[dpkg] 58/200: libdpkg, Dpkg::Version: Reject empty upstream versions
Ximin Luo
infinity0 at debian.org
Wed Apr 5 15:17:16 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository dpkg.
commit 0d609e2c8c0070310b531d2d470f79044121bea8
Author: Guillem Jover <guillem at debian.org>
Date: Thu Nov 24 02:16:15 2016 +0100
libdpkg, Dpkg::Version: Reject empty upstream versions
These are not permitted by deb-version(5), but the code was letting
those through.
---
debian/changelog | 2 ++
lib/dpkg/parsehelp.c | 2 ++
lib/dpkg/t/t-version.c | 8 +++++++-
scripts/Dpkg/Version.pm | 5 +++++
scripts/t/Dpkg_Version.t | 11 +++++++++--
5 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 13b8710..ac2aeda 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dpkg (1.18.16) UNRELEASED; urgency=medium
[ Guillem Jover ]
* Add support for specifying multiple targets on «dpkg-buildpackage -T»
which will be run successively. Closes: #671074
+ * Reject empty upstream versions in C and perl code. These are not permitted
+ by deb-version(5), but the code was letting those through.
* Perl modules:
- Whitelist DPKG_GENSYMBOLS_CHECK_LEVEL, DPKG_ROOT, DPKG_ADMINDIR and
DPKG_DATADIR environment variables in Dpkg::Build::Info.
diff --git a/lib/dpkg/parsehelp.c b/lib/dpkg/parsehelp.c
index 938e694..5f660ea 100644
--- a/lib/dpkg/parsehelp.c
+++ b/lib/dpkg/parsehelp.c
@@ -235,6 +235,8 @@ parseversion(struct dpkg_version *rversion, const char *string,
/* XXX: Would be faster to use something like cisversion and cisrevision. */
ptr = rversion->version;
+ if (!*ptr)
+ return dpkg_put_error(err, _("version number is empty"));
if (*ptr && !c_isdigit(*ptr++))
return dpkg_put_warn(err, _("version number does not start with digit"));
for (; *ptr; ptr++) {
diff --git a/lib/dpkg/t/t-version.c b/lib/dpkg/t/t-version.c
index 0d34527..43786b0 100644
--- a/lib/dpkg/t/t-version.c
+++ b/lib/dpkg/t/t-version.c
@@ -257,6 +257,12 @@ test_version_parse(void)
test_fail(parseversion(&a, "A:0-0", &err) == 0);
test_error(err);
+ /* Test invalid empty upstream version. */
+ test_fail(parseversion(&a, "-0", &err) == 0);
+ test_error(err);
+ test_fail(parseversion(&a, "0:-0", &err) == 0);
+ test_error(err);
+
/* Test upstream version not starting with a digit */
test_fail(parseversion(&a, "0:abc3-0", &err) == 0);
test_warn(err);
@@ -287,7 +293,7 @@ test_version_parse(void)
TEST_ENTRY(test)
{
- test_plan(190);
+ test_plan(194);
test_version_blank();
test_version_is_informative();
diff --git a/scripts/Dpkg/Version.pm b/scripts/Dpkg/Version.pm
index f043e0f..431de32 100644
--- a/scripts/Dpkg/Version.pm
+++ b/scripts/Dpkg/Version.pm
@@ -416,6 +416,11 @@ sub version_check($) {
return (0, $msg) if wantarray;
return 0;
}
+ if (not defined $version->version() or not length $version->version()) {
+ my $msg = g_('upstream version cannot be empty');
+ return (0, $msg) if wantarray;
+ return 0;
+ }
if ($version->version() =~ m/^[^\d]/) {
my $msg = g_('version number does not start with digit');
return (0, $msg) if wantarray;
diff --git a/scripts/t/Dpkg_Version.t b/scripts/t/Dpkg_Version.t
index 3039828..1122067 100644
--- a/scripts/t/Dpkg_Version.t
+++ b/scripts/t/Dpkg_Version.t
@@ -30,7 +30,7 @@ my @ops = ('<', '<<', 'lt',
'>=', 'ge',
'>', '>>', 'gt');
-plan tests => scalar(@tests) * (3 * scalar(@ops) + 4) + 18;
+plan tests => scalar(@tests) * (3 * scalar(@ops) + 4) + 24;
sub dpkg_vercmp {
my ($a, $cmp, $b) = @_;
@@ -88,6 +88,14 @@ my $empty = Dpkg::Version->new('');
ok($empty eq '', "Dpkg::Version->new('') eq ''");
ok($empty->as_string() eq '', "Dpkg::Version->new('')->as_string() eq ''");
ok(!$empty->is_valid(), 'empty version is invalid');
+$empty = Dpkg::Version->new('-0');
+ok($empty eq '', "Dpkg::Version->new('-0') eq '-0'");
+ok($empty->as_string() eq '-0', "Dpkg::Version->new('-0')->as_string() eq '-0'");
+ok(!$empty->is_valid(), 'empty upstream version is invalid');
+$empty = Dpkg::Version->new('0:-0');
+ok($empty eq '0:-0', "Dpkg::Version->new('0:-0') eq '0:-0'");
+ok($empty->as_string() eq '0:-0', "Dpkg::Version->new('0:-0')->as_string() eq '0:-0'");
+ok(!$empty->is_valid(), 'empty upstream version with epoch is invalid');
my $ver = Dpkg::Version->new('10a:5.2');
ok(!$ver->is_valid(), 'bad epoch is invalid');
ok(!$ver, 'bool eval of invalid leads to false');
@@ -187,4 +195,3 @@ __DATA__
1:3.8.1-1 3.8.GA-1 1
1.0.1+gpl-1 1.0.1-2 1
1a 1000a -1
--0.6.5 0.9.1 -1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list