From 6d26415839f20e987f60dc93ab057a67c3b0d255 Mon Sep 17 00:00:00 2001 From: Kerin Millar Date: Sun, 4 Dec 2022 11:14:34 +0000 Subject: [PATCH] bin/etc-update: Apply patsub_replacement defences Per bug #881383, string replacing forms of parameter expansion must take care to quote - or appropriately escape - any nested parameter expansions, assuming that their values are intended to be taken literally (as is almost invariably the case). This has long been the case, but the introduction of the new patsub_replacement option in bash >=5.2 has brought the issue to the fore. This commit addresses two instances in which the etc-update script could unintentionally induce patsub replacement. There are many other quality issues that affect this script but this is enough to address the aforementioned bug. Signed-off-by: Kerin Millar Bug: https://bugs.gentoo.org/881383 --- bin/etc-update | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/etc-update b/bin/etc-update index a7d1088da..59e709168 100755 --- a/bin/etc-update +++ b/bin/etc-update @@ -90,8 +90,8 @@ cmd_var_is_valid() { } diff_command() { - local cmd=${diff_command//%file1/$1} - ${cmd//%file2/$2} + local cmd=${diff_command//%file1/"$1"} + ${cmd//%file2/"$2"} } # Usage: do_mv_ln [options] -- 2.38.1