[Reproducible-commits] [dpkg] 19/61: Dpkg::Changelog::Entry::Debian: Catch bogus month names

Jérémy Bobbio lunar at moszumanska.debian.org
Mon Sep 21 09:56:06 UTC 2015 

This is an automated email from the git hooks/post-receive script.

lunar pushed a commit to branch pu/reproducible_builds
in repository dpkg.

commit 21f5898d846a1cd69bdc6849e2097168cde02fdf
Author: Guillem Jover <guillem at debian.org>
Date:   Tue Aug 18 15:52:28 2015 +0200

    Dpkg::Changelog::Entry::Debian: Catch bogus month names
    
    Check if the month is a valid abbreviated month name, with proper
    capitalization, and check explicitly for unabbreviated month names,
    otherwise the error message might be too confusing.
---
 debian/changelog                       |  2 ++
 scripts/Dpkg/Changelog/Entry/Debian.pm | 21 +++++++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 14b82c1..f60ebd6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ dpkg (1.18.3) UNRELEASED; urgency=low
     - Do not abort on parse errors from Time::Piece->strptime() for the
       changelog trailer date, just queue them so that the caller can decide
       if they should be warnings or actual errors. Closes: #795936
+    - Validate the changelog trailer date, and catch and warn or error on
+      bogus month names, such as unknown or unabbreviated ones.
   * Test suite:
     - Get the reference build flags from dpkg-buildflags.pl, instead of
       hardcoding them, which might not match depending on the architecture.
diff --git a/scripts/Dpkg/Changelog/Entry/Debian.pm b/scripts/Dpkg/Changelog/Entry/Debian.pm
index a851b6f..7465db9 100644
--- a/scripts/Dpkg/Changelog/Entry/Debian.pm
+++ b/scripts/Dpkg/Changelog/Entry/Debian.pm
@@ -63,10 +63,18 @@ my $name_chars = qr/[-+0-9a-z.]/i;
 our $regex_header = qr/^(\w$name_chars*) \(([^\(\) \t]+)\)((?:\s+$name_chars+)+)\;(.*?)\s*$/i;
 
 # The matched content is the maintainer name ($1), its email ($2),
-# some blanks ($3) and the timestamp ($4).
-our $regex_trailer = qr/^ \-\- (.*) <(.*)>(  ?)(((\w+)\,\s*)?(\d{1,2}\s+\w+\s+\d{4}\s+\d{1,2}:\d\d:\d\d\s+[-+]\d{4}))\s*$/o;
+# some blanks ($3) and the timestamp ($4), which is decomposed into
+# day of week ($6), date-time ($7) and this into month name ($8).
+our $regex_trailer = qr/^ \-\- (.*) <(.*)>(  ?)(((\w+)\,\s*)?(\d{1,2}\s+(\w+)\s+\d{4}\s+\d{1,2}:\d\d:\d\d\s+[-+]\d{4}))\s*$/o;
 
 my %week_day = map { $_ => 1 } qw(Mon Tue Wed Thu Fri Sat Sun);
+my %month_abbrev = map { $_ => 1 } qw(
+    Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
+);
+my %month_name = map { $_ => } qw(
+    January February March April May June July
+    August September October November December
+);
 
 ## use critic
 
@@ -178,6 +186,15 @@ sub check_trailer {
 	eval {
 	    Time::Piece->strptime($7, '%d %b %Y %T %z');
 	} or do {
+	    # Validate the month. Date::Parse used to accept both abbreviated
+	    # and full months, but Time::Piece strptime() implementation only
+	    # matches the abbreviated one with %b, which is what we want anyway.
+	    if (exists $month_name{$8}) {
+	        push @errors, sprintf(g_('uses full instead of abbreviated month name \'%s\''),
+	                              $8, $month_name{$8});
+	    } elsif (not exists $month_abbrev{$8}) {
+	        push @errors, sprintf(g_('invalid abbreviated month name \'%s\''), $8);
+	    }
 	    push @errors, sprintf(g_("cannot parse non-comformant date '%s'"), $7);
 	};
     } else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list