[pacman-dev] [PATCH 1/2] libmakepkg: fix unsanitized source filenames
Eli Schwartz
eschwartz93 at gmail.com
Tue Jul 4 03:13:22 UTC 2017
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93 at gmail.com>
---
scripts/libmakepkg/source/file.sh.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in
index 1d85ea9b..41a5fb5c 100644
--- a/scripts/libmakepkg/source/file.sh.in
+++ b/scripts/libmakepkg/source/file.sh.in
@@ -96,7 +96,7 @@ extract_file() {
fi
# do not rely on extension for file type
- local file_type=$(file -bizL "$file")
+ local file_type=$(file -bizL -- "$file")
local ext=${file##*.}
local cmd=''
case "$file_type" in
@@ -132,7 +132,7 @@ extract_file() {
$cmd -xf "$file" || ret=$?
else
rm -f -- "${file%.*}"
- $cmd -dcf "$file" > "${file%.*}" || ret=$?
+ $cmd -dcf -- "$file" > "${file%.*}" || ret=$?
fi
if (( ret )); then
error "$(gettext "Failed to extract %s")" "$file"
--
2.13.2
More information about the pacman-dev
mailing list