fix: audit fixes — password zeroize, blur downscale, symlink hardening, error filtering (v0.7.0)
Update PKGBUILD version / update-pkgver (push) Successful in 2s
Update PKGBUILD version / update-pkgver (push) Successful in 2s
- Add zeroize dependency, wrap password in Zeroizing<String> from entry extraction through to login_worker (prevents heap-resident plaintext) - Add MAX_BLUR_DIMENSION (1920px) downscale before GPU blur to reduce 4K workload - Wallpaper: use symlink_metadata + is_symlink rejection in greeter.rs and config.rs - Avatar: add is_file() check, swap lookup order to ~/.face first (consistent with moonlock/moonset) - greetd errors: show generic fallback in UI, log raw PAM details at debug level only - fprintd: validate device path prefix before creating D-Bus proxy - Locale: cache detected locale via OnceLock (avoid repeated env/file reads)
This commit is contained in:
Generated
+8
-1
@@ -569,7 +569,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "moongreet"
|
||||
version = "0.6.1"
|
||||
version = "0.7.0"
|
||||
dependencies = [
|
||||
"gdk-pixbuf",
|
||||
"gdk4",
|
||||
@@ -585,6 +585,7 @@ dependencies = [
|
||||
"systemd-journal-logger",
|
||||
"tempfile",
|
||||
"toml 0.8.23",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -1124,6 +1125,12 @@ version = "0.8.28"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3ae8337f8a065cfc972643663ea4279e04e7256de865aa66fe25cec5fb912d3f"
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.8.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
|
||||
|
||||
[[package]]
|
||||
name = "zmij"
|
||||
version = "1.0.21"
|
||||
|
||||
Reference in New Issue
Block a user