[pacman-dev] [PATCH] makepkg: perform sanity checks on variables in package functions

[Allan McRae]

Check the over-ridden entries for provides, backup and optdepends
for illegal entries.  Fixes FS#16004.

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 scripts/makepkg.sh.in |   14 ++++++++++----
 1 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 4e321d1..d5ccdbf 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -27,7 +27,7 @@
 
 # makepkg uses quite a few external programs during its execution. You
 # need to have at least the following installed for makepkg to function:
-#   bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
+#   awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
 #   gettext, grep, gzip, openssl, sed, tput (ncurses), xz
 
 # gettext initialization
@@ -1222,21 +1222,27 @@ check_sanity() {
 		fi
 	fi
 
-	for i in ${provides[@]}; do
+	local provides_list
+	eval $(awk '/^[[:space:]]*provides=/,/)/' PKGBUILD | sed "s/provides=/provides_list+=/")
+	for i in ${provides_list[@]}; do
 		if [[ $i != ${i//</} || $i != ${i//>/} ]]; then
 			error "$(gettext "Provides array cannot contain comparison (< or >) operators.")"
 			return 1
 		fi
 	done
 
-	for i in "${backup[@]}"; do
+	local backup_list
+	eval $(awk '/^[[:space:]]*backup=/,/)/' PKGBUILD | sed "s/backup=/backup_list+=/")
+	for i in "${backup_list[@]}"; do
 		if [[ ${i:0:1} = "/" ]]; then
 			error "$(gettext "Backup entry should not contain leading slash : %s")" "$i"
 			return 1
 		fi
 	done
 
-	for i in "${optdepends[@]}"; do
+	local optdepends_list
+	eval $(awk '/^[[:space:]]*optdepends=/,/)/' PKGBUILD | sed "s/optdepends=/optdepends_list+=/")
+	for i in "${optdepends_list[@]}"; do
 		local pkg=${i%%:*}
 		if [[ ! $pkg =~ ^[[:alnum:]\>\<\=\.\+\_\-]+$ ]]; then
 			error "$(gettext "Invalid syntax for optdepend : '%s'")" "$i"
-- 
1.7.3.3