[dpkg] 58/200: libdpkg, Dpkg::Version: Reject empty upstream versions

Ximin Luo infinity0 at debian.org
Wed Apr 5 15:17:16 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository dpkg.

commit 0d609e2c8c0070310b531d2d470f79044121bea8
Author: Guillem Jover <guillem at debian.org>
Date:   Thu Nov 24 02:16:15 2016 +0100

    libdpkg, Dpkg::Version: Reject empty upstream versions
    
    These are not permitted by deb-version(5), but the code was letting
    those through.
---
 debian/changelog         |  2 ++
 lib/dpkg/parsehelp.c     |  2 ++
 lib/dpkg/t/t-version.c   |  8 +++++++-
 scripts/Dpkg/Version.pm  |  5 +++++
 scripts/t/Dpkg_Version.t | 11 +++++++++--
 5 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 13b8710..ac2aeda 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dpkg (1.18.16) UNRELEASED; urgency=medium
   [ Guillem Jover ]
   * Add support for specifying multiple targets on «dpkg-buildpackage -T»
     which will be run successively. Closes: #671074
+  * Reject empty upstream versions in C and perl code. These are not permitted
+    by deb-version(5), but the code was letting those through.
   * Perl modules:
     - Whitelist DPKG_GENSYMBOLS_CHECK_LEVEL, DPKG_ROOT, DPKG_ADMINDIR and
       DPKG_DATADIR environment variables in Dpkg::Build::Info.
diff --git a/lib/dpkg/parsehelp.c b/lib/dpkg/parsehelp.c
index 938e694..5f660ea 100644
--- a/lib/dpkg/parsehelp.c
+++ b/lib/dpkg/parsehelp.c
@@ -235,6 +235,8 @@ parseversion(struct dpkg_version *rversion, const char *string,
 
   /* XXX: Would be faster to use something like cisversion and cisrevision. */
   ptr = rversion->version;
+  if (!*ptr)
+    return dpkg_put_error(err, _("version number is empty"));
   if (*ptr && !c_isdigit(*ptr++))
     return dpkg_put_warn(err, _("version number does not start with digit"));
   for (; *ptr; ptr++) {
diff --git a/lib/dpkg/t/t-version.c b/lib/dpkg/t/t-version.c
index 0d34527..43786b0 100644
--- a/lib/dpkg/t/t-version.c
+++ b/lib/dpkg/t/t-version.c
@@ -257,6 +257,12 @@ test_version_parse(void)
 	test_fail(parseversion(&a, "A:0-0", &err) == 0);
 	test_error(err);
 
+	/* Test invalid empty upstream version. */
+	test_fail(parseversion(&a, "-0", &err) == 0);
+	test_error(err);
+	test_fail(parseversion(&a, "0:-0", &err) == 0);
+	test_error(err);
+
 	/* Test upstream version not starting with a digit */
 	test_fail(parseversion(&a, "0:abc3-0", &err) == 0);
 	test_warn(err);
@@ -287,7 +293,7 @@ test_version_parse(void)
 
 TEST_ENTRY(test)
 {
-	test_plan(190);
+	test_plan(194);
 
 	test_version_blank();
 	test_version_is_informative();
diff --git a/scripts/Dpkg/Version.pm b/scripts/Dpkg/Version.pm
index f043e0f..431de32 100644
--- a/scripts/Dpkg/Version.pm
+++ b/scripts/Dpkg/Version.pm
@@ -416,6 +416,11 @@ sub version_check($) {
         return (0, $msg) if wantarray;
         return 0;
     }
+    if (not defined $version->version() or not length $version->version()) {
+        my $msg = g_('upstream version cannot be empty');
+        return (0, $msg) if wantarray;
+        return 0;
+    }
     if ($version->version() =~ m/^[^\d]/) {
         my $msg = g_('version number does not start with digit');
         return (0, $msg) if wantarray;
diff --git a/scripts/t/Dpkg_Version.t b/scripts/t/Dpkg_Version.t
index 3039828..1122067 100644
--- a/scripts/t/Dpkg_Version.t
+++ b/scripts/t/Dpkg_Version.t
@@ -30,7 +30,7 @@ my @ops = ('<', '<<', 'lt',
 	   '>=', 'ge',
 	   '>', '>>', 'gt');
 
-plan tests => scalar(@tests) * (3 * scalar(@ops) + 4) + 18;
+plan tests => scalar(@tests) * (3 * scalar(@ops) + 4) + 24;
 
 sub dpkg_vercmp {
      my ($a, $cmp, $b) = @_;
@@ -88,6 +88,14 @@ my $empty = Dpkg::Version->new('');
 ok($empty eq '', "Dpkg::Version->new('') eq ''");
 ok($empty->as_string() eq '', "Dpkg::Version->new('')->as_string() eq ''");
 ok(!$empty->is_valid(), 'empty version is invalid');
+$empty = Dpkg::Version->new('-0');
+ok($empty eq '', "Dpkg::Version->new('-0') eq '-0'");
+ok($empty->as_string() eq '-0', "Dpkg::Version->new('-0')->as_string() eq '-0'");
+ok(!$empty->is_valid(), 'empty upstream version is invalid');
+$empty = Dpkg::Version->new('0:-0');
+ok($empty eq '0:-0', "Dpkg::Version->new('0:-0') eq '0:-0'");
+ok($empty->as_string() eq '0:-0', "Dpkg::Version->new('0:-0')->as_string() eq '0:-0'");
+ok(!$empty->is_valid(), 'empty upstream version with epoch is invalid');
 my $ver = Dpkg::Version->new('10a:5.2');
 ok(!$ver->is_valid(), 'bad epoch is invalid');
 ok(!$ver, 'bool eval of invalid leads to false');
@@ -187,4 +195,3 @@ __DATA__
 1:3.8.1-1 3.8.GA-1 1
 1.0.1+gpl-1 1.0.1-2 1
 1a 1000a -1
--0.6.5 0.9.1 -1

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list