[devscripts] 01/01: uscan: Fix arbitrary command execution when using USCAN_EXCLUSION

Wed Dec 11 00:07:00 UTC 2013

This is an automated email from the git hooks/post-receive script.

jamessan pushed a commit to branch master
in repository devscripts.

commit 91f05b5cc300af669b31a6f6b44d53b7d6817288
Author: James McCoy <jamessan at debian.org>
Date:   Tue Dec 10 19:06:33 2013 -0500

    uscan: Fix arbitrary command execution when using USCAN_EXCLUSION
    
    Closes: #731849
    Signed-off-by: James McCoy <jamessan at debian.org>
---
 debian/changelog | 11 +++++++++--
 scripts/uscan.pl | 12 ++++++------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 2514d11..245f21c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,18 @@
-devscripts (2.13.7) unstable; urgency=medium
+devscripts (2.13.8) UNRELEASED; urgency=medium
 
   [ James McCoy ]
-  * Fix imports of Devscripts::Compression.  (Closes: #731847)
+  * uscan: Fix arbitrary command execution when using USCAN_EXCLUSION.
+    (Closes: #731849)
 
   [ Adam D. Barratt ]
   * Honour USCAN_EXCLUSION.  (Closes: #731885)
 
+ -- James McCoy <jamessan at debian.org>  Tue, 10 Dec 2013 19:02:04 -0500
+
+devscripts (2.13.7) unstable; urgency=medium
+
+  * Fix imports of Devscripts::Compression.  (Closes: #731847)
+
  -- James McCoy <jamessan at debian.org>  Tue, 10 Dec 2013 07:49:54 -0500
 
 devscripts (2.13.6) unstable; urgency=medium
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 4282951..0ffe9f2 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -2177,12 +2177,12 @@ sub get_main_source_dir($$$$) {
     foreach my $file (@files) {
 	unless ($file =~ /^\.\.?/) {
 	    if ( -d "${tempdir}/$file" ) {
-                # HELP: why can't perl move not move directories????
-                system( "mv ${tempdir}/$file $main_source_dir" ) ;
-            } else {
-                move("${tempdir}/$file", $main_source_dir) or die("Unable to move ${tempdir}/$file directory $main_source_dir\n");
-            }
-        }
+		# HELP: why can't perl move not move directories????
+		system('mv', "${tempdir}/$file", $main_source_dir);
+	    } else {
+		move("${tempdir}/$file", $main_source_dir) or die("Unable to move ${tempdir}/$file directory $main_source_dir\n");
+	    }
+	}
     }
     return $main_source_dir;
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git

