Drop evaling $@ in mingw-scripts, ensure mingw macros invoked by mingw-scripts contain $@

2022-02-02 10:37:40 +01:00 · 2022-02-02 10:37:40 +01:00 · c212a7bc7d
commit c212a7bc7d
parent f9734e4bcc
2 changed files with 7 additions and 3 deletions
--- a/mingw-filesystem.spec
+++ b/mingw-filesystem.spec
@ -6,7 +6,7 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)

 Name:           mingw-filesystem
-Version:        129
+Version:        130
 Release:        1%{?dist}
 Summary:        MinGW cross compiler base filesystem and environment

@ -358,6 +358,9 @@ echo ".so man1/pkgconf.1" > %{buildroot}%{_mandir}/man1/x86_64-w64-mingw32-pkg-c


 %changelog
+* Wed Feb 02 2022 Sandro Mani <manisandro@gmail.com> - 130-1
+- Drop evaling $@ in mingw-scripts, ensure mingw macros invoked by mingw-scripts contain $@
+
 * Sat Jan 22 2022 Sandro Mani <manisandro@gmail.com> - 129-1
 - Also set FCFLAGS in mingw-env

--- a/mingw-scripts.sh
+++ b/mingw-scripts.sh
@ -39,7 +39,8 @@ if [[ $NAME == *cmake* ]] ; then
    MINGW64_CXXFLAGS=${MINGW64_CXXFLAGS:-""}
 fi

-# NOTE: The use of 'eval' in combination with '$@' is a potential security risk
+# NOTE: The use of 'eval' in combination with '$@' in the evaluated rpm macro is
+#       a potential security risk.
 #       We should find a more safe replacement for this command
 #       Suggestions are welcome at the Fedora MinGW mailing list
-eval "MINGW_CMAKE_NO_VERBOSE=1 `rpm --eval "%{$NAME}"`" '"$@"'
+eval "MINGW_CMAKE_NO_VERBOSE=1 `rpm --eval "%{$NAME}"`"