From 93fd448c6cb79d45316b18ac90fbec29685c7789 Mon Sep 17 00:00:00 2001 From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com> Date: Wed, 1 Feb 2023 10:48:45 +0800 Subject: [PATCH] version: fix bad regexps in version parsers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The character class `[.-v]` is interpreted as all the characters between `.` and `v`, which is clearly not what is intended here. Here's an example of what this fixes. Before: ❯ brew ruby -e 'puts Version.detect("https://github.com/llvm/llvm-project/releases/download/llvmorg-16.0.0-rc1/llvm-project-16.0.0rc1.src.tar.xz")' 6.0.0rc1 After: ❯ brew ruby -e 'puts Version.detect("https://github.com/llvm/llvm-project/releases/download/llvmorg-16.0.0-rc1/llvm-project-16.0.0rc1.src.tar.xz")' 16.0.0rc1 The problem here is that `1` is a match for `/[.-v]/`. ❯ brew ruby -e 'puts /[.-v]/.match("1")' 1 --- Library/Homebrew/version.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/version.rb b/Library/Homebrew/version.rb index d94b51f84a..e665bd6d0b 100644 --- a/Library/Homebrew/version.rb +++ b/Library/Homebrew/version.rb @@ -467,7 +467,7 @@ class Version # e.g. https://github.com/dlang/dmd/archive/v2.074.0-beta1.tar.gz # e.g. https://github.com/dlang/dmd/archive/v2.074.0-rc1.tar.gz # e.g. https://github.com/premake/premake-core/releases/download/v5.0.0-alpha10/premake-5.0.0-alpha10-src.zip - StemParser.new(/[.-vV]?(#{NUMERIC_WITH_DOTS}#{PRERELEASE_SUFFIX})/), + StemParser.new(/[-.vV]?(#{NUMERIC_WITH_DOTS}#{PRERELEASE_SUFFIX})/), # e.g. foobar4.5.1 StemParser.new(/(#{NUMERIC_WITH_OPTIONAL_DOTS})$/), @@ -505,7 +505,7 @@ class Version StemParser.new(/\.v(\d+[a-z]?)/), # e.g. https://secure.php.net/get/php-7.1.10.tar.bz2/from/this/mirror - UrlParser.new(/[.-vV]?(#{NUMERIC_WITH_DOTS}#{PRERELEASE_SUFFIX}?)/), + UrlParser.new(/[-.vV]?(#{NUMERIC_WITH_DOTS}#{PRERELEASE_SUFFIX}?)/), ].freeze private_constant :VERSION_PARSERS