Package: devscripts
Version: 2.26.9
Severity: minor
Tags: patch

Dear Maintainer,

If a user ends up with a malformed .dsc file, debsnap gets stuck in a while
loop.

> while (<$fh> !~ /^Files:/) { }

<$fh> returns undef on EOF, and undef !~ /^Files:/ is true.

I've attached a patch that resolves the problem.

Kind regards,

Serge


-- Package-specific info:

--- /etc/devscripts.conf ---
Empty.

--- ~/.devscripts ---
Not present

-- System Information:
Debian Release: forky/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 7.0.13+deb14-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages devscripts depends on:
ii  dpkg-dev                 1.23.7
ii  file                     1:5.47-4
ii  gpg                      2.4.9-4
ii  gpg-agent                2.4.9-4
ii  gpgv                     2.4.9-4
ii  libconfig-inifiles-perl  3.000003-5
ii  libdpkg-perl             1.23.7
ii  libfile-dirlist-perl     0.05-3
ii  libfile-homedir-perl     1.006-2
ii  libfile-touch-perl       0.12-2
ii  libio-string-perl        1.08-4
ii  libmoo-perl              2.005005-1
ii  libwww-perl              6.83-1
ii  libyaml-libyaml-perl     0.907.0+ds-1
ii  patchutils               0.4.5-1
ii  perl                     5.40.1-8
ii  python3                  3.13.9-3+b1
ii  sensible-utils           0.0.26
ii  wdiff                    1.2.2-9

Versions of packages devscripts recommends:
ii  apt                         3.3.1
ii  curl                        8.21.0~rc3-1
ii  dctrl-tools                 2.24-3+b1
ii  debian-keyring              2026.05.24
ii  debian-tag2upload-keyring   1.2
ii  diffstat                    1.69-1
ii  dput                        1.2.4
ii  equivs                      2.3.3
ii  git-debpush                 15.10
ii  libdistro-info-perl         1.15
ii  libencode-locale-perl       1.05-3
ii  libgitlab-api-v4-perl       0.27-1
ii  libjson-perl                4.10000-1
ii  liblwp-protocol-https-perl  6.15-1
ii  libmetacpan-client-perl     2.043000-1
ii  libsoap-lite-perl           1.27-3
ii  libstring-shellquote-perl   1.04-3
ii  liburi-perl                 5.35-1
ii  licensecheck                3.3.9-1
ii  lintian                     2.136.2
ii  lzip                        1.26-1
ii  man-db                      2.13.1-1
ii  patch                       2.8-2
ii  pristine-tar                1.50+nmu2
ii  python3-apt                 3.1.0
ii  python3-debian              1.1.1
ii  python3-magic               2:0.4.27-5
ii  python3-requests            2.32.5+dfsg-1
ii  python3-unidiff             0.7.5-2
ii  python3-xdg                 0.28-3
ii  sbuild                      0.91.9
ii  strace                      7.0+ds-1
ii  unzip                       6.0-29
ii  wget                        1.25.0-2
ii  xz-utils                    5.8.3-1

Versions of packages devscripts suggests:
pn  adequate                            <none>
pn  at                                  <none>
pn  autopkgtest                         <none>
pn  bls-standalone                      <none>
pn  bsd-mailx | mailx                   <none>
ii  build-essential                     12.12
pn  check-all-the-things                <none>
ii  debhelper                           14.1
pn  default-mta | mail-transport-agent  <none>
pn  diffoscope                          <none>
pn  disorderfs                          <none>
pn  docker.io                           <none>
pn  dose-extra                          <none>
pn  duck                                <none>
pn  elpa-devscripts                     <none>
pn  faketime                            <none>
pn  gnuplot                             <none>
pn  how-can-i-help                      <none>
ii  libauthen-sasl-perl                 2.2000-1
pn  libdbd-pg-perl                      <none>
pn  libterm-size-perl                   <none>
ii  libtimedate-perl                    2.3500-1
ii  mmdebstrap                          1.5.7-3
pn  mutt                                <none>
ii  openssh-client [ssh-client]         1:10.3p1-4
pn  piuparts                            <none>
pn  postgresql-client                   <none>
pn  pristine-lfs                        <none>
ii  python3-debianbts                   4.1.1
pn  python3-pycurl                      <none>
pn  quilt                               <none>
pn  ratt                                <none>
pn  reprotest                           <none>
pn  svn-buildpackage                    <none>
pn  w3m                                 <none>

-- no debconf information
From 5e28718a375c7715a0427fca93021f7db1865785 Mon Sep 17 00:00:00 2001
From: Serge Schneider <[email protected]>
Date: Wed, 24 Jun 2026 23:43:11 +0100
Subject: [PATCH] debsnap: avoid infinite loop when .dsc lacks a Files: stanza

---
 scripts/debsnap.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/debsnap.pl b/scripts/debsnap.pl
index 20e01f03..414c537b 100755
--- a/scripts/debsnap.pl
+++ b/scripts/debsnap.pl
@@ -376,7 +376,9 @@ if ($opt{list}) {
         my @files;
         open my $fh, '<', "$opt{destdir}/$dsc_name"
           or die "unable to open the dsc file $opt{destdir}/$dsc_name";
-        while (<$fh> !~ /^Files:/) { }
+        while (<$fh>) {
+            last if /^Files:/;
+        }
         while (<$fh> =~ /^ (\S+) (\d+) (\S+)$/) {
             my ($checksum, $size, $file) = ($1, $2, $3);
             push @files, $file;
-- 
2.43.0

Reply via email to