From a745d97c174ef1d85649b2a8ad7ca22e3dea9e58 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Sun, 27 Oct 2019 03:05:10 -0400 Subject: makepkg: protect against unexpected whitespace in filenames zipman: read -r protects against those evil manpages whose filenames contain backslash escapes, (muahahaha?) IFS= read protects against filenames with: - leading whitespace (but no one is actually stupid enough to configure their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?) - trailing whitespace (but likewise, no one should be stupid enough to write an uncompressed manpage for section '1 ' or something) Also fix several other cases where we read filenames without protecting against surrounding whitespace, or without using null-delimited filenames when we could trivially do so. Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- scripts/libmakepkg/tidy/staticlibs.sh.in | 2 +- scripts/libmakepkg/tidy/strip.sh.in | 6 +++--- scripts/libmakepkg/tidy/zipman.sh.in | 8 ++++---- scripts/makepkg.sh.in | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/scripts/libmakepkg/tidy/staticlibs.sh.in b/scripts/libmakepkg/tidy/staticlibs.sh.in index eaa6ac8a..bf7601d2 100644 --- a/scripts/libmakepkg/tidy/staticlibs.sh.in +++ b/scripts/libmakepkg/tidy/staticlibs.sh.in @@ -34,7 +34,7 @@ tidy_staticlibs() { if check_option "staticlibs" "n"; then msg2 "$(gettext "Removing static library files...")" local l - while read -rd '' l; do + while IFS= read -rd '' l; do if [[ -f "${l%.a}.so" || -h "${l%.a}.so" ]]; then rm "$l" fi diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in index 99bfcada..1bd810f0 100644 --- a/scripts/libmakepkg/tidy/strip.sh.in +++ b/scripts/libmakepkg/tidy/strip.sh.in @@ -57,7 +57,7 @@ strip_file() { # copy source files to debug directory local f t - while read -r t; do + while IFS= read -r t; do f=${t/${dbgsrcdir}/"$srcdir"} mkdir -p "${dbgsrc/"$dbgsrcdir"/}${t%/*}" cp -- "$f" "${dbgsrc/"$dbgsrcdir"/}$t" @@ -69,7 +69,7 @@ strip_file() { objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" # create any needed hardlinks - while read -rd '' file ; do + while IFS= read -rd '' file ; do if [[ "${binary}" -ef "${file}" && ! -f "$dbgdir/${file}.debug" ]]; then mkdir -p "$dbgdir/${file%/*}" ln "$dbgdir/${binary}.debug" "$dbgdir/${file}.debug" @@ -110,7 +110,7 @@ tidy_strip() { fi local binary strip_flags - find . -type f -perm -u+w -print0 2>/dev/null | while read -rd '' binary ; do + find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd '' binary ; do case "$(file -bi "$binary")" in *application/x-sharedlib*) # Libraries (.so) strip_flags="$STRIP_SHARED";; diff --git a/scripts/libmakepkg/tidy/zipman.sh.in b/scripts/libmakepkg/tidy/zipman.sh.in index 3c2e261e..ba2f006c 100644 --- a/scripts/libmakepkg/tidy/zipman.sh.in +++ b/scripts/libmakepkg/tidy/zipman.sh.in @@ -35,9 +35,9 @@ tidy_zipman() { msg2 "$(gettext "Compressing man and info pages...")" local file files inode link while read -rd ' ' inode; do - read file - find ${MAN_DIRS[@]} -type l 2>/dev/null | - while read -r link ; do + IFS= read -r file + find "${MAN_DIRS[@]}" -type l -print0 2>/dev/null | + while IFS= read -rd '' link ; do if [[ "${file}" -ef "${link}" ]] ; then rm -f "$link" "${link}.gz" if [[ ${file%/*} = "${link%/*}" ]]; then @@ -55,7 +55,7 @@ tidy_zipman() { ln "${files[$inode]}.gz" "${file}.gz" chmod 644 "${file}.gz" fi - done < <(find ${MAN_DIRS[@]} -type f \! -name "*.gz" \! -name "*.bz2" \ + done < <(find "${MAN_DIRS[@]}" -type f \! -name "*.gz" \! -name "*.bz2" \ -exec @INODECMD@ '{}' + 2>/dev/null) fi } diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 997c8668..947a30c5 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ find_libdepends() { local libdeps filename soarch sofile soname soversion declare -A libdeps - while read -r filename; do + while IFS= read -rd '' filename; do # get architecture of the file; if soarch is empty it's not an ELF binary soarch=$(LC_ALL=C readelf -h "$filename" 2>/dev/null | sed -n 's/.*Class.*ELF\(32\|64\)/\1/p') [[ -n "$soarch" ]] || continue @@ -495,7 +495,7 @@ find_libdepends() { libdeps[$soname]="${soversion}-${soarch}" fi done - done < <(find "$pkgdir" -type f -perm -u+x) + done < <(find "$pkgdir" -type f -perm -u+x -print0) local libdepends v for d in "${depends[@]}"; do @@ -1320,7 +1320,7 @@ if (( INFAKEROOT )); then else run_split_packaging fi - + create_debug_package msg "$(gettext "Leaving %s environment.")" "fakeroot" -- cgit v1.2.3-24-g4f1b