On 04/04/18 07:48, Eli Schwartz wrote:
depends, provides, conflicts, replaces, and other variables that are meant to contain package names, are now checked to ensure
1) the name component contains only characters that would equate to a valid pkgname. 2) the version component contains only characters that would equate to a valid pkgver. 3) comparison operator is a valid comparison operator (e.g. provides only allows exact = while optdepends doesn't allow anything)
This also refactors pkgname into a shared utility function, wires up pkgbase optdepends and provides to use it, and gives pkgver a touchup to allow referencing where it was called from.
Fixes FS#57833 and a bit of extra.
This looks OK. Quick testing showed it caught a couple of interesting cases without a false positive. Allan