Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
maven-shared-utils-0.8
-
None
-
Unix (Linux)
Description
When trying to use the latest maven-jarsign-plugin using a keystore-password which started with a hash (#), signing failed. After enabling debug output with -X, I got a strange debug message:
[DEBUG] Option lacks argument
Since signtool is invoked using /bin/sh -c ..., of course, any # must be quoted, because otherwise it acts as a comment-start and thus effectively cuts-off the rest of the cmdline.
After single-quoting the password in the pom.xml, the jar signing was ok.
=>
Adding '#' to BASH_QUOTING_TRIGGER_CHARS in org.apache.maven.shared.utils.cli.shell.BourneShell.java should fix the problem.
Attachments
Issue Links
- is cloned by
-
MSHARED-851 & must trigger quoting in Windows
- Closed
- is related to
-
MSHARED-297 Commandline class shell injection vulnerabilities
- Closed