Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 150866 - binpkg metadata has shell chars invalidly expanded
Summary: binpkg metadata has shell chars invalidly expanded
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Binary packages support (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 147007
  Show dependency tree
 
Reported: 2006-10-11 02:35 UTC by Brian Harring (RETIRED)
Modified: 2006-10-11 20:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
set -f in dyn_compile (patch,563 bytes, patch)
2006-10-11 02:46 UTC, Brian Harring (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Harring (RETIRED) gentoo-dev 2006-10-11 02:35:59 UTC 
from ebuild...
app-admin/procinfo-18-r1 description="A utility to prettyprint /proc/*"

from binpkg....
app-admin/procinfo-18-r1 description="A utility to prettyprint /proc/1 /proc/10315 /proc/10342 /proc/10364 /proc/10366 /proc/10382 /proc/10383 /proc/10389 /proc/10390 /proc/10436 /proc/10437 /proc/10483 /proc/10552 /proc/10574 /proc/10576 /proc/1067 /proc/11468 /proc/11739 /proc/12 /proc/13 /proc/13937 /proc/14 /proc/1406 /proc/14138 /proc/14245 /proc/14254 /proc/14261 /proc/143 /proc/1477 /proc/18751 /proc/18854 /proc/18979 /proc/2 /proc/20596 /proc/20641 /proc/207 /proc/208 /proc/209 /proc/22651 /proc/22877 /proc/22922 /proc/23054 /proc/2312 /proc/2384 /proc/23921 /proc/25257 /proc/25267 /proc/25349 /proc/26047 /proc/26644 /proc/26646 /proc/3 /proc/4 /proc/4263 /proc/4264 /proc/4265 /proc/4266 /proc/4334 /proc/4852 /proc/5 /proc/5239 /proc/5283 /proc/6 /proc/6083 /proc/6084 /proc/6111 /proc/6270 /proc/6272 /proc/6274 /proc/6275 /proc/6276 /proc/7 /proc/8 /proc/837 /proc/838 /proc/840 /proc/844 /proc/863 /proc/869 /proc/881 /proc/886 /proc/8938 /proc/9 /proc/9823 /proc/9846 /proc/9847 /proc/9848 /proc/acpi /proc/asound /proc/buddyinfo /proc/bus /proc/cmdline /proc/config.gz /proc/cpuinfo /proc/crypto /proc/devices /proc/diskstats /proc/dma /proc/dri /proc/driver /proc/execdomains /proc/fb /proc/filesystems /proc/fs /proc/interrupts /proc/iomem /proc/ioports /proc/irq /proc/kallsyms /proc/kcore /proc/kmsg /proc/loadavg /proc/locks /proc/meminfo /proc/misc /proc/modules /proc/mounts /proc/mtrr /proc/net /proc/partitions /proc/self /proc/slabinfo /proc/stat /proc/swaps /proc/sys /proc/sysrq-trigger /proc/sysvipc /proc/tty /proc/uptime /proc/version /proc/vmstat /proc/zoneinfo"

somewhere along the way of generating binpkg metadata, portage is invalidly allowing the metadata to undergo shell expansion, thus the whacky binpkg DESCRIPTION from above; y'all don't see it since y'all don't access the key, but it can rear it's head for globbed version atoms in depends fex, so should be fixed.
Comment 1 Brian Harring (RETIRED) gentoo-dev 2006-10-11 02:46:40 UTC 
Created attachment 99352 [details, diff]
set -f in dyn_compile

fix...

further reason why having bash create the build-dir is daft as all hell ;)
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2006-10-11 02:50:40 UTC 
Adding security to cc, possible minor information leakage if binpkgs are distributed.
Comment 3 Simon Stelling (RETIRED) gentoo-dev 2006-10-11 03:54:26 UTC 
Thanks Brian. This is rev 4657.
Comment 4 Zac Medico gentoo-dev 2006-10-11 20:25:20 UTC 
This has been released in 2.1.2_pre2-r9.