01/02: download: Fix 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: download: Fix 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.

From:	Mark H. Weaver
Subject:	01/02: download: Fix 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.
Date:	Tue, 17 Apr 2018 02:17:15 -0400 (EDT)

mhw pushed a commit to branch core-updates
in repository guix.

commit 6c293a809bba57d4363517fa0bd8ebc34247c577
Author: Mark H Weaver <address@hidden>
Date:   Tue Apr 17 01:43:22 2018 -0400

    download: Fix 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.
    
    Fixes a regression introduced in 20927c9331b493eaf94211ad9f8a5055e11b4588.
    Reported by Eric Bavier <address@hidden>.
    
    * guix/download.scm (url-fetch/tarbomb, url-fetch/zipbomb): Within the gexp,
    import (guix build utils) for 'invoke'.
---
 guix/download.scm | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/guix/download.scm b/guix/download.scm
index a91d924..377e8186 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -510,12 +510,14 @@ own.  This helper makes it easier to deal with \"tar 
bombs\"."
                                       #:guile guile)))
     ;; Take the tar bomb, and simply unpack it as a directory.
     (gexp->derivation (or name file-name)
-                      #~(begin
-                          (mkdir #$output)
-                          (setenv "PATH" (string-append #$gzip "/bin"))
-                          (chdir #$output)
-                          (invoke (string-append #$tar "/bin/tar")
-                                  "xf" #$drv))
+                      (with-imported-modules '((guix build utils))
+                        #~(begin
+                            (use-modules (guix build utils))
+                            (mkdir #$output)
+                            (setenv "PATH" (string-append #$gzip "/bin"))
+                            (chdir #$output)
+                            (invoke (string-append #$tar "/bin/tar")
+                                    "xf" #$drv)))
                       #:local-build? #t)))
 
 (define* (url-fetch/zipbomb url hash-algo hash
@@ -540,11 +542,13 @@ own.  This helper makes it easier to deal with \"zip 
bombs\"."
                                       #:guile guile)))
     ;; Take the zip bomb, and simply unpack it as a directory.
     (gexp->derivation (or name file-name)
-                      #~(begin
-                          (mkdir #$output)
-                          (chdir #$output)
-                          (invoke (string-append #$unzip "/bin/unzip")
-                                  #$drv))
+                      (with-imported-modules '((guix build utils))
+                        #~(begin
+                            (use-modules (guix build utils))
+                            (mkdir #$output)
+                            (chdir #$output)
+                            (invoke (string-append #$unzip "/bin/unzip")
+                                    #$drv)))
                       #:local-build? #t)))
 
 (define* (download-to-store store url #:optional (name (basename url))

[Prev in Thread]

Current Thread

[Next in Thread]

branch core-updates updated (891199c -> 38039b4), Mark H. Weaver, 2018/04/17
- 01/02: download: Fix 'url-fetch/tarbomb' and 'url-fetch/zipbomb'., Mark H. Weaver <=
- 02/02: gnu: Remove webkitgtk-2.4 and webkitgtk/gtk+-2., Mark H. Weaver, 2018/04/17

Prev by Date: branch core-updates updated (891199c -> 38039b4)
Next by Date: 02/02: gnu: Remove webkitgtk-2.4 and webkitgtk/gtk+-2.
Previous by thread: branch core-updates updated (891199c -> 38039b4)
Next by thread: 02/02: gnu: Remove webkitgtk-2.4 and webkitgtk/gtk+-2.
Index(es):
- Date
- Thread