Bug#1019259: devscripts: The command uscan with the option 'dehs' doesn't always generate valid XML ouput
On 07/09/2022 11:44, Raphael Hertzog wrote: Control: tags -1 - moreinfo Hello Yadd, Please keep the bug submitter on copy, otherwise you can't expect to get replies. Le mardi 06 septembre 2022, Yadd a écrit : uscan generates a valid XML on STDOUT and displays messages on STDERR. Use `uscan --dehs 2>/dev/null` That was my expectation also but I double checked and it doesn't display messages on STDERR: ┏t14-buxy:~/deb/pkg/zim (master) ┗(freexian,534)$ uscan --dehs --upstream-version 0.74 >/dev/null ┏t14-buxy:~/deb/pkg/zim (master) ┗(freexian,535)$ uscan --dehs --upstream-version 0.74 2>/dev/null uscan: Newest version of zim on remote site is 0.74.3, local version is 0.74 uscan: => Newer package available from: => https://zim-wiki.org/downloads/zim-0.74.3.tar.gz Leaving ../zim_0.74.3.orig.tar.gz where it is. zim 0.74 0.74 0.74.3 https://zim-wiki.org/downloads/zim-0.74.3.tar.gz newer package available zim_0.74.3.orig.tar.gz ../zim_0.74.3.orig.tar.gz Not downloading, using existing file: zim-0.74.3.tar.gz Cheers, Found, thanks! https://salsa.debian.org/debian/devscripts/-/merge_requests/279
Bug#1019259: devscripts: The command uscan with the option 'dehs' doesn't always generate valid XML ouput
Control: tags -1 - moreinfo Hello Yadd, Please keep the bug submitter on copy, otherwise you can't expect to get replies. Le mardi 06 septembre 2022, Yadd a écrit : > uscan generates a valid XML on STDOUT and displays messages on STDERR. Use > `uscan --dehs 2>/dev/null` That was my expectation also but I double checked and it doesn't display messages on STDERR: ┏t14-buxy:~/deb/pkg/zim (master) ┗(freexian,534)$ uscan --dehs --upstream-version 0.74 >/dev/null ┏t14-buxy:~/deb/pkg/zim (master) ┗(freexian,535)$ uscan --dehs --upstream-version 0.74 2>/dev/null uscan: Newest version of zim on remote site is 0.74.3, local version is 0.74 uscan: => Newer package available from: => https://zim-wiki.org/downloads/zim-0.74.3.tar.gz Leaving ../zim_0.74.3.orig.tar.gz where it is. zim 0.74 0.74 0.74.3 https://zim-wiki.org/downloads/zim-0.74.3.tar.gz newer package available zim_0.74.3.orig.tar.gz ../zim_0.74.3.orig.tar.gz Not downloading, using existing file: zim-0.74.3.tar.gz Cheers, -- Raphaël Hertzog
Bug#1019259: devscripts: The command uscan with the option 'dehs' doesn't always generate valid XML ouput
Control: tags -1 + moreinfo Hi, uscan generates a valid XML on STDOUT and displays messages on STDERR. Use `uscan --dehs 2>/dev/null`
Bug#1019259: devscripts: The command uscan with the option 'dehs' doesn't always generate valid XML ouput
Package: devscripts Version: 2.22.2 Severity: normal X-Debbugs-Cc: danir...@offensive-security.com Dear Maintainer, I found an issue with the uscan command. The option '--dehs' is meant to generate only XML valid output but after the '' tag it adds some plain text lines that aren't escaped. For example, if the package URL contains the character '&' (which should be escaped as ''), when parsing the XML output it will result in an error. Here is an example using the Kali repository for burpsuite package: https://gitlab.com/kalilinux/packages/burpsuite/-/blob/kali/master/debian/watch ``` $ uscan --watchfile burpsuite/debian/watch --package burpsuite --upstream-version 2022.1 --dehs uscan: Newest version of burpsuite on remote site is 2022.8.4, local version is 2022.1 uscan: => Newer package available from: => https://portswigger.net/burp/releases/startdownload?product=community=2022.8.4=jar burpsuite 2022.1 2022.1 2022.8.4 https://portswigger.net/burp/releases/startdownload?product=communityversion=2022.8.4type=jar newer package available ``` You can see that the string inside the tag upstream-url is properly escaped, but the one in the third line isn't -- System Information: Debian Release: 11.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-10-amd64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
