diff options
| author | Eli Schwartz <eschwartz@archlinux.org> | 2019-04-27 22:54:17 -0400 |
|---|---|---|
| committer | Allan McRae <allan@archlinux.org> | 2019-05-08 12:45:26 +1000 |
| commit | b93dfa935f900d884f14d5be8949dc0ae85f1692 (patch) | |
| tree | 6943b1414231c5ee5df6c41490d9d44d0346634f /scripts/libmakepkg/lint_pkgbuild | |
| parent | a0f4429e95240b8a275ab6c43c4b8d0b11cfcd5d (diff) | |
| download | pacman-b93dfa935f900d884f14d5be8949dc0ae85f1692.tar.xz | |
scripts: protect against unintended glob matching in [[ ]] RHS
The right-hand side of the [[ ... = ... ]] keyword is an exception to
the general rule that quoting is unnecessary with [[
This is usually not a problem, e.g. in libmakepkg, lint_one_pkgname will
already fail if pkgname has an asterisk, but it certainly doesn't hurt
to be "more proper" and go with the spec; it is more dangerous in
repo-add, which can get caught in an infinite loop instead of safely
asserting there is no package named 'foo*'.
Reported-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/lint_pkgbuild')
6 files changed, 6 insertions, 6 deletions
diff --git a/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in b/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in index 0a9ddf67..df754d7e 100644 --- a/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in @@ -44,7 +44,7 @@ lint_checkdepends() { for checkdepend in "${checkdepends_list[@]}"; do name=${checkdepend%%@(<|>|=|>=|<=)*} lint_one_pkgname checkdepends "$name" || ret=1 - if [[ $name != $checkdepend ]]; then + if [[ $name != "$checkdepend" ]]; then ver=${checkdepend##$name@(<|>|=|>=|<=)} check_fullpkgver "$ver" checkdepends || ret=1 fi diff --git a/scripts/libmakepkg/lint_pkgbuild/conflicts.sh.in b/scripts/libmakepkg/lint_pkgbuild/conflicts.sh.in index b61459e1..ee0e6f50 100644 --- a/scripts/libmakepkg/lint_pkgbuild/conflicts.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/conflicts.sh.in @@ -44,7 +44,7 @@ lint_conflicts() { for conflict in "${conflicts_list[@]}"; do name=${conflict%%@(<|>|=|>=|<=)*} lint_one_pkgname conflicts "$name" || ret=1 - if [[ $name != $conflict ]]; then + if [[ $name != "$conflict" ]]; then ver=${conflict##$name@(<|>|=|>=|<=)} check_fullpkgver "$ver" conflicts || ret=1 fi diff --git a/scripts/libmakepkg/lint_pkgbuild/depends.sh.in b/scripts/libmakepkg/lint_pkgbuild/depends.sh.in index aba43825..3fe9614f 100644 --- a/scripts/libmakepkg/lint_pkgbuild/depends.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/depends.sh.in @@ -44,7 +44,7 @@ lint_depends() { for depend in "${depends_list[@]}"; do name=${depend%%@(<|>|=|>=|<=)*} lint_one_pkgname depends "$name" || ret=1 - if [[ $name != $depend ]]; then + if [[ $name != "$depend" ]]; then ver=${depend##$name@(<|>|=|>=|<=)} # Don't validate empty version because of https://bugs.archlinux.org/task/58776 if [[ -n $ver ]]; then diff --git a/scripts/libmakepkg/lint_pkgbuild/makedepends.sh.in b/scripts/libmakepkg/lint_pkgbuild/makedepends.sh.in index 20c7f7dc..ed1c1120 100644 --- a/scripts/libmakepkg/lint_pkgbuild/makedepends.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/makedepends.sh.in @@ -44,7 +44,7 @@ lint_makedepends() { for makedepend in "${makedepends_list[@]}"; do name=${makedepend%%@(<|>|=|>=|<=)*} lint_one_pkgname makedepends "$name" || ret=1 - if [[ $name != $makedepend ]]; then + if [[ $name != "$makedepend" ]]; then ver=${makedepend##$name@(<|>|=|>=|<=)} check_fullpkgver "$ver" makedepends || ret=1 fi diff --git a/scripts/libmakepkg/lint_pkgbuild/optdepends.sh.in b/scripts/libmakepkg/lint_pkgbuild/optdepends.sh.in index 505ee848..ef7078d1 100644 --- a/scripts/libmakepkg/lint_pkgbuild/optdepends.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/optdepends.sh.in @@ -44,7 +44,7 @@ lint_optdepends() { for optdepend in "${optdepends_list[@]%%:[[:space:]]*}"; do name=${optdepend%%@(<|>|=|>=|<=)*} lint_one_pkgname optdepends "$name" || ret=1 - if [[ $name != $optdepend ]]; then + if [[ $name != "$optdepend" ]]; then ver=${optdepend##$name@(<|>|=|>=|<=)} check_fullpkgver "$ver" optdepends || ret=1 fi diff --git a/scripts/libmakepkg/lint_pkgbuild/provides.sh.in b/scripts/libmakepkg/lint_pkgbuild/provides.sh.in index 5a529728..41b4c6b9 100644 --- a/scripts/libmakepkg/lint_pkgbuild/provides.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/provides.sh.in @@ -49,7 +49,7 @@ lint_provides() { fi name=${provide%=*} lint_one_pkgname provides "$name" || ret=1 - if [[ $name != $provide ]]; then + if [[ $name != "$provide" ]]; then ver=${provide##$name=} check_fullpkgver "$ver" provides || ret=1 fi |