From b93dfa935f900d884f14d5be8949dc0ae85f1692 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Sat, 27 Apr 2019 22:54:17 -0400 Subject: scripts: protect against unintended glob matching in [[ ]] RHS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The right-hand side of the [[ ... = ... ]] keyword is an exception to the general rule that quoting is unnecessary with [[ This is usually not a problem, e.g. in libmakepkg, lint_one_pkgname will already fail if pkgname has an asterisk, but it certainly doesn't hurt to be "more proper" and go with the spec; it is more dangerous in repo-add, which can get caught in an infinite loop instead of safely asserting there is no package named 'foo*'. Reported-by: Rafael Ascensão Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in') diff --git a/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in b/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in index 0a9ddf67..df754d7e 100644 --- a/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in +++ b/scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in @@ -44,7 +44,7 @@ lint_checkdepends() { for checkdepend in "${checkdepends_list[@]}"; do name=${checkdepend%%@(<|>|=|>=|<=)*} lint_one_pkgname checkdepends "$name" || ret=1 - if [[ $name != $checkdepend ]]; then + if [[ $name != "$checkdepend" ]]; then ver=${checkdepend##$name@(<|>|=|>=|<=)} check_fullpkgver "$ver" checkdepends || ret=1 fi -- cgit v1.2.3-54-g00ecf