Package: debsecan
Version: 0.4.9
Severity: normal
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
this morning I received error messages from the debsecan cron job:
Traceback (most recent call last):
File "/usr/bin/debsecan", line 1356, in ?
rate_system(target, options, fetch_data(options, config), history)
File "/usr/bin/debsecan", line 1333, in rate_system
if v.is_vulnerable (bp, sp):
File "/usr/bin/debsecan", line 483, in is_vulnerable
self._parse()
File "/usr/bin/debsecan", line 515, in _parse
self.unstable_version = Version(self.unstable_version)
File "/usr/bin/debsecan", line 93, in __init__
self.__parsed = self.__parse(version)
File "/usr/bin/debsecan", line 112, in __parse
raise ValueError, "invalid Debian version string"
ValueError: invalid Debian version string
It turned out that a version with '~' in it caused the error.
Here is a patch that allows '~' in the version string, which is compatible
with the algorithm mention in [1].
[1] http://lists.debian.org/debian-devel-announce/2006/08/msg00006.html
Regards,
Bastian
- -- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-ck1treasure1 (PREEMPT)
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages debsecan depends on:
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii python 2.4.4-6 An interactive high-level object-o
ii python-apt 0.7.3 Python interface to libapt-pkg
Versions of packages debsecan recommends:
ii cron 3.0pl1-100 management of regular background p
ii qmail-run [mail-tra 1.03+calvin-0calvin3 Secure, reliable, efficient, simpl
- -- debconf-show failed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGsugKeBwlBDLsbz4RAsWMAJkBprf8XdfulXEf5Hoa+5TT13noqgCeL1vE
yj5J2Yvhyjehy1oPHSP0ynk=
=M4cJ
-----END PGP SIGNATURE-----
--- /usr/bin/debsecan.orig 2007-08-03 09:56:46.000000000 +0200
+++ /usr/bin/debsecan 2007-08-03 10:30:46.000000000 +0200
@@ -70,6 +70,10 @@
letterValue = [None] * 256
def initLetterValue():
c = 0
+ letterValue[ord('~')] = chr(c)
+ # Increase by two since chr(1) is reserved for the empty string.
+ # This way '~' sorts lower than the empty string.
+ c += 2
for x in range(ord('A'), ord('Z') + 1):
letterValue[x] = chr(c)
c += 1
@@ -105,11 +109,11 @@
return cmp(self.__parsed, other.__parsed)
def __parse(self, v, regexp=\
- re.compile(r'^(?:(\d+):)?([A-Za-z0-9.+:-]+?)'
+ re.compile(r'^(?:(\d+):)?([-A-Za-z0-9.+:~]+?)'
+ r'(?:-([A-Za-z0-9.+]+))?$')):
match = regexp.match(v)
if match is None:
- raise ValueError, "invalid Debian version string"
+ raise ValueError, "invalid Debian version string %r" % v
(epoch, upstream, debian) = match.groups()
if epoch is None:
epoch = 0
@@ -133,6 +137,9 @@
d = int(d)
l.append(nd)
l.append(d)
+ # Always append the empty string order value to allow
+ # 1.0~rc1-1 to be sorted lower than 1.0-1.
+ l.append(chr(1))
return l
class VersionAPT: