Bug#619997: python-debian: BaseVersion is not strict enough

Steve Kowalik stevenk at debian.org
Tue Mar 29 03:48:00 UTC 2011 

Package: python-debian
Version: 0.1.17~bzr184~launchpad1
Severity: normal
Tags: patch

Hi,

    The BaseVersion class in debian_support contains an re_valid_version
regular expression. It isn't quite strict enough, to quote from Policy
5.6.12: "if there is no epoch then colons are not allowed.".

    Find attached a patch that corrects that.

-- System Information:
Debian Release: squeeze/sid
  APT prefers maverick-updates
  APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35-25-generic (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-debian depends on:
ii  python                    2.6.6-2ubuntu2 interactive high-level object-orie
ii  python-support            1.0.9ubuntu1   automated rebuilding support for P

Versions of packages python-debian recommends:
ii  python-apt            0.7.96.1ubuntu11.1 Python interface to libapt-pkg

Versions of packages python-debian suggests:
ii  gpgv                     1.4.10-2ubuntu2 GNU privacy guard - signature veri

-- no debconf information
-------------- next part --------------
=== modified file 'lib/debian/debian_support.py'
--- lib/debian/debian_support.py	2010-03-14 11:37:42 +0000
+++ lib/debian/debian_support.py	2011-03-29 00:55:46 +0000
@@ -94,6 +94,12 @@
         m = self.re_valid_version.match(version)
         if not m:
             raise ValueError("Invalid version string %r" % version)
+        # If there no epoch ("1:..."), then the upstream version can not
+        # contain a :.
+        if (
+            m.group("epoch") is None and 
+            m.group("upstream_version").find(':') != -1): 
+            raise ValueError("Invalid version string %r" % version)
 
         self.__full_version = version
         self.__epoch = m.group("epoch")

=== modified file 'tests/test_changelog.py'
--- tests/test_changelog.py	2010-03-14 09:16:30 +0000
+++ tests/test_changelog.py	2011-03-28 07:51:38 +0000
@@ -202,6 +202,8 @@
         self._test_version('2:1.0.4+svn26-1ubuntu1', '2', '1.0.4+svn26',
                            '1ubuntu1')
         self._test_version('2:1.0.4~rc2-1', '2', '1.0.4~rc2', '1')
+        self.assertRaises(
+            ValueError, changelog.Version, 'a1:1.8.8-070403-1~priv1')
 
     def test_version_updating(self):
         v = changelog.Version('1:1.4.1-1')

More information about the pkg-python-debian-maint mailing list