Kristyna Streitova
91d28cec0a
Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch, a simpler fix from upstream [bsc#899160] OBS-URL: https://build.opensuse.org/request/show/254390 OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=93
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
commit 482f5962d9584d6110b940f0f51ab5919a6eb8a0
|
|
Author: Ansgar Burchardt <ansgar@debian.org>
|
|
Date: Sun Sep 28 17:06:12 2014 +0200
|
|
|
|
at: only retain variables whose name consists of alphanumerics and underscores
|
|
|
|
Since a recent security update[1] bash might export variables named
|
|
BASH_FUNC_*() to the environment which the serialization code in at
|
|
cannot handle properly.
|
|
|
|
[1] <https://www.debian.org/security/2014/dsa-3035>
|
|
|
|
Index: at-3.1.15/at.c
|
|
===================================================================
|
|
--- at-3.1.15.orig/at.c
|
|
+++ at-3.1.15/at.c
|
|
@@ -390,6 +390,22 @@ writefile(time_t runtimer, char queue)
|
|
int export = 1;
|
|
char *eqp;
|
|
|
|
+ /* Only accept alphanumerics and underscore in variable names.
|
|
+ * Also require the name to not start with a digit.
|
|
+ * Some shells don't like other variable names.
|
|
+ */
|
|
+ {
|
|
+ char *p = *atenv;
|
|
+ if (isdigit(*p))
|
|
+ export = 0;
|
|
+ for (; *p != '=' && *p != '\0'; ++p) {
|
|
+ if (!isalnum(*p) && *p != '_') {
|
|
+ export = 0;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
eqp = strchr(*atenv, '=');
|
|
if (ap == NULL)
|
|
eqp = *atenv;
|