diff options
| author |   Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> | 2016-04-18 12:07:36 +0300 |
|---|---|---|
| committer |   Joshua Lock <joshua.g.lock@intel.com> | 2016-04-18 10:58:18 +0100 |
| commit | c6fc2aafa51b77dcf9bc313ad0791c6428deb25f (patch) | |
| tree | e89974c6c68d94bb4b32a3fabe27b5f16d8794ec /recipes-core | |
| parent | 59ed994ad7442373e2766be816cef91ab2fac390 (diff) | |
| download | meta-swupd-c6fc2aafa51b77dcf9bc313ad0791c6428deb25f.tar.gz meta-swupd-c6fc2aafa51b77dcf9bc313ad0791c6428deb25f.tar.bz2 meta-swupd-c6fc2aafa51b77dcf9bc313ad0791c6428deb25f.zip | |
swupd-client_2.87.bb: Protect tar command against special characters
This patch adds escaping for special characters in file names
for the tar commands used to install files into target file system.
Particularly it fixes installation of nodejs libs having '#'
and '@' in file names.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Diffstat (limited to 'recipes-core')
| -rw-r--r-- | recipes-core/swupd-client/swupd-client-2.87/0001-staging.c-Protect-tar-command-against-special-charac.patch | 59 | ||||
| -rw-r--r-- | recipes-core/swupd-client/swupd-client_2.87.bb | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/recipes-core/swupd-client/swupd-client-2.87/0001-staging.c-Protect-tar-command-against-special-charac.patch b/recipes-core/swupd-client/swupd-client-2.87/0001-staging.c-Protect-tar-command-against-special-charac.patch new file mode 100644 index 0000000..e069722 --- /dev/null +++ b/recipes-core/swupd-client/swupd-client-2.87/0001-staging.c-Protect-tar-command-against-special-charac.patch @@ -0,0 +1,59 @@ +From a0136d4c34c1710ae6b38667674f4db6f6eedb9c Mon Sep 17 00:00:00 2001 +From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> +Date: Mon, 18 Apr 2016 11:59:58 +0300 +Subject: [PATCH] staging.c: Protect tar command against special characters + +It may happen that a bundle contains a directory named '#' and +other files under this directory, thus not only target files +need to be escaped in tar commands, but also target directories +where the files get installed. + +Also a target file may have a name with '@' as its first symbol. +Since the symbol has a special meaning in case of bsdtar the +name needs to escaped in tar commands with the prefix './'. + +Upstream-Status: Submitted [https://github.com/clearlinux/swupd-client/pull/43] + +Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> +--- + src/staging.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/staging.c b/src/staging.c +index 742e8a2..6f7eafb 100644 +--- a/src/staging.c ++++ b/src/staging.c +@@ -402,8 +402,8 @@ int do_staging(struct file *file) + ret = -errno; + goto out; + } +- string_or_die(&tarcommand, TAR_COMMAND " -C %s " TAR_PERM_ATTR_ARGS " -cf - %s 2> /dev/null | " +- TAR_COMMAND " -C %s%s " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null", ++ string_or_die(&tarcommand, TAR_COMMAND " -C '%s' " TAR_PERM_ATTR_ARGS " -cf - './%s' 2> /dev/null | " ++ TAR_COMMAND " -C '%s%s' " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null", + rename_tmpdir, base, path_prefix, rel_dir); + LOG_DEBUG(file, "directory overwrite", class_osvol_staging, "%s", tarcommand); + ret = system(tarcommand); +@@ -440,8 +440,8 @@ int do_staging(struct file *file) + ret = -errno; + goto out; + } +- string_or_die(&tarcommand, TAR_COMMAND " -C %s/staged " TAR_PERM_ATTR_ARGS " -cf - .update.%s 2> /dev/null | " +- TAR_COMMAND " -C %s%s " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null", ++ string_or_die(&tarcommand, TAR_COMMAND " -C '%s/staged' " TAR_PERM_ATTR_ARGS " -cf - '.update.%s' 2> /dev/null | " ++ TAR_COMMAND " -C '%s%s' " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null", + STATE_DIR, base, path_prefix, rel_dir); + LOG_DEBUG(file, "dotfile install", class_osvol_staging, "%s", tarcommand); + ret = system(tarcommand); +@@ -485,7 +485,7 @@ int do_staging(struct file *file) + /* For initial simplicity replace the file. Ideally this would be + * an intelligent btrfs reflink to maximize block level reuse. */ + //TODO: prove btrfs reflink ioctl works in general, then try using them here +- string_or_die(&tarcommand, TAR_COMMAND " -C %s/staged " TAR_PERM_ATTR_ARGS " -cf - %s 2> /dev/null | " ++ string_or_die(&tarcommand, TAR_COMMAND " -C '%s/staged' " TAR_PERM_ATTR_ARGS " -cf - './%s' 2> /dev/null | " + TAR_COMMAND " -C %s/%s " TAR_PERM_ATTR_ARGS " -xf - --transform=\"s/%s/%s/\" 2> /dev/null", + STATE_DIR, file->hash, STAGING_SUBVOL, rel_dir, file->hash, base); + ret = system(tarcommand); +-- +2.5.0 + diff --git a/recipes-core/swupd-client/swupd-client_2.87.bb b/recipes-core/swupd-client/swupd-client_2.87.bb index eeaf3c5..96e7a10 100644 --- a/recipes-core/swupd-client/swupd-client_2.87.bb +++ b/recipes-core/swupd-client/swupd-client_2.87.bb @@ -17,6 +17,7 @@ SRC_URI = "\ file://0001-globals.c-Use-fake-address-as-default-updates-url.patch \ file://0001-manifest.c-Always-initialize-preserver-pointer-of-fi.patch \ file://0001-Add-configure-option-to-re-enable-updating-of-config.patch \ + file://0001-staging.c-Protect-tar-command-against-special-charac.patch \ " SRC_URI[md5sum] = "5d272c62edb8a9c576005ac5e1182ea3" |