fix: audit fixes — symlink-safe avatars, blur downscale + padding, config validation (v0.8.0) · 8aca2bf331 - moonset

fix: audit fixes — symlink-safe avatars, blur downscale + padding, config validation (v0.8.0)

Update PKGBUILD version / update-pkgver (push) Successful in 2s

Details

- Replace canonicalize() with symlink_metadata + is_file + !is_symlink for avatar
  lookup (prevents symlink traversal to arbitrary files)
- Fix blur padding offset from (0,0) to (-pad,-pad) to prevent edge darkening
- Add MAX_BLUR_DIMENSION (1920px) downscale before GPU blur
- Validate blur per config source (invalid user value preserves system default)
- Wallpaper: use symlink_metadata + is_file + !is_symlink in resolve_background_path

This commit is contained in:

nevaforget

2026-03-30 16:08:50 +02:00

parent f01c6bd25d

commit 8aca2bf331

5 changed files with 66 additions and 40 deletions

Cargo.lock

Generated

+1 -1

View File

@@ -616,7 +616,7 @@ dependencies = [
 [[package]]
 name = "moonset"
 version = "0.7.2"
 version = "0.8.0"
 dependencies = [
  "dirs",
  "gdk-pixbuf",

fix: audit fixes — symlink-safe avatars, blur downscale + padding, config validation (v0.8.0) Update PKGBUILD version / update-pkgver (push) Successful in 2s Details

fix: audit fixes — symlink-safe avatars, blur downscale + padding, config validation (v0.8.0)

Update PKGBUILD version / update-pkgver (push) Successful in 2s

Details