makepkg: protect against unexpected whitespace in filenames

zipman:

read -r protects against those evil manpages whose filenames contain
backslash escapes, (muahahaha?)

IFS= read protects against filenames with:

- leading whitespace (but no one is actually stupid enough to configure
  their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?)

- trailing whitespace (but likewise, no one should be stupid enough to
  write an uncompressed manpage for section '1 ' or something)

Also fix several other cases where we read filenames without protecting
against surrounding whitespace, or without using null-delimited
filenames when we could trivially do so.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 997c8668..947a30c5 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -474,7 +474,7 @@ find_libdepends() {
 	local libdeps filename soarch sofile soname soversion
 	declare -A libdeps
 
-	while read -r filename; do
+	while IFS= read -rd '' filename; do
 		# get architecture of the file; if soarch is empty it's not an ELF binary
 		soarch=$(LC_ALL=C readelf -h "$filename" 2>/dev/null | sed -n 's/.*Class.*ELF\(32\|64\)/\1/p')
 		[[ -n "$soarch" ]] || continue
@@ -495,7 +495,7 @@ find_libdepends() {
 				libdeps[$soname]="${soversion}-${soarch}"
 			fi
 		done
-	done < <(find "$pkgdir" -type f -perm -u+x)
+	done < <(find "$pkgdir" -type f -perm -u+x -print0)
 
 	local libdepends v
 	for d in "${depends[@]}"; do
@@ -1320,7 +1320,7 @@ if (( INFAKEROOT )); then
 	else
 		run_split_packaging
 	fi
-	
+
 	create_debug_package
 
 	msg "$(gettext "Leaving %s environment.")" "fakeroot"