mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-25 04:05:40 +03:00
76 lines
2.3 KiB
Diff
76 lines
2.3 KiB
Diff
See https://lists.nongnu.org/archive/html/chicken-announce/2022-11/msg00000.html
|
|
|
|
From a08f8f548d772ef410c672ba33a27108d8d434f3 Mon Sep 17 00:00:00 2001
|
|
From: Vasilij Schneidermann <mail@vasilij.de>
|
|
Date: Sat, 5 Nov 2022 13:49:25 +0100
|
|
Subject: [PATCH] Split up potentially long echo invocation on win32
|
|
|
|
Eggs with a very long infostr may trigger the maximum command line
|
|
invocation length of 8191 chars. To avoid running into this
|
|
limitation, the generated install script now creates an empty file,
|
|
then echoes each line into it.
|
|
|
|
Closes #1800
|
|
|
|
This patch further addresses some security issues reported by Vasilij
|
|
and applied by Felix Winkelmann:
|
|
|
|
- disable variable/command expansion in script-fragments
|
|
that produce egg-info files.
|
|
- limit the maximum line length of shell commands in for
|
|
Windows in the latter.
|
|
|
|
Signed-off-by: felix <felix@call-with-current-continuation.org>
|
|
Signed-off-by: Peter Bex <peter@more-magic.net>
|
|
---
|
|
egg-compile.scm | 24 ++++++++++++++++++++----
|
|
1 file changed, 20 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/egg-compile.scm b/egg-compile.scm
|
|
index c1f2ceb0..9ba45681 100644
|
|
--- a/egg-compile.scm
|
|
+++ b/egg-compile.scm
|
|
@@ -1129,7 +1129,7 @@ EOF
|
|
|
|
~a ~a~a
|
|
~a ~a~a
|
|
-cat >~a~a <<ENDINFO
|
|
+cat >~a~a <<'ENDINFO'
|
|
~aENDINFO~%
|
|
EOF
|
|
mkdir ddir qdir
|
|
@@ -1139,11 +1139,18 @@ EOF
|
|
(printf #<<EOF
|
|
|
|
~a ~a~a
|
|
-echo ~a >~a~a~%
|
|
+copy /y nul ~a~a~%
|
|
+~a
|
|
EOF
|
|
mkdir ddir qdir
|
|
- (string-intersperse (string-split infostr "\n") "^\n\n")
|
|
- ddir dest)))))
|
|
+ ddir dest
|
|
+ (string-intersperse (map (lambda (line)
|
|
+ (ensure-line-limit
|
|
+ (caretize (format "echo ~a >>~a~a"
|
|
+ line ddir dest))
|
|
+ 8191 ))
|
|
+ (string-split infostr "\n"))
|
|
+ "\n"))))))
|
|
|
|
;;; some utilities for mangling + quoting
|
|
|
|
@@ -1227,3 +1234,12 @@ EOF
|
|
(substring fname (add1 plen))))
|
|
|
|
(define (maybe f x) (if f (list x) '()))
|
|
+
|
|
+(define (caretize str)
|
|
+ (string-translate* str '(("&" . "^&") ("^" . "^^") ("|" . "^|")
|
|
+ ("<" . "^<") (">" . "^>"))))
|
|
+
|
|
+(define (ensure-line-limit str lim)
|
|
+ (when (>= (string-length str) lim)
|
|
+ (error "line length exceeds platform limit: " str))
|
|
+ str)
|