Jeremy C. Reed wrote:
> On Thu, 1 Dec 2005, Roland Illig wrote:
> 
>> currently the algorithms used for calculating the checksums of patch 
>> files differ between pkgtools/pkglint and the rest of pkgsrc. I think 
>> the pkglint way is "more correct".
>>
>> others:  ${SED} -e '/\$$NetBSD.*/d' $$patchfile | ${DIGEST} $$alg
>> pkglint: ${SED} -e '/^\$$NetBSD.*/d' $$patchfile | ${DIGEST} $$alg
> 
> 
> Maybe instead of just checking for $NetBSD at beginning of line, only 
> check for that on the first line.
> 
> If $NetBSD for some reason or another was starting another line in a 
> diff, someone could abuse it. Imagine in a shell script:
> 
> $NetBSD rm whatever
> 
> Maybe this doesn't matter as maybe someone couldn't add a new line to a 
> diff without breaking the patch(1) use of it.

Since only lines starting with "---", "+++", "***", " ", "@", "-" or "+" 
are relevant to patch(1) I am awaiting your proof-of-concept exploit. :)

Roland