extfs shell scripts fixed patch
- From: Leonard den Ottolander <leonard den ottolander nl>
- To: MC Devel <mc-devel gnome org>
- Subject: extfs shell scripts fixed patch
- Date: Tue, 05 Oct 2004 21:11:53 +0200
Hi,
Next to the perl script quote fixes (CAN-2004-0494) SuSE has released
fixes to three shell scripts in extfs. These are audio.in, hp48.in and
trpm. Fixes to the first seem complete, but not the fixes to trpm.
Although I have no idea how to test trpm I think the attached patch
should be more complete than SuSE's fix. Please check the fixes to trpm
for validity and completeness.
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
--- vfs/extfs/audio.in.orig 2003-08-09 00:07:16.000000000 +0200
+++ vfs/extfs/audio.in 2004-09-29 11:10:51.000000000 +0200
@@ -16,7 +16,7 @@ audiofs_list ()
{
DATE=`date +"%b %d %H:%M"`
echo "-r--r--r-- 1 0 0 0 $DATE CDDB"
- cdparanoia -Q -d $1 2>&1 | grep '^[ 0-9][ 0-9][ 0-9]\.' | while read A B C
+ cdparanoia -Q -d "$1" 2>&1 | grep '^[ 0-9][ 0-9][ 0-9]\.' | while read A B C
do
A=`echo $A | sed -e 's/\.//' -e 's/^\(.\)$/0\1/'`
SIZE=`expr 44 + $B \* 2352`
@@ -27,15 +27,15 @@ audiofs_list ()
audiofs_copyout ()
{
if [ "$2" == "CDDB" ]; then
- DISCID=`cd-discid $1 | tr " " "+"`
+ DISCID=`cd-discid "$1" | tr " " "+"`
if [ -z "$DISCID" ]; then
exit 1
fi
- RESPONSE=`wget -q -T $CDDB_TIMEOUT -O - "$CDDB_SERVER/~cddb/cddb.cgi?cmd=cddb+query+$DISCID&$CDDB_HANDSHAKE" | tee $3 | @AWK@ '/^200/ { print $2,$3; }'`
+ RESPONSE=`wget -q -T $CDDB_TIMEOUT -O - "$CDDB_SERVER/~cddb/cddb.cgi?cmd=cddb+query+$DISCID&$CDDB_HANDSHAKE" | tee "$3" | @AWK@ '/^200/ { print $2,$3; }'`
wget -q -T $CDDB_TIMEOUT -O - "$CDDB_SERVER/~cddb/cddb.cgi?cmd=cddb+read+$RESPONSE&$CDDB_HANDSHAKE" | grep -v "^#" >> $3
else
- TRACK=`echo $2 | sed 's/track-0*//' | sed 's/\.wav//'`
- cdparanoia -q -d $1 $TRACK $3 >/dev/null
+ TRACK=`echo "$2" | sed 's/track-0*//' | sed 's/\.wav//'`
+ cdparanoia -q -d "$1" $TRACK "$3" >/dev/null
fi
}
@@ -47,7 +47,7 @@ else
fi
case "$1" in
- list) audiofs_list $BASE; exit 0;;
- copyout) audiofs_copyout $BASE $3 $4; exit 0;;
+ list) audiofs_list "$BASE"; exit 0;;
+ copyout) audiofs_copyout "$BASE" "$3" "$4"; exit 0;;
esac
exit 1
--- vfs/extfs/hp48.in
+++ vfs/extfs/hp48.in
@@ -52,12 +52,20 @@
{
HP48_DIRS=
read INPUT
+if ! [ -z "$INPUT" ]; then
+ CHECK=${INPUT//[0-9a-zA-Z\.\/ ]/}
+ if ! [ "$CHECK" = "" ]; then
+ echo Invalid character in response >&2
+ exit 1
+ fi
+fi
+
while [ "$INPUT" != "EOF" ]
do
case `echo $INPUT | $AWK '{if (int($2)) if ($3=="Directory") print "dir";else print "file"}'` in
dir) HP48_DIRS="$HP48_DIRS `hp48_retdir $INPUT`"
- printf "drwxr-xr-x 1 %-8d %-8d %8d %s %s\n" 0 0 `hp48_retsize $INPUT` "`date +\"%b %d %Y %k:%M"`" "$HP48_CDIR/`hp48_retdir $INPUT`";;
- file) printf "-rw-r--r-- 1 %-8d %-8d %8d %s %s\n" 0 0 `hp48_retsize $INPUT` "`date +"%b %d %Y %k:%M"`" "$HP48_CDIR/`hp48_retdir $INPUT`";;
+ printf "drwxr-xr-x 1 %-8d %-8d %8d %s %s\n" 0 0 `hp48_retsize $INPUT` "`date +\"%b %d %Y %k:%M\"`" "$HP48_CDIR/`hp48_retdir $INPUT`";;
+ file) printf "-rw-r--r-- 1 %-8d %-8d %8d %s %s\n" 0 0 `hp48_retsize $INPUT` "`date +\"%b %d %Y %k:%M\"`" "$HP48_CDIR/`hp48_retdir $INPUT`";;
esac
read INPUT
done
@@ -78,7 +86,17 @@
LC_ALL=C
export LC_ALL
-case $1 in
+# $2 is not used, $4 is trusted
+if ! [ -z "$3" ]; then
+ CHECK=${3//[0-9a-zA-Z\.\/]/}
+ if ! [ "$CHECK" = "" ]; then
+ echo Invalid character in file name >&2
+ exit 1
+ fi
+fi
+
+
+case "$1" in
list) HP48_CDIR=
hp48_cmd HOST HOME >/dev/null
hp48_list
--- vfs/extfs/trpm.orig 2003-05-30 22:27:08.000000000 +0200
+++ vfs/extfs/trpm 2004-09-29 11:58:07.000000000 +0200
@@ -19,6 +19,17 @@ unset LC_ALL
LC_TIME=C
export LC_TIME
+if rpm --nosignature --version >/dev/null 2>&1; then
+ RPM="rpm --nosignature"
+else
+ RPM="rpm"
+fi
+
+SED="sed"
+# Surround the whole filename with single quotes and handle specially
+# \', ' and \ at the end of the string.
+SEDCMD="s/\\(\\\\\\?\\)'/'\\1\\1\\\\''/g;s/\\\\\$/'\\\\\\\\'/;s/^/'/;s/\$/'/"
+
mcrpmfs_list ()
{
# set MCFASTRPM_DFLT to 1 for faster rpm files handling by default, to 0 for
@@ -27,9 +38,10 @@ mcrpmfs_list ()
if test -z "$MCFASTRPM"; then
MCFASTRPM=$MCFASTRPM_DFLT
fi
+ f="`echo "$1" | $SED "$SEDCMD"`"
FILEPREF="-r--r--r-- 1 root root "
- DESC=`rpm -qi $1`
- DATE=`rpm -q --qf "%{BUILDTIME:date}" $1 | cut -c 5-11,21-24`
+ DESC=`$RPM -qi "$f"`
+ DATE=`$RPM -q --qf "%{BUILDTIME:date}" "$f" | cut -c 5-11,21-24`
HEADERSIZE=`echo "$DESC" | wc -c`
echo "-r--r--r-- 1 root root $HEADERSIZE $DATE HEADER"
echo "-r-xr-xr-x 1 root root 39 $DATE UNINSTALL"
@@ -39,25 +51,25 @@ mcrpmfs_list ()
echo "$FILEPREF 0 $DATE INFO/BUILDHOST"
echo "$FILEPREF 0 $DATE INFO/SOURCERPM"
if test "$MCFASTRPM" = 0 ; then
- test "`rpm -q --qf \"%{DISTRIBUTION}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{DISTRIBUTION}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/DISTRIBUTION"
- test "`rpm -q --qf \"%{VENDOR}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{VENDOR}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/VENDOR"
- test "`rpm -q --qf \"%{DESCRIPTION}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{DESCRIPTION}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/DESCRIPTION"
- test "`rpm -q --qf \"%{SUMMARY}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{SUMMARY}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/SUMMARY"
- if test "`rpm -q --qf \"%{RPMTAG_PREIN}%{RPMTAG_POSTIN}%{RPMTAG_PREUN}%{RPMTAG_POSTUN}%{VERIFYSCRIPT}\" $1`" != "(none)(none)(none)(none)(none)"; then
+ if test "`$RPM -q --qf \"%{RPMTAG_PREIN}%{RPMTAG_POSTIN}%{RPMTAG_PREUN}%{RPMTAG_POSTUN}%{VERIFYSCRIPT}\" "$f"`" != "(none)(none)(none)(none)(none)"; then
echo "dr-xr-xr-x 1 root root 0 $DATE INFO/SCRIPTS"
- test "`rpm -q --qf \"%{RPMTAG_PREIN}\" $1`" = '(none)' ||
+ test "`$RPM -q --qf \"%{RPMTAG_PREIN}\" "$f"`" = '(none)' ||
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/PREIN"
- test "`rpm -q --qf \"%{RPMTAG_POSTIN}\" $1`" = '(none)' ||
+ test "`$RPM -q --qf \"%{RPMTAG_POSTIN}\" "$f"`" = '(none)' ||
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/POSTIN"
- test "`rpm -q --qf \"%{RPMTAG_PREUN}\" $1`" = '(none)' ||
+ test "`$RPM -q --qf \"%{RPMTAG_PREUN}\" "$f"`" = '(none)' ||
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/PREUN"
- test "`rpm -q --qf \"%{RPMTAG_POSTUN}\" $1`" = '(none)' ||
+ test "`$RPM -q --qf \"%{RPMTAG_POSTUN}\" "$f"`" = '(none)' ||
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/POSTUN"
- test "`rpm -q --qf \"%{VERIFYSCRIPT}\" $1`" = '(none)' ||
+ test "`$RPM -q --qf \"%{VERIFYSCRIPT}\" "$f"`" = '(none)' ||
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/VERIFYSCRIPT"
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/ALL"
fi
@@ -75,88 +87,99 @@ mcrpmfs_list ()
echo "$FILEPREF 0 $DATE INFO/SCRIPTS/ALL"
fi
if test "$MCFASTRPM" = 0 ; then
- test "`rpm -q --qf \"%{PACKAGER}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{PACKAGER}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/PACKAGER"
- test "`rpm -q --qf \"%{URL}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{URL}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/URL"
- test "`rpm -q --qf \"%{SERIAL}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{SERIAL}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/SERIAL"
- test "`rpm -q --qf \"%{COPYRIGHT}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{COPYRIGHT}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/COPYRIGHT"
+ test "`$RPM -q --qf \"%{LICENSE}\" "$f"`" = "(none)" ||
+ echo "$FILEPREF 0 $DATE INFO/LICENSE"
else
echo "$FILEPREF 0 $DATE INFO/PACKAGER"
echo "$FILEPREF 0 $DATE INFO/URL"
echo "$FILEPREF 0 $DATE INFO/SERIAL"
echo "$FILEPREF 0 $DATE INFO/COPYRIGHT"
+ echo "$FILEPREF 0 $DATE INFO/LICENSE"
fi
echo "$FILEPREF 0 $DATE INFO/BUILDTIME"
echo "$FILEPREF 0 $DATE INFO/RPMVERSION"
echo "$FILEPREF 0 $DATE INFO/OS"
echo "$FILEPREF 0 $DATE INFO/SIZE"
if test "$MCFASTRPM" != 0 ; then
- rpm -q --qf "[%{REQUIRENAME}\n]" $1 | grep "(none)" > /dev/null ||
+ $RPM -q --qf "[%{REQUIRENAME}\n]" "$f" | grep "(none)" > /dev/null ||
echo "$FILEPREF 0 $DATE INFO/REQUIRENAME"
- rpm -q --qf "[%{PROVIDES}\n]" $1 | grep "(none)" > /dev/null ||
+ $RPM -q --qf "[%{OBSOLETES}\n]" "$f" | grep "(none)" > /dev/null ||
+ echo "$FILEPREF 0 $DATE INFO/OBSOLETES"
+ $RPM -q --qf "[%{PROVIDES}\n]" "$f" | grep "(none)" > /dev/null ||
echo "$FILEPREF 0 $DATE INFO/PROVIDES"
- test "`rpm -q --qf \"%{CHANGELOGTEXT}\" $1`" = "(none)" ||
+ test "`$RPM -q --qf \"%{CHANGELOGTEXT}\" "$f"`" = "(none)" ||
echo "$FILEPREF 0 $DATE INFO/CHANGELOG"
else
echo "$FILEPREF 0 $DATE INFO/REQUIRENAME"
+ echo "$FILEPREF 0 $DATE INFO/OBSOLETES"
echo "$FILEPREF 0 $DATE INFO/PROVIDES"
echo "$FILEPREF 0 $DATE INFO/CHANGELOG"
fi
- rpm -qlv $1 | grep '^[A-Za-z0-9-]'
+ $RPM -qlv "$f" | grep '^[A-Za-z0-9-]'
}
mcrpmfs_copyout ()
{
+ f="`echo "$1" | $SED "$SEDCMD"`"
case "$2" in
- HEADER) rpm -qi $1 > $3; exit 0;;
- UNINSTALL) echo "# Run this to uninstall this RPM package" > $3; exit 0;;
- INFO/NAME-VERSION-RELEASE) rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" $1 > $3; exit 0;;
- INFO/RELEASE) rpm -q --qf "%{RELEASE}\n" $1 > $3; exit 0;;
- INFO/GROUP) rpm -q --qf "%{GROUP}\n" $1 > $3; exit 0;;
- INFO/DISTRIBUTION) rpm -q --qf "%{DISTRIBUTION}\n" $1 > $3; exit 0;;
- INFO/VENDOR) rpm -q --qf "%{VENDOR}\n" $1 > $3; exit 0;;
- INFO/BUILDHOST) rpm -q --qf "%{BUILDHOST}\n" $1 > $3; exit 0;;
- INFO/SOURCERPM) rpm -q --qf "%{SOURCERPM}\n" $1 > $3; exit 0;;
- INFO/DESCRIPTION) rpm -q --qf "%{DESCRIPTION}\n" $1 > $3; exit 0;;
- INFO/PACKAGER) rpm -q --qf "%{PACKAGER}\n" $1 > $3; exit 0;;
- INFO/URL) rpm -q --qf "%{URL}\n" $1 >$3; exit 0;;
- INFO/BUILDTIME) rpm -q --qf "%{BUILDTIME:date}\n" $1 >$3; exit 0;;
- INFO/SERIAL) rpm -q --qf "%{SERIAL}\n" $1 >$3; exit 0;;
- INFO/COPYRIGHT) rpm -q --qf "%{COPYRIGHT}\n" $1 >$3; exit 0;;
- INFO/RPMVERSION) rpm -q --qf "%{RPMVERSION}\n" $1 >$3; exit 0;;
- INFO/REQUIRENAME) rpm -q --qf "[%{REQUIRENAME} %{REQUIREFLAGS:depflags} %{REQUIREVERSION}\n]" $1 >$3; exit 0;;
- INFO/PROVIDES) rpm -q --qf "[%{PROVIDES}\n]" $1 >$3; exit 0;;
- INFO/SCRIPTS/PREIN) rpm -q --qf "%{RPMTAG_PREIN}\n" $1 >$3; exit 0;;
- INFO/SCRIPTS/POSTIN) rpm -q --qf "%{RPMTAG_POSTIN}\n" $1 >$3; exit 0;;
- INFO/SCRIPTS/PREUN) rpm -q --qf "%{RPMTAG_PREUN}\n" $1 >$3; exit 0;;
- INFO/SCRIPTS/POSTUN) rpm -q --qf "%{RPMTAG_POSTUN}\n" $1 >$3; exit 0;;
- INFO/SCRIPTS/VERIFYSCRIPT) rpm -q --qf "%{VERIFYSCRIPT}\n" $1 >$3; exit 0;;
- INFO/SCRIPTS/ALL) rpm -q --scripts $1 > $3; exit 0;;
- INFO/SUMMARY) rpm -q --qf "%{SUMMARY}\n" $1 > $3; exit 0;;
- INFO/OS) rpm -q --qf "%{OS}\n" $1 > $3; exit 0;;
- INFO/CHANGELOG) rpm -q --qf "[* %{CHANGELOGTIME:date} %{CHANGELOGNAME}\n%{CHANGELOGTEXT}\n\n]\n" $1 > $3; exit 0;;
- INFO/SIZE) rpm -q --qf "%{SIZE} bytes\n" $1 > $3; exit 0;;
+ HEADER) $RPM -qi "$f" > "$3"; exit 0;;
+ UNINSTALL) echo "# Run this to uninstall this RPM package" > "$3"; exit 0;;
+ INFO/NAME-VERSION-RELEASE) $RPM -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" "$f" > "$3"; exit 0;;
+ INFO/RELEASE) $RPM -q --qf "%{RELEASE}\n" "$f" > "$3"; exit 0;;
+ INFO/GROUP) $RPM -q --qf "%{GROUP}\n" "$f" > "$3"; exit 0;;
+ INFO/DISTRIBUTION) $RPM -q --qf "%{DISTRIBUTION}\n" "$f" > "$3"; exit 0;;
+ INFO/VENDOR) $RPM -q --qf "%{VENDOR}\n" "$f" > "$3"; exit 0;;
+ INFO/BUILDHOST) $RPM -q --qf "%{BUILDHOST}\n" "$f" > "$3"; exit 0;;
+ INFO/SOURCERPM) $RPM -q --qf "%{SOURCERPM}\n" "$f" > "$3"; exit 0;;
+ INFO/DESCRIPTION) $RPM -q --qf "%{DESCRIPTION}\n" "$f" > "$3"; exit 0;;
+ INFO/PACKAGER) $RPM -q --qf "%{PACKAGER}\n" "$f" > "$3"; exit 0;;
+ INFO/URL) $RPM -q --qf "%{URL}\n" "$f" > "$3"; exit 0;;
+ INFO/BUILDTIME) $RPM -q --qf "%{BUILDTIME:date}\n" "$f" > "$3"; exit 0;;
+ INFO/SERIAL) $RPM -q --qf "%{SERIAL}\n" "$f" > "$3"; exit 0;;
+ INFO/COPYRIGHT) $RPM -q --qf "%{COPYRIGHT}\n" "$f" > "$3"; exit 0;;
+ INFO/LICENSE) $RPM -q --qf "%{LICENSE}\n" "$f" > "$3"; exit 0;;
+ INFO/RPMVERSION) $RPM -q --qf "%{RPMVERSION}\n" "$f" > "$3"; exit 0;;
+ INFO/REQUIRENAME) $RPM -q --qf "[%{REQUIRENAME} %{REQUIREFLAGS:depflags} %{REQUIREVERSION}\n]" "$f" > "$3"; exit 0;;
+ INFO/PROVIDES) $RPM -q --qf "[%{PROVIDES}\n]" "$f" > "$3"; exit 0;;
+ INFO/SCRIPTS/PREIN) $RPM -q --qf "%{RPMTAG_PREIN}\n" "$f" > "$3"; exit 0;;
+ INFO/SCRIPTS/POSTIN) $RPM -q --qf "%{RPMTAG_POSTIN}\n" "$f" > "$3"; exit 0;;
+ INFO/SCRIPTS/PREUN) $RPM -q --qf "%{RPMTAG_PREUN}\n" "$f" > $3; exit 0;;
+ INFO/SCRIPTS/POSTUN) $RPM -q --qf "%{RPMTAG_POSTUN}\n" "$f" > "$3"; exit 0;;
+ INFO/SCRIPTS/VERIFYSCRIPT) $RPM -q --qf "%{VERIFYSCRIPT}\n" "$f" > "$3"; exit 0;;
+ INFO/SCRIPTS/ALL) $RPM -q --scripts "$f" > "$3"; exit 0;;
+ INFO/SUMMARY) $RPM -q --qf "%{SUMMARY}\n" "$f" > "$3"; exit 0;;
+ INFO/OS) $RPM -q --qf "%{OS}\n" "$f" > "$3"; exit 0;;
+ INFO/CHANGELOG) $RPM -q --qf "[* %{CHANGELOGTIME:date} %{CHANGELOGNAME}\n%{CHANGELOGTEXT}\n\n]\n" "$f" > "$3"; exit 0;;
+ INFO/SIZE) $RPM -q --qf "%{SIZE} bytes\n" "$f" > "$3"; exit 0;;
+ INFO/SIZE) $RPM -q --qf "%{SIZE} bytes\n" "$f" > "$3"; exit 0;;
+ INFO/OBSOLETES) $RPM -q --qf "[%{OBSOLETENAME} %|OBSOLETEFLAGS?{%{OBSOLETEFLAGS:depflags} %{OBSOLETEVERSION}}:{}|\n]" "$f" > "$3"; exit 0;;
*)
- cp /$2 $3
+ cp "/$2" "$3"
esac
}
mcrpmfs_run ()
{
+ f="`echo "$1" | $SED "$SEDCMD"`"
case "$2" in
- UNINSTALL) echo "Uninstalling $1"; rpm -e $1; exit 0;;
+ UNINSTALL) echo "Uninstalling $1"; rpm -e "$f"; exit 0;;
esac
}
name=`sed 's/.*\///;s/\.trpm$//' "$2"`
case "$1" in
- list) mcrpmfs_list $name; exit 0;;
- copyout) mcrpmfs_copyout $name $3 $4; exit 0;;
- run) mcrpmfs_run $name $3; exit 1;;
+ list) mcrpmfs_list "$name"; exit 0;;
+ copyout) mcrpmfs_copyout "$name" "$3" "$4"; exit 0;;
+ run) mcrpmfs_run "$name" "$3"; exit 1;;
esac
exit 1
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]