commit: a994f7c27013af4143699fd548fb02eeb4dbb572
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Wed May 28 00:13:41 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 30 08:14:27 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=a994f7c2
phase-helpers.sh: don't wordsplit the given flag in use()
Presently, the use() function splits the value of $u in the course of
conveying it to the has() function. This is a rather serious bug that
would have been more serious still, were it not for the fact that a
check against IUSE is performed in most cases. Still, consider what can
happen in the case that the check is not performed.
use "baboon baboon" # will always return true
use "baboons write bash for baboons" # ditto
The solution is to quote the expansion of $u, thereby protecting it from
wordsplitting.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/phase-helpers.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index baf0f697ea..a27995925d 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -270,7 +270,7 @@ use() {
fi
set -f
- has ${u} ${USE}
+ has "${u}" ${USE}
(( $? == invert ? 1 : 0 ))
}
