apt/test/libapt, branch 2.3.2

apt/test/libapt, branch 2.3.2 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.3.2 2021-04-23T10:25:40Z json: Encode NULL strings as null 2021-04-23T10:25:40Z Julian Andres Klode julian.klode@canonical.com 2021-04-21T10:21:41Z urn:sha1:b5211b9b213273c642a790ae3c3f3bbe1a4cf51e This is the only nullable thing we have here. json: Actually pop states 2021-04-23T10:25:40Z Julian Andres Klode julian.klode@canonical.com 2021-04-21T10:17:55Z urn:sha1:09e3c0c855e339216784a1d43715c3ae2d79ec23 The JSON encoder only looked at the top state, but did not pop it, so if we nested objects, we got stuck in whatever the last state we pushed aside was, so in our example, we wrongly get a comma inserted _after_ key "b": {"a":[{}], "b":,[{}] } json: Escape strings using \u escape sequences, add test 2021-04-23T10:25:40Z Julian Andres Klode julian.klode@canonical.com 2021-04-21T09:31:46Z urn:sha1:57b727af4e1eea4ea118ca5e5028fa7ce86fb538 This allows us to correctly encode strings containing quotation marks, escape characters and control characters. The test case is a bit nasty because it embeds private-cachefile.cc for linkage reasons. Check for and discard expected warning from MaybeAddAuth 2021-03-31T13:29:09Z Julian Andres Klode julian.klode@canonical.com 2021-03-31T13:25:18Z urn:sha1:8613225f314e2524d9178e232940059a8687cc69 MaybeAddAuth() here tells us that it refused to use the credentials for an http source; but that caused the test suite to fail at a later stage because we checked if there were any errors/warning. Strangely, this is only triggered with LTO enabled. Actually check that the warning is being set and then reject it. Avoid overstepping bounds in config file parsing 2021-02-03T16:43:13Z David Kalnischkies david@kalnischkies.de 2021-02-03T16:40:05Z urn:sha1:c4da2ff42da55ffc38c77a9170dc151216d75962 Our configuration files are not security relevant, but having a parser which avoids crashing on them even if they are seriously messed up is not a bad idea anyway. It is also a good opportunity to brush up the code a bit avoiding a few small string copies with our string_view. Forbid negative values in unsigned StrToNum explicitly 2021-02-03T16:36:46Z David Kalnischkies david@kalnischkies.de 2020-05-13T07:07:19Z urn:sha1:e0743a85c5f5f2f83d91c305450e8ba192194cd8 strtoul(l) surprises us with parsing negative values which should not exist in the places we use to parse them, so we can just downright refuse them rather than trying to work with them by having them promoted to huge positive values. Don't parse \x and \0 past the end in DeEscapeString 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:44:27Z urn:sha1:ed192f410da36aedf5e54bb3f967e6613ab4bb51 This has no attack surface though as the loop is to end very soon anyhow and the method only used while reading CD-ROM mountpoints which seems like a very unlikely attack vector… Fix incorrect base64 encoding due to int promotion 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:41:43Z urn:sha1:10f13938bbf1474451fadcd62e1c31c4b5f5b3d7 For \xff and friends with the highest bit set and hence being a negative value on signed char systems the wrong encoding is produced as we run into undefined behaviour accessing negative array indexes. We can avoid this problem simply by using an unsigned data type. Add a simple test for APT::String::DisplayLength 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:35:29Z urn:sha1:1b3ad3891465f8b72bcedfb4edd513cb74eec7f3 References: 2497198e9599a6a8d4d0ad08627bcfc7ea49c644 Gbp-Dch: Ignore patterns: Terminate short pattern by ~ and ! 2020-12-07T14:11:20Z Julian Andres Klode julian.klode@canonical.com 2020-12-07T14:04:30Z urn:sha1:f9a621d335622a8909177f6d347e32e3876fde3f This allows patterns like ~nalpha~nbeta and ~nalpha!~nbeta to work like they do in APT. Also add a comment to remind readers that everything in START should be in short too. Cc: stable >= 2.0