Package: apt-show-versions
Version: 0.22.11
Severity: normal
Dear Maintainer,
apt-show-versions assumes that the name and values of control file
fields are separated by ": ". Control files that use tabs instead
of spaces after the colon will result in the following message upon
execution:
Use of uninitialized value $value in substitution (s///) at
/usr/bin/apt-show-versions line 597, <FILE> line 1172
It's not clear to me exactly what consequences this has, but at least
that data field won't be correctly processed.
According to §5.1 of the Debian Policy Manual,
Each field consists of the field name followed by a colon and then
the data/value associated with that field. [...] Horizontal
whitespace (spaces and tabs) may occur immediately before or after
the value and is ignored there; it is conventional to put a single
space after the colon.
it's valid to have ":\t" between the field name and its value.
Looking at lines 596-597 of apt-show-versions it clearly assumes ": ":
($key, $value) = split /: /, $_;
$value =~ s/\n//;
I suggest that
- the regexp is changed to ":\s+" to remove the warning,
- that you consider ignoring trailing whitespace in the value, and
- that values containing ": " are handled correctly.
The two last bullets might be moot depending on which fields are
actually used for further processing.
Can't Dpkg::Control::Info from libdpkg-perl be used to avoid the parsing
altogether?
-- System Information:
Debian Release: 8.11
APT prefers oldoldstable
APT policy: (500, 'oldoldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages apt-show-versions depends on:
ii apt 1.0.9.8.5
ii libapt-pkg-perl 0.1.29+b2
ii perl [libstorable-perl] 5.20.2-3+deb8u12
pn perl:any | perl-5.005 | perl-5.004 <none>
apt-show-versions recommends no packages.
apt-show-versions suggests no packages.
-- no debconf information
