[libguestfs/f18] Fix broken quoting in tar-out and base64-out commands (RHBZ#957797).
Richard W.M. Jones
rjones at fedoraproject.org
Mon Apr 29 14:40:25 UTC 2013
commit 040728b5b79c9a81ffc0f431a0fd359cad6bf577
Author: Richard W.M. Jones <rjones at redhat.com>
Date: Mon Apr 29 15:39:17 2013 +0100
Fix broken quoting in tar-out and base64-out commands (RHBZ#957797).
...erly-quote-arguments-for-tar-out-base64-o.patch | 43 +++++++++++++
...sts-Add-a-regression-test-for-RHBZ-957772.patch | 66 ++++++++++++++++++++
libguestfs.spec | 11 +++-
3 files changed, 119 insertions(+), 1 deletions(-)
---
diff --git a/0001-daemon-Properly-quote-arguments-for-tar-out-base64-o.patch b/0001-daemon-Properly-quote-arguments-for-tar-out-base64-o.patch
new file mode 100644
index 0000000..5342800
--- /dev/null
+++ b/0001-daemon-Properly-quote-arguments-for-tar-out-base64-o.patch
@@ -0,0 +1,43 @@
+From 3b2ff4132d1f4325985b9ea56b1ec27f609a1872 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones at redhat.com>
+Date: Mon, 29 Apr 2013 15:23:27 +0100
+Subject: [PATCH 1/2] daemon: Properly quote arguments for tar-out, base64-out
+ commands (RHBZ#957772).
+
+This fixes commit c78ec7e085e99bfddd0509dece72bf6a8d0188ce
+which was an attempt to fix RHBZ#908322.
+(cherry picked from commit c5f356a60351dd51cbd3a9aabcac2cd40562f36a)
+---
+ daemon/base64.c | 2 +-
+ daemon/tar.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/base64.c b/daemon/base64.c
+index 263c87a..04b29fd 100644
+--- a/daemon/base64.c
++++ b/daemon/base64.c
+@@ -125,7 +125,7 @@ do_base64_out (const char *file)
+ }
+
+ /* Construct the command. */
+- if (asprintf_nowarn (&cmd, "%s %s", str_base64, buf) == -1) {
++ if (asprintf_nowarn (&cmd, "%s %Q", str_base64, buf) == -1) {
+ reply_with_perror ("asprintf");
+ return -1;
+ }
+diff --git a/daemon/tar.c b/daemon/tar.c
+index 9bf85f5..461e529 100644
+--- a/daemon/tar.c
++++ b/daemon/tar.c
+@@ -342,7 +342,7 @@ do_tar_out (const char *dir, const char *compress, int numericowner,
+ }
+
+ /* "tar -C /sysroot%s -cf - ." but we have to quote the dir. */
+- if (asprintf_nowarn (&cmd, "%s -C %s%s%s%s -cf - .",
++ if (asprintf_nowarn (&cmd, "%s -C %Q%s%s%s -cf - .",
+ str_tar,
+ buf, filter,
+ numericowner ? " --numeric-owner" : "",
+--
+1.8.1.4
+
diff --git a/0002-tests-Add-a-regression-test-for-RHBZ-957772.patch b/0002-tests-Add-a-regression-test-for-RHBZ-957772.patch
new file mode 100644
index 0000000..089052a
--- /dev/null
+++ b/0002-tests-Add-a-regression-test-for-RHBZ-957772.patch
@@ -0,0 +1,66 @@
+From 56d9096b21d138709e8815a5dd60ca3a074c9309 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones at redhat.com>
+Date: Mon, 29 Apr 2013 15:22:34 +0100
+Subject: [PATCH 2/2] tests: Add a regression test for RHBZ#957772. (cherry
+ picked from commit cc93840d31e440e64e27ee13df3afd134ef2e68f)
+
+---
+ tests/regressions/Makefile.am | 1 +
+ tests/regressions/rhbz957772.sh | 33 +++++++++++++++++++++++++++++++++
+ 2 files changed, 34 insertions(+)
+ create mode 100755 tests/regressions/rhbz957772.sh
+
+diff --git a/tests/regressions/Makefile.am b/tests/regressions/Makefile.am
+index ce02a71..dd9b80f 100644
+--- a/tests/regressions/Makefile.am
++++ b/tests/regressions/Makefile.am
+@@ -30,6 +30,7 @@ TESTS = \
+ rhbz790721 \
+ rhbz811649.sh \
+ rhbz895904.sh \
++ rhbz957772.sh \
+ test-noexec-stack.pl
+
+ tests_not_run = \
+diff --git a/tests/regressions/rhbz957772.sh b/tests/regressions/rhbz957772.sh
+new file mode 100755
+index 0000000..111269a
+--- /dev/null
++++ b/tests/regressions/rhbz957772.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash -
++# libguestfs
++# Copyright (C) 2013 Red Hat Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++
++# Regression test for:
++# https://bugzilla.redhat.com/show_bug.cgi?id=957772
++# Ensure that tar-out and base64-out commands properly quote arguments.
++
++set -e
++export LANG=C
++
++../../fish/guestfish -N fs -m /dev/sda1 <<EOF
++mkdir "/test 1"
++touch "/test 2"
++tar-out "/test 1" /dev/null
++base64-out "/test 2" /dev/null
++EOF
++
++rm test1.img
+--
+1.8.1.4
+
diff --git a/libguestfs.spec b/libguestfs.spec
index eafa0b0..f75da5f 100644
--- a/libguestfs.spec
+++ b/libguestfs.spec
@@ -22,12 +22,15 @@ Summary: Access and modify virtual machine disk images
Name: libguestfs
Epoch: 1
Version: 1.20.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2+
Group: Development/Libraries
URL: http://libguestfs.org/
Source0: http://libguestfs.org/download/1.20-stable/%{name}-%{version}.tar.gz
+Patch0001: 0001-daemon-Properly-quote-arguments-for-tar-out-base64-o.patch
+Patch0002: 0002-tests-Add-a-regression-test-for-RHBZ-957772.patch
+
# Basic build requirements:
BuildRequires: perl(Pod::Simple)
BuildRequires: perl(Pod::Man)
@@ -663,6 +666,9 @@ for %{name}.
%prep
%setup -q
+%patch0001 -p1
+%patch0002 -p1
+
if [ "$(getenforce | tr '[A-Z]' '[a-z]')" != "disabled" ]; then
# For sVirt to work, the local temporary directory we use in the
# tests must be labelled the same way as /tmp.
@@ -1013,6 +1019,9 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/libguestfs
%changelog
+* Mon Apr 29 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.20.6-2
+- Fix broken quoting in tar-out and base64-out commands (RHBZ#957797).
+
* Thu Apr 11 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.20.6-1
- New upstream stable branch version 1.20.6.
- This includes a full fix for RHBZ#948324.
More information about the scm-commits
mailing list