diff options
| author | lostlogic <lostlogic@gentoo.org> | 2004-02-18 15:25:43 +0000 |
|---|---|---|
| committer | lostlogic <lostlogic@gentoo.org> | 2004-02-18 15:25:43 +0000 |
| commit | 7a928bf34c19ac1589db123d6e407bf35f660358 (patch) | |
| tree | 3606e337b3cdec7051cc513ba122a14b477e8db0 /trunk/src/qpkg | |
| parent | 149e4827f49bff044015514a6aebcbd78991e324 (diff) | |
| download | gentoolkit-7a928bf34c19ac1589db123d6e407bf35f660358.tar.gz | |
Fix a security issue mentioned to me in e-mail, it can wait for next qpkg release
svn path=/; revision=86
Diffstat (limited to 'trunk/src/qpkg')
| -rw-r--r-- | trunk/src/qpkg/ChangeLog | 3 | ||||
| -rw-r--r-- | trunk/src/qpkg/qpkg | 19 |
2 files changed, 15 insertions, 7 deletions
diff --git a/trunk/src/qpkg/ChangeLog b/trunk/src/qpkg/ChangeLog index 6cdc211..b25fd25 100644 --- a/trunk/src/qpkg/ChangeLog +++ b/trunk/src/qpkg/ChangeLog @@ -1,2 +1,5 @@ +2004-02-18 Brandon Low <lostlogic@gentoo.org> + * Fix a reported security issue, have a TMP location that is process specific + 2004-01-07 Karl Trygve Kalleberg <karltk@gentoo.org> * Added Makefile diff --git a/trunk/src/qpkg/qpkg b/trunk/src/qpkg/qpkg index bcb7d90..9fbb4f9 100644 --- a/trunk/src/qpkg/qpkg +++ b/trunk/src/qpkg/qpkg @@ -13,6 +13,10 @@ ID='$Id$' VERSION=0.`echo ${ID} | cut -d\ -f3` +TMP="/tmp/qpkg-${$}/" +rm -rf ${TMP} +mkdir -p ${TMP} + PROG=`basename ${0}` # Parse args @@ -237,17 +241,17 @@ if [ "${grepmask}" ]; then fi #First dig out the list of packages with duplicates - find /var/db/pkg/ -iname "*${arg}*.ebuild" 2> /dev/null > /tmp/qpkg.lst - dups=`cat /tmp/qpkg.lst | cut -f7 -d/ | + find /var/db/pkg/ -iname "*${arg}*.ebuild" 2> /dev/null > ${TMP}qpkg.lst + dups=`cat ${TMP}qpkg.lst | cut -f7 -d/ | sed -e 's:\.ebuild$::; s:-r[0-9]*$::; s:-[^-]*$::; /^$/d' | sort | uniq -d` #Next get all the exact versions - duppak=`cat /tmp/qpkg.lst | fgrep "${dups}"` + duppak=`cat ${TMP}qpkg.lst | fgrep "${dups}"` #Now cut that down to the directory name so we can be smart - dirs=`sed -e 's:/[^/]*$::' /tmp/qpkg.lst` + dirs=`sed -e 's:/[^/]*$::' ${TMP}qpkg.lst` #Go through each package's DB and create a sortable file #to play with @@ -266,9 +270,9 @@ fi #Finish loop, and sort that nice sortable file based on #installation order, and then based on package basename #bash hates me so I decided to use a temp file - done |sort -t" " -k3 -k1g,2|uniq -D -f2 > /tmp/qpkg.lst - duppak=`cat /tmp/qpkg.lst` - rm /tmp/qpkg.lst + done |sort -t" " -k3 -k1g,2|uniq -D -f2 > ${TMP}qpkg.lst + duppak=`cat ${TMP}qpkg.lst` + rm ${TMP}qpkg.lst #If max verbosity is set output with full path to each ebuild if [ "${verb}" -gt 1 ]; then @@ -570,3 +574,4 @@ done | ( -e "s:^obj ::;s:^sym ::;s:^dir ::" ) +rm -rf ${TMP} |