[Pkg-openssl-changes] r348 - in openssl-blacklist/trunk: . debian

James Strandboge jamie-guest at alioth.debian.org
Wed Apr 8 17:53:59 UTC 2009 

Author: jamie-guest
Date: 2009-04-08 17:53:59 +0000 (Wed, 08 Apr 2009)
New Revision: 348

Modified:
   openssl-blacklist/trunk/debian/changelog
   openssl-blacklist/trunk/openssl-vulnkey
   openssl-blacklist/trunk/test.sh
Log:
* test.sh: add non-existent file and permission denied tests, as well
  as small cleanups
* openssl-vulnkey:
  - exit with status '2' when errors are encountered (ie leave '1' for when
    a bad modulus is found)
  - be consistent with error reporting


Modified: openssl-blacklist/trunk/debian/changelog
===================================================================
--- openssl-blacklist/trunk/debian/changelog	2009-04-08 17:05:10 UTC (rev 347)
+++ openssl-blacklist/trunk/debian/changelog	2009-04-08 17:53:59 UTC (rev 348)
@@ -1,9 +1,5 @@
-openssl-blacklist (0.5-1) jaunty; urgency=low
+openssl-blacklist (0.5-1) UNRELEASED; urgency=low
 
-  [ Jamie Strandboge ]
-  * update openssl-vulnkey to use GPL version 3 as specified in
-    debian/copyright.
-
   [ Kees Cook ]
   * openssl-vulnkey:
     - replace sha with hashlib Python module to silence Python 2.6 warnings.
@@ -13,8 +9,18 @@
     are static, to save space in the archive.
   * test.sh: added mixed good/bad testing.
 
- -- Kees Cook <kees at debian.org>  Wed, 08 Apr 2009 08:12:11 -0700
+  [ Jamie Strandboge ]
+  * update openssl-vulnkey to use GPL version 3 as specified in
+    debian/copyright.
+  * test.sh: add non-existent file and permission denied tests, as well
+    as small cleanups
+  * openssl-vulnkey:
+    - exit with status '2' when errors are encountered (ie leave '1' for when
+      a bad modulus is found)
+    - be consistent with error reporting
 
+ -- Jamie Strandboge <jamie at ubuntu.com>  Wed, 08 Apr 2009 12:47:31 -0500
+
 openssl-blacklist (0.4.2) unstable; urgency=low
 
   * Add openssl to the Build-Deps, since it is required for the tests.

Modified: openssl-blacklist/trunk/openssl-vulnkey
===================================================================
--- openssl-blacklist/trunk/openssl-vulnkey	2009-04-08 17:05:10 UTC (rev 347)
+++ openssl-blacklist/trunk/openssl-vulnkey	2009-04-08 17:53:59 UTC (rev 348)
@@ -147,10 +147,11 @@
 
 last_bits = ""
 found = False
+error = False
 
 if options.bits and options.modulus:
-    found = check_db(options.bits, last_bits, "Modulus=" + options.modulus + \
-                     "\n")
+    found = check_db(options.bits, last_bits, \
+                     "Modulus=%s\n" % (options.modulus))
 else:
     # Check each file
     for f in args:
@@ -168,28 +169,27 @@
         except IOError, e:
             if not options.quiet:
                 print >> sys.stderr, "ERROR: %s: %s" % (realname, e.strerror)
-            found = True
+            error = True
             continue
 
         (type, contents) = get_contents(f)
         if type == "":
             if not options.quiet:
-                print >> sys.stderr, "Skipped: %s: is not x509, req or rsa" \
-                                       % (realname)
+                print >> sys.stderr, "Skipped: '%s' is unsupported type " + \
+                                     "(not x509, req or rsa)" % (realname)
             continue
 
         exp = get_exponent(contents)
         if exp == "":
             if not options.quiet:
-                print >> sys.stderr, "ERROR: %s: unsupported exponent" % \
+                print >> sys.stderr, "Skipped: '%s' has unsupported exponent" % \
                                       (realname)
-            found = True
             continue
 
         bits = get_bits(contents, type)
         if bits == "":
             if not options.quiet:
-                print >> sys.stderr, "Skipped: %s: unsupported bit size" % \
+                print >> sys.stderr, "Skipped: '%s' has unsupported bit size" % \
                                       (realname)
             continue
 
@@ -198,7 +198,7 @@
             if not options.quiet:
                 print >> sys.stderr, "ERROR: %s: problem finding modulus" % \
                                       (realname)
-            found = True
+            error = True
             continue
 
         if check_db(bits, last_bits, modulus, realname):
@@ -207,3 +207,5 @@
 
 if found:
     sys.exit(1)
+elif error:
+    sys.exit(2)

Modified: openssl-blacklist/trunk/test.sh
===================================================================
--- openssl-blacklist/trunk/test.sh	2009-04-08 17:05:10 UTC (rev 347)
+++ openssl-blacklist/trunk/test.sh	2009-04-08 17:53:59 UTC (rev 348)
@@ -24,6 +24,7 @@
 error=
 
 tmpdir=`mktemp -d`
+trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
 
 # setup files
 cp -a ./openssl-vulnkey ./examples $tmpdir
@@ -150,9 +151,29 @@
     error="yes"
 fi
 
+echo ""
+echo "Non-existent file:"
+if ./openssl-vulnkey ./nonexistent 2>/dev/null || [ "$?" != "2" ]; then
+    echo "FAIL"
+    error="yes"
+else
+    echo "PASS"
+fi
+
+echo ""
+echo "Permission denied:"
+noperms="$tmpdir/unreadable"
+touch "$noperms"
+chmod 0 "$noperms"
+if ./openssl-vulnkey "$noperms" 2>/dev/null || [ "$?" != "2" ]; then
+    echo "FAIL"
+    error="yes"
+else
+    echo "PASS"
+fi
+
 # cleanup and report
 cd - >/dev/null
-rm -rf $tmpdir
 
 echo ""
 echo "----------------------"

More information about the Pkg-openssl-changes mailing list