mirror of
https://github.com/moparisthebest/pacman
synced 2024-12-22 15:58:50 -05:00
ee207d7c7b
This eval enables the following in a PKGBUILD to "just work": source=('$pkgname-$pkgver.tar.gz'::'https://host/$pkgver.tar.gz') This has at least two problems: - It violated the principle of least surprise. - It could be a security issue since URLs are arbitrary input. Instead, expand the dlagent command line into an array, replace the %o, %u place holders, and run the resultant command line as is. Embedded spaces in the DLAGENTS entry can be escaped with a backslash. Fixes FS#41682 Signed-off-by: Allan McRae <allan@archlinux.org> |
||
---|---|---|
.. | ||
library | ||
po | ||
.gitignore | ||
Makefile.am | ||
makepkg-template.pl.in | ||
makepkg-wrapper.sh.in | ||
makepkg.sh.in | ||
pacman-db-upgrade.sh.in | ||
pacman-key.sh.in | ||
pacman-optimize.sh.in | ||
pkgdelta.sh.in | ||
repo-add.sh.in |