1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00
pacman/scripts
lolilolicon ee207d7c7b makepkg: do not eval dlcmd
This eval enables the following in a PKGBUILD to "just work":

  source=('$pkgname-$pkgver.tar.gz'::'https://host/$pkgver.tar.gz')

This has at least two problems:

- It violated the principle of least surprise.
- It could be a security issue since URLs are arbitrary input.

Instead, expand the dlagent command line into an array, replace the %o,
%u place holders, and run the resultant command line as is.

Embedded spaces in the DLAGENTS entry can be escaped with a backslash.

Fixes FS#41682

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-15 09:32:29 +10:00
..
library Consistently use 'directory' instead of 'folder' 2014-01-28 21:37:00 +10:00
po Do not remove source code references in PO/POT files 2014-02-02 16:32:55 +10:00
.gitignore makepkg: run locally with libtool style wrapper 2013-10-14 13:01:03 +10:00
Makefile.am Do not check makepkg-wrapper for standard options 2014-05-23 16:02:18 +10:00
makepkg-template.pl.in Update copyright years for 2014 2014-01-06 14:38:50 +10:00
makepkg-wrapper.sh.in Update copyright years for 2014 2014-01-06 14:38:50 +10:00
makepkg.sh.in makepkg: do not eval dlcmd 2014-09-15 09:32:29 +10:00
pacman-db-upgrade.sh.in Remove ts and sw from vim modeline when noet is set 2014-01-28 20:19:25 +10:00
pacman-key.sh.in pacman-key: stricter parsing for -verify 2014-08-09 17:29:08 +10:00
pacman-optimize.sh.in Remove ts and sw from vim modeline when noet is set 2014-01-28 20:19:25 +10:00
pkgdelta.sh.in Remove ts and sw from vim modeline when noet is set 2014-01-28 20:19:25 +10:00
repo-add.sh.in repo-add: declare pkgbase as local 2014-03-27 15:46:07 +10:00