Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix potential shell injection when running rpm2cpio
Actually, there is nothing that can be injected, except the "-h" option. However, in case rpm2cpio evolves, we are on the safe side. Also, document the potential shell injection in the cpio call (the comment was accidentally removed in commit dbdc712) (the current osc code is not affected, because we never pass filenames via *files to core.unpack_srcrpm).
- Loading branch information