Re: vulnerabilities pattern oddity

To: tech-pkg%netbsd.org@localhost
Subject: Re: vulnerabilities pattern oddity
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Sat, 5 Jul 2008 12:13:33 +0200

On Fri, Jul 04, 2008 at 09:45:52PM -0400, Jan Schaumann wrote:
> perl{,-thread}-5.8.[0-4]{,nb*}*         local-file-write
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
> perl{,-thread}-5.8.[0-4]{,nb*}*         local-file-write
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448

Can this please be rewritten as perl{-thread}>=5.8.0<5.8.5?

> These are the only two lines that have a pattern that includes a "{}
> wildcard with a trailing "*".  How is this pattern interpreted?  Isn't
> the last "*" superflous, since the "{,nb*}" already expands to "<emtpy
> string>" and "nb*"?

Yes.

> Incidentally, the use of the "*" is somewhat against regex convention --
> here, it doesn't mean "0 or more 'b's", it means "a 'b' followed by
> anything" (ie "nb.*").

It is not a regex -- it is fnmatch style.

Joerg

References:
- vulnerabilities pattern oddity
  - From: Jan Schaumann

Prev by Date: vulnerabilities pattern oddity
Next by Date: daily pkgsrc CVS update output
Previous by Thread: vulnerabilities pattern oddity
Next by Thread: CONFIGURE_ARGS in mk/x11.buildlink3.mk
Indexes:

Home | Main Index | Thread Index | Old Index