Bug#1010241: libdebian-source-perl: Incorrect case sensitivity in Debian::Control::Stanza::new for field names
Hi gregor!
> And then I found the following d/changelog entry for 0.95:
>
> [ Alex Muntada ]
> * Debian::Control::Stanza: accept case-insensitive field names in new()
> as required by Debian Policy while retaining the canonical accessors.
> Thanks to Ben Finney for the bug report. (Closes: #860023)
Wow, I totally forgot that :)
> But yeah, it's not only a déjà-vu, apparently we need to take a look
> at this part of the code again …
Here's a proof of concept:
```
#!perl
use strict;
use warnings;
use v5.30;
use Debian::Control::Stanza::Source;
#use Debian::Control::Stanza::Binary;
my %stanza = (
'Source' => 'package-name',
'VCS-GIT' => 'test-vcs-git',
);
my $s = Debian::Control::Stanza::Source->new(\%stanza);
say $s->Vcs_Git;
```
It works as expected unless you uncomment the use of the
Stanza::Binary package. Then it fails:
```
Invalid field given (VCS_GIT) at case-insensitive.pl line 12.
```
That's because the import in D::C::Stanza is called twice and
the $class->fields is different for ::Source than ::Binary.
I think we need to move the canonicalization to the constructor
instead (see the patch attached, that seems to work and passes
t/Control.t too).
HTH
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Alex Muntada
⢿⡄⠘⠷⠚⠋ Debian Developer log.alexm.org
⠈⠳⣄
diff --git a/lib/Debian/Control/Stanza.pm b/lib/Debian/Control/Stanza.pm
index f534c19..3be0d2a 100644
--- a/lib/Debian/Control/Stanza.pm
+++ b/lib/Debian/Control/Stanza.pm
@@ -63,12 +63,6 @@ my %canonical;
sub import {
my( $class ) = @_;
-# map the accessor name for the lower case equivalent
-%canonical = map (
-( lc($_) => $_ ),
-$class->fields,
-);
-
$class->mk_accessors( $class->fields );
}
@@ -99,6 +93,12 @@ sub new {
my $class = shift;
my $init = shift || {};
+# map the accessor name for the lower case equivalent
+my %canonical = map (
+( lc($_) => $_ ),
+$class->fields,
+);
+
my $self = Tie::IxHash->new;
bless $self, $class;
signature.asc
Description: PGP signature
Bug#1010241: libdebian-source-perl: Incorrect case sensitivity in Debian::Control::Stanza::new for field names
On Wed, 27 Apr 2022 09:52:07 +1000, Ben Finney wrote: > The matching is incorrectly case-sensitive. It should accept valid > variations such as ‘VCS-Git’ and ‘VCS-Browser’, but instead it > crashes: > > Invalid field given (VCS_Git) at /usr/share/perl5/Debian/Control.pm line > 122. > > The matching should be case-insensitive, understanding ‘vcs-git’ and > ‘VCS-Git’ and ‘Vcs-Git’ and ‘vcs-Git’ to all be the same field name. Hm, interesting bug report :) First, I wanted to ask "Why?" but then I found Debian Policy 5.1: Field names are not case-sensitive, but it is usual to capitalize the field names using mixed case as shown below. Then I found t/Control.t which tests exactly this issue. And then I found the following d/changelog entry for 0.95: [ Alex Muntada ] * Debian::Control::Stanza: accept case-insensitive field names in new() as required by Debian Policy while retaining the canonical accessors. Thanks to Ben Finney for the bug report. (Closes: #860023) And #860023 from 5 years ago is also interesting :) But yeah, it's not only a déjà-vu, apparently we need to take a look at this part of the code again … Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- signature.asc Description: Digital Signature
Bug#1010241: libdebian-source-perl: Incorrect case sensitivity in Debian::Control::Stanza::new for field names
Package: libdebian-source-perl Version: 0.116 Severity: normal When parsing a Debian control stanza to an internal data structure, Debhelper uses ‘Debian::Control::Stanza’. The ‘new’ function attempts to match each field name to those names known for Debian control file stanzas. The matching is incorrectly case-sensitive. It should accept valid variations such as ‘VCS-Git’ and ‘VCS-Browser’, but instead it crashes: Invalid field given (VCS_Git) at /usr/share/perl5/Debian/Control.pm line 122. The matching should be case-insensitive, understanding ‘vcs-git’ and ‘VCS-Git’ and ‘Vcs-Git’ and ‘vcs-Git’ to all be the same field name. -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_AU.UTF-8), LANGUAGE=en_AU.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libdebian-source-perl depends on: ii dpkg 1.21.7 ii dpkg-dev 1.21.7 ii libapt-pkg-perl 0.1.40+b1 ii libarray-unique-perl 0.08-2.1 ii libclass-accessor-perl0.51-1 ii liblist-moreutils-perl0.430-2 ii libparse-debcontrol-perl 2.005-4.1 ii libsub-install-perl 0.928-1.1 ii libtie-ixhash-perl1.23-2.1 ii libwww-mechanize-perl 2.06-1 ii libwww-perl 6.62-1 ii perl 5.34.0-4 libdebian-source-perl recommends no packages. libdebian-source-perl suggests no packages. -- no debconf information -- \ “He was the mildest-mannered man / That ever scuttled ship or | `\ cut a throat.” —“Lord” George Gordon Noel Byron, _Don Juan_ | _o__) | Ben Finney signature.asc Description: PGP signature
