diff options
author | Dave Reisner <dreisner@archlinux.org> | 2013-07-30 21:24:48 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2013-08-08 21:28:10 +0200 |
commit | be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6 (patch) | |
tree | a5907bf32ccf54914ede5a355ea91137c760570e /commitpkg.in | |
parent | fb30cabe61862f640f0e99f214dc2777a8ec1b35 (diff) | |
download | devtools-be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6.tar.gz devtools-be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6.tar.xz |
avoid injecting code into the format string
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Diffstat (limited to 'commitpkg.in')
-rw-r--r-- | commitpkg.in | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/commitpkg.in b/commitpkg.in index db78517..ad1005b 100644 --- a/commitpkg.in +++ b/commitpkg.in @@ -58,7 +58,7 @@ esac # check if all local source files are under version control for s in "${source[@]}"; do if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then - die "$s is not under version control" + die "%s is not under version control" "$s" fi done @@ -68,7 +68,7 @@ for i in 'changelog' 'install'; do # evaluate any bash variables used eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\" if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then - die "${file} is not under version control" + die "%s is not under version control" "$file" fi done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD) done @@ -81,8 +81,8 @@ while getopts ':l:a:s:f' flag; do s) server=$OPTARG ;; l) rsyncopts+=("--bwlimit=$OPTARG") ;; a) commit_arch=$OPTARG ;; - :) die "Option requires an argument -- '$OPTARG'" ;; - \?) die "Invalid option -- '$OPTARG'" ;; + :) die "Option requires an argument -- '%s'" "$OPTARG" ;; + \?) die "Invalid option -- '%s'" "$OPTARG" ;; esac done shift $(( OPTIND - 1 )) @@ -164,7 +164,7 @@ for _arch in ${arch[@]}; do gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die fi if ! gpg --verify "$sigfile" >/dev/null 2>&1; then - die "Signature ${pkgfile}.sig is incorrect!" + die "Signature %s.sig is incorrect!" "$pkgfile" fi uploads+=("$sigfile") done |