diff options
| author | Guillem Jover <guillem@debian.org> | 2016-03-06 14:29:08 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2016-04-01 00:58:14 +0200 |
| commit | bd17966babf8705e8f02c808f646dfa149828256 (patch) | |
| tree | e199347f8dc14bf984d8b23614cfd42aac649681 /scripts/Dpkg/Deps.pm | |
| parent | d355b340f3a6cde7fc1cb5649d82fbebd3b97ea1 (diff) | |
| download | dpkg-bd17966babf8705e8f02c808f646dfa149828256.tar.gz | |
Dpkg::Deps: Make the dependency parser more strict
Do not allow obviously broken dependencies.
Closes: #784806
Diffstat (limited to 'scripts/Dpkg/Deps.pm')
| -rw-r--r-- | scripts/Dpkg/Deps.pm | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/scripts/Dpkg/Deps.pm b/scripts/Dpkg/Deps.pm index fdc1a88cd..e698adcaf 100644 --- a/scripts/Dpkg/Deps.pm +++ b/scripts/Dpkg/Deps.pm @@ -602,18 +602,20 @@ sub parse_string { (?: # start of optional part \s* \( # open parenthesis for version part \s* (<<|<=|=|>=|>>|[<>]) # relation part - \s* (.*?) # do not attempt to parse version + \s* ([^\)]+) # do not attempt to parse version \s* \) # closing parenthesis )? # end of optional part (?: # start of optional architecture \s* \[ # open bracket for architecture - \s* (.*?) # don't parse architectures now + \s* ([^\]]+) # don't parse architectures now \s* \] # closing bracket )? # end of optional architecture - (?: # start of optional restriction + ( + (?: # start of optional restriction \s* < # open bracket for restriction - \s* (.*) # do not parse restrictions now + \s* [^>]+ # do not parse restrictions now \s* > # closing bracket + )+ )? # end of optional restriction \s*$ # trailing spaces at end }x; |