From 9a96275d87d545c45ff03a6a00f82b52a4a7c674 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 17 Jan 2022 16:14:58 +0100 Subject: [PATCH] abuild: test that subpkg's dependencies versions are valid Also verify the version of provides Fixes: https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10058 --- abuild.in | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/abuild.in b/abuild.in index 535ecff..b2a7d72 100644 --- a/abuild.in +++ b/abuild.in @@ -1038,6 +1038,18 @@ check_provides() { return 0 } +check_depver() { + case "$1" in + *=*) + if ! $APK version --check --quiet "${1#*=}"; then + error "Invalid version: ${i#*=}" + return 1 + fi + ;; + esac + return 0 +} + prepare_metafiles() { getpkgver || return 1 local name=${subpkgname:-$pkgname} @@ -1129,10 +1141,12 @@ prepare_metafiles() { done for i in $deps; do if [ "$i" != "$name" ]; then + check_depver "$i" || die "Invalid version in dependency: $i" echo "depend = $i" >> "$pkginfo" fi done for i in $provides; do + check_depver "$i" || die "Invalid version in provides: $i" echo "provides = $i" >> "$pkginfo" done for i in $triggers; do