From 0fc7c3e4dbcb52eaac76ae5e634e6b9974c5f9e0 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 19 Apr 2018 10:00:52 +0100
Subject: [PATCH] Harden move_to script.

If the package name is not found in the packages file (perhaps because
the package was resolved to a different name through Obsoletes etc)
then the move_to script could create two dependencies.  Detect this
and hard-fail.

See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1568676
---
 libguestfs.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libguestfs.spec b/libguestfs.spec
index af6dfb2..30d18e8 100644
--- a/libguestfs.spec
+++ b/libguestfs.spec
@@ -998,6 +998,10 @@ gzip --best installed-docs/*.xml
 pushd $RPM_BUILD_ROOT%{_libdir}/guestfs/supermin.d
 function move_to
 {
+    if ! grep -Esq "^$1$" packages; then
+        echo "move_to $1: package name not found in packages file"
+        exit 1
+    fi
     grep -Ev "^$1$" < packages > packages-t
     mv packages-t packages
     echo "$1" >> "$2"