Ticket #9 (new defect)

Opened 8 years ago

createrepo doesn't properly escape the version number when generating "provides" lists in primary.xml

Reported by: msquared Assigned to: skvidal
Priority: major Milestone:
Component: createrepo Version:
Keywords: Cc:

Description

createrepo can generate invalid XML if a "provides" in a package includes a quote character (") in the version field.

For example, the list of provides in F13's device-mapper-event-devel-1.02.44-1.fc13.i686.rpm looks like this: 

(2010-02-15)"  
pkgconfig(devmapper-event) = "1.02.44
device-mapper-event-devel = 1.02.44-1.fc13
device-mapper-event-devel(x86-32) = 1.02.44-1.fc13

The second line (pkgconfig) triggers this output in the XML: 

<rpm:entry name="pkgconfig(devmapper-event)" flags="EQ" epoch="0" ver=""1.02.44"/>

Note the unescaped quote chararcter in the ver attribute.

Attachments

primary.xml (1.9 kB) - added by msquared on 10/12/10 07:02:08.
Sample primary.xml demonstrating malformed XML
createrepotest (0.6 kB) - added by msquared on 10/12/10 07:03:20.
Minimalist script file that shows how to generate the malformed XML file

Change History

10/12/10 07:02:08 changed by msquared

  • attachment primary.xml added.

Sample primary.xml demonstrating malformed XML

10/12/10 07:03:20 changed by msquared

  • attachment createrepotest added.

Minimalist script file that shows how to generate the malformed XML file