mirror of
https://github.com/openSUSE/osc.git
synced 2025-09-06 05:08:42 +02:00
@@ -6677,6 +6677,8 @@ def unpack_srcrpm(srpm, dir, *files):
|
||||
with open(srpm, 'r') as fsrpm, open(os.devnull, 'w') as devnull:
|
||||
rpm2cpio_proc = subprocess.Popen(['rpm2cpio'], stdin=fsrpm,
|
||||
stdout=subprocess.PIPE)
|
||||
# XXX: shell injection is possible via the files parameter, but the
|
||||
# current osc code does not use the files parameter.
|
||||
cpio_proc = subprocess.Popen(['cpio', '-i'] + list(files),
|
||||
stdin=rpm2cpio_proc.stdout, stderr=devnull)
|
||||
rpm2cpio_proc.stdout.close()
|
||||
|
Reference in New Issue
Block a user