[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#886574: Results in false positives when watch file options contain \".



Package: lintian
Version: 2.5.67
Severity: normal
Tags: patch

Hi,

If your watch file options contain escaped double quotes as in the
attached example, Lintian incorrectly emits warnings for
debian-watch-may-check-gpg-signature and debian-watch-could-verify-download.
I have attached a patch which fixes it.

Best regards,

Carlos

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lintian depends on:
ii  binutils                          2.29.1-13
ii  bzip2                             1.0.6-8.1
ii  diffstat                          1.61-1+b1
ii  dpkg                              1.19.0.4
ii  file                              1:5.32-1
ii  gettext                           0.19.8.1-4
ii  intltool-debian                   0.35.0+20060710.4
ii  libapt-pkg-perl                   0.1.33
ii  libarchive-zip-perl               1.60-1
ii  libclass-accessor-perl            0.51-1
ii  libclone-perl                     0.39-1
ii  libdpkg-perl                      1.19.0.4
ii  libemail-valid-perl               1.202-1
ii  libfile-basedir-perl              0.07-1
ii  libipc-run-perl                   0.96-1
ii  liblist-moreutils-perl            0.416-1+b3
ii  libparse-debianchangelog-perl     1.2.0-12
ii  libperl5.26 [libdigest-sha-perl]  5.26.1-3
ii  libtext-levenshtein-perl          0.13-1
ii  libtimedate-perl                  2.3000-2
ii  liburi-perl                       1.72-2
ii  libxml-simple-perl                2.24-1
ii  libyaml-libyaml-perl              0.63-2+b2
ii  man-db                            2.7.6.1-4
ii  patchutils                        0.3.4-2
ii  perl                              5.26.1-3
ii  t1utils                           1.41-2
ii  xz-utils                          5.2.2-1.3

Versions of packages lintian recommends:
ii  libperlio-gzip-perl  0.19-1+b4

Versions of packages lintian suggests:
ii  binutils-multiarch     2.29.1-13
ii  dpkg-dev               1.19.0.4
ii  libhtml-parser-perl    3.72-3+b2
ii  libtext-template-perl  1.47-1

-- no debconf information
version=4

opts="pagemangle=s%\"tarball_url\"[^\"]+\"[^\"]+/v@ANY_VERSION@\"%<a href=\"https://github.com/brunonova/@PACKAGE@/releases/download/v$1/@PACKAGE@_$1.tar.xz\";>v$1</a>%g, \
      pgpsigurlmangle=s%$%.asc%" \
   https://api.github.com/repos/brunonova/@PACKAGE@/tags \
   (?:.*)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
>From dbb334b279c9d183151cdde4c0c2b6cd9008fe28 Mon Sep 17 00:00:00 2001
From: Carlos Maddela <e7appew@gmail.com>
Date: Mon, 8 Jan 2018 05:16:34 +1100
Subject: [PATCH] Prevent false positives when watch file options contain \".

---
 checks/watch-file.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index b4aead305..e464cddfd 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -98,7 +98,7 @@ sub run {
                 $prerelease_mangle, $prerelease_umangle
             ) = (0, 0, 0, 0);
             my ($opts, @opts);
-            if (   s/^opt(?:ion)?s=\"([^\"]+)\"\s+//
+            if (   s/^opt(?:ion)?s=\"((?:[^\"]|\\\")+)\"\s+//
                 || s/^opt(?:ion)?s=(\S+)\s+//) {
                 $opts = $1;
                 @opts = split($watchver >= 4 ? '\s*,\s*' : ',', $opts);
-- 
2.15.1


Reply to: