From 9d5b7c840b84f3cc54b042c2908d47969187fa0c Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Wed, 18 Jan 2006 13:02:27 +0000 Subject: [PATCH] Let dpkg-source ensure (as good as possible) that all build source packages can also be unpacked. Closes: #6820, #7014 * scripts/controllib.pl: (checkversion) add generic check for valid version numbers (checkpackagename) add generic check for valid package names (readmd5sum) add generic function to extract md5sum from md5sum program output (setsourcepackage) call checkpackagename on new value * scripts/dpkg-source.pl: Use the new checks added to controllib to ensure validity of version and packagename on build, too. Previously this was only done on unpack. Test on build if directories added by diff already exist with other type in the original source since we already tested that on unpack. (addfile): Test if files are added twice. Should not happen but as we error out on unpack better make sure it doesn't. --- ChangeLog | 22 ++++++++++++++++++++++ debian/changelog | 3 +++ scripts/controllib.pl | 21 +++++++++++++++++++++ scripts/dpkg-source.pl | 23 ++++++++++++++--------- 4 files changed, 60 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index a137b746..1ace30f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,25 @@ +2005-10-07 Frank Lichtenheld + + * scripts/controllib.pl: + (checkversion) add generic check for valid version numbers + (checkpackagename) add generic check for valid package + names + (readmd5sum) add generic function to extract md5sum from + md5sum program output + (setsourcepackage) call checkpackagename on new value + * scripts/dpkg-source.pl: Use the new checks added to + controllib to ensure validity of version and packagename + on build, too. Previously this was only done on + unpack. + + * scripts/dpkg-source.pl: Test on build if directories + added by diff already exist with other type in the original + source since we already tested that on unpack. + + * scripts/dpkg-source.pl (addfile): Test if files are added + twice. Should not happen but as we error out on unpack + better make sure it doesn't. + 2005-10-04 Frank Lichtenheld * scripts/dpkg-source.pl: Check build relation diff --git a/debian/changelog b/debian/changelog index 2e5db56f..58725081 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,9 @@ dpkg (1.13.12~) unstable; urgency=low * Check the gpg signatures of .dsc files before unpacking. See the upstream changelog for a full description of the semantics. Based on a patch by Matt Zimmerman. Closes: #48711 + * Let dpkg-source ensure (as good as possible) that all + build source packages can also be unpacked. + Closes: #6820, #7014 -- diff --git a/scripts/controllib.pl b/scripts/controllib.pl index a5fe0b2f..5385cff8 100755 --- a/scripts/controllib.pl +++ b/scripts/controllib.pl @@ -243,8 +243,22 @@ sub parsechangelog { $substvar{'Source-Version'}= $fi{"L Version"}; } +sub checkpackagename { + my $name = shift || ''; + $name =~ m/[^-+.0-9a-z]/o && + &error("source package name `$name' contains illegal character `$&'"); + $name =~ m/^[0-9a-z]/o || + &error("source package name `$name' starts with non-alphanum"); +} + +sub checkversion { + my $version = shift || ''; + $version =~ m/[^-+:.0-9a-zA-Z~]/o && + &error("version number contains illegal character `$&'"); +} sub setsourcepackage { + checkpackagename( $v ); if (length($sourcepackage)) { $v eq $sourcepackage || &error("source package has two conflicting values - $sourcepackage and $v"); @@ -253,6 +267,13 @@ sub setsourcepackage { } } +sub readmd5sum { + (my $md5sum = shift) or return; + $md5sum =~ s/^([0-9a-f]{32})\s*\*?-?\s*\n?$/$1/o + || &failure("md5sum gave bogus output `$md5sum'"); + return $md5sum; +} + sub parsecdata { local ($source,$many,$whatmsg) = @_; # many=0: ordinary control data like output from dpkg-parsechangelog diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl index 4c01cb45..5b1d9213 100755 --- a/scripts/dpkg-source.pl +++ b/scripts/dpkg-source.pl @@ -216,6 +216,7 @@ if ($opmode eq 'build') { if (m/^Source$/) { &setsourcepackage; } elsif (m/^Version$/) { + checkversion( $v ); $f{$_}= $v; } elsif (s/^X[BS]*C[BS]*-//i) { $f{$_}= $v; @@ -464,6 +465,12 @@ if ($opmode eq 'build') { &unrepdiff("device or socket is not allowed"); } elsif (-d _) { $type{$fn}= 'directory'; + if (!lstat("$origdir/$fn")) { + $! == ENOENT + || &syserr("cannot stat orig file $origdir/$fn"); + } elsif (! -d _) { + &unrepdiff2('not a directory', 'directory'); + } } else { &unrepdiff("unknown file type ($!)"); } @@ -579,14 +586,10 @@ if ($opmode eq 'build') { } $sourcepackage = $fi{'S Source'}; - $sourcepackage =~ m/[^-+.0-9a-z]/ && - &error("source package name contains illegal character `$&'"); - $sourcepackage =~ m/^[0-9a-z]/ || - &error("source package name starts with non-alphanum"); + checkpackagename( $sourcepackage ); $version= $fi{'S Version'}; - $version =~ m/[^-+:.0-9a-zA-Z~]/ && - &error("version number contains illegal character `$&'"); + checkversion( $version ); $version =~ s/^\d+://; if ($version =~ m/-([^-]+)$/) { $baseversion= $`; $revision= $1; @@ -835,8 +838,7 @@ sub checkstats { (@s= stat(STDIN)) || &syserr("cannot fstat $dscdir/$f"); $s[7] == $size{$f} || &error("file $f has size $s[7] instead of expected $size{$f}"); $m= `md5sum`; $? && subprocerr("md5sum $f"); $m =~ s/\n$//; - $m =~ s/ *-$//; # Remove trailing spaces and -, to work with GNU md5sum - $m =~ m/^[0-9a-f]{32}$/ || &failure("md5sum of $f gave bad output `$m'"); + $m = readmd5sum( $m ); $m eq $md5sum{$f} || &error("file $f has md5sum $m instead of expected $md5sum{$f}"); open(STDIN,"