ebuild-ipc: use safe cwd for import, bug #469338

diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index ec30b66cbef86e1a6aff501870bdc9b2668b2301..7bd330bec517e9c63f01f66af4816368f00d6b8e 100755 (executable)
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -1,8 +1,10 @@
 #!/bin/bash
-# Copyright 2009-2010 Gentoo Foundation
+# Copyright 2009-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
 PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
+# Use safe cwd, avoiding unsafe import for bug #469338.
+cd "${PORTAGE_PYM_PATH}"
 PYTHONPATH=$PORTAGE_PYM_PATH${PYTHONPATH:+:}$PYTHONPATH \
        exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/portageq" "$@"

diff --git a/bin/ebuild-ipc b/bin/ebuild-ipc
index 43e4a02aef415648136ae391212c77a3ab67be00..9ff6f1ccbbd38b4fd7a3995fce55ba32e08fc027 100755 (executable)
--- a/bin/ebuild-ipc
+++ b/bin/ebuild-ipc
@@ -1,8 +1,10 @@
 #!/bin/bash
-# Copyright 2010 Gentoo Foundation
+# Copyright 2010-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
 PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
+# Use safe cwd, avoiding unsafe import for bug #469338.
+cd "${PORTAGE_PYM_PATH}"
 PYTHONPATH=$PORTAGE_PYM_PATH${PYTHONPATH:+:}$PYTHONPATH \
        exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/ebuild-ipc.py" "$@"

diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index 4812db3430909d63b2f1d0a126ad7494c39299c5..a97323ace05627cc1b8242c5b148c1682526479e 100644 (file)
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 export DESTTREE=/usr
@@ -683,8 +683,7 @@ has_version() {
        if [[ -n $PORTAGE_IPC_DAEMON ]] ; then
                "$PORTAGE_BIN_PATH"/ebuild-ipc has_version "${eroot}" "${atom}"
        else
-               PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-               "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" has_version "${eroot}" "${atom}"
+               "${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" has_version "${eroot}" "${atom}"
        fi
        local retval=$?
        case "${retval}" in
@@ -736,8 +735,7 @@ best_version() {
        if [[ -n $PORTAGE_IPC_DAEMON ]] ; then
                "$PORTAGE_BIN_PATH"/ebuild-ipc best_version "${eroot}" "${atom}"
        else
-               PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-               "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" best_version "${eroot}" "${atom}"
+               "${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" best_version "${eroot}" "${atom}"
        fi
        local retval=$?
        case "${retval}" in
@@ -766,8 +764,7 @@ if ___eapi_has_master_repositories; then
                if [[ -n ${PORTAGE_IPC_DAEMON} ]]; then
                        "${PORTAGE_BIN_PATH}/ebuild-ipc" master_repositories "${EROOT}" "${repository}"
                else
-                       output=$(PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-                       "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" master_repositories "${EROOT}" "${repository}")
+                       output=$("${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" master_repositories "${EROOT}" "${repository}")
                fi
                retval=$?
                [[ -n ${output} ]] && echo "${output}"
@@ -798,8 +795,7 @@ if ___eapi_has_repository_path; then
                if [[ -n ${PORTAGE_IPC_DAEMON} ]]; then
                        "${PORTAGE_BIN_PATH}/ebuild-ipc" repository_path "${EROOT}" "${repository}"
                else
-                       output=$(PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-                       "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" get_repo_path "${EROOT}" "${repository}")
+                       output=$("${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" get_repo_path "${EROOT}" "${repository}")
                fi
                retval=$?
                [[ -n ${output} ]] && echo "${output}"
@@ -829,8 +825,7 @@ if ___eapi_has_available_eclasses; then
                if [[ -n ${PORTAGE_IPC_DAEMON} ]]; then
                        "${PORTAGE_BIN_PATH}/ebuild-ipc" available_eclasses "${EROOT}" "${repository}"
                else
-                       output=$(PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-                       "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" available_eclasses "${EROOT}" "${repository}")
+                       output=$("${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" available_eclasses "${EROOT}" "${repository}")
                fi
                retval=$?
                [[ -n ${output} ]] && echo "${output}"
@@ -861,8 +856,7 @@ if ___eapi_has_eclass_path; then
                if [[ -n ${PORTAGE_IPC_DAEMON} ]]; then
                        "${PORTAGE_BIN_PATH}/ebuild-ipc" eclass_path "${EROOT}" "${repository}" "${eclass}"
                else
-                       output=$(PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-                       "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" eclass_path "${EROOT}" "${repository}" "${eclass}")
+                       output=$("${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" eclass_path "${EROOT}" "${repository}" "${eclass}")
                fi
                retval=$?
                [[ -n ${output} ]] && echo "${output}"
@@ -893,8 +887,7 @@ if ___eapi_has_license_path; then
                if [[ -n ${PORTAGE_IPC_DAEMON} ]]; then
                        "${PORTAGE_BIN_PATH}/ebuild-ipc" license_path "${EROOT}" "${repository}" "${license}"
                else
-                       output=$(PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
-                       "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" license_path "${EROOT}" "${repository}" "${license}")
+                       output=$("${PORTAGE_BIN_PATH}/ebuild-helpers/portageq" license_path "${EROOT}" "${repository}" "${license}")
                fi
                retval=$?
                [[ -n ${output} ]] && echo "${output}"