| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2005-03-24 | * This is a better location to keep the blacklist, since it can evolve | Eelco Dolstra | 1 | -86/+0 | |
| separately from Nix or Nixpkgs. | |||||
| 2005-03-24 | * Blacklist Firefox 1.0.1. | Eelco Dolstra | 1 | -0/+18 | |
| 2005-03-10 | * Check for duplicate attributes and formal parameters in Nix | Eelco Dolstra | 1 | -1/+1 | |
| expressions. | |||||
| 2005-03-07 | * In the checker, do traversals of the dependency graph explicitly. A | Eelco Dolstra | 2 | -45/+152 | |
| conditional expression in the blacklist can specify when to continue/stop a traversal. For example, in <condition> <within> <traverse> <not><hasAttr name='outputHash' value='.+' /></not> </traverse> <hasAttr name='outputHash' value='ef1cb003448b4a53517b8f25adb12452' /> </within> </condition> we traverse the dependency graph, not following the dependencies of `fetchurl' derivations (as indicated by the presence of an `outputHash' attribute - this is a bit ugly). The resulting set of paths is scanned for a fetch of a file with the given hash, in this case, the hash of zlib-1.2.1.tar.gz (which has a security bug). The intent is that a dependency on zlib is not a problem if it is in a `fetchurl' derivation, since that's build-time only. (Other build-time uses of zlib *might* be a problem, e.g., static linking.) | |||||
| 2005-03-07 | * Use XML::LibXML. | Eelco Dolstra | 2 | -41/+87 | |
| 2005-03-04 | * Basic blacklist checker. Each element in a user environment is | Eelco Dolstra | 2 | -3/+122 | |
| checked against every item in a blacklist. | |||||
| 2005-03-02 | * Concept for a simple blacklist. | Eelco Dolstra | 1 | -0/+48 | |
 |
depot | |
| monorepo for the virus lounge | The Virus Lounge |
| about summary refs log tree commit diff |