diff options
author | Eli Schwartz <eschwartz@archlinux.org> | 2019-10-27 08:05:10 +0100 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2019-10-30 00:47:28 +0100 |
commit | a745d97c174ef1d85649b2a8ad7ca22e3dea9e58 (patch) | |
tree | c748bc75c49e91555503ee7bbeb764a269da1e9e /scripts | |
parent | 99639dc27c4c037b3fe7ddf2b77d036a7332b5e3 (diff) | |
download | pacman-a745d97c174ef1d85649b2a8ad7ca22e3dea9e58.tar.gz pacman-a745d97c174ef1d85649b2a8ad7ca22e3dea9e58.tar.xz |
makepkg: protect against unexpected whitespace in filenames
zipman:
read -r protects against those evil manpages whose filenames contain
backslash escapes, (muahahaha?)
IFS= read protects against filenames with:
- leading whitespace (but no one is actually stupid enough to configure
their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?)
- trailing whitespace (but likewise, no one should be stupid enough to
write an uncompressed manpage for section '1 ' or something)
Also fix several other cases where we read filenames without protecting
against surrounding whitespace, or without using null-delimited
filenames when we could trivially do so.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/libmakepkg/tidy/staticlibs.sh.in | 2 | ||||
-rw-r--r-- | scripts/libmakepkg/tidy/strip.sh.in | 6 | ||||
-rw-r--r-- | scripts/libmakepkg/tidy/zipman.sh.in | 8 | ||||
-rw-r--r-- | scripts/makepkg.sh.in | 6 |
4 files changed, 11 insertions, 11 deletions
diff --git a/scripts/libmakepkg/tidy/staticlibs.sh.in b/scripts/libmakepkg/tidy/staticlibs.sh.in index eaa6ac8a..bf7601d2 100644 --- a/scripts/libmakepkg/tidy/staticlibs.sh.in +++ b/scripts/libmakepkg/tidy/staticlibs.sh.in @@ -34,7 +34,7 @@ tidy_staticlibs() { if check_option "staticlibs" "n"; then msg2 "$(gettext "Removing static library files...")" local l - while read -rd '' l; do + while IFS= read -rd '' l; do if [[ -f "${l%.a}.so" || -h "${l%.a}.so" ]]; then rm "$l" fi diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in index 99bfcada..1bd810f0 100644 --- a/scripts/libmakepkg/tidy/strip.sh.in +++ b/scripts/libmakepkg/tidy/strip.sh.in @@ -57,7 +57,7 @@ strip_file() { # copy source files to debug directory local f t - while read -r t; do + while IFS= read -r t; do f=${t/${dbgsrcdir}/"$srcdir"} mkdir -p "${dbgsrc/"$dbgsrcdir"/}${t%/*}" cp -- "$f" "${dbgsrc/"$dbgsrcdir"/}$t" @@ -69,7 +69,7 @@ strip_file() { objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" # create any needed hardlinks - while read -rd '' file ; do + while IFS= read -rd '' file ; do if [[ "${binary}" -ef "${file}" && ! -f "$dbgdir/${file}.debug" ]]; then mkdir -p "$dbgdir/${file%/*}" ln "$dbgdir/${binary}.debug" "$dbgdir/${file}.debug" @@ -110,7 +110,7 @@ tidy_strip() { fi local binary strip_flags - find . -type f -perm -u+w -print0 2>/dev/null | while read -rd '' binary ; do + find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd '' binary ; do case "$(file -bi "$binary")" in *application/x-sharedlib*) # Libraries (.so) strip_flags="$STRIP_SHARED";; diff --git a/scripts/libmakepkg/tidy/zipman.sh.in b/scripts/libmakepkg/tidy/zipman.sh.in index 3c2e261e..ba2f006c 100644 --- a/scripts/libmakepkg/tidy/zipman.sh.in +++ b/scripts/libmakepkg/tidy/zipman.sh.in @@ -35,9 +35,9 @@ tidy_zipman() { msg2 "$(gettext "Compressing man and info pages...")" local file files inode link while read -rd ' ' inode; do - read file - find ${MAN_DIRS[@]} -type l 2>/dev/null | - while read -r link ; do + IFS= read -r file + find "${MAN_DIRS[@]}" -type l -print0 2>/dev/null | + while IFS= read -rd '' link ; do if [[ "${file}" -ef "${link}" ]] ; then rm -f "$link" "${link}.gz" if [[ ${file%/*} = "${link%/*}" ]]; then @@ -55,7 +55,7 @@ tidy_zipman() { ln "${files[$inode]}.gz" "${file}.gz" chmod 644 "${file}.gz" fi - done < <(find ${MAN_DIRS[@]} -type f \! -name "*.gz" \! -name "*.bz2" \ + done < <(find "${MAN_DIRS[@]}" -type f \! -name "*.gz" \! -name "*.bz2" \ -exec @INODECMD@ '{}' + 2>/dev/null) fi } diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 997c8668..947a30c5 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ find_libdepends() { local libdeps filename soarch sofile soname soversion declare -A libdeps - while read -r filename; do + while IFS= read -rd '' filename; do # get architecture of the file; if soarch is empty it's not an ELF binary soarch=$(LC_ALL=C readelf -h "$filename" 2>/dev/null | sed -n 's/.*Class.*ELF\(32\|64\)/\1/p') [[ -n "$soarch" ]] || continue @@ -495,7 +495,7 @@ find_libdepends() { libdeps[$soname]="${soversion}-${soarch}" fi done - done < <(find "$pkgdir" -type f -perm -u+x) + done < <(find "$pkgdir" -type f -perm -u+x -print0) local libdepends v for d in "${depends[@]}"; do @@ -1320,7 +1320,7 @@ if (( INFAKEROOT )); then else run_split_packaging fi - + create_debug_package msg "$(gettext "Leaving %s environment.")" "fakeroot" |