From 5cde19017f6b64ab1e440633d59e36a231b57a3f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 16 Aug 2015 15:15:44 +0100 Subject: Properly quote package name when constructing regexp in complete_file_from_dsc. Closes:#795736. Also, grep the code for likely similar problems elsewhere and improve a (harmless) instance in dgit-repos-server. --- debian/changelog | 4 ++++ dgit | 2 +- infra/dgit-repos-server | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 1c5fbc4..f448cf0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,10 @@ dgit (1.3) unstable; urgency=low * If a .orig in .. is a symlink, hardlink the link target into our private unpack directory, rather than the link itself (since latter won't work if the symlink is relative). + * Properly quote package name when constructing regexp in + complete_file_from_dsc. Closes:#795736. Also, grep the code for + likely similar problems elsewhere and improve a (harmless) instance in + dgit-repos-server. -- diff --git a/dgit b/dgit index 2d42f94..60b39e4 100755 --- a/dgit +++ b/dgit @@ -1481,7 +1481,7 @@ sub complete_file_from_dsc ($$) { my $furl = $dscurl; $furl =~ s{/[^/]+$}{}; $furl .= "/$f"; - die "$f ?" unless $f =~ m/^${package}_/; + die "$f ?" unless $f =~ m/^\Q${package}\E_/; die "$f ?" if $f =~ m#/#; runcmd_ordryrun_local @curl,qw(-o),$tf,'--',"$furl"; next if !act_local(); diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 9705a64..cfa0f31 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -624,7 +624,7 @@ sub dm_txt_check ($$) { printdebug " dm_txt_check $keyid $dmtxtfn\n"; open DT, '<', $dmtxtfn or die "$dmtxtfn $!"; while (
) { - m/^fingerprint:\s+$keyid$/oi + m/^fingerprint:\s+\Q$keyid\E$/oi ..0 or next; if (s/^allow:/ /i..0) { } else { -- cgit v1.2.3