Ticket #59 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

Disallow comparison operators in NVR, split w/o whitespace when parsing specfile

Reported by: scop Assigned to: jnovy Priority: minor Milestone:
Component: rpm Version: RPM Development Keywords: Cc:

Description

rpm currently allows comparison operator chars (<, >, =) in Name, Version and Release, and also requires whitespace around them in specfiles.

I think here's room for two improvements:

• Disallow use of <, >, and = in Name, Version and Release
• Do not require whitespace around these in specfiles (so that e.g. Requires: foo>=1 would be expanded to mean to require version 1 or higher of foo, instead of something named "foo>=1").

See for example http://rpmlint.zarb.org/cgi-bin/trac.cgi/ticket/174 and the linked bug reports for examples of problems the current behavior causes.

Change History

06/05/09 08:36:18 changed by pmatilai

• owner changed from pmatilai to jnovy.

No disagreement at least wrt disallowing <> and various other weird characters that might get interpreted by the shell, these have security implications too (see RhBug:493157). And over to Jindrich :)

06/10/09 13:12:56 changed by jnovy

• status changed from new to closed.
• resolution set to fixed.

The first point makes perfectly sense. There shouldn't be any of '<', '=', '>' as a part of NVR and rpmbuild should complain about it. This part is now fixed.

On the other hand the space before the relation makes sense wrt spec readability so I'd remain it as is.

The current behaviour is that if one from "<=>" is present in the N, V or R then rpmbuild will fail.