mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-22 08:58:47 +00:00
Code Issues Releases Activity

Fix for CAN-2004-0494.

Browse Source 
Approved by:	portmgr
Obtained from:	Fedora Core
This commit is contained in:
Max Khon 2004-09-10 14:55:50 +00:00
parent d6383a553b
commit 50f8d1588c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=118145
8 changed files with 686 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
misc/mc/Makefile
View File

@ -7,7 +7,7 @@
PORTNAME= mc
PORTVERSION= 4.6.0
PORTREVISION= 12
PORTREVISION= 13
CATEGORIES= misc shells
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= utils/file/managers/mc/

22
misc/mc/files/patch-vfs-extfs
View File

@ -1,25 +1,3 @@
--- vfs/extfs/deb.in.orig Thu Dec 12 02:57:00 2002
+++ vfs/extfs/deb.in Tue Jun 15 03:15:09 2004
@@ -149,15 +149,10 @@
}
else
{
- $suffix = "aaa";
- while (1) {
- $tmpdir = "/tmp/mcdebfs.run".$$.$suffix;
- last if mkdir $tmpdir, 0700;
- $suffix++;
- # Somebody is being really nasty, give up
- exit 1 if $suffix eq "zzz";
- }
-
+ use File::Temp qw(mkdtemp);
+ my $template = "/tmp/mcdebfs.run.XXXXXX";
+ $template="$ENV{MC_TMPDIR}/mcdebfs.XXXXXX" if ($ENV{MC_TMPDIR});
+ $tmpdir = mkdtemp($template);
$tmpcmd="$tmpdir/run";
&mcdebfs_copyout($archive, $filename, $tmpcmd);
system("chmod u+x $tmpcmd");
--- vfs/extfs/rpm.orig Sun Dec 29 15:19:39 2002
+++ vfs/extfs/rpm Tue Jun 15 03:25:41 2004
@@ -1,14 +1,17 @@

83
misc/mc/files/patch-vfs-extfs-a.in Normal file
View File

@ -0,0 +1,83 @@
--- vfs/extfs/a.in.orig Thu Dec 12 02:57:00 2002
+++ vfs/extfs/a.in Fri Sep 10 16:09:30 2004
@@ -8,6 +8,13 @@
#
# These mtools components must be in PATH for this to work
+
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
+}
+
$mmd = "mmd";
$mrd = "mrd";
$mdel = "mdel";
@@ -15,7 +22,7 @@
$mcopy = "mcopy -noQ";
$0 =~ s|.*/||;
-$disk = $0;
+$qdisk = quote($0);
$ENV{MTOOLS_DATE_STRING} = "mm-dd-yyyy";
$ENV{MTOOLS_TWENTY_FOUR_HOUR_CLOCK} = "1";
@@ -29,29 +36,36 @@
/mkdir/ && do {
shift; shift;
exit 1 if scalar(@ARGV) != 1;
- system("$mmd $disk:/$ARGV[0] >/dev/null");
+ $qname = quote($ARGV[0]);
+ system("$mmd $qdisk:/$qname >/dev/null");
exit 0; };
/rmdir/ && do {
shift; shift;
exit 1 if scalar(@ARGV) != 1;
- system("$mrd $disk:/$ARGV[0] >/dev/null");
+ $qname = quote($ARGV[0]);
+ system("$mrd $qdisk:/$qname >/dev/null");
exit 0; };
/rm/ && do {
shift; shift;
exit 1 if scalar(@ARGV) != 1;
- system("$mdel $disk:/$ARGV[0] >/dev/null");
+ $qname = quote($ARGV[0]);
+ system("$mdel $qdisk:/$qname >/dev/null");
exit 0; };
/copyout/ && do {
shift; shift;
exit 1 if scalar(@ARGV) != 2;
- ( $src, $dest ) = @ARGV;
- system("$mcopy $disk:/$src $dest >/dev/null");
+ ( $qsrc, $qdest ) = @ARGV;
+ $qsrc = quote($qsrc);
+ $qdest = quote($qdest);
+ system("$mcopy $qdisk:/$qsrc $qdest >/dev/null");
exit 0; };
/copyin/ && do {
shift; shift;
exit 1 if scalar(@ARGV) != 2;
- ( $dest, $src ) = @ARGV;
- system("$mcopy $src $disk:/$dest >/dev/null");
+ ( $qdest, $qsrc ) = @ARGV;
+ $qsrc = quote($qsrc);
+ $qdest = quote($qdest);
+ system("$mcopy $qsrc $qdisk:/$qdest >/dev/null");
exit 0; };
/.*/ && do { # an unfamiliar command
exit 1; };
@@ -59,11 +73,11 @@
sub get_dirs {
my ($path, $name, $size, $date, $time, $longname, @lst, @rv);
-
$path = shift(@_);
+ my $qpath = quote($path);
@rv = ();
- open(FILE,"$mdir $disk:/$path |");
+ open(FILE,"$mdir $qdisk:/$qpath |");
while ( <FILE> ) {
chomp();
/^ / && next; # ignore `non-file' lines

102
misc/mc/files/patch-vfs-extfs-apt.in Normal file
View File

@ -0,0 +1,102 @@
--- vfs/extfs/apt.in.orig Tue Dec 24 12:33:46 2002
+++ vfs/extfs/apt.in Fri Sep 10 16:09:30 2004
@@ -6,6 +6,12 @@
#
# apt
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
+}
+
sub bt
{
my ($dt) = @_;
@@ -229,14 +235,16 @@
sub copyout
{
my($archive,$filename) = @_;
+ my $qarchive = quote($archive);
+ my $qfilename = quote($filename);
if( $archive eq 'CHECK' ) {
- system("apt-get -q check > $filename");
+ system("apt-get -q check > $qfilename");
} elsif( $archive eq 'AVAILABLE' ) {
- system("apt-cache dumpavail > $filename");
+ system("apt-cache dumpavail > $qfilename");
} elsif( $archive eq 'STATS' ) {
- system("apt-cache stats > $filename");
+ system("apt-cache stats > $qfilename");
} elsif( $archive eq 'CONFIG' ) {
- system("(apt-config dump 2>&1) > $filename");
+ system("(apt-config dump 2>&1) > $qfilename");
} elsif( $archive eq 'UPDATE' ) {
open O, ">$filename";
print O $pressupdate;
@@ -246,12 +254,12 @@
print O $pressupgrade;
close O;
} elsif( $archive eq 'apt.conf' ) {
- system("cp /etc/apt/apt.conf $filename");
+ system("cp /etc/apt/apt.conf $qfilename");
} elsif( $archive eq 'sources.list' ) {
- system("cp /etc/apt/sources.list $filename");
+ system("cp /etc/apt/sources.list $qfilename");
} elsif( $archive =~ /^CACHE\// ) {
$archive =~ s%^CACHE/%/var/cache/apt/archives/%;
- system("cp $archive $filename");
+ system("cp $qarchive $qfilename");
} else {
open O, ">$filename";
print O $archive, "\n";
@@ -262,15 +270,17 @@
sub copyin
{
my($archive,$filename) = @_;
+ my $qarchive = quote($archive);
+ my $qfilename = quote($filename);
if( $archive =~ /\.deb$/ ) {
- system("dpkg -i $filename>/dev/null");
+ system("dpkg -i $qfilename>/dev/null");
} elsif( $archive eq 'apt.conf' ) {
- system("cp $filename /etc/apt/apt.conf");
+ system("cp $qfilename /etc/apt/apt.conf");
} elsif( $archive eq 'sources.list' ) {
- system("cp $filename /etc/apt/sources.list");
+ system("cp $qfilename /etc/apt/sources.list");
} elsif( $archive =~ /^CACHE\// ) {
- $archive =~ s%^CACHE/%/var/cache/apt/archives/%;
- system("cp $filename $archive");
+ $qarchive =~ s%^CACHE/%/var/cache/apt/archives/%;
+ system("cp $qfilename $qarchive");
} else {
die "extfs: cannot create regular file \`$archive\': Permission denied\n";
}
@@ -293,19 +303,20 @@
sub rm
{
my($archive) = @_;
+ my $qarchive = quote($archive);
if( $archive =~ /^CACHE\// ) {
- $archive =~ s%^CACHE/%/var/cache/apt/archives/%;
- system("rm -f $archive");
+ $qarchive =~ s%^CACHE/%/var/cache/apt/archives/%;
+ system("rm -f $qarchive");
} elsif( $archive eq 'apt.conf' ) {
system("rm -f /etc/apt/apt.conf");
} elsif( $archive eq 'sources.list' ) {
system("rm -f /etc/apt/sources.list");
} elsif( $archive =~ /\.debd?$/ ) {
# uncommented and changed to use dpkg - alpha
- my $name = $archive;
- $name =~ s%.*/%%g;
- $name =~ s%_.*%%g;
- system("dpkg --remove $name >/dev/null");
+ my $qname = $qarchive;
+ $qname =~ s%.*/%%g;
+ $qname =~ s%_.*%%g;
+ system("dpkg --remove $qname >/dev/null");
die("extfs: $archive: Operation not permitted\n") if $? != 0;
} else {
die "extfs: $archive: Operation not permitted\n";

113
misc/mc/files/patch-vfs-extfs-deb.in Normal file
View File

@ -0,0 +1,113 @@
--- vfs/extfs/deb.in.orig Fri Sep 10 16:22:18 2004
+++ vfs/extfs/deb.in Fri Sep 10 16:22:25 2004
@@ -19,6 +19,12 @@
# Copyright (C) 1997 Free Software Foundation
#
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
+}
+
sub mcdebfs_list
{
#
@@ -26,8 +32,9 @@
# Empty directories do not appear at all
#
local($archivename)=@_;
+ local $qarchivename = quote($archivename);
chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`);
- chop($info_size=`dpkg -I $archivename | wc -c`);
+ chop($info_size=`dpkg -I $qarchivename | wc -c`);
$install_size=length($pressinstall);
print "dr-xr-xr-x 1 root root 0 $date CONTENTS\n";
@@ -36,7 +43,7 @@
print "-r--r--r-- 1 root root $info_size $date INFO\n";
print "-r-xr--r-- 1 root root $install_size $date INSTALL\n";
- if ( open(PIPEIN, "dpkg-deb -c $archivename |") )
+ if ( open(PIPEIN, "dpkg-deb -c $qarchivename |") )
{
while(<PIPEIN>)
{
@@ -81,7 +88,7 @@
}
}
# begin from Patrik Rak
- if ( open(PIPEIN, "dpkg-deb -I $archivename |") )
+ if ( open(PIPEIN, "dpkg-deb -I $qarchivename |") )
{
while(<PIPEIN>)
{
@@ -109,16 +116,19 @@
sub mcdebfs_copyout
{
local($archive,$filename,$destfile)=@_;
+ local $qarchive = quote($archive);
+ local $qfilename = quote($filename);
+ local $qdestfile = quote($destfile);
if($filename eq "INFO")
{
- system("dpkg-deb -I $archive > $destfile");
+ system("dpkg-deb -I $qarchive > $qdestfile");
# begin from Patrik Rak
}
elsif($filename =~ /^DEBIAN/)
{
- $filename=~s!^DEBIAN/!!;
- system("dpkg-deb -I $archive $filename > $destfile");
+ $qfilename=~s!^DEBIAN/!!;
+ system("dpkg-deb -I $qarchive $qfilename > $qdestfile");
# end from Patrik Rak
}
@@ -128,36 +138,32 @@
{
print FILEOUT $pressinstall;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
}
else
{
# files can be prepended with ./ or not, depending on the version of tar
- $filename=~s!^CONTENTS/!!;
- system("dpkg-deb --fsys-tarfile $archive | tar xOf - $filename ./$filename > $destfile 2>/dev/null");
+ $qfilename=~s!^CONTENTS/!!;
+ system("dpkg-deb --fsys-tarfile $qarchive | tar xOf - $qfilename ./$qfilename > $qdestfile 2>/dev/null");
}
}
sub mcdebfs_run
{
local($archive,$filename)=@_;
+ local $qarchive = quote($archive);
if($filename eq "INSTALL")
{
print "Installing $archive\n";
- system("dpkg -i $archive");
+ system("dpkg -i $qarchive");
}
else
{
- $suffix = "aaa";
- while (1) {
- $tmpdir = "/tmp/mcdebfs.run".$$.$suffix;
- last if mkdir $tmpdir, 0700;
- $suffix++;
- # Somebody is being really nasty, give up
- exit 1 if $suffix eq "zzz";
- }
-
+ use File::Temp qw(mkdtemp);
+ my $template = "/tmp/mcdebfs.run.XXXXXX";
+ $template="$ENV{MC_TMPDIR}/mcdebfs.XXXXXX" if ($ENV{MC_TMPDIR});
+ $tmpdir = mkdtemp($template);
$tmpcmd="$tmpdir/run";
&mcdebfs_copyout($archive, $filename, $tmpcmd);
system("chmod u+x $tmpcmd");

165
misc/mc/files/patch-vfs-extfs-deba.in Normal file
View File

@ -0,0 +1,165 @@
--- vfs/extfs/deba.in.orig Thu Dec 12 22:15:30 2002
+++ vfs/extfs/deba.in Fri Sep 10 16:09:30 2004
@@ -6,111 +6,25 @@
#
# deba
-sub bt
-{
- my ($dt) = @_;
- my (@time);
- @time = localtime($dt);
- $bt = sprintf "%02d-%02d-%d %02d:%02d", $time[4] + 1, $time[3],
- $time[5] + 1900, $time[2], $time[1];
- return $bt;
-}
-
-
-sub ft
-{
- my ($f) = @_;
- return "d" if -d $f;
- return "l" if -l $f;
- return "p" if -p $f;
- return "S" if -S $f;
- return "b" if -b $f;
- return "c" if -c $f;
- return "-";
-}
-
-sub fm
-{
- my ($n) = @_;
- my ($m);
-
- if( $n & 0400 ) {
- $m .= "r";
- } else {
- $m .= "-";
- }
- if( $n & 0200 ) {
- $m .= "w";
- } else {
- $m .= "-";
- }
- if( $n & 04000 ) {
- $m .= "s";
- } elsif( $n & 0100 ) {
- $m .= "x";
- } else {
- $m .= "-";
- }
-
- if( $n & 0040 ) {
- $m .= "r";
- } else {
- $m .= "-";
- }
- if( $n & 0020 ) {
- $m .= "w";
- } else {
- $m .= "-";
- }
- if( $n & 02000 ) {
- $m .= "s";
- } elsif( $n & 0010 ) {
- $m .= "x";
- } else {
- $m .= "-";
- }
-
- if( $n & 0004 ) {
- $m .= "r";
- } else {
- $m .= "-";
- }
- if( $n & 0002 ) {
- $m .= "w";
- } else {
- $m .= "-";
- }
- if( $n & 01000 ) {
- $m .= "t";
- } elsif( $n & 0001 ) {
- $m .= "x";
- } else {
- $m .= "-";
- }
-
- return $m;
-}
-
-sub ls {
- my ($file) = @_;
- my @stat = stat($file);
- # mode, nlink, uid, gid, size, mtime, filename
- printf "%s%s %d %d %d %d %s CONTENTS%s\n", ft($file), fm($stat[2] & 07777),
- $stat[3], $stat[4], $stat[5], $stat[7], bt($stat[9]), $file;
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
}
sub list
{
- my($archive)=@_;
+ my($qarchive)=@_;
+ $qarchive = quote($qarchive);
chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`);
- chop($info_size=`apt-cache show $archive | wc -c`);
+ chop($info_size=`apt-cache show $qarchive | wc -c`);
$install_size=length($pressinstall);
$upgrade_size=length($pressupgrade);
print "-r--r--r-- 1 root root $info_size $date INFO\n";
- chop($debd = `dpkg -s $archive | grep -i ^Version | sed 's/^version: //i'`);
- chop($deba = `apt-cache show $archive | grep -i ^Version | sed 's/^version: //i'`);
+ chop($debd = `dpkg -s $qarchive | grep -i ^Version | sed 's/^version: //i'`);
+ chop($deba = `apt-cache show $qarchive | grep -i ^Version | sed 's/^version: //i'`);
if( ! $debd ) {
print "-r-xr--r-- 1 root root $install_size $date INSTALL\n";
} elsif( $debd ne $deba ) {
@@ -121,20 +35,21 @@
sub copyout
{
my($archive,$filename,$destfile)=@_;
-
+ my $qarchive = quote($archive);
+ my $qdestfile = quote($destfile);
if($filename eq "INFO") {
- system("apt-cache show $archive > $destfile");
+ system("apt-cache show $qarchive > $qdestfile");
} elsif($filename eq "INSTALL") {
- if ( open(FILEOUT,">$destfile") ) {
+ if ( open(FILEOUT, "> $destfile") ) {
print FILEOUT $pressinstall;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "UPGRADE") {
- if ( open(FILEOUT,">$destfile") ) {
+ if ( open(FILEOUT, ">, $destfile") ) {
print FILEOUT $pressupgrade;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} else {
die "extfs: $filename: No such file or directory\n";
@@ -144,10 +59,11 @@
sub run
{
my($archive,$filename)=@_;
+ my $qarchive = quote($archive);
if($filename eq "INSTALL") {
- system("apt-get install $archive");
+ system("apt-get install $qarchive");
} elsif($filename eq "UPGRADE") {
- system("apt-get install $archive");
+ system("apt-get install $qarchive");
} else {
die "extfs: $filename: Permission denied\n";
}

148
misc/mc/files/patch-vfs-extfs-debd.in Normal file
View File

@ -0,0 +1,148 @@
--- vfs/extfs/debd.in.orig Thu Dec 12 22:15:30 2002
+++ vfs/extfs/debd.in Fri Sep 10 16:09:30 2004
@@ -6,6 +6,12 @@
#
# debd
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
+}
+
sub bt
{
my ($dt) = @_;
@@ -102,8 +108,9 @@
sub list
{
my($archive)=@_;
+ my $qarchive = quote($archive);
chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`);
- chop($info_size=`dpkg -s $archive | wc -c`);
+ chop($info_size=`dpkg -s $qarchive | wc -c`);
$repack_size=length($pressrepack);
$reinstall_size=length($pressreinstall);
$remove_size=length($pressremove);
@@ -118,7 +125,7 @@
print "-r--r--r-- 1 root root $info_size $date INFO\n";
print "-r-xr--r-- 1 root root $purge_size $date DPKG-PURGE\n";
- chop($status = `dpkg -s $archive | grep ^Status`);
+ chop($status = `dpkg -s $qarchive | grep ^Status`);
if( $status =~ /deinstall/ ) {
print "-r-xr--r-- 1 root root $select_size $date DPKG-SELECT\n";
} elsif( $status =~ /install/ ) {
@@ -141,7 +148,7 @@
- if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$archive.* |") ) {
+ if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$qarchive.* |") ) {
while(<PIPEIN>) {
chop;
next if /\.list$/;
@@ -163,35 +170,38 @@
sub copyout
{
my($archive,$filename,$destfile)=@_;
+ my $qarchive = quote($archive);
+ my $qfilename = quote($filename);
+ my $qdestfile = quote($destfile);
if($filename eq "INFO") {
- system("dpkg -s $archive > $destfile");
+ system("dpkg -s $qarchive > $qdestfile");
} elsif($filename eq "DPKG-REPACK") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressrepack;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename =~ /^DEBIAN/) {
$filename=~s!^DEBIAN/!!;
- system("cat /var/lib/dpkg/info/$archive.$filename > $destfile");
+ system("cat /var/lib/dpkg/info/$qarchive.$qfilename > $qdestfile");
} elsif($filename eq "DPKG-REMOVE" || $filename eq "APT-REMOVE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressremove;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "DPKG-PURGE" || $filename eq "APT-PURGE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $presspurge;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "DPKG-RECONFIGURE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressreconfigure;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "APT-REINSTALL") {
if ( open(FILEOUT,">$destfile") ) {
@@ -209,41 +219,43 @@
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressunselect;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} else {
- $filename=~s!^CONTENTS!!;
- system("cat $filename > $destfile");
+ $qfilename=~s!^CONTENTS!!;
+ system("cat $qfilename > $qdestfile");
}
}
sub run
{
my($archive,$filename)=@_;
+ my $qarchive = quote($archive);
+ my $qfilename = quote($filename);
if($filename eq "DPKG-REMOVE") {
- system("dpkg --remove $archive");
+ system("dpkg --remove $qarchive");
} elsif($filename eq "APT-REMOVE") {
- system("apt-get remove $archive");
+ system("apt-get remove $qarchive");
} elsif($filename eq "DPKG-PURGE") {
- system("dpkg --purge $archive");
+ system("dpkg --purge $qarchive");
} elsif($filename eq "APT-PURGE") {
- system("apt-get --purge remove $archive");
+ system("apt-get --purge remove $qarchive");
} elsif($filename eq "DPKG-REPACK") {
- system("dpkg-repack $archive");
+ system("dpkg-repack $qarchive");
} elsif($filename eq "DPKG-SELECT") {
- system("echo $archive install | dpkg --set-selections");
+ system("echo $aqrchive install | dpkg --set-selections");
} elsif($filename eq "DPKG-UNSELECT") {
- system("echo $archive deinstall | dpkg --set-selections");
+ system("echo $qarchive deinstall | dpkg --set-selections");
} elsif($filename eq "APT-REINSTALL") {
- system("apt-get -u --reinstall install $archive");
+ system("apt-get -u --reinstall install $qarchive");
} elsif($filename eq "DPKG-RECONFIGURE") {
- system("dpkg-reconfigure $archive");
+ system("dpkg-reconfigure $qarchive");
} elsif($filename=~/^DEBIAN/) {
$filename=~s!^DEBIAN!!;
- system("/var/lib/dpkg/info/$archive.$filename");
+ system("/var/lib/dpkg/info/$qarchive.$qfilename");
} else {
- $filename=~s!^CONTENTS!!;
- system($filename);
+ $qfilename=~s!^CONTENTS!!;
+ system($qfilename);
}
}

74
misc/mc/files/patch-vfs-extfs-dpkg.in Normal file
View File

@ -0,0 +1,74 @@
--- vfs/extfs/dpkg.in.orig Tue Dec 24 12:33:46 2002
+++ vfs/extfs/dpkg.in Fri Sep 10 16:09:30 2004
@@ -6,6 +6,12 @@
#
# dpkg
+sub quote {
+ $_ = shift(@_);
+ s/([^\w\/.+-])/\\$1/g;
+ return($_);
+}
+
sub bt
{
my ($dt) = @_;
@@ -183,20 +189,21 @@
sub copyout
{
my($archive,$filename) = @_;
+ my $qfilename = quote($filename);
if( $archive eq 'DIVERSIONS' ) {
- system("dpkg-divert --list > $filename 2>/dev/null");
+ system("dpkg-divert --list > $qfilename 2>/dev/null");
} elsif( $archive eq 'ARCHITECTURE' ) {
- system("dpkg-architecture > $filename 2>/dev/null");
+ system("dpkg-architecture > $qfilename 2>/dev/null");
} elsif( $archive eq 'LIST' ) {
- system("dpkg -l '*' > $filename 2>/dev/null");
+ system("dpkg -l '*' > $qfilename 2>/dev/null");
} elsif( $archive eq 'AUDIT' ) {
- system("dpkg --audit > $filename 2>/dev/null");
+ system("dpkg --audit > $qfilename 2>/dev/null");
} elsif( $archive eq 'GET-SELECTIONS' ) {
- system("dpkg --get-selections > $filename 2>/dev/null");
+ system("dpkg --get-selections > $qfilename 2>/dev/null");
} elsif( $archive eq 'STATUS' ) {
- system("cp /var/lib/dpkg/status $filename");
+ system("cp /var/lib/dpkg/status $qfilename");
} elsif( $archive eq 'AVAILABLE' ) {
- system("cp /var/lib/dpkg/available $filename");
+ system("cp /var/lib/dpkg/available $qfilename");
} elsif( $archive eq 'CONFIGURE' ) {
open O, ">$filename";
print O $pressconfigure;
@@ -224,8 +231,9 @@
sub copyin
{
my($archive,$filename) = @_;
+ my $qfilename = quote($filename);
if( $archive =~ /\.deb$/ ) {
- system("dpkg -i $filename>/dev/null");
+ system("dpkg -i $qfilename>/dev/null");
} else {
die "extfs: cannot create regular file \`$archive\': Permission denied\n";
}
@@ -252,12 +260,12 @@
{
my($archive) = @_;
if( $archive =~ /\.debd?$/ ) {
- my $name = $archive;
- $name =~ s%.*/%%g;
- $name =~ s%_.*%%g;
- system("if dpkg -s $name | grep ^Status | grep -qs config-files; \
- then dpkg --purge $name>/dev/null; \
- else dpkg --remove $name>/dev/null; fi");
+ my $qname = quote($archive);
+ $qname =~ s%.*/%%g;
+ $qname =~ s%_.*%%g;
+ system("if dpkg -s $qname | grep ^Status | grep -qs config-files; \
+ then dpkg --purge $qname>/dev/null; \
+ else dpkg --remove $qname>/dev/null; fi");
die("extfs: $archive: Operation not permitted\n") if $? != 0;
} else {
die "extfs: $archive: Operation not permitted\n";