From ce6cd75dc367b92f65e4fb539dd166d0f3361f8c Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 31 Aug 2016 11:36:44 +0200 Subject: Fix segfault and out-of-bounds read in Binary fields If a Binary field contains one or more spaces before a comma, the code produced a segmentation fault, as it accidentally set a pointer to 0 instead of the value of the pointer. If the comma is at the beginning of the field, the code would create a binStartNext that points one element before the start of the string, which is undefined behavior. We also need to check that we do not exit the string during the replacement of spaces before commas: A string of the form " ," would normally exit the boundary of the Buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' isspace_ascii(*binEnd) = true => --binEnd => binEnd = - 1 We get rid of the problem by only allowing spaces to be eliminated if they are not the first character of the buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' binEnd > buffer = false, isspace_ascii(*binEnd) = true => exit loop => binEnd remains 0 --- test/integration/test-srcrecord | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 test/integration/test-srcrecord (limited to 'test') diff --git a/test/integration/test-srcrecord b/test/integration/test-srcrecord new file mode 100644 index 000000000..34de2be72 --- /dev/null +++ b/test/integration/test-srcrecord @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'native' + +cat > aptarchive/Sources < +Architecture: all + +Package: broken-field +Binary:, broken-field2 +Version: 1.0 +Maintainer: Joe Sixpack +Architecture: all + +Package: broken-field-b +Binary: , broken-field-b2 +Version: 1.0 +Maintainer: Joe Sixpack +Architecture: all +EOF + +setupaptarchive --no-update + +testsuccess aptget update +testsuccess aptcache showsrc space-before-comma1 +testsuccess aptcache showsrc broken-field2 +testsuccess aptcache showsrc broken-field-b2 -- cgit v1.2.3 From 832f95f4d018f18ff7b3d0381206f25b5a4373a6 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 31 Aug 2016 12:25:38 +0200 Subject: test/integration/test-srcrecord: Make executable I actually tried to amend the previous commit, but apparently I forgot to add the file mode change. Gbp-Dch: ignore --- test/integration/test-srcrecord | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 test/integration/test-srcrecord (limited to 'test') diff --git a/test/integration/test-srcrecord b/test/integration/test-srcrecord old mode 100644 new mode 100755 -- cgit v1.2.3 From 0343b48e06fb990ee15a020bc6716b1a5a984e14 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 1 Sep 2016 10:57:49 +0200 Subject: test-apt-cdrom: Fix for gnupg 2.1.15 gpg annoyingly changed its output and broke our test suite again by adding two extra lines about key type and issuer. Really annoying. Those lines also have more than one space after the colon, so let's use \s* there - and also change the other lines to support variable length whitespace in case gpg decides to break things there too. --- test/integration/test-apt-cdrom | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index a3c3b5ba0..212f0baa4 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -29,7 +29,12 @@ aptcdromlog() { test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!" test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!" aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 Date: Thu, 1 Sep 2016 08:49:22 +0200 Subject: tests: silence -Wmissing-declarations Gbp-Dch: Ignore Reported-By: gcc -Wmissing-declarations --- test/libapt/commandline_test.cc | 6 +----- test/libapt/strutil_test.cc | 2 +- test/libapt/tagsection_test.cc | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/test/libapt/commandline_test.cc b/test/libapt/commandline_test.cc index 7783c47a4..97725c854 100644 --- a/test/libapt/commandline_test.cc +++ b/test/libapt/commandline_test.cc @@ -17,10 +17,6 @@ class CLT: public CommandLine { } }; -bool ShowHelp(CommandLine &) {return false;} -std::vector GetCommands() {return {};} - - TEST(CommandLineTest,SaveInConfig) { #define APT_EXPECT_CMD(x, ...) { const char * const argv[] = { __VA_ARGS__ }; EXPECT_EQ(x, CLT::AsString(argv, sizeof(argv)/sizeof(argv[0]))); } @@ -166,7 +162,7 @@ TEST(CommandLineTest, BoolParsing) } -bool DoVoid(CommandLine &) { return false; } +static bool DoVoid(CommandLine &) { return false; } TEST(CommandLineTest,GetCommand) { diff --git a/test/libapt/strutil_test.cc b/test/libapt/strutil_test.cc index 90a5817ad..d7700bd54 100644 --- a/test/libapt/strutil_test.cc +++ b/test/libapt/strutil_test.cc @@ -168,7 +168,7 @@ TEST(StrUtilTest,Base64Encode) EXPECT_EQ("Lg==", Base64Encode(".")); EXPECT_EQ("", Base64Encode("")); } -void ReadMessagesTestWithNewLine(char const * const nl, char const * const ab) +static void ReadMessagesTestWithNewLine(char const * const nl, char const * const ab) { SCOPED_TRACE(SubstVar(SubstVar(nl, "\n", "n"), "\r", "r") + " # " + ab); FileFd fd; diff --git a/test/libapt/tagsection_test.cc b/test/libapt/tagsection_test.cc index f250177af..779932595 100644 --- a/test/libapt/tagsection_test.cc +++ b/test/libapt/tagsection_test.cc @@ -24,7 +24,7 @@ std::string overrideValue = "1"; std::cerr << "«" << std::endl;; */ -void setupTestcaseStart(FileFd &fd, pkgTagSection §ion, std::string &content) +static void setupTestcaseStart(FileFd &fd, pkgTagSection §ion, std::string &content) { createTemporaryFile("writesection", fd, NULL, NULL); content = "Package: " + packageValue + "\n" -- cgit v1.2.3 From 6dc85f53d92b9763a1509a6472227c54bc70b01d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 1 Sep 2016 18:55:20 +0200 Subject: support long keyid and fingerprint in gpgv's GOODSIG In gpgv1 GOODSIG (and the other messages of status-fd) are documented as sending the long keyid. In gpgv2 it is documented to be either long keyid or the fingerprint. At the moment it is still the long keyid, but the documentation hints at the possibility of changing this. We care about this for Signed-By support as we detect this way if the right fingerprint has signed this file (or not). The check itself is done via VALIDSIG which always is a fingerprint, but there must also be a GOODSIG (as expired sigs are valid, too) found to be accepted which wouldn't be found in the fingerprint-case and the signature hence refused. --- test/integration/test-method-gpgv | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100755 test/integration/test-method-gpgv (limited to 'test') diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv new file mode 100755 index 000000000..86559b7cb --- /dev/null +++ b/test/integration/test-method-gpgv @@ -0,0 +1,77 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'i386' + +cat > faked-apt-key <&\${GPGSTATUSFD} gpgv.output +cat gpgv.output +EOF +chmod +x faked-apt-key + +testgpgv() { + echo "$3" > gpgv.output + msgtest "$1" "$2" + gpgvmethod >method.output 2>&1 || true + testsuccess --nomsg grep "$2" method.output +} + +testrun() { + testgpgv 'Good signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE,' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' + testgpgv 'Good signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE,' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' + + testgpgv 'No Pubkey with long keyid' 'NoPubKey: NO_PUBKEY E8525D47528144E2,' '[GNUPG:] ERRSIG E8525D47528144E2 1 11 00 1472744666 9 +[GNUPG:] NO_PUBKEY E8525D47528144E2' + testgpgv 'No Pubkey with fingerprint' 'NoPubKey: NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2,' '[GNUPG:] ERRSIG DE66AECA9151AFA1877EC31DE8525D47528144E2 1 11 00 1472744666 9 +[GNUPG:] NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2' + + testgpgv 'Expired key with long keyid' 'Worthless: EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired ,' '[GNUPG:] EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired +[GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9' + testgpgv 'Expired key with fingerprint' 'Worthless: EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired ,' '[GNUPG:] EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired +[GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9' +} + +gpgvmethod() { + echo '601 Configuration +Config-Item: Debug::Acquire::gpgv=1 +Config-Item: Dir::Bin::apt-key=./faked-apt-key + +600 URI Acquire +URI: file:///dev/null +Filename: /dev/zero +' | runapt "${METHODSDIR}/gpgv" +} +testrun + +gpgvmethod() { + echo '601 Configuration +Config-Item: Debug::Acquire::gpgv=1 +Config-Item: Dir::Bin::apt-key=./faked-apt-key + +600 URI Acquire +URI: file:///dev/null +Filename: /dev/zero +Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE +' | runapt "${METHODSDIR}/gpgv" +} +testrun -- cgit v1.2.3 From 99ba7cc1901c761c97d67775f23858b86594f2ba Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 2 Sep 2016 14:09:52 +0200 Subject: CMake: test/libapt: Use a prebuilt GTest library if available If a non-existing source directory is specified, try finding the system gtest library. Debian derived distributions are a bit strange because they only ship the source code and not the library... --- test/libapt/CMakeLists.txt | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) (limited to 'test') diff --git a/test/libapt/CMakeLists.txt b/test/libapt/CMakeLists.txt index 7f9990526..f3df14848 100644 --- a/test/libapt/CMakeLists.txt +++ b/test/libapt/CMakeLists.txt @@ -1,22 +1,33 @@ -include(ExternalProject) - set(GTEST_ROOT "/usr/src/gtest" CACHE FILEPATH "Path to GTest CMake project") -message(STATUS "Found GTest at ${GTEST_ROOT}") +find_package(GTest) +set(GTEST_DEPENDENCIES) + +if(NOT GTEST_FOUND AND EXISTS ${GTEST_ROOT}) + include(ExternalProject) + ExternalProject_Add(gtest PREFIX ./gtest + SOURCE_DIR ${GTEST_ROOT} + INSTALL_COMMAND true) -if (EXISTS ${GTEST_ROOT}) + link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build) -ExternalProject_Add(gtest PREFIX ./gtest - SOURCE_DIR ${GTEST_ROOT} - INSTALL_COMMAND true) + set(GTEST_LIBRARIES "-lgtest") + set(GTEST_DEPENDENCIES "gtest") + set(GTEST_FOUND TRUE) + find_path(GTEST_INCLUDE_DIRS NAMES gtest/gtest.h) -link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build) -FILE(GLOB files gtest_runner.cc *-helpers.cc *_test.cc) -add_executable(libapt_test ${files}) -target_link_libraries(libapt_test -lgtest ${CMAKE_THREAD_LIBS_INIT} apt-private apt-inst) -add_dependencies(libapt_test gtest) -add_test(NAME AptTests - COMMAND libapt_test - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + message(STATUS "Found GTest at ${GTEST_ROOT}, headers at ${GTEST_INCLUDE_DIRS}") +endif() +if(GTEST_FOUND) + file(GLOB files gtest_runner.cc *-helpers.cc *_test.cc) + add_executable(libapt_test ${files}) + target_include_directories(libapt_test PRIVATE ${GTEST_INCLUDE_DIRS}) + target_link_libraries(libapt_test ${GTEST_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} apt-private apt-inst) + if (GTEST_DEPENDENCIES) + add_dependencies(libapt_test ${GTEST_DEPENDENCIES}) + endif() + add_test(NAME AptTests + COMMAND libapt_test + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) endif() -- cgit v1.2.3 From 2a440328ea19e9646a93f847dd9eff21e03ad16d Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 15 Jun 2016 23:13:43 +0200 Subject: acquire: Use priority queues and a 3 stage pipeline design Employ a priority queue instead of a normal queue to hold the items; and only add items to the running pipeline if their priority is the same or higher than the priority of items in the queue. The priorities are designed for a 3 stage pipeline system: In stage 1, all Release files and .diff/Index files are fetched. This allows us to determine what files remain to be fetched, and thus ensures a usable progress reporting. In stage 2, all Pdiff patches are fetched, so we can apply them in parallel with fetching other files in stage 3. In stage 3, all other files are fetched (complete index files such as Contents, Packages). Performance improvements, mainly from fetching the pdiff patches before complete files, so they can be applied in parallel: For the 01 Sep 2016 03:35:23 UTC -> 02 Sep 2016 09:25:37 update of Debian unstable and testing with Contents and appstream for amd64 and i386, update time reduced from 37 seconds to 24-28 seconds. Previously, apt would first download new DEP11 icon tarballs and metadata files, causing the CPU to be idle. By fetching the diffs in stage 2, we can now patch our contents and Packages files while we are downloading the DEP11 stuff. --- test/integration/test-apt-sources-deb822 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/test-apt-sources-deb822 b/test/integration/test-apt-sources-deb822 index abb31b793..f19f263d0 100755 --- a/test/integration/test-apt-sources-deb822 +++ b/test/integration/test-apt-sources-deb822 @@ -98,10 +98,10 @@ echo "$BASE" > $SOURCES echo "" >> $SOURCES echo "$BASE" | sed s/stable/unstable/ >> $SOURCES testsuccessequal --nomsg "'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0 +'http://ftp.debian.org/debian/dists/unstable/InRelease' ftp.debian.org_debian_dists_unstable_InRelease 0 'http://ftp.debian.org/debian/dists/stable/main/binary-i386/Packages.xz' ftp.debian.org_debian_dists_stable_main_binary-i386_Packages 0 'http://ftp.debian.org/debian/dists/stable/main/binary-all/Packages.xz' ftp.debian.org_debian_dists_stable_main_binary-all_Packages 0 'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.xz' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 -'http://ftp.debian.org/debian/dists/unstable/InRelease' ftp.debian.org_debian_dists_unstable_InRelease 0 'http://ftp.debian.org/debian/dists/unstable/main/binary-i386/Packages.xz' ftp.debian.org_debian_dists_unstable_main_binary-i386_Packages 0 'http://ftp.debian.org/debian/dists/unstable/main/binary-all/Packages.xz' ftp.debian.org_debian_dists_unstable_main_binary-all_Packages 0 'http://ftp.debian.org/debian/dists/unstable/main/i18n/Translation-en.xz' ftp.debian.org_debian_dists_unstable_main_i18n_Translation-en 0 " aptget update --print-uris @@ -110,10 +110,10 @@ testsuccessequal --nomsg "'http://ftp.debian.org/debian/dists/stable/InRelease' msgcleantest 'Test deb822 with' 'two Suite entries' echo "$BASE" | sed -e "s/stable/stable unstable/" > $SOURCES testsuccessequal --nomsg "'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0 +'http://ftp.debian.org/debian/dists/unstable/InRelease' ftp.debian.org_debian_dists_unstable_InRelease 0 'http://ftp.debian.org/debian/dists/stable/main/binary-i386/Packages.xz' ftp.debian.org_debian_dists_stable_main_binary-i386_Packages 0 'http://ftp.debian.org/debian/dists/stable/main/binary-all/Packages.xz' ftp.debian.org_debian_dists_stable_main_binary-all_Packages 0 'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.xz' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 -'http://ftp.debian.org/debian/dists/unstable/InRelease' ftp.debian.org_debian_dists_unstable_InRelease 0 'http://ftp.debian.org/debian/dists/unstable/main/binary-i386/Packages.xz' ftp.debian.org_debian_dists_unstable_main_binary-i386_Packages 0 'http://ftp.debian.org/debian/dists/unstable/main/binary-all/Packages.xz' ftp.debian.org_debian_dists_unstable_main_binary-all_Packages 0 'http://ftp.debian.org/debian/dists/unstable/main/i18n/Translation-en.xz' ftp.debian.org_debian_dists_unstable_main_i18n_Translation-en 0 " aptget update --print-uris -- cgit v1.2.3