Bug#1110911: uscan can't handle package names containing plus signs in git mode

Tue, 12 Aug 2025 04:15:12 -0700 

Package: devscripts
Version: 2.25.15

Dear Maintainers,

When running uscan in git or svn modes, package names containing regex
characters like + result in the following error:

> Use of uninitialized value in subroutine entry at 
> /usr/share/perl5/Devscripts/Uscan/Downloader.pm line 148.
> Use of uninitialized value $ver in concatenation (.) or string at 
> /usr/share/perl5/Devscripts/Uscan/Downloader.pm line 301.
> Use of uninitialized value $ver in concatenation (.) or string at 
> /usr/share/perl5/Devscripts/Uscan/Downloader.pm line 301.
> uscan error: Could not read ../kms++-0~git20250807.1813ada.tar.xz: No such 
> file or directory

watch file to reproduce the error:

> version=4
> opts="mode=git, pgpmode=none, pretty=0~git%cd.%h, repack, compression=xz" \
>  https://github.com/tomba/kmsxx.git \
>  HEAD

This happens because the package name is used inside of a regex
without escaping:

> $fname =~ m%(.*)/$pkg-([^_/]*)\.tar(?:\.(gz|xz|bz2|lzma|zstd?))?%;

https://salsa.debian.org/debian/devscripts/-/blob/v2.25.15/lib/Devscripts/Uscan/Downloader.pm?ref_type=tags#L146

Changing the line to escape $pkg resolves the problem for me (patch attached):

> $fname =~ m%(.*)/\Q$pkg\E-([^_/]*)\.tar(?:\.(gz|xz|bz2|lzma|zstd?))?%;

Kind regards,

Serge

From 080eebfd9d74d3c91b8fac4368d5d26b4bcf8e43 Mon Sep 17 00:00:00 2001
From: Serge Schneider <[email protected]>
Date: Tue, 12 Aug 2025 12:05:15 +0100
Subject: [PATCH] uscan/Downloader.pm: Escape pkg variable in regex

---
 lib/Devscripts/Uscan/Downloader.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Devscripts/Uscan/Downloader.pm b/lib/Devscripts/Uscan/Downloader.pm
index bedc8d5c..287402d8 100644
--- a/lib/Devscripts/Uscan/Downloader.pm
+++ b/lib/Devscripts/Uscan/Downloader.pm
@@ -130,7 +130,7 @@ sub download ($$$$$$$$) {
     } else {    # elsif ($$optref{'mode'} eq 'git')
         my $destdir = $self->destdir;
         my $curdir  = cwd();
-        $fname =~ m%(.*)/$pkg-([^_/]*)\.tar(?:\.(gz|xz|bz2|lzma|zstd?))?%;
+        $fname =~ m%(.*)/\Q$pkg\E-([^_/]*)\.tar(?:\.(gz|xz|bz2|lzma|zstd?))?%;
         my $dst     = $1;
         my $abs_dst = abs_path($dst);
         my $ver     = $2;
-- 
2.43.0

Reply via email to