[Reproducible-commits] [dpkg] 24/74: Dpkg::Substvars: Validate source version in set_version_substvars()
Mattia Rizzolo
mattia at debian.org
Sun Jul 3 22:22:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to annotated tag 1.18.8
in repository dpkg.
commit 8b3cd883be8d5236f2c78b245bc7e0bd8f712888
Author: Guillem Jover <guillem at debian.org>
Date: Mon Jun 6 23:31:38 2016 +0200
Dpkg::Substvars: Validate source version in set_version_substvars()
---
debian/changelog | 2 ++
scripts/Dpkg/Substvars.pm | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9c8b4e4..9d6642c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,8 @@ dpkg (1.18.8) UNRELEASED; urgency=medium
- Add a getter for the Time::Piece object in Dpkg::Changelog.
- Add new Timestamp field to Dpkg::Changelog output, which ends up on
dpkg-parsechangelog's output.
+ - Validate source version in set_version_substvars()'s Dpkg::Substvars
+ method.
* Test suite:
- Bump perlcritic ValuesAndExpressions::RequireNumberSeparators minimum
to 99999.
diff --git a/scripts/Dpkg/Substvars.pm b/scripts/Dpkg/Substvars.pm
index 949a784..32bfcf4 100644
--- a/scripts/Dpkg/Substvars.pm
+++ b/scripts/Dpkg/Substvars.pm
@@ -25,6 +25,7 @@ use POSIX qw(:errno_h);
use Dpkg ();
use Dpkg::Arch qw(get_host_arch);
+use Dpkg::Version;
use Dpkg::ErrorHandling;
use Dpkg::Gettext;
@@ -231,8 +232,11 @@ sub set_version_substvars {
# field on the changelog, always fix up the source version.
$sourceversion =~ s/\+b[0-9]+$//;
- my $upstreamversion = $sourceversion;
- $upstreamversion =~ s/-[^-]*$//;
+ my $vs = Dpkg::Version->new($sourceversion, check => 1);
+ if (not defined $vs) {
+ error(g_('invalid source version %s'), $sourceversion);
+ }
+ my $upstreamversion = $vs->as_string(omit_revision => 1);
my $attr = SUBSTVAR_ATTR_USED | SUBSTVAR_ATTR_AUTO;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list