Skip to content

Switching all zone IPS operations to be fully UTF-8 #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Toasterson merged 1 commit into from
Nov 4, 2021
Merged

Switching all zone IPS operations to be fully UTF-8 #93

Toasterson merged 1 commit into from
Nov 4, 2021

Conversation

@Toasterson
Copy link

@Toasterson Toasterson commented Nov 3, 2021

No description provided.

@Toasterson Toasterson requested review from AndWac and olbohlen November 3, 2021 14:48
@Toasterson
Copy link
Author

Toasterson commented Nov 3, 2021
edited
Loading

@citrus-it Here the PR to make all operations UTF-8. @olbohlen Did you change any other occurances of LC_ALL=C other then these here?

@Toasterson Toasterson mentioned this pull request Nov 3, 2021
Open
@danmcd
Copy link

danmcd commented Nov 3, 2021

Probably not a blocker for this, but the recent discovery of source/naming attacks that exploit bidirectional (bidi) or homonym-character attacks may be something to consider in future pkg5 updates, now that it will support UTF.

@Toasterson
Copy link
Author

Toasterson commented Nov 3, 2021
edited
Loading

Well not if we have manifest signatures and catalog signatures properly implemented.
We rebuild all manifests on the buildeserver so any attack in the source would show there. I would need to think more in detail about it, but many parts of the IPS infrastructure have had support for UTF-8 before. This is just a leftover. I think we can handle this issue with properly implemented secure packaging. And not trusting too much what comes through git :)

olbohlen
olbohlen approved these changes Nov 3, 2021
View reviewed changes
Copy link

@olbohlen olbohlen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, I haven't changed anything else

@AndWac
Copy link

AndWac commented Nov 4, 2021

Is it sufficient to only fix shell scripts or do we also need to fix Python code like this:
run_cmd(args, podir, updenv={"LC_ALL": "C"}, ignerr=True)
or
updenv={"LC_ALL": "C", "XGETTEXT": "/usr/gnu/bin/xgettext"})
?

@Toasterson
Copy link
Author

Toasterson commented Nov 4, 2021

Shell scripts are sufficient, as it is the python based action and catalog decoders that fail.

@Toasterson Toasterson merged commit 5e9fadb into OpenIndiana:oi Nov 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndWac AndWac AndWac approved these changes

@olbohlen olbohlen olbohlen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Toasterson @danmcd @AndWac @olbohlen