From 4da8fabfd11feb4b2daea59bb9018ca3cb309cffe881f4942a86e037174627dd Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Wed, 17 Feb 2021 17:11:59 +0000
Subject: [PATCH] Accepting request 873143 from
 home:mgerstner:branches:Java:packages

for security reasons improve this script:

- generate-tarball.sh: use safe temporary directory, avoid accidental deletion
  of *.jar, *.class in CWD.

OBS-URL: https://build.opensuse.org/request/show/873143
OBS-URL: https://build.opensuse.org/package/show/Java:packages/plexus-languages?expand=0&rev=10
---
 generate-tarball.sh      | 17 +++++++++++------
 plexus-languages.changes |  6 ++++++
 plexus-languages.spec    |  2 +-
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/generate-tarball.sh b/generate-tarball.sh
index 6c6ebb4..00acaa3 100644
--- a/generate-tarball.sh
+++ b/generate-tarball.sh
@@ -3,19 +3,24 @@ set -e
 
 name=plexus-languages
 version="$(sed -n 's/Version:\s*//p' *.spec)"
+pkgdir=`cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd`
+
+tmpdir=`mktemp -d`
+echo $tmpdir
+trap 'rm -r "$tmpdir"' EXIT
+pushd "$tmpdir" >/dev/null
 
 # RETRIEVE
 wget "https://github.com/codehaus-plexus/plexus-languages/archive/plexus-languages-${version}.tar.gz" -O "${name}-${version}.orig.tar.gz"
 
-rm -rf tarball-tmp
-mkdir tarball-tmp
-cd tarball-tmp
+treeroot="$tmpdir/tree"
+mkdir "$tmpdir/tree"
+pushd "$treeroot" >/dev/null
+
 tar xf "../${name}-${version}.orig.tar.gz"
 
 # CLEAN TARBALL
 find -name '*.jar' -delete
 find -name '*.class' -delete
 
-tar cJf "../${name}-${version}.tar.xz" *
-cd ..
-rm -r tarball-tmp "${name}-${version}.orig.tar.gz"
+tar cJf "$pkgdir/${name}-${version}.tar.xz" *
diff --git a/plexus-languages.changes b/plexus-languages.changes
index 484eecd..7c88a3b 100644
--- a/plexus-languages.changes
+++ b/plexus-languages.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 17 13:40:16 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- generate-tarball.sh: use safe temporary directory, avoid accidental deletion
+  of *.jar, *.class in CWD.
+
 -------------------------------------------------------------------
 Thu Nov 21 19:33:41 UTC 2019 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/plexus-languages.spec b/plexus-languages.spec
index 833dbcd..a2dd8a3 100644
--- a/plexus-languages.spec
+++ b/plexus-languages.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package plexus-languages
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed