GNU bug report logs - #33569
Missing sanitizing of '[]' in pypi-importer

Previous Next

Package: guix;

Reported by: swedebugia <swedebugia <at> riseup.net>

Date: Sun, 2 Dec 2018 00:27:02 UTC

Severity: normal

Tags: patch

Merged with 24450, 24557, 33047, 34266

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 33569 in the body.
You can then email your comments to 33569 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#33569; Package guix. (Sun, 02 Dec 2018 00:27:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to swedebugia <swedebugia <at> riseup.net>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sun, 02 Dec 2018 00:27:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: swedebugia <swedebugia <at> riseup.net>
To: Report new Guix bug <bug-guix <at> gnu.org>
Subject: Missing sanitizing of '[]' in pypi-importer
Date: Sun, 2 Dec 2018 01:32:02 +0100

E.g.
sdb <at> komputilo ~/guix-tree$ ~/guix-tree/pre-inst-env guix import pypi 
snakemake
...
  (propagated-inputs
    `(("python-[reports]"
       ,#{python-\x5b;reports\x5d;}#)
      ("python-appdirs" ,python-appdirs)
...

-- 
Cheers Swedebugia
Forcibly Merged 33569 34266. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 21 Mar 2019 18:36:01 GMT) Full text and rfc822 format available.
Forcibly Merged 33047 33569 34266. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 21 Mar 2019 18:42:01 GMT) Full text and rfc822 format available.
Merged 24450 33047 33569 34266. Request was from T460s laptop <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 28 Mar 2019 04:33:02 GMT) Full text and rfc822 format available.
Forcibly Merged 24450 33047 33569 34266. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Thu, 28 Mar 2019 04:38:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#33569; Package guix. (Fri, 29 Mar 2019 04:22:02 GMT) Full text and rfc822 format available.

Message #16 received at 33569 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: swedebugia <swedebugia <at> riseup.net>
Cc: 33569 <at> debbugs.gnu.org, 24450 <at> debbugs.gnu.org
Subject: Re: bug#33569: Missing sanitizing of '[]' in pypi-importer
Date: Fri, 29 Mar 2019 00:20:53 -0400

swedebugia <swedebugia <at> riseup.net> writes:

> E.g.
> sdb <at> komputilo ~/guix-tree$ ~/guix-tree/pre-inst-env guix import pypi
> snakemake
> ...
>   (propagated-inputs
>     `(("python-[reports]"
>        ,#{python-\x5b;reports\x5d;}#)
>       ("python-appdirs" ,python-appdirs)
> ...

This one now gives (local branch):

--8<---------------cut here---------------start------------->8---
./pre-inst-env guix import pypi snakemake

Starting download of /tmp/guix-file.4XvWMX
From https://files.pythonhosted.org/packages/4a/aa/aab1515d220be06fbdccf3c89335d9585b08ac6be74b8e3c9e8c3c32798e/snakemake-5.4.4.tar.gz...
 ….4.4.tar.gz  169KiB                 723KiB/s 00:00 [##################] 100.0%
(package
  (name "python-snakemake")
  (version "5.4.4")
  (source
    (origin
      (method url-fetch)
      (uri (pypi-uri "snakemake" version))
      (sha256
        (base32
          "0prpr5qajqwr8sh4gzggpj8l4np2rcm9nfdzvcp30d5yw7h26wqm"))))
  (build-system python-build-system)
  (propagated-inputs
    `(("python-appdirs" ,python-appdirs)
      ("python-configargparse" ,python-configargparse)
      ("python-datrie" ,python-datrie)
      ("python-docutils" ,python-docutils)
      ("python-gitpython" ,python-gitpython)
      ("python-jsonschema" ,python-jsonschema)
      ("python-pyyaml" ,python-pyyaml)
      ("python-ratelimiter" ,python-ratelimiter)
      ("python-requests" ,python-requests)
      ("python-wrapt" ,python-wrapt)))
  (home-page "http://snakemake.bitbucket.io")
  (synopsis
    "Snakemake is a workflow management system that aims to reduce the complexity of creating workflows by providing a fast and comfortable execution environment, together with a clean and modern specification language in python style. Snakemake workflows are essentially Python scripts extended by declarative code to define rules. Rules describe how to create output files from input files.")
  (description
    "Snakemake is a workflow management system that aims to reduce the complexity of creating workflows by providing a fast and comfortable execution environment, together with a clean and modern specification language in python style. Snakemake workflows are essentially Python scripts extended by declarative code to define rules. Rules describe how to create output files from input files.")
  (license license:expat))
--8<---------------cut here---------------end--------------->8---
Forcibly Merged 24450 24557 33047 33569 34266. Request was from T460s laptop <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Sat, 30 Mar 2019 02:16:02 GMT) Full text and rfc822 format available.
Added tag(s) patch. Request was from Maxim Cournoyer <maxim.cournoyer <at> gmail.com> to control <at> debbugs.gnu.org. (Sun, 31 Mar 2019 14:42:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 30 Jul 2019 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 272 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.