Csillag Tamas <csta...@digitus.itk.ppke.hu> writes: > On Wed, Dec 25, 2013 at 02:06:53AM +0100, Csillag Tamas wrote:
>> which version do you use? >> I started looking into this and found: >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 >> 'uscan: broken handling of filenames with whitespace (CVE-2013-7085)' >> >> Fixed in version devscripts/2.13.9 > > Above is unrelated. > However: > foreach (grep { $_ } split /\s+/, $data->{"files-excluded"}) { > at > http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=blob;f=scripts/uscan.pl;h=433f5e2fd02ee6c910f2b475f27bc182b1fa3850;hb=3025603d7532a5712e7e0278c93fa71dd6d8301f#l1546 > according to > http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#files-field > the space should be escapeable. > Is someone here better with regexes than me? ;-) > We need to replace /\s+/ with one that does not split if the space is escaped > with a backslash. my @excluded = ($data->{"files-excluded"} =~ /(?:\A|\G[ ]+)((?:\\.|[^\\ ])+)/g); @excluded = map { s/\\(.)/$1/g; $_ } @excluded; foreach (@excluded) { will work, I believe. I don't think there's an easy way to do that with split. You'd have to do some complex thing with look-behind assertions. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
