[SCM] Git repository for devscripts branch, master, updated. v2.12.2-50-g2afe289

[James McCoy]

The following commit has been merged in the master branch:
commit 2eec88d2f7385c95c8e9fc6dbb86cc0c41d4bdf5
Author: James McCoy <jamessan at debian.org>
Date:   Sat Sep 15 15:09:50 2012 -0400

    dget: Only match policy-compliant source package names.
    
    Signed-off-by: James McCoy <jamessan at debian.org>

diff --git a/debian/changelog b/debian/changelog
index 61456f8..50dbf7b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -41,7 +41,9 @@ devscripts (2.12.3) UNRELEASED; urgency=low
   [ James McCoy ]
   * debdiff: Fix regression in exit code, introduced in 2.11.4.  (Closes:
     #686247)
-  * dget: Fix CVE-2012-2241 (arbitrary file deletion)
+  * dget:
+    + Fix CVE-2012-2241 (arbitrary file deletion)
+    + Only match policy-compliant source package names.
   * dscverify: Fix CVE-2012-2240 (arbitrary code execution)
 
  -- Benjamin Drung <bdrung at debian.org>  Thu, 26 Jul 2012 12:17:51 +0200
diff --git a/scripts/dget.pl b/scripts/dget.pl
index f6e7706..1acb08e 100755
--- a/scripts/dget.pl
+++ b/scripts/dget.pl
@@ -200,7 +200,7 @@ sub get_file {
 
     # try apt-get if it is still not there
     my $ext = $compression_re_file_ext;
-    if (not -e $file and $file =~ m!^([a-z0-9.+-]{2,})_[^/]+\.(?:diff|tar)\.$ext$!) {
+    if (not -e $file and $file =~ m!^([a-z0-9][a-z0-9.+-]+)_[^/]+\.(?:diff|tar)\.$ext$!) {
 	my @cmd = ('apt-get', 'source', '--print-uris', $1);
 	my $cmd = join ' ', @cmd;
 	open(my $apt, '-|', @cmd) or die "$cmd: $!";

-- 
Git repository for devscripts