[PATCH 1/2] libmakepkg: fix unsanitized source filenames

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH 1/2] libmakepkg: fix unsanitized source filenames

Eli Schwartz
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.

Signed-off-by: Eli Schwartz <[hidden email]>
---
 scripts/libmakepkg/source/file.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in
index 1d85ea9b..41a5fb5c 100644
--- a/scripts/libmakepkg/source/file.sh.in
+++ b/scripts/libmakepkg/source/file.sh.in
@@ -96,7 +96,7 @@ extract_file() {
  fi
 
  # do not rely on extension for file type
- local file_type=$(file -bizL "$file")
+ local file_type=$(file -bizL -- "$file")
  local ext=${file##*.}
  local cmd=''
  case "$file_type" in
@@ -132,7 +132,7 @@ extract_file() {
  $cmd -xf "$file" || ret=$?
  else
  rm -f -- "${file%.*}"
- $cmd -dcf "$file" > "${file%.*}" || ret=$?
+ $cmd -dcf -- "$file" > "${file%.*}" || ret=$?
  fi
  if (( ret )); then
  error "$(gettext "Failed to extract %s")" "$file"
--
2.13.2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH 2/2] libmakepkg/integrity: Fix error message not sent to stderr

Eli Schwartz
Signed-off-by: Eli Schwartz <[hidden email]>
---
 scripts/libmakepkg/integrity/verify_signature.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index b5577523..5468f977 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -84,7 +84,7 @@ check_pgpsigs() {
  printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$fingerprint" >&2
  errors=1
  elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then
- printf "%s (%s %s)" "$(gettext "FAILED")" "$(gettext "invalid public key")" "$fingerprint"
+ printf "%s (%s %s)" "$(gettext "FAILED")" "$(gettext "invalid public key")" "$fingerprint" >&2
  errors=1
  else
  printf '%s' "$(gettext "Passed")" >&2
--
2.13.2
Loading...