diff options
author | Guillem Jover <guillem@debian.org> | 2010-11-03 08:24:54 +0100 |
---|---|---|
committer | Guillem Jover <guillem@debian.org> | 2010-11-19 05:21:15 +0100 |
commit | 04eaf265a0b219ed8689607196405fdff9a4a432 (patch) | |
tree | 2443aaf4d4dedabc64818c7a17fa50f3623ed3f9 | |
parent | ac65897081f5f20fda853beed79c28559fe33aea (diff) | |
download | dpkg-04eaf265a0b219ed8689607196405fdff9a4a432.tar.gz |
libdpkg: Disallow versions starting with non-digits
Fail on strict parsing, and warn otherwise.
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | lib/dpkg/parsehelp.c | 5 | ||||
-rw-r--r-- | lib/dpkg/test/t-version.c | 4 | ||||
-rw-r--r-- | scripts/t/100_Dpkg_Version.t | 40 |
4 files changed, 28 insertions, 23 deletions
diff --git a/debian/changelog b/debian/changelog index 791ce333b..bd63a1653 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ dpkg (1.16.0) UNRELEASED; urgency=low * Fix realloc usage on compat scandir() implementation. * Use DPKG_MAINTSCRIPT_PACKAGE environment variable as package name on dpkg-divert when no --package or --local options have been specified. + * Do not allow versions starting with non-digit when doing strict parsing, + warn otherwise. [ Raphaƫl Hertzog ] * Fail properly when debian/source/format is empty. Closes: #600854 diff --git a/lib/dpkg/parsehelp.c b/lib/dpkg/parsehelp.c index 662c011da..d9132bd06 100644 --- a/lib/dpkg/parsehelp.c +++ b/lib/dpkg/parsehelp.c @@ -266,7 +266,10 @@ version_strict_check(struct versionrevision *rversion) const char *ptr; /* XXX: Would be faster to use something like cisversion and cisrevision. */ - for (ptr = rversion->version; *ptr; ptr++) { + ptr = rversion->version; + if (*ptr && !cisdigit(*ptr++)) + return _("version number does not start with digit"); + for (; *ptr; ptr++) { if (!cisdigit(*ptr) && !cisalpha(*ptr) && strchr(".-+~:", *ptr) == NULL) return _("invalid character in version number"); } diff --git a/lib/dpkg/test/t-version.c b/lib/dpkg/test/t-version.c index cae1c89c7..2e5278104 100644 --- a/lib/dpkg/test/t-version.c +++ b/lib/dpkg/test/t-version.c @@ -128,8 +128,8 @@ test_version_parse(void) test_pass(versioncompare(&a, &b) == 0); /* Test valid characters in upstream version. */ - b = version(0, "azAZ09.-+~:", "0"); - test_pass(parseversion(&a, "0:azAZ09.-+~:-0") == NULL); + b = version(0, "09azAZ.-+~:", "0"); + test_pass(parseversion(&a, "0:09azAZ.-+~:-0") == NULL); test_pass(versioncompare(&a, &b) == 0); /* Test valid characters in revision. */ diff --git a/scripts/t/100_Dpkg_Version.t b/scripts/t/100_Dpkg_Version.t index ae38364b1..de0cd2200 100644 --- a/scripts/t/100_Dpkg_Version.t +++ b/scripts/t/100_Dpkg_Version.t @@ -127,28 +127,28 @@ __DATA__ 1 0:1 0 0 0:0-0 0 2:2.5 1:7.5 1 -1:foo foo 1 -0:foo foo 0 -foo foo 0 -foo- foo 0 -foo- foo-0 0 -foo fo 1 -foo- foo+ -1 -foo~1 foo -1 -foo~foo+Bar foo~foo+bar -1 -foo~~ foo~ -1 +1:0foo 0foo 1 +0:0foo 0foo 0 +0foo 0foo 0 +0foo- 0foo 0 +0foo- 0foo-0 0 +0foo 0fo 1 +0foo- 0foo+ -1 +0foo~1 0foo -1 +0foo~foo+Bar 0foo~foo+bar -1 +0foo~~ 0foo~ -1 1~ 1 -1 12345+that-really-is-some-ver-0 12345+that-really-is-some-ver-10 -1 -foo-0 foo-01 -1 -foo.bar foobar 1 -foo.bar foo1bar 1 -foo.bar foo0bar 1 -1foo-1 foo-1 -1 -foo2.0 foo2 1 -foo2.0.0 foo2.10.0 -1 -foo2.0 foo2.0.0 -1 -foo2.0 foo2.10 -1 -foo2.1 foo2.10 -1 +0foo-0 0foo-01 -1 +0foo.bar 0foobar 1 +0foo.bar 0foo1bar 1 +0foo.bar 0foo0bar 1 +0foo1bar-1 0foobar-1 -1 +0foo2.0 0foo2 1 +0foo2.0.0 0foo2.10.0 -1 +0foo2.0 0foo2.0.0 -1 +0foo2.0 0foo2.10 -1 +0foo2.1 0foo2.10 -1 1.09 1.9 0 1.0.8+nmu1 1.0.8 1 3.11 3.10+nmu1 1 |