Bug#6820: Patch

Sat, 08 Oct 2005 12:18:08 -0700 

tag 6820 patch
usertag 6820 fixed-in-my-arch-branch
thanks

I did go through the unpacking code and looked for conditions that can
cause dpkg-source to abort the unpacking. Then I've tried to add checks
for all of these conditions to dpkg-source -b (where at all possible).

I think the attached patch is appropriate to fix this bug.
([EMAIL PROTECTED]/dpkg--devel--1.13--patch-25)

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/

* looking for [EMAIL PROTECTED]/dpkg--devel--1.13--patch-24 to compare with
* comparing to [EMAIL PROTECTED]/dpkg--devel--1.13--patch-24
A  {arch}/dpkg/dpkg--devel/dpkg--devel--1.13/[EMAIL 
PROTECTED]/patch-log/patch-25
M  scripts/dpkg-source.pl
M  debian/changelog
M  ChangeLog
M  scripts/controllib.pl

* modified files

--- orig/ChangeLog
+++ mod/ChangeLog
@@ -1,3 +1,25 @@
+2005-10-07  Frank Lichtenheld  <[EMAIL PROTECTED]>
+
+       * scripts/controllib.pl:
+       (checkversion) add generic check for valid version numbers
+       (checkpackagename) add generic check for valid package
+       names
+       (readmd5sum) add generic function to extract md5sum from
+       md5sum program output
+       (setsourcepackage) call checkpackagename on new value
+       * scripts/dpkg-source.pl: Use the new checks added to
+       controllib to ensure validity of version and packagename
+       on build, too. Previously this was only done on
+       unpack.
+
+       * scripts/dpkg-source.pl: Test on build if directories
+       added by diff already exist with other type in the original
+       source since we already tested that on unpack.
+
+       * scripts/dpkg-source.pl (addfile): Test if files are added
+       twice. Should not happen but as we error out on unpack
+       better make sure it doesn't.
+
 2005-10-04  Frank Lichtenheld  <[EMAIL PROTECTED]>
 
        * scripts/dpkg-source.pl: Check build relation


--- orig/debian/changelog
+++ mod/debian/changelog
@@ -22,6 +22,9 @@
     - Let dpkg-source -b check the build relation fields before
       putting them into the .dsc. As a side effect they also
       get normalized. Closes: #254449
+    - Let dpkg-source ensure (as good as possible) that all
+      build source packages can also be unpacked.
+      Closes: #6820, #7014
 
  --
 


--- orig/scripts/controllib.pl
+++ mod/scripts/controllib.pl
@@ -243,8 +243,22 @@
     $substvar{'Source-Version'}= $fi{"L Version"};
 }
 
+sub checkpackagename {
+    my $name = shift || '';
+    $name =~ m/[^-+.0-9a-z]/o &&
+        &error("source package name `$name' contains illegal character `$&'");
+    $name =~ m/^[0-9a-z]/o ||
+        &error("source package name `$name' starts with non-alphanum");
+}
+
+sub checkversion {
+    my $version = shift || '';
+    $version =~ m/[^-+:.0-9a-zA-Z~]/o &&
+        &error("version number contains illegal character `$&'");
+}
 
 sub setsourcepackage {
+    checkpackagename( $v );
     if (length($sourcepackage)) {
         $v eq $sourcepackage ||
             &error("source package has two conflicting values - $sourcepackage 
and $v");
@@ -253,6 +267,13 @@
     }
 }
 
+sub readmd5sum {
+    (my $md5sum = shift) or return;
+    $md5sum =~ s/^([0-9a-f]{32})\s*\*?-?\s*\n?$/$1/o
+       || &failure("md5sum gave bogus output `$md5sum'");
+    return $md5sum;
+}
+
 sub parsecdata {
     local ($source,$many,$whatmsg) = @_;
     # many=0: ordinary control data like output from dpkg-parsechangelog


--- orig/scripts/dpkg-source.pl
+++ mod/scripts/dpkg-source.pl
@@ -218,6 +218,7 @@
             if (m/^Source$/) {
                 &setsourcepackage;
             } elsif (m/^Version$/) {
+               checkversion( $v );
                 $f{$_}= $v;
             } elsif (s/^X[BS]*C[BS]*-//i) {
                 $f{$_}= $v;
@@ -466,6 +467,12 @@
                 &unrepdiff("device or socket is not allowed");
             } elsif (-d _) {
                 $type{$fn}= 'directory';
+               if (!lstat("$origdir/$fn")) {
+                   $! == ENOENT
+                       || &syserr("cannot stat orig file $origdir/$fn");
+               } elsif (! -d _) {
+                   &unrepdiff2('not a directory', 'directory');
+               }
             } else {
                 &unrepdiff("unknown file type ($!)");
             }
@@ -581,14 +588,10 @@
     }
 
     $sourcepackage = $fi{'S Source'};
-    $sourcepackage =~ m/[^-+.0-9a-z]/ &&
-        &error("source package name contains illegal character `$&'");
-    $sourcepackage =~ m/^[0-9a-z]/ ||
-        &error("source package name starts with non-alphanum");
+    checkpackagename( $sourcepackage );
 
     $version= $fi{'S Version'};
-    $version =~ m/[^-+:.0-9a-zA-Z~]/ &&
-        &error("version number contains illegal character `$&'");
+    checkversion( $version );
     $version =~ s/^\d+://;
     if ($version =~ m/-([^-]+)$/) {
         $baseversion= $`; $revision= $1;
@@ -837,9 +840,7 @@
     (@s= stat(STDIN)) || &syserr("cannot fstat $dscdir/$f");
     $s[7] == $size{$f} || &error("file $f has size $s[7] instead of expected 
$size{$f}");
     $m= `md5sum`; $? && subprocerr("md5sum $f"); $m =~ s/\n$//;
-    $m =~ s/ *\*?-$//; # Remove trailing spaces and -, to work with GNU md5sum
-                       # also ignore the additional * added by md5sum -b
-    $m =~ m/^[0-9a-f]{32}$/ || &failure("md5sum of $f gave bad output `$m'");
+    $m = readmd5sum( $m );
     $m eq $md5sum{$f} || &error("file $f has md5sum $m instead of expected 
$md5sum{$f}");
     open(STDIN,"</dev/null") || &syserr("reopen stdin from /dev/null");
 }
@@ -1244,14 +1245,16 @@
     close(GZIPFILE);
 }
 
+my %added_files;
 sub addfile {
     my ($filename)= @_;
+    $added_files{$filename}++ &&
+       &internerr( "tried to add file `$filename' twice" );
     stat($filename) || &syserr("could not stat output file `$filename'");
     $size= (stat _)[7];
     my $md5sum= `md5sum <$filename`;
     $? && &subprocerr("md5sum $filename");
-    $md5sum =~ s/^([0-9a-f]{32})\s*\*?-?\s*\n$/$1/
-       || &failure("md5sum gave bogus output `$md5sum'");
+    $md5sum = readmd5sum( $md5sum );
     $f{'Files'}.= "\n $md5sum $size $filename";
 }
 



* added files

--- /dev/null
+++ /home/djpig/debian/patch25/,,[EMAIL 
PROTECTED]/new-files-archive/./{arch}/dpkg/dpkg--devel/dpkg--devel--1.13/[EMAIL 
PROTECTED]/patch-log/patch-25
@@ -0,0 +1,28 @@
+Revision: dpkg--devel--1.13--patch-25
+Archive: [EMAIL PROTECTED]
+Creator: Frank Lichtenheld <[EMAIL PROTECTED]>
+Date: Fri Oct  7 23:42:23 CEST 2005
+Standard-date: 2005-10-07 21:42:23 GMT
+Modified-files: ChangeLog debian/changelog
+    scripts/controllib.pl scripts/dpkg-source.pl
+New-patches: [EMAIL PROTECTED]/dpkg--devel--1.13--patch-25
+Summary: ensure all build source packages can also be unpacked
+Keywords: 6820 7014 controllib dpkg-source
+
+* scripts/controllib.pl:
+(checkversion) add generic check for valid version numbers
+(checkpackagename) add generic check for valid package
+names
+(readmd5sum) add generic function to extract md5sum from
+md5sum program output
+(setsourcepackage) call checkpackagename on new value
+* scripts/dpkg-source.pl: Use the new checks added to
+controllib to ensure validity of version and packagename
+on build, too. Previously this was only done on
+unpack.
+* scripts/dpkg-source.pl: Test on build if directories
+added by diff already exist with other type in the original
+source since we already tested that on unpack.
+* scripts/dpkg-source.pl (addfile): Test if files are added
+twice. Should not happen but as we error out on unpack
+better make sure it doesn't.

Reply via email to