diff --git a/src/gitolite.pm b/src/gitolite.pm
index 41c45b1..0534a87 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -177,9 +177,15 @@ sub parse_acl
     return unless $repo;
 
     return $ENV{GL_REPOPATT} = "" if $repos{$repo};
-    my @matched = grep { $repo =~ /^$_$/ } sort keys %repos;
+
+    # didn't find $repo in %repos, so it must be a wildcard-match case
+
+    # note that the repo regexes in %repos have a leading ^ but not a trailing
+    # $; we need to add the $ here to complete the "line-anchoring"
+    my @matched = grep { $repo =~ /$_$/ } sort keys %repos;
     die "$repo has no matches\n" unless @matched;
     die "$repo has multiple matches\n@matched\n" if @matched > 1;
+
     # found exactly one pattern that matched, copy its ACL
     $repos{$repo} = $repos{$matched[0]};
     # and return the pattern
diff --git a/src/gl-compile-conf b/src/gl-compile-conf
index da1822a..618dcae 100755
--- a/src/gl-compile-conf
+++ b/src/gl-compile-conf
@@ -192,7 +192,11 @@ sub parse_conf_file
             @repos = split ' ', $1;
             @repos = expand_list ( @repos );
 
-            s/\bCREAT[EO]R\b/\$creater/g for @repos;
+            # CREAT[EO]R must be changed to $creater.  Also, prefix a "^" to
+            # force it to look like a regex.  Otherwise, foo/CREATER/bar (no
+            # regex metas) looks like an ordinary reponame, and the logic (in
+            # gl-auth) that decides when to allow autovivify gets confused.
+            s/\bCREAT[EO]R\b/\$creater/g && s/^/^/ for @repos;
         }
         # actual permission line
         elsif (/^(-|C|R|RW|RW\+) (.* )?= (.+)/)