Package: debsecan
Version: 0.4.9
Severity: normal
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

this morning I received error messages from the debsecan cron job:
Traceback (most recent call last):
  File "/usr/bin/debsecan", line 1356, in ?
    rate_system(target, options, fetch_data(options, config), history)
  File "/usr/bin/debsecan", line 1333, in rate_system
    if v.is_vulnerable (bp, sp):
  File "/usr/bin/debsecan", line 483, in is_vulnerable
    self._parse()
  File "/usr/bin/debsecan", line 515, in _parse
    self.unstable_version = Version(self.unstable_version)
  File "/usr/bin/debsecan", line 93, in __init__
    self.__parsed = self.__parse(version)
  File "/usr/bin/debsecan", line 112, in __parse
    raise ValueError, "invalid Debian version string"
ValueError: invalid Debian version string

It turned out that a version with '~' in it caused the error.

Here is a patch that allows '~' in the version string, which is compatible
with the algorithm mention in [1].
[1] http://lists.debian.org/debian-devel-announce/2006/08/msg00006.html

Regards,
  Bastian

- -- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-ck1treasure1 (PREEMPT)
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages debsecan depends on:
ii  debconf [debconf-2.0]         1.5.14     Debian configuration management sy
ii  python                        2.4.4-6    An interactive high-level object-o
ii  python-apt                    0.7.3      Python interface to libapt-pkg

Versions of packages debsecan recommends:
ii  cron                3.0pl1-100           management of regular background p
ii  qmail-run [mail-tra 1.03+calvin-0calvin3 Secure, reliable, efficient, simpl

- -- debconf-show failed

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsugKeBwlBDLsbz4RAsWMAJkBprf8XdfulXEf5Hoa+5TT13noqgCeL1vE
yj5J2Yvhyjehy1oPHSP0ynk=
=M4cJ
-----END PGP SIGNATURE-----
--- /usr/bin/debsecan.orig      2007-08-03 09:56:46.000000000 +0200
+++ /usr/bin/debsecan   2007-08-03 10:30:46.000000000 +0200
@@ -70,6 +70,10 @@
 letterValue = [None] * 256
 def initLetterValue():
     c = 0
+    letterValue[ord('~')] = chr(c)
+    # Increase by two since chr(1) is reserved for the empty string.
+    # This way '~' sorts lower than the empty string.
+    c += 2
     for x in range(ord('A'), ord('Z') + 1):
         letterValue[x] = chr(c)
         c += 1
@@ -105,11 +109,11 @@
         return cmp(self.__parsed, other.__parsed)
 
     def __parse(self, v, regexp=\
-                re.compile(r'^(?:(\d+):)?([A-Za-z0-9.+:-]+?)'
+                re.compile(r'^(?:(\d+):)?([-A-Za-z0-9.+:~]+?)'
                            + r'(?:-([A-Za-z0-9.+]+))?$')):
         match = regexp.match(v)
         if match is None:
-            raise ValueError, "invalid Debian version string"
+            raise ValueError, "invalid Debian version string %r" % v
         (epoch, upstream, debian) = match.groups()
         if epoch is None:
             epoch = 0
@@ -133,6 +137,9 @@
                 d = int(d)
             l.append(nd)
             l.append(d)
+        # Always append the empty string order value to allow
+        # 1.0~rc1-1 to be sorted lower than 1.0-1.
+        l.append(chr(1))
         return l
 
 class VersionAPT:

Reply via email to