c7bf8f3ef5
Author: Eelco Dolstra <edolstra@gmail.com>
Date:   Thu Jun 12 12:14:04 2025 +0200

    Replace 'bool sync' with an enum for clarity

    And drop writeFileAndSync().

commit 7ae0141f328d8e8e1094be24665789c05f974ba6
Author: Eelco Dolstra <edolstra@gmail.com>
Date:   Thu Jun 12 11:35:28 2025 +0200

    Drop guessOrInventPathFromFD()

    No need to do hacky stuff like that when we already know the original path.

commit 45b05098bd019da7c57cd4227a89bfd0fa65bb08
Author: Eelco Dolstra <edolstra@gmail.com>
Date:   Thu Jun 12 11:15:58 2025 +0200

    Tweak comment

commit 0af15b31209d1b7ec8addfae9a1a6b60d8f35848
Author: Raito Bezarius <raito@lix.systems>
Date:   Thu Mar 27 12:22:26 2025 +0100

    libstore: ensure that temporary directory is always 0o000 before deletion

    In the case the deletion fails, we should ensure that the temporary
    directory cannot be used for nefarious purposes.

    Change-Id: I498a2dd0999a74195d13642f44a5de1e69d46120
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit 2c20fa37b15cfa03ac6a1a6a47cdb2ed66c0827e
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 12:42:55 2025 +0100

    libutil: ensure that `_deletePath` does NOT use absolute paths with dirfds

    When calling `_deletePath` with a parent file descriptor, `openat` is
    made effective by using relative paths to the directory file descriptor.

    To avoid the problem, the signature is changed to resist misuse with an
    assert in the prologue of the function.

    Change-Id: I6b3fc766bad2afe54dc27d47d1df3873e188de96
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit d3c370bbcae48bb825ce19fd0f73bb4eefd2c9ea
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 01:07:47 2025 +0100

    libstore: ensure that `passAsFile` is created in the original temp dir

    This ensures that `passAsFile` data is created inside the expected
    temporary build directory by `openat()` from the parent directory file
    descriptor.

    This avoids a TOCTOU which is part of the attack chain of CVE-????.

    Change-Id: Ie5273446c4a19403088d0389ae8e3f473af8879a
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit 45d3598724f932d024ef6bc2ffb00c1bb90e6018
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 01:06:03 2025 +0100

    libutil: writeFile variant for file descriptors

    `writeFile` lose its `sync` boolean flag to make things simpler.

    A new `writeFileAndSync` function is created and all call sites are
    converted to it.

    Change-Id: Ib871a5283a9c047db1e4fe48a241506e4aab9192
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit 732bd9b98cabf4aaf95a01fd318923de303f9996
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 01:05:34 2025 +0100

    libstore: chown to builder variant for file descriptors

    We use it immediately for the build temporary directory.

    Change-Id: I180193c63a2b98721f5fb8e542c4e39c099bb947
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit 962c65f8dcd5570dd92c72370a862c7b38942e0d
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 01:04:59 2025 +0100

    libstore: open build directory as a dirfd as well

    We now keep around a proper AutoCloseFD around the temporary directory
    which we plan to use for openat operations and avoiding the build
    directory being swapped out while we are doing something else.

    Change-Id: I18d387b0f123ebf2d20c6405cd47ebadc5505f2a
    Signed-off-by: Raito Bezarius <raito@lix.systems>

commit c9b42462b75b5a37ee6564c2b53cff186c8323da
Author: Raito Bezarius <raito@lix.systems>
Date:   Wed Mar 26 01:04:12 2025 +0100

    libutil: guess or invent a path from file descriptors

    This is useful for certain error recovery paths (no pun intended) that
    does not thread through the original path name.

    Change-Id: I2d800740cb4f9912e64c923120d3f977c58ccb7e
    Signed-off-by: Raito Bezarius <raito@lix.systems>
2025-06-19 16:41:46 +02:00
..
args Fix and extend nix-shell baseDir test 2024-07-07 00:23:22 +02:00
linux Simplify getRootCgroup() 2024-09-04 18:11:16 +00:00
signature Ensure error messages don't leak private key 2024-09-23 16:36:48 -04:00
unix MonitorFdHup::~MonitorFdHup: use proper close method instead of libc close() 2025-03-24 12:16:23 +00:00
widecharwidth try to calculate character width 2024-12-28 12:01:32 +01:00
windows windows: fix conditional compilation variable 2025-01-05 20:15:49 +01:00
.version Build nix-util with Meson 2024-06-12 18:31:02 -04:00
abstract-setting-to-json.hh Make toJSONObject const 2023-11-06 16:00:25 +01:00
ansicolor.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
archive.cc Make the NAR parser much stricter wrt field order 2024-09-12 15:57:46 +02:00
archive.hh Merge remote-tracking branch 'origin/master' into fsync-store-paths 2024-08-21 16:37:21 +02:00
args.cc fix(treewide): remove unnecessary copying in range for loops 2024-11-26 00:06:29 +03:00
args.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
callback.hh fix missing includes in various headers 2024-12-17 22:00:34 +01:00
canon-path.cc concatStrings: Give compiler access to definition for inlining 2024-07-14 12:20:45 +02:00
canon-path.hh Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
checked-arithmetic.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
chunked-vector.hh Make abort() call sites log first 2024-07-24 16:52:04 +02:00
closure.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
comparator.hh Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
compression.cc Slightly change formatting style 2024-05-22 09:20:15 -04:00
compression.hh nfc(libutil): reformat files 2024-03-30 01:29:22 +03:00
compute-levels.cc Add x86_64 compute levels as additional system types 2021-02-22 09:11:15 +01:00
compute-levels.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
config-global.cc experimental-features.hh: Don't include json-utils.hh 2024-10-04 15:59:35 +02:00
config-global.hh Format config-global.{cc,hh} 2024-06-24 12:07:56 -04:00
config-impl.hh fix missing includes in various headers 2024-12-17 22:00:34 +01:00
config.cc fix NIX_PATH for real (#11079) 2024-07-24 21:17:15 +00:00
config.hh Attempt to make the FlakeRef test succeed on macOS 2025-01-09 16:42:37 +01:00
current-process.cc Split ignoreException for destructors or interrupt-safe 2024-09-30 11:50:25 +02:00
current-process.hh Implement setStackSize for Windows 2024-05-18 16:19:01 -07:00
english.cc Unify and refactor value printing 2024-01-11 16:34:36 -08:00
english.hh Unify and refactor value printing 2024-01-11 16:34:36 -08:00
environment-variables.cc Factor out lookupExecutable and other PATH improvments 2024-08-07 18:12:58 -04:00
environment-variables.hh feat: add flag set-env-var to MixEnvironment 2024-11-04 14:02:29 +01:00
error.cc Make panic() and unreachable() robust 2024-07-25 15:50:01 +02:00
error.hh libutil: Document hacks and problems around Pos class 2025-03-14 13:22:44 +00:00
exec.hh More support for std::filepath in libnixutil 2024-08-26 17:23:56 -04:00
executable-path.cc Fix nix upgrade-nix profile search 2024-12-14 15:28:34 +00:00
executable-path.hh More support for std::filepath in libnixutil 2024-08-26 17:23:56 -04:00
exit.cc :quit in the debugger should quit the whole program 2024-02-20 10:01:13 -08:00
exit.hh :quit in the debugger should quit the whole program 2024-02-20 10:01:13 -08:00
experimental-features.cc libexpr: experimental pipe operators 2024-07-24 13:17:28 -04:00
experimental-features.hh experimental-features.hh: Don't include json-utils.hh 2024-10-04 15:59:35 +02:00
file-content-address.cc Fixes for GHSA-g948-229j-48j3 2025-06-19 16:41:46 +02:00
file-content-address.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
file-descriptor.cc refactor(treewide): make some move ctors noexcept where appropriate 2024-11-09 12:09:33 +03:00
file-descriptor.hh refactor(treewide): make some move ctors noexcept where appropriate 2024-11-09 12:09:33 +03:00
file-path-impl.hh Factor out lookupExecutable and other PATH improvments 2024-08-07 18:12:58 -04:00
file-path.hh Factor out lookupExecutable and other PATH improvments 2024-08-07 18:12:58 -04:00
file-system.cc Fixes for GHSA-g948-229j-48j3 2025-06-19 16:41:46 +02:00
file-system.hh Fixes for GHSA-g948-229j-48j3 2025-06-19 16:41:46 +02:00
finally.hh refactor(treewide): make some move ctors noexcept where appropriate 2024-11-09 12:09:33 +03:00
fmt.hh Improve error messages for invalid derivation names 2024-06-25 19:41:29 +02:00
fs-sink.cc windows: create files if they don't exist, and with write permission 2025-01-14 16:46:31 +11:00
fs-sink.hh Merge remote-tracking branch 'origin/master' into fsync-store-paths 2024-08-21 16:37:21 +02:00
git.cc git/getStringUntil: fix uninitialized stack variable 2025-04-01 13:37:39 +00:00
git.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
hash.cc nix hash convert: Support SRI hashes that lack trailing '=' characters 2024-12-05 16:02:35 +01:00
hash.hh Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
hilite.cc Fix incorrect comment in hiliteMatches 2022-06-05 20:30:18 +02:00
hilite.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
json-impls.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
json-utils.cc ValidPathInfo JSON format should use null not omit field 2024-06-03 08:21:22 -04:00
json-utils.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
logging.cc Remove redundant warning: prefix from structured build log warning 2024-12-09 17:20:27 +01:00
logging.hh Push log source description out of libutil and report build hook @nix warning correctly 2024-12-09 15:59:59 +01:00
lru-cache.hh LRUCache: Mark size() as const 2024-07-26 16:13:00 +02:00
memory-source-accessor.cc use CanonPath in fs-sink and its derivatives 2024-06-30 19:03:15 +05:30
memory-source-accessor.hh Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
meson.build Revert "Unexpose config headers (low hanging fruit only) (backport #12773)" 2025-03-31 11:57:46 -04:00
meson.options Build nix-util with Meson 2024-06-12 18:31:02 -04:00
muxable-pipe.hh More work on the scheduler for windows 2024-05-28 11:39:49 -04:00
nix-meson-build-support rename: build-utils-meson -> nix-meson-build-support 2024-12-09 16:54:42 +01:00
os-string.hh More support for std::filepath in libnixutil 2024-08-26 17:23:56 -04:00
package.nix Remove boost env vars 2025-03-28 15:54:57 +00:00
pool.hh refactor(treewide): make some move ctors noexcept where appropriate 2024-11-09 12:09:33 +03:00
pos-idx.hh {libutil,libexpr}: Move pos-idx,pos-table code to libutil 2025-03-14 13:22:44 +00:00
pos-table.cc {libutil,libexpr}: Move pos-idx,pos-table code to libutil 2025-03-14 13:22:44 +00:00
pos-table.hh libutil: Document hacks and problems around Pos class 2025-03-14 13:22:44 +00:00
position.cc libutil: Fix Pos::getSourcePath 2025-03-14 13:22:44 +00:00
position.hh libutil: Fix Pos::getSourcePath 2025-03-14 13:22:44 +00:00
posix-source-accessor.cc mingw: Check for S_ISSOCK 2025-01-20 14:52:23 +01:00
posix-source-accessor.hh fix: Handle symlinks and FIFOs in nix hash where possible 2025-01-07 05:42:03 +00:00
processes.hh Initial runProgram implementation for Windows 2024-06-17 11:13:22 -07:00
ref.hh fix(libutils): make ref move assignable/constructible 2024-11-08 20:10:38 +03:00
references.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
references.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
regex-combinators.hh regex-combinators: fix linter error when adding string_view and string 2024-12-17 22:00:34 +01:00
repair-flag.hh Combine AbstractPos, PosAdapter, and Pos 2024-01-08 10:59:41 -08:00
serialise.cc chore: get rid of dead code and unused variables where appropriate 2024-11-22 18:05:53 +03:00
serialise.hh fix(libstore-tests): remove use-after-free bug for StringSource 2024-11-06 02:28:21 +03:00
signals.hh setInterruptCheck(): Remove declared but undefined function 2024-04-05 16:03:25 +02:00
source-accessor.cc Use isAbsolute() 2025-01-14 17:42:26 +01:00
source-accessor.hh nix flake: clarify error message when file is an unknown type 2025-01-10 08:07:51 -08:00
source-path.cc Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
source-path.hh Remove unused boost include and split out std-hash.hh 2024-07-16 22:31:25 +02:00
split.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
std-hash.hh Fix most DoxyGen warnings 2024-11-12 15:34:24 +01:00
strings-inline.hh Factor out lookupExecutable and other PATH improvments 2024-08-07 18:12:58 -04:00
strings.cc nix-util: Use small_vector in concatMapStringsSep 2025-03-25 15:48:24 +00:00
strings.hh nix-util: Use small_vector in concatMapStringsSep 2025-03-25 15:48:24 +00:00
suggestions.cc SymbolStr: Remove std::string conversion 2024-07-11 17:43:10 +02:00
suggestions.hh Remove comparator.hh and switch to <=> in a bunch of places 2024-07-12 14:54:18 -04:00
sync.hh Rename SyncBase::read() -> readLock() 2024-07-27 01:39:13 +02:00
tarfile.cc use createDirs consistently everywhere 2025-03-28 15:56:02 +00:00
tarfile.hh tweak unpack channel built-in, std::filesystem::path for tarball 2024-09-11 12:29:49 -04:00
terminal.cc try to calculate character width 2024-12-28 12:01:32 +01:00
terminal.hh Solve unused header warnings reported by clangd 2024-07-12 15:37:54 +02:00
thread-pool.cc Typo 2024-10-16 19:40:45 +02:00
thread-pool.hh processGraph(): Don't throw ThreadPoolShutDown if there is an exception 2025-01-20 13:25:31 +01:00
topo-sort.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
types.hh Work around clang/libc++ issue 2024-12-16 14:58:39 +01:00
unix-domain-socket.cc Put some file descriptor functions in unix and windows namespaces 2024-06-13 11:18:59 -04:00
unix-domain-socket.hh Build the local store on Windows 2024-05-10 13:05:23 -04:00
url-parts.hh Merge pull request #9621 from blaggacao/fix/too-restrictive-branch-regex-master 2023-12-22 16:02:25 +01:00
url.cc Remove unused variable 2025-01-09 16:38:33 +01:00
url.hh ParsedURL: Remove base field 2025-01-07 14:52:00 +01:00
users.cc Use envvars NIX_CACHE_HOME, NIX_CONFIG_HOME, NIX_DATA_HOME, NIX_STATE_HOME if defined (#11351) 2024-09-11 10:36:46 +00:00
users.hh Use envvars NIX_CACHE_HOME, NIX_CONFIG_HOME, NIX_DATA_HOME, NIX_STATE_HOME if defined (#11351) 2024-09-11 10:36:46 +00:00
util.cc Split ignoreException for destructors or interrupt-safe 2024-09-30 11:50:25 +02:00
util.hh GitRepo::fetch(): Cleanup 2025-01-22 20:30:28 +00:00
variant-wrapper.hh Fixing #7479 2023-08-18 11:44:00 -04:00
xml-writer.cc xml-writer: Remove std aliases 2022-02-25 16:13:02 +01:00
xml-writer.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00