From 75808db17caf8b960b351e3408e74142f4c85aac Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 14 Apr 2024 15:42:30 +0200
Subject: Adding upstream version 2.117.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 t/scripts/Lintian/Util/data/pgp-eof-missing-sign  |  5 ++
 t/scripts/Lintian/Util/data/pgp-leading-unsigned  | 14 +++++
 t/scripts/Lintian/Util/data/pgp-malformed-header  | 11 ++++
 t/scripts/Lintian/Util/data/pgp-no-end-pgp-header |  7 +++
 t/scripts/Lintian/Util/data/pgp-sig-before-start  |  7 +++
 t/scripts/Lintian/Util/data/pgp-trailing-unsigned | 14 +++++
 t/scripts/Lintian/Util/data/pgp-two-signatures    | 16 ++++++
 t/scripts/Lintian/Util/data/pgp-two-signed-msgs   | 19 +++++++
 t/scripts/Lintian/Util/data/pgp-unexpected-header |  6 ++
 t/scripts/Lintian/Util/dctrl-parser.t             | 64 +++++++++++++++++++++
 t/scripts/Lintian/Util/path.t                     | 69 +++++++++++++++++++++++
 11 files changed, 232 insertions(+)
 create mode 100644 t/scripts/Lintian/Util/data/pgp-eof-missing-sign
 create mode 100644 t/scripts/Lintian/Util/data/pgp-leading-unsigned
 create mode 100644 t/scripts/Lintian/Util/data/pgp-malformed-header
 create mode 100644 t/scripts/Lintian/Util/data/pgp-no-end-pgp-header
 create mode 100644 t/scripts/Lintian/Util/data/pgp-sig-before-start
 create mode 100644 t/scripts/Lintian/Util/data/pgp-trailing-unsigned
 create mode 100644 t/scripts/Lintian/Util/data/pgp-two-signatures
 create mode 100644 t/scripts/Lintian/Util/data/pgp-two-signed-msgs
 create mode 100644 t/scripts/Lintian/Util/data/pgp-unexpected-header
 create mode 100755 t/scripts/Lintian/Util/dctrl-parser.t
 create mode 100755 t/scripts/Lintian/Util/path.t

(limited to 't/scripts/Lintian/Util')

diff --git a/t/scripts/Lintian/Util/data/pgp-eof-missing-sign b/t/scripts/Lintian/Util/data/pgp-eof-missing-sign
new file mode 100644
index 0000000..78e5ee9
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-eof-missing-sign
@@ -0,0 +1,5 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+# Missing signature block
diff --git a/t/scripts/Lintian/Util/data/pgp-leading-unsigned b/t/scripts/Lintian/Util/data/pgp-leading-unsigned
new file mode 100644
index 0000000..0b6b949
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-leading-unsigned
@@ -0,0 +1,14 @@
+Package: dpkg
+
+# Unsigned above, signed below (bad)
+
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature.
+
+-----END PGP SIGNATURE-----
+
diff --git a/t/scripts/Lintian/Util/data/pgp-malformed-header b/t/scripts/Lintian/Util/data/pgp-malformed-header
new file mode 100644
index 0000000..a9e2e7b
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-malformed-header
@@ -0,0 +1,11 @@
+# Missing a dash in the end
+
+-----BEGIN PGP SIGNED MESSAGE----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE----
+
+Some signature.
+
+-----END PGP SIGNATURE----
diff --git a/t/scripts/Lintian/Util/data/pgp-no-end-pgp-header b/t/scripts/Lintian/Util/data/pgp-no-end-pgp-header
new file mode 100644
index 0000000..6d15d98
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-no-end-pgp-header
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature, missing an end marker.
diff --git a/t/scripts/Lintian/Util/data/pgp-sig-before-start b/t/scripts/Lintian/Util/data/pgp-sig-before-start
new file mode 100644
index 0000000..1d7cf12
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-sig-before-start
@@ -0,0 +1,7 @@
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature.
+
+-----END PGP SIGNATURE-----
diff --git a/t/scripts/Lintian/Util/data/pgp-trailing-unsigned b/t/scripts/Lintian/Util/data/pgp-trailing-unsigned
new file mode 100644
index 0000000..1d29d87
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-trailing-unsigned
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature.
+
+-----END PGP SIGNATURE-----
+
+# Signed above, unsigned below (bad)
+
+Package: dpkg
+
diff --git a/t/scripts/Lintian/Util/data/pgp-two-signatures b/t/scripts/Lintian/Util/data/pgp-two-signatures
new file mode 100644
index 0000000..0c0b7d6
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-two-signatures
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature.
+
+-----END PGP SIGNATURE-----
+
+-----BEGIN PGP SIGNATURE-----
+
+Another signature.
+
+-----END PGP SIGNATURE-----
+
diff --git a/t/scripts/Lintian/Util/data/pgp-two-signed-msgs b/t/scripts/Lintian/Util/data/pgp-two-signed-msgs
new file mode 100644
index 0000000..c8fcf9d
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-two-signed-msgs
@@ -0,0 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: lintian
+
+-----BEGIN PGP SIGNATURE-----
+
+Some signature.
+
+-----END PGP SIGNATURE-----
+
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Package: dpkg
+
+-----BEGIN PGP SIGNATURE-----
+
+Aother signature.
+
+-----END PGP SIGNATURE-----
diff --git a/t/scripts/Lintian/Util/data/pgp-unexpected-header b/t/scripts/Lintian/Util/data/pgp-unexpected-header
new file mode 100644
index 0000000..743ac85
--- /dev/null
+++ b/t/scripts/Lintian/Util/data/pgp-unexpected-header
@@ -0,0 +1,6 @@
+-----BEGIN PGP MESSAGE-----
+
+We are expecting a "SIGNED" message.
+
+-----END PGP MESSAGE-----
+
diff --git a/t/scripts/Lintian/Util/dctrl-parser.t b/t/scripts/Lintian/Util/dctrl-parser.t
new file mode 100755
index 0000000..36d9961
--- /dev/null
+++ b/t/scripts/Lintian/Util/dctrl-parser.t
@@ -0,0 +1,64 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Syntax::Keyword::Try;
+use Test::More;
+
+use Lintian::Deb822;
+
+my %TESTS_BAD = (
+    'pgp-sig-before-start' => qr/PGP signature before message/,
+    'pgp-two-signatures' => qr/Found two PGP signatures/,
+    'pgp-unexpected-header' => qr/Unexpected .+ header/,
+    'pgp-malformed-header' => qr/Malformed PGP header/,
+
+    'pgp-two-signed-msgs' => qr/Multiple PGP messages/,
+    'pgp-no-end-pgp-header' => qr/Cannot find END PGP SIGNATURE/,
+    'pgp-leading-unsigned' => qr/Expected PGP MESSAGE header/,
+    'pgp-trailing-unsigned' => qr/Data after PGP SIGNATURE/,
+    'pgp-eof-missing-sign' => qr/Cannot find BEGIN PGP SIGNATURE/,
+);
+
+my $DATADIR = $0;
+$DATADIR =~ s{[^/]+$}{};
+if ($DATADIR) {
+    # invoked in some other dir
+    $DATADIR = "$DATADIR/data";
+} else {
+    # current dir
+    $DATADIR = 'data';
+}
+
+plan skip_all => 'Data files not available'
+  unless -d $DATADIR;
+
+plan tests => scalar keys %TESTS_BAD;
+
+for my $filename (sort keys %TESTS_BAD) {
+
+    my $path = "$DATADIR/$filename";
+
+    my $deb822 = Lintian::Deb822->new;
+
+    try {
+        $deb822->read_file($path);
+
+    } catch {
+        my $error = $@;
+
+        my $fail_regex = $TESTS_BAD{$filename};
+        like($error, $fail_regex, $filename);
+
+        next;
+    }
+
+    fail("$path was parsed successfully");
+}
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
diff --git a/t/scripts/Lintian/Util/path.t b/t/scripts/Lintian/Util/path.t
new file mode 100755
index 0000000..21c359a
--- /dev/null
+++ b/t/scripts/Lintian/Util/path.t
@@ -0,0 +1,69 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Const::Fast;
+use Test::More tests => 18;
+
+const my $EMPTY => q{};
+const my $SLASH => q{/};
+const my $DOT => q{.};
+
+# Lintian::Util exports fail, which clashes with Test::More, so we
+# have to be explicit about the import(s).
+BEGIN {
+    use_ok('Lintian::Util', qw(normalize_pkg_path normalize_link_target));
+}
+
+# Safe - absolute
+is(normalize_link_target('usr/share/java', '/usr/share/ant/file'),
+    'usr/share/ant/file', 'Safe absolute path');
+is(normalize_link_target('usr/share/ant', $SLASH),
+    $EMPTY, 'Safe absolute root');
+
+# Safe - relative
+is(normalize_link_target('/usr/share/java', './file/.'),
+    'usr/share/java/file', 'Safe simple same-dir path');
+is(normalize_link_target('/usr/share/java', '../ant/./file'),
+    'usr/share/ant/file', 'Safe simple relative path');
+is(
+    normalize_link_target(
+        'usr/share/java', '../../../usr/./share/../share/./ant/file'
+    ),
+    'usr/share/ant/file',
+    'Safe absurd relative path'
+);
+is(
+    normalize_pkg_path(
+        'usr/share/java/../../../usr/./share/../share/./ant/file'),
+    'usr/share/ant/file',
+    'Safe absurd single path argument'
+);
+is(normalize_link_target('usr/share/java', $DOT),
+    'usr/share/java', 'Safe relative dot path');
+is(normalize_link_target($SLASH, $DOT), $EMPTY, 'Safe relative root dot');
+is(normalize_link_target($SLASH, 'usr/..'),
+    $EMPTY, 'Safe absurd relative root path');
+is(normalize_link_target('usr/share/java', '../../../'),
+    $EMPTY, 'Safe absurd relative path to root');
+is(normalize_pkg_path($DOT), $EMPTY, 'Safe single argument root dot');
+is(normalize_pkg_path($SLASH), $EMPTY, 'Safe single argument root slash');
+is(normalize_pkg_path('usr/..'),
+    $EMPTY, 'Safe absurd single relative root path');
+is(normalize_pkg_path('usr/share/java/../../../'),
+    $EMPTY, 'Safe absurd single relative path to root');
+
+# Unsafe
+is(normalize_link_target('/usr/share/ant', '../../../../etc/passwd'),
+    undef, 'Unsafe - relative escape root');
+is(normalize_link_target('/usr/share/ant', '/../etc/passwd'),
+    undef, 'Unsafe - absolute escape root');
+is(normalize_pkg_path('/usr/../../etc/passwd'),
+    undef, 'Unsafe - single path escape root');
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
-- 
cgit v1.2.3