From owner-svn-src-all@freebsd.org  Fri Oct  7 20:02:00 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67853C05C7F;
 Fri,  7 Oct 2016 20:02:00 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 37B7465F;
 Fri,  7 Oct 2016 20:02:00 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u97K1x8q093615;
 Fri, 7 Oct 2016 20:01:59 GMT (envelope-from emaste@FreeBSD.org)
Received: (from emaste@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u97K1xwF093614;
 Fri, 7 Oct 2016 20:01:59 GMT (envelope-from emaste@FreeBSD.org)
Message-Id: <201610072001.u97K1xwF093614@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: emaste set sender to
 emaste@FreeBSD.org using -f
From: Ed Maste <emaste@FreeBSD.org>
Date: Fri, 7 Oct 2016 20:01:59 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r306825 - head/usr.sbin/portsnap/portsnap
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 20:02:00 -0000

Author: emaste
Date: Fri Oct  7 20:01:59 2016
New Revision: 306825
URL: https://svnweb.freebsd.org/changeset/base/306825

Log:
  portsnap: use lam on the known good hash list
  
  This change is equivalent to the approach committed in r306417, but if
  sed has a bug it could be exploited by the untrusted tar file. Instead,
  generate the expected tar content and compare that with find's output.
  
  convert the expected hash list to the expected tar content filesystem
  layout, and compare that with find's output.
  
  Submitted by:	cperciva (in review D8052)
  Reviewed by:	oshogbo
  MFC after:	2 weeks

Modified:
  head/usr.sbin/portsnap/portsnap/portsnap.sh

Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh
==============================================================================
--- head/usr.sbin/portsnap/portsnap/portsnap.sh	Fri Oct  7 19:28:45 2016	(r306824)
+++ head/usr.sbin/portsnap/portsnap/portsnap.sh	Fri Oct  7 20:01:59 2016	(r306825)
@@ -691,8 +691,9 @@ fetch_snapshot() {
 	fetch_index_sanity || return 1
 # Verify the snapshot contents
 	cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
-	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
-	find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
+	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u |
+	    lam -s 'snap/' - -s '.gz' > files.expected
+	find snap -mindepth 1 | sort > files.snap
 	if ! cmp -s files.expected files.snap; then
 		echo "unexpected files in snapshot."
 		return 1