[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of dhcpd5

Hi again

It was possible to build this but it was not trivial. The Android tests must be done with some clever automation because I had to edit the dhcpcd.c file to rename the main function there.

Building worked after that.
g++ -Wall -Werror -Wunused-parameter -I/usr/src/gtest -I. /usr/src/gtest/src/gtest-all.cc /usr/src/gtest/src/gtest_main.cc dhcpcd_test.cpp *.o */*.o -lpthread -lrt

And the result was this:
root@tigereye:~/build/dhcpcd5/dhcpcd5-5.5.6# ./a.out 
Running main() from gtest_main.cc
[==========] Running 6 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 6 tests from DhcpcdGetOptionTest
[ RUN      ] DhcpcdGetOptionTest.OptionNotPresent
[       OK ] DhcpcdGetOptionTest.OptionNotPresent (0 ms)
[ RUN      ] DhcpcdGetOptionTest.TypeIsOffTheEnd
[       OK ] DhcpcdGetOptionTest.TypeIsOffTheEnd (0 ms)
[ RUN      ] DhcpcdGetOptionTest.LengthIsOffTheEnd
[       OK ] DhcpcdGetOptionTest.LengthIsOffTheEnd (0 ms)
[ RUN      ] DhcpcdGetOptionTest.ValueIsOffTheEnd
[       OK ] DhcpcdGetOptionTest.ValueIsOffTheEnd (0 ms)
[ RUN      ] DhcpcdGetOptionTest.InsufficientSpaceForValue
[       OK ] DhcpcdGetOptionTest.InsufficientSpaceForValue (0 ms)
[ RUN      ] DhcpcdGetOptionTest.InsufficientSpaceForContinuedValue
[       OK ] DhcpcdGetOptionTest.InsufficientSpaceForContinuedValue (0 ms)
[----------] 6 tests from DhcpcdGetOptionTest (0 ms total)

[----------] Global test environment tear-down
[==========] 6 tests from 1 test case ran. (0 ms total)
[  PASSED  ] 6 tests.


Do you think we should include this dhcpcd_test.cpp file in the package that I upload? In order to run it the source have to be modified. I'm not sure how much this would give.

I can add it if you think it would be useful.

// Ola




On Thu, Jun 2, 2016 at 7:02 PM, Ola Lundqvist <opal@debian.org> wrote:

Hi Raphael

The reason for picking the Android fix was that the Android version was similar to the one in wheezy. The upstream fix was against a much more recent with quite significantly changed code base (essentially a complete rewrite). Also the Android fix was much smaller and corrected both problems, making the work easier. The upstream fix also include some code restructuring that made it hard to tell how to backport considering the significance of the changed code base.

Jose (maintainer) and maybe debian security team should probably pick the patches you refer to as that versaion is similar to the one the upstream correcrion was done on.

I'll have a look at the Android test program.

Was this an answer to your questions?

/ Ola

Sent from a phone

On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> What I did was to manually apply the correction made for android.

Why did you pick the android fix when the security tracker also lists
commits on the upstream VCS?

http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
http://roy.marples.name/projects/dhcpcd/ci/d71cfd8aa203bffe?sbs=0

> I have not tested the specific problem. I trust that Android developers
> have done that.

They have added a test program for this, not sure if you can build it/use
it to validate the fixed code.

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/



--
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Folkebogatan 26          \
|  ola@inguza.com                      654 68 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Reply to: