From 9c604af0a04cefaccba527e00d31d9ccd724f866 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 3 Jul 2017 23:13:22 -0400 Subject: libmakepkg: fix unsanitized source filenames There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- scripts/libmakepkg/source/file.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in index 1d85ea9b..41a5fb5c 100644 --- a/scripts/libmakepkg/source/file.sh.in +++ b/scripts/libmakepkg/source/file.sh.in @@ -96,7 +96,7 @@ extract_file() { fi # do not rely on extension for file type - local file_type=$(file -bizL "$file") + local file_type=$(file -bizL -- "$file") local ext=${file##*.} local cmd='' case "$file_type" in @@ -132,7 +132,7 @@ extract_file() { $cmd -xf "$file" || ret=$? else rm -f -- "${file%.*}" - $cmd -dcf "$file" > "${file%.*}" || ret=$? + $cmd -dcf -- "$file" > "${file%.*}" || ret=$? fi if (( ret )); then error "$(gettext "Failed to extract %s")" "$file" -- cgit v1.2.3-70-g09d2