<pre style='margin:0'>
Ryan Schmidt (ryandesign) pushed a commit to branch master
in repository macports-ports.

</pre>
<p><a href="https://github.com/macports/macports-ports/commit/176d0a176121677d0bb1dd31086dd83463c21041">https://github.com/macports/macports-ports/commit/176d0a176121677d0bb1dd31086dd83463c21041</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'>     new 176d0a17612 gpg_verify-1.0.tcl: Escape paths
</span>176d0a17612 is described below

<span style='display:block; white-space:pre;color:#808000;'>commit 176d0a176121677d0bb1dd31086dd83463c21041
</span>Author: Ryan Schmidt <ryandesign@macports.org>
AuthorDate: Thu Sep 24 08:01:09 2020 -0500

<span style='display:block; white-space:pre;color:#404040;'>    gpg_verify-1.0.tcl: Escape paths
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    Closes: https://trac.macports.org/ticket/61110
</span>---
 _resources/port1.0/group/gpg_verify-1.0.tcl | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/_resources/port1.0/group/gpg_verify-1.0.tcl b/_resources/port1.0/group/gpg_verify-1.0.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index fe8c2763375..f80841a8a98 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/_resources/port1.0/group/gpg_verify-1.0.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/_resources/port1.0/group/gpg_verify-1.0.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -52,16 +52,23 @@ pre-checksum {
</span>     }
 }
 
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# Remove this proc and switch to shellescape once MacPorts 2.7.0 is released.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc gpg_verify.shellescape {arg} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    return [regsub -all -- {[^A-Za-z0-9.:@%/+=_-]} $arg {\\&}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> proc gpg_verify.verify_gpg_signature {pubkey_file signature_file test_file} {
     # pre-load public key to avoid keyserver downtime issues
     # https://pgp.mit.edu/pks/lookup?op=get&search=0x${gpg_keyid}
     # note: tcl exec will return error if error messages not directed to /dev/null
<span style='display:block; white-space:pre;background:#ffe0e0;'>-    system "/bin/sh -c '[option gpg_verify.gpg] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-        --homedir [option gpg_verify.gpg_homedir] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-        --import ${pubkey_file} 2>/dev/null || /usr/bin/true'"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    system "[option gpg_verify.gpg] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        --homedir [gpg_verify.shellescape [option gpg_verify.gpg_homedir]] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        --import [gpg_verify.shellescape ${pubkey_file}] 2>/dev/null || /usr/bin/true"
</span>     set gpg_verification [exec /bin/sh -c \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-        "if [option gpg_verify.gpg] --homedir [option gpg_verify.gpg_homedir] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-            --verify ${signature_file} ${test_file} 2>/dev/null; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        "if [gpg_verify.shellescape [option gpg_verify.gpg]] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            --homedir [gpg_verify.shellescape [option gpg_verify.gpg_homedir]] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            --verify [gpg_verify.shellescape ${signature_file}] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            [gpg_verify.shellescape ${test_file}] 2>/dev/null; \
</span>             then echo 'VERIFIED'; else echo 'UNVERIFIED'; fi"]
     if {[string trim ${gpg_verification}] != "VERIFIED"} {
         error "GPG signature verification failed on ${test_file} with pubkey file ${pubkey_file}."
</pre><pre style='margin:0'>

</pre>