From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E4995158020 for ; Sat, 10 Dec 2022 00:21:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EB89CE0828; Sat, 10 Dec 2022 00:21:12 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A81EEE0828 for ; Sat, 10 Dec 2022 00:21:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8BC31340F76 for ; Sat, 10 Dec 2022 00:21:11 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CFB8F771 for ; Sat, 10 Dec 2022 00:21:09 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1670631665.6bb6452ee8c1cee1ee5de506f78b12336e89cb32.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/, /, lib/portage/tests/glsa/ X-VCS-Repository: proj/portage X-VCS-Files: NEWS lib/portage/glsa.py lib/portage/tests/glsa/test_security_set.py X-VCS-Directories: lib/portage/tests/glsa/ lib/portage/ / X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 6bb6452ee8c1cee1ee5de506f78b12336e89cb32 X-VCS-Branch: master Date: Sat, 10 Dec 2022 00:21:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 78bc1bad-a3be-4f45-9170-eb3687d0d88c X-Archives-Hash: 58b52cdb04aa8c29667574770d1d9800 commit: 6bb6452ee8c1cee1ee5de506f78b12336e89cb32 Author: Sam James gentoo org> AuthorDate: Mon Dec 5 05:05:48 2022 +0000 Commit: Sam James gentoo org> CommitDate: Sat Dec 10 00:21:05 2022 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=6bb6452e glsa: abort on incorrect arch delimiter Bug: https://bugs.gentoo.org/882797 Closes: https://github.com/gentoo/portage/pull/958 Signed-off-by: Sam James gentoo.org> NEWS | 6 +- lib/portage/glsa.py | 12 +++- lib/portage/tests/glsa/test_security_set.py | 105 +++++++++++++++++++++++++--- 3 files changed, 109 insertions(+), 14 deletions(-) diff --git a/NEWS b/NEWS index 2144156fd..43c957734 100644 --- a/NEWS +++ b/NEWS @@ -5,8 +5,10 @@ Features: * TODO Bug fixes: -* etc-update: Apply defences for patsub_replacement being default on in Bash 5.2. - bug #881383. +* glsa: Abort if a GLSA's arch list doesn't match the expected format (bug #882797). + +* etc-update: Apply defences for patsub_replacement being default on in Bash 5.2 + (bug #881383). portage-3.0.41 (2022-11-04) -------------- diff --git a/lib/portage/glsa.py b/lib/portage/glsa.py index c705792c0..3b82c0de1 100644 --- a/lib/portage/glsa.py +++ b/lib/portage/glsa.py @@ -1,4 +1,4 @@ -# Copyright 2003-2020 Gentoo Authors +# Copyright 2003-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 import codecs @@ -37,6 +37,8 @@ opMapping = { } NEWLINE_ESCAPE = "!;\\n" # some random string to mark newlines that should be preserved SPACE_ESCAPE = "!;_" # some random string to mark spaces that should be preserved +# See PMS 3.1.7 "Keyword names" +ARCH_REGEX = re.compile(r"^\*$|^[-_a-z0-9 ]+$") def get_applied_glsas(settings): @@ -739,7 +741,13 @@ class Glsa: for k in self.packages: pkg = self.packages[k] for path in pkg: - if path["arch"] == "*" or self.config["ARCH"] in path["arch"].split(): + if not ARCH_REGEX.match(path["arch"]): + raise GlsaFormatException( + f"Unrecognized arch list in {self.nr} (wrong delimiter?): {path['arch']}" + ) + + arches = path["arch"].split() + if path["arch"] == "*" or self.config["ARCH"] in arches: for v in path["vul_atoms"]: rValue = rValue or ( len(match(v, self.vardbapi)) > 0 diff --git a/lib/portage/tests/glsa/test_security_set.py b/lib/portage/tests/glsa/test_security_set.py index c7080e89a..0120e22f1 100644 --- a/lib/portage/tests/glsa/test_security_set.py +++ b/lib/portage/tests/glsa/test_security_set.py @@ -1,4 +1,4 @@ -# Copyright 2013-2014 Gentoo Foundation +# Copyright 2013-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 @@ -10,6 +10,8 @@ from portage.tests.resolver.ResolverPlayground import ( ResolverPlaygroundTestCase, ) +from portage.glsa import GlsaFormatException + class SecuritySetTestCase(TestCase): @@ -28,7 +30,7 @@ class SecuritySetTestCase(TestCase): 55555 remote - + %(unaffected_version)s %(unaffected_version)s @@ -65,8 +67,15 @@ class SecuritySetTestCase(TestCase): except (AttributeError, ImportError): return "python is missing xml support" - def testSecuritySet(self): + def write_glsa_test_case(self, glsa_dir, glsa): + with open( + os.path.join(glsa_dir, "glsa-" + glsa["glsa_id"] + ".xml"), + encoding=_encodings["repo.content"], + mode="w", + ) as f: + f.write(self.glsa_template % glsa) + def testSecuritySet(self): skip_reason = self._must_skip() if skip_reason: self.portage_skip = skip_reason @@ -89,18 +98,21 @@ class SecuritySetTestCase(TestCase): "pkgname": "A-vulnerable", "cp": "cat/A-vulnerable", "unaffected_version": "2.2", + "arch": "*", }, { "glsa_id": "201301-02", "pkgname": "B-not-vulnerable", "cp": "cat/B-not-vulnerable", "unaffected_version": "4.4", + "arch": "*", }, { "glsa_id": "201301-03", "pkgname": "NotInstalled", "cp": "cat/NotInstalled", "unaffected_version": "3.5", + "arch": "*", }, ) @@ -120,22 +132,95 @@ class SecuritySetTestCase(TestCase): ) try: - portdb = playground.trees[playground.eroot]["porttree"].dbapi glsa_dir = os.path.join( portdb.repositories["test_repo"].location, "metadata", "glsa" ) portage.util.ensure_dirs(glsa_dir) for glsa in glsas: - with open( - os.path.join(glsa_dir, "glsa-" + glsa["glsa_id"] + ".xml"), - encoding=_encodings["repo.content"], - mode="w", - ) as f: - f.write(self.glsa_template % glsa) + self.write_glsa_test_case(glsa_dir, glsa) for test_case in test_cases: playground.run_TestCase(test_case) self.assertEqual(test_case.test_success, True, test_case.fail_msg) finally: playground.cleanup() + + def testStatelessSecuritySet(self): + # Tests which don't rely on the GLSA being fixed. This allows + # testing the format parsing with a bit more flexibility (no + # need to keep inventing packages). + + skip_reason = self._must_skip() + if skip_reason: + self.portage_skip = skip_reason + self.assertFalse(True, skip_reason) + return + + ebuilds = { + "cat/A-vulnerable-2.2": {"KEYWORDS": "x86"}, + "cat/B-not-vulnerable-4.5": {"KEYWORDS": "x86"}, + } + + installed = { + "cat/A-vulnerable-2.1": {"KEYWORDS": "x86"}, + "cat/B-not-vulnerable-4.4": {"KEYWORDS": "x86"}, + } + + glsas = ( + { + "glsa_id": "201301-04", + "pkgname": "A-vulnerable", + "cp": "cat/A-vulnerable", + "unaffected_version": "2.2", + # Use an invalid delimiter (comma) + "arch": "amd64,sparc", + }, + { + "glsa_id": "201301-05", + "pkgname": "A-vulnerable", + "cp": "cat/A-vulnerable", + "unaffected_version": "2.2", + # Use an invalid arch (~arch) + "arch": "~amd64", + }, + { + "glsa_id": "201301-06", + "pkgname": "A-vulnerable", + "cp": "cat/A-vulnerable", + "unaffected_version": "2.2", + # Two valid arches followed by an invalid one + "arch": "amd64 sparc $$$$", + }, + ) + + world = ["cat/A"] + + test_cases = ( + ResolverPlaygroundTestCase( + ["@security"], + success=True, + mergelist=["cat/A-vulnerable-2.2"], + ), + ) + + # Give each GLSA a clean slate + for glsa in glsas: + playground = ResolverPlayground( + ebuilds=ebuilds, installed=installed, world=world, debug=True + ) + + try: + portdb = playground.trees[playground.eroot]["porttree"].dbapi + glsa_dir = os.path.join( + portdb.repositories["test_repo"].location, "metadata", "glsa" + ) + portage.util.ensure_dirs(glsa_dir) + + self.write_glsa_test_case(glsa_dir, glsa) + + with self.assertRaises(GlsaFormatException): + for test_case in test_cases: + playground.run_TestCase(test_case) + finally: + playground.cleanup()