summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz93@gmail.com>2017-07-03 23:13:22 -0400
committerAllan McRae <allan@archlinux.org>2017-07-06 12:55:25 +1000
commit9c604af0a04cefaccba527e00d31d9ccd724f866 (patch)
treef402c0a8e42a7645783f1a64f39f978e4fcc77f7
parent3c433abb54e8bc01bed0b2263ded0c339a58585a (diff)
downloadpacman-9c604af0a04cefaccba527e00d31d9ccd724f866.tar.xz
libmakepkg: fix unsanitized source filenames
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/libmakepkg/source/file.sh.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in
index 1d85ea9b..41a5fb5c 100644
--- a/scripts/libmakepkg/source/file.sh.in
+++ b/scripts/libmakepkg/source/file.sh.in
@@ -96,7 +96,7 @@ extract_file() {
fi
# do not rely on extension for file type
- local file_type=$(file -bizL "$file")
+ local file_type=$(file -bizL -- "$file")
local ext=${file##*.}
local cmd=''
case "$file_type" in
@@ -132,7 +132,7 @@ extract_file() {
$cmd -xf "$file" || ret=$?
else
rm -f -- "${file%.*}"
- $cmd -dcf "$file" > "${file%.*}" || ret=$?
+ $cmd -dcf -- "$file" > "${file%.*}" || ret=$?
fi
if (( ret )); then
error "$(gettext "Failed to extract %s")" "$file"