commit live-langset-data for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package live-langset-data for 
openSUSE:Factory checked in at 2022-09-27 20:13:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/live-langset-data (Old)
 and      /work/SRC/openSUSE:Factory/.live-langset-data.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "live-langset-data"

Tue Sep 27 20:13:21 2022 rev:17 rq:1006120 version:2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/live-langset-data/live-langset-data.changes      
2021-07-02 13:26:42.353114955 +0200
+++ 
/work/SRC/openSUSE:Factory/.live-langset-data.new.2275/live-langset-data.changes
    2022-09-27 20:13:25.305759671 +0200
@@ -1,0 +2,5 @@
+Mon Sep 26 13:54:57 UTC 2022 - Fabian Vogt <fv...@suse.com>
+
+- Parse lang=/keytable= options more explicitly (boo#1202925)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ live-langset-data.spec ++++++
--- /var/tmp/diff_new_pack.FkSjkU/_old  2022-09-27 20:13:26.073761365 +0200
+++ /var/tmp/diff_new_pack.FkSjkU/_new  2022-09-27 20:13:26.077761374 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package live-langset-data
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

++++++ langset.sh ++++++
--- /var/tmp/diff_new_pack.FkSjkU/_old  2022-09-27 20:13:26.153761542 +0200
+++ /var/tmp/diff_new_pack.FkSjkU/_new  2022-09-27 20:13:26.153761542 +0200
@@ -9,18 +9,23 @@
        keytable=$2
 else
        lang=en_US
+       keytable=
        for o in $(cat /proc/cmdline); do
                case $o in
                lang=*)
-                       eval $o
+                       lang="${o#*=}"
                        ;;
                keytable=*)
-                       eval $o
+                       keytable="${o#*=}"
                        ;;
                esac
        done
 fi
 
+# Avoid directory traversal through /
+lang="${lang//\/}"
+keytable="${keytable//\/}"
+
 # Strip potential .UTF-8 suffix
 lang="${lang%%.*}"
 
@@ -83,7 +88,7 @@
 [ -n "$TIMEZONE" ] && [ -f "/usr/share/zoneinfo/$TIMEZONE" ] && rm -f 
/etc/localtime && ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
 
 # Override with the cmdline provided one, if possible
-[ -z "$keytable" ] || localectl set-keymap $keytable
+[ -z "$keytable" ] || localectl set-keymap -- "$keytable"
 
 echo "$lang" > /var/lib/zypp/RequestedLocales