Bug#814447: devscripts: uscan(1) github example is rejected with "potentially unsafe or malformed filenamemangle pattern"
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Feb 11 16:40:09 UTC 2016
Package: devscripts
Version: 2.15.10
Severity: normal
the github example in uscan(1) appears to be rejected by uscan as
having a "potentially unsafe or malformed filenamemangle pattern".
It's not clear to me what the problem is or how i should resolve it.
either the documentation or the definition of safe_replace() in
scripts/uscan.pl should be updated so that they're aligned.
Here is an example:
0 dkg at alice:~/src/win-iconv/win-iconv$ man uscan | grep -A10 'For GitHub based'
For GitHub based projects, you can use the tags or releases page. The
archive URL uses only the version as the filename. You can rename the
downloaded upstream tarball from into the standard
<project>-<version>.tar.gz using filenamemangle:
version=4
opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
https://github.com/<user>/<project>/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
PyPI
0 dkg at alice:~/src/win-iconv/win-iconv$ cat debian/watch
version=4
opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%" \
https://github.com/win-iconv/win-iconv/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
0 dkg at alice:~/src/win-iconv/win-iconv$ uscan --verbose
uscan: uscan (version 2.15.10) See uscan(1) for help
uscan: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: package="win-iconv" version="0.0.6-1" (as seen in debian/changelog)
uscan info: package="win-iconv" version="0.0.6" (no epoch/revision)
uscan: ./debian/changelog sets package="win-iconv" version="0.0.6"
uscan info: Process ./debian/watch (package=win-iconv version=0.0.6)
uscan info: opts: filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%
uscan info: line: https://github.com/win-iconv/win-iconv/tags (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
uscan info: Parsing filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%
uscan info: line: https://github.com/win-iconv/win-iconv/tags (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
uscan info: Last orig.tar.* tarball version (from debian/changelog): 0.0.6
uscan info: Last orig.tar.* tarball version (dversionmangled): 0.0.6
uscan info: Requesting URL:
https://github.com/win-iconv/win-iconv/tags
uscan info: Matching pattern:
(?:(?:https://github.com)?\/win\-iconv\/win\-iconv\/tags)?(?:.*?/)?v?(\d[\d.]*)\.tar\.gz
uscan info: Found the following matching hrefs on the web page (newest first):
/win-iconv/win-iconv/archive/v0.0.8.tar.gz (0.0.8) index=0.0.8.1
/win-iconv/win-iconv/archive/v0.0.7.tar.gz (0.0.7) index=0.0.7.1
/win-iconv/win-iconv/archive/0.0.6.tar.gz (0.0.6) index=0.0.6.1
/win-iconv/win-iconv/archive/0.0.5.tar.gz (0.0.5) index=0.0.5.1
/win-iconv/win-iconv/archive/0.0.4.tar.gz (0.0.4) index=0.0.4.1
/win-iconv/win-iconv/archive/0.0.3.tar.gz (0.0.3) index=0.0.3.1
/win-iconv/win-iconv/archive/0.0.2.tar.gz (0.0.2) index=0.0.2.1
/win-iconv/win-iconv/archive/0.0.1.tar.gz (0.0.1) index=0.0.1.1
uscan info: Matching target for downloadurlmangle: https://github.com/win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan info: Upstream URL (downloadurlmangled):
https://github.com/win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan info: Newest upstream tarball version selected for download (uversionmangled): 0.0.8
uscan info: Matching target for filenamemangle: /win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan warn: In debian/watch, potentially unsafe or malformed filenamemangle pattern:
'"s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%' found. Skipping watchline
https://github.com/win-iconv/win-iconv/tags (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
uscan info: Scan finished
1 dkg at alice:~/src/win-iconv/win-iconv$
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
Not present
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.4
ii libc6 2.21-7
ii perl 5.22.1-5
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.2.2
ii at 3.1.18-2
ii curl 7.47.0-1
ii dctrl-tools 2.24-2
ii debian-keyring 2016.01.20
ii dput-ng [dput] 1.10
ii dupload 2.7.0
pn equivs <none>
ii fakeroot 1.20.2-1
ii file 1:5.25-2
ii gnupg 1.4.20-1
ii gnupg2 2.1.11-5
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii libjson-perl 2.90-1
ii liblwp-protocol-https-perl 6.06-2
pn libsoap-lite-perl <none>
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii lintian 2.5.40.2
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.27
ii python3-magic 1:5.25-2
ii sensible-utils 0.0.9
ii strace 4.10-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.17.1-1+b1
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
ii build-essential 11.7
pn cvs-buildpackage <none>
ii debbindiff 48
ii devscripts-el 35.12
pn gnuplot <none>
ii gpgv 1.4.20-1
ii gpgv2 2.1.11-5
pn libauthen-sasl-perl <none>
pn libfile-desktopentry-perl <none>
ii libnet-smtp-ssl-perl 1.03-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mailutils [mailx] 1:2.99.99-1
ii mozilla-devscripts 0.44
pn mutt <none>
ii openssh-client [ssh-client] 1:7.1p2-2
ii s-nail [mailx] 14.8.6-1
ii svn-buildpackage 0.8.5+nmu1
ii w3m 0.5.3-26
-- debconf-show failed
More information about the devscripts-devel
mailing list