ssh: unban the use of pipe character in user@host:port string
This vulnerability was fixed by the previous patch and there were more ways
to exploit than using '|shellcmd'. So it doesn't make sense to reject only
pipe character.
Test cases are updated to actually try to exploit the bug. As the SSH bridge
of git/svn subrepos are not managed by our code, the tests for non-hg subrepos
are just removed.
This may be folded into the original patches.
#!/bin/bash -eu
. $(dirname $0)/dockerlib.sh
. $(dirname $0)/packagelib.sh
BUILDDIR=$(dirname $0)
export ROOTDIR=$(cd $BUILDDIR/.. > /dev/null; pwd)
checkdocker
DISTID="$1"
CODENAME="$2"
PLATFORM="$1-$2"
shift; shift # extra params are passed to build process
OUTPUTDIR=${OUTPUTDIR:=$ROOTDIR/packages/$PLATFORM}
initcontainer $PLATFORM
# debuild only appears to be able to save built debs etc to .., so we
# have to share the .. of the current directory with the docker
# container and hope it's writable. Whee.
dn=$(basename $PWD)
if [ $(uname) = "Darwin" ] ; then
$DOCKER run -u $DBUILDUSER --rm -v $PWD/..:/mnt $CONTAINER \
sh -c "cd /mnt/$dn && make clean && make local"
fi
$DOCKER run -u $DBUILDUSER --rm -v $PWD/..:/mnt $CONTAINER \
sh -c "cd /mnt/$dn && DEB_BUILD_OPTIONS='${DEB_BUILD_OPTIONS:=}' contrib/builddeb --build --distid $DISTID --codename $CODENAME $@"
contrib/builddeb --cleanup --distid $DISTID --codename $CODENAME
if [ $(uname) = "Darwin" ] ; then
$DOCKER run -u $DBUILDUSER --rm -v $PWD/..:/mnt $CONTAINER \
sh -c "cd /mnt/$dn && make clean"
fi