Accepting request 253194 from home:jengelh:branches:Base:System

- Add at-sane-envkeys.diff to skip exporting variables with awkward keys [bsc#899160] OBS-URL: https://build.opensuse.org/request/show/253194 OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=90
2014-10-02 11:54:39 +00:00
parent be3d950f4d
commit ce0a87b9ce
3 changed files with 68 additions and 0 deletions
--- a/at-sane-envkeys.diff
+++ b/at-sane-envkeys.diff
@@ -0,0 +1,60 @@
+From: Jan Engelhardt <jengelh@inai.de>
+Date: 2014-09-30 15:15:52.645631792 +0200
+X-Status: fixes an upstream issue
+
+Shells generally only allow setting environment variables whose keys
+are of the form /^[A-Z_][A-Z0-9_]/i. Exporting anything else is going
+to end in disaster (sh throwing syntax errors).
+
+---
+ at.c |   24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+Index: at-3.1.14/at.c
+===================================================================
+--- at-3.1.14.orig/at.c
+++ at-3.1.14/at.c
+@@ -225,6 +225,23 @@ nextjob()
+     return jobno;
+ }
+ 
+/**
+ * @s:	string in the form of "key=value" and \0-terminated
+ * @n:	length of key portion
+ */
+static bool legit_key(const char *s, size_t n)
+{
+	/* First char has extra restrictions: must not be a digit */
+	if (!isalpha(*s) && *s != '_')
+		return false;
+	for (; n-- > 0; ++s) {
+		if (!isalnum(*s) && *s != '_')
+			return false;
+		++s;
+	}
+	return true;
+}
+
+ static void
+ writefile(time_t runtimer, char queue)
+ {
+@@ -403,7 +420,10 @@ writefile(time_t runtimer, char queue)
+ 	    eqp++;
+ 	}
+ 
+-	if (export) {
+	if (!export || !legit_key(*atenv, eqp - *atenv)) {
+	    continue;
+	}
+
+ 	    fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
+ 	    for (ap = eqp; *ap != '\0'; ap++) {
+ 		if (*ap == '\n')
+@@ -439,7 +459,6 @@ writefile(time_t runtimer, char queue)
+ 	    fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
+ 	    fputc('\n', fp);
+ 
+-	}
+     }
+     /* Cd to the directory at the time and write out all the
+      * commands the user supplies from stdin.
--- a/at.changes
+++ b/at.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 30 13:20:21 UTC 2014 - jengelh@inai.de
+
+- Add at-sane-envkeys.diff to skip exporting variables with
+  awkward keys [bsc#899160]
+
 -------------------------------------------------------------------
 Wed Sep 24 12:21:20 UTC 2014 - pgajdos@suse.com

--- a/at.spec
+++ b/at.spec
@@ -60,6 +60,7 @@ Patch23:        at-secure_getenv.patch
 Patch24:        at-backport-old-privs.patch
 #PATCH-FEATURE-UPSTREAM introduce -o <timeformat> argument for atq (bnc#879402)
 Patch25:        at-atq-timeformat.patch
+Patch26:        at-sane-envkeys.diff

 BuildRequires:  autoconf >= 2.69
 BuildRequires:  automake
@@ -105,6 +106,7 @@ This program allows you to run jobs at specified times.
 %patch23 -p1
 %patch24 -p1
 %patch25
+%patch26 -p1

 %build
 rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o