From d78df169c35d7413e4ef83a4b7ddf621efe7f2e5 Mon Sep 17 00:00:00 2001
From: Andrei Horodniceanu <a.horodniceanu@proton.me>
Date: Sun, 11 Aug 2024 20:57:47 +0300
Subject: [PATCH] packagesuppliers/filesystem.d: Fix out of bounds on invalid
 pkg names

If a user ran `dub fetch foo-1.1.1` instead of `dub fetch foo@1.1.1`
over a filesystem package supplier, assuming that the archive exists,
the code that slices the filename tries to create an invalid slice as
it assumes that the filename will contain at least the package name, a
one character version separator, and the archive suffix which wouldn't
be the case with a package name like `foo-1.1.1` and an archive name
of `foo-1.1.1.zip`.

The fix is to require one more character in the glob to account for
the version separator.

Signed-off-by: Andrei Horodniceanu <a.horodniceanu@proton.me>
---
 source/dub/packagesuppliers/filesystem.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/dub/packagesuppliers/filesystem.d b/source/dub/packagesuppliers/filesystem.d
index 657f4c27a..63b4f541d 100644
--- a/source/dub/packagesuppliers/filesystem.d
+++ b/source/dub/packagesuppliers/filesystem.d
@@ -28,7 +28,7 @@ class FileSystemPackageSupplier : PackageSupplier {
 		import std.conv : to;
 		import dub.semver : isValidVersion;
 		Version[] ret;
-        const zipFileGlob = name.main.toString() ~ "*.zip";
+        const zipFileGlob = name.main.toString() ~ "?*.zip";
 		foreach (DirEntry d; dirEntries(m_path.toNativeString(), zipFileGlob, SpanMode.shallow)) {
 			NativePath p = NativePath(d.name);
 			auto vers = p.head.name[name.main.toString().length+1..$-4];