diff options
author | Eli Schwartz <eschwartz93@gmail.com> | 2017-07-03 23:13:22 -0400 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2017-07-06 12:55:25 +1000 |
commit | 9c604af0a04cefaccba527e00d31d9ccd724f866 (patch) | |
tree | f402c0a8e42a7645783f1a64f39f978e4fcc77f7 | |
parent | 3c433abb54e8bc01bed0b2263ded0c339a58585a (diff) | |
download | pacman-9c604af0a04cefaccba527e00d31d9ccd724f866.tar.xz |
libmakepkg: fix unsanitized source filenames
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/libmakepkg/source/file.sh.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in index 1d85ea9b..41a5fb5c 100644 --- a/scripts/libmakepkg/source/file.sh.in +++ b/scripts/libmakepkg/source/file.sh.in @@ -96,7 +96,7 @@ extract_file() { fi # do not rely on extension for file type - local file_type=$(file -bizL "$file") + local file_type=$(file -bizL -- "$file") local ext=${file##*.} local cmd='' case "$file_type" in @@ -132,7 +132,7 @@ extract_file() { $cmd -xf "$file" || ret=$? else rm -f -- "${file%.*}" - $cmd -dcf "$file" > "${file%.*}" || ret=$? + $cmd -dcf -- "$file" > "${file%.*}" || ret=$? fi if (( ret )); then error "$(gettext "Failed to extract %s")" "$file" |