diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/containers.scm | 5 | ||||
-rw-r--r-- | tests/cran.scm | 189 | ||||
-rw-r--r-- | tests/cve-sample.xml | 616 | ||||
-rw-r--r-- | tests/cve.scm | 69 | ||||
-rw-r--r-- | tests/derivations.scm | 20 | ||||
-rw-r--r-- | tests/gexp.scm | 2 | ||||
-rw-r--r-- | tests/gnu-maintenance.scm | 44 | ||||
-rw-r--r-- | tests/graph.scm | 65 | ||||
-rw-r--r-- | tests/guix-build.sh | 27 | ||||
-rw-r--r-- | tests/guix-download.sh | 6 | ||||
-rw-r--r-- | tests/guix-environment-container.sh | 90 | ||||
-rw-r--r-- | tests/guix-environment.sh | 29 | ||||
-rw-r--r-- | tests/guix-gc.sh | 8 | ||||
-rw-r--r-- | tests/guix-graph.sh | 2 | ||||
-rw-r--r-- | tests/guix-package-net.sh | 12 | ||||
-rw-r--r-- | tests/guix-system.sh | 49 | ||||
-rw-r--r-- | tests/hackage.scm | 37 | ||||
-rw-r--r-- | tests/lint.scm | 34 | ||||
-rw-r--r-- | tests/pypi.scm | 3 | ||||
-rw-r--r-- | tests/store.scm | 142 | ||||
-rw-r--r-- | tests/substitute.scm | 4 | ||||
-rw-r--r-- | tests/syscalls.scm | 11 | ||||
-rw-r--r-- | tests/utils.scm | 6 |
23 files changed, 1330 insertions, 140 deletions
diff --git a/tests/containers.scm b/tests/containers.scm index 0ba81491ba..12982a64f7 100644 --- a/tests/containers.scm +++ b/tests/containers.scm @@ -28,8 +28,9 @@ ;; Skip these tests unless user namespaces are available and the setgroups ;; file (introduced in Linux 3.19 to address a security issue) exists. -(unless (and (file-exists? "/proc/self/ns/user") - (file-exists? "/proc/self/setgroups")) +(unless (and (user-namespace-supported?) + (unprivileged-user-namespace-supported?) + (setgroups-supported?)) (exit 77)) (test-begin "containers") diff --git a/tests/cran.scm b/tests/cran.scm index ba5699a133..0a4a2fdd8f 100644 --- a/tests/cran.scm +++ b/tests/cran.scm @@ -19,120 +19,84 @@ (define-module (test-cran) #:use-module (guix import cran) #:use-module (guix tests) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-64) + #:use-module (srfi srfi-26) #:use-module (ice-9 match)) -(define sxml - '(*TOP* (xhtml:html - (xhtml:head - (xhtml:title "CRAN - Package my-example-sxml")) - (xhtml:body - (xhtml:h2 "my-example-sxml: Short description") - (xhtml:p "Long description") - (xhtml:table - (@ (summary "Package my-example-sxml summary")) - (xhtml:tr - (xhtml:td "Version:") - (xhtml:td "1.2.3")) - (xhtml:tr - (xhtml:td "Depends:") - (xhtml:td "R (>= 3.1.0)")) - (xhtml:tr - (xhtml:td "SystemRequirements:") - (xhtml:td "cairo (>= 1.2 http://www.cairographics.org/)")) - (xhtml:tr - (xhtml:td "Imports:") - (xhtml:td - (xhtml:a (@ (href "../scales/index.html")) - "scales") - " (>= 0.2.3), " - (xhtml:a (@ (href "../proto/index.html")) - "proto") - ", " - (xhtml:a (@ (href "../Rcpp/index.html")) "Rcpp") - " (>= 0.11.0)")) - (xhtml:tr - (xhtml:td "Suggests:") - (xhtml:td - (xhtml:a (@ (href "../some/index.html")) - "some") - ", " - (xhtml:a (@ (href "../suggestions/index.html")) - "suggestions"))) - (xhtml:tr - (xhtml:td "License:") - (xhtml:td - (xhtml:a (@ (href "../../licenses/MIT")) "MIT"))) - (xhtml:tr - (xhtml:td "URL:") - (xhtml:td - (xhtml:a (@ (href "http://gnu.org/s/my-example-sxml")) - "http://gnu.org/s/my-example-sxml") - ", " - (xhtml:a (@ (href "http://alternative/home/page")) - "http://alternative/home/page")))) - (xhtml:h4 "Downloads:") - (xhtml:table - (@ (summary "Package my-example-sxml downloads")) - (xhtml:tr - (xhtml:td " Reference manual: ") - (xhtml:td - (xhtml:a (@ (href "my-example-sxml.pdf")) - " my-example-sxml.pdf "))) - (xhtml:tr - (xhtml:td " Package source: ") - (xhtml:td - (xhtml:a - (@ (href "../../../src/contrib/my-example-sxml_1.2.3.tar.gz")) - " my-example-sxml_1.2.3.tar.gz ")))) - (xhtml:h4 "Reverse dependencies:") - (xhtml:table - (@ (summary "Package my-example-sxml reverse dependencies")) - (xhtml:tr - (xhtml:td "Reverse depends:") - (xhtml:td "Too many.")) - (xhtml:tr - (xhtml:td "Reverse imports:") - (xhtml:td "Likewise.")) - (xhtml:tr - (xhtml:td "Reverse suggests:") - (xhtml:td "Uncountable."))))))) +(define description " +Package: My-Example +Type: Package +Title: Example package +Version: 1.2.3 +Date: 2015-12-10 +Author: Ricardo Wurmus +Maintainer: Guix Schmeeks <guix@gnu.org> +URL: http://gnu.org/s/my-example +Description: This is a long description +spanning multiple lines: and it could confuse the parser that +there is a colon : on the lines. + And: this line continues the description. +biocViews: 0 +SystemRequirements: Cairo (>= 0) +Depends: A C++11 compiler. Version 4.6.* of g++ (as + currently in Rtools) is insufficient; versions 4.8.*, 4.9.* or + later will be fine. +License: GPL (>= 3) +Imports: Rcpp (>= 0.11.5), proto, Scales +LinkingTo: Rcpp, BH +NeedsCompilation: yes +Repository: CRAN +Date/Publication: 2015-07-14 14:15:16 +") -(define simple-table - '(xhtml:table - (xhtml:tr - (xhtml:td "Numbers") - (xhtml:td "123")) - (xhtml:tr - (@ (class "whatever")) - (xhtml:td (@ (class "unimportant")) "Letters") - (xhtml:td "abc")) - (xhtml:tr - (xhtml:td "Letters") - (xhtml:td "xyz")) - (xhtml:tr - (xhtml:td "Single")) - (xhtml:tr - (xhtml:td "not a value") - (xhtml:td "not a label") - (xhtml:td "also not a label")))) +(define description-alist + ((@@ (guix import cran) description->alist) description)) + +(define simple-alist + '(("Key" . "Value") + ("SimpleList" . "R, Rcpp, something, whatever") + ("BadList" . "This is not a real list, you know?") + ("List" . "R (>= 2.2), BH (for no reason), GenomicRanges"))) (test-begin "cran") -(test-equal "table-datum: return list of first table cell matching label" - '((xhtml:td "abc")) - ((@@ (guix import cran) table-datum) simple-table "Letters")) +(test-assert "description->alist: contains all valid keys" + (let ((keys '("Package" "Type" "Title" "Version" "Date" + "Author" "Maintainer" "URL" "Description" + "SystemRequirements" "Depends" "License" + "Imports" "biocViews" "LinkingTo" + "NeedsCompilation" "Repository" + "Date/Publication"))) + (lset= string=? keys (map car description-alist)))) -(test-equal "table-datum: return empty list if no match" +(test-equal "listify: return empty list if key cannot be found" '() - ((@@ (guix import cran) table-datum) simple-table "Astronauts")) + ((@@ (guix import cran) listify) simple-alist "Letters")) + +(test-equal "listify: split comma-separated value into elements" + '("R" "Rcpp" "something" "whatever") + ((@@ (guix import cran) listify) simple-alist "SimpleList")) -(test-equal "table-datum: only consider the first cell as a label cell" +(test-equal "listify: strip off parentheses" + '("R" "BH" "GenomicRanges") + ((@@ (guix import cran) listify) simple-alist "List")) + +(test-equal "listify: ignore values that are no lists" '() - ((@@ (guix import cran) table-datum) simple-table "not a label")) + ((@@ (guix import cran) listify) simple-alist "BadList")) + +(test-equal "beautify-description: use double spacing" + "This is a package. It is great. Trust me Mr. Hendrix." + ((@@ (guix import cran) beautify-description) + "This is a package. It is great. Trust me Mr. Hendrix.")) +(test-equal "beautify-description: transform fragment into sentence" + "This package provides a function to establish world peace" + ((@@ (guix import cran) beautify-description) + "A function to establish world peace")) -(test-assert "cran-sxml->sexp" +(test-assert "description->package" ;; Replace network resources with sample data. (mock ((guix build download) url-fetch (lambda* (url file-name #:key (mirrors '())) @@ -140,32 +104,37 @@ (lambda () (display (match url - ("mirror://cran/src/contrib/my-example-sxml_1.2.3.tar.gz" + ("mirror://cran/src/contrib/My-Example_1.2.3.tar.gz" "source") (_ (error "Unexpected URL: " url)))))))) - (match ((@@ (guix import cran) cran-sxml->sexp) sxml) + (match ((@@ (guix import cran) description->package) description-alist) (('package - ('name "r-my-example-sxml") + ('name "r-my-example") ('version "1.2.3") ('source ('origin ('method 'url-fetch) - ('uri ('cran-uri "my-example-sxml" 'version)) + ('uri ('cran-uri "My-Example" 'version)) ('sha256 ('base32 (? string? hash))))) + ('properties ('quasiquote (('upstream-name . "My-Example")))) ('build-system 'r-build-system) ('inputs ('quasiquote (("cairo" ('unquote 'cairo))))) ('propagated-inputs ('quasiquote - (("r-proto" ('unquote 'r-proto)) + (("r-bh" ('unquote 'r-bh)) + ("r-proto" ('unquote 'r-proto)) ("r-rcpp" ('unquote 'r-rcpp)) ("r-scales" ('unquote 'r-scales))))) - ('home-page "http://gnu.org/s/my-example-sxml") - ('synopsis "Short description") - ('description "Long description") - ('license 'x11))) + ('home-page "http://gnu.org/s/my-example") + ('synopsis "Example package") + ('description + "This is a long description spanning multiple lines: \ +and it could confuse the parser that there is a colon : on the \ +lines. And: this line continues the description.") + ('license 'gpl3+))) (x (begin (format #t "~s\n" x) diff --git a/tests/cve-sample.xml b/tests/cve-sample.xml new file mode 100644 index 0000000000..ce158490f1 --- /dev/null +++ b/tests/cve-sample.xml @@ -0,0 +1,616 @@ +<?xml version='1.0' encoding='UTF-8'?> +<nvd xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" nvd_xml_version="2.0" pub_date="2015-11-25T08:07:01" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd"> + <entry id="CVE-2003-0001"> + <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.2"/> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.3"/> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.4"/> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.5"/> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.6"/> + <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.7"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.1"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.10"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.11"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.12"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.13"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.14"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.15"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.16"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.17"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.18"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.19"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.2"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.20"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.3"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.4"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.5"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.6"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.7"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.8"/> + <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.9"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::advanced_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::datacenter_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::professional"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:advanced_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:datacenter_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:professional"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:advanced_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:datacenter_server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:professional"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:server"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services::sp1"/> + <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services::sp2"/> + <cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5"/> + <cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.1"/> + <cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.2"/> + <cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.3"/> + <cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.6"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-software-list> + <vuln:product>cpe:/o:microsoft:windows_2000::sp2:professional</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.4</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000_terminal_services::sp1</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp1:advanced_server</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.19</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp2:advanced_server</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000_terminal_services</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000:::advanced_server</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.20</vuln:product> + <vuln:product>cpe:/o:netbsd:netbsd:1.5.1</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000_terminal_services::sp2</vuln:product> + <vuln:product>cpe:/o:netbsd:netbsd:1.5.3</vuln:product> + <vuln:product>cpe:/o:netbsd:netbsd:1.5.2</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.6</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.9</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000:::datacenter_server</vuln:product> + <vuln:product>cpe:/o:netbsd:netbsd:1.6</vuln:product> + <vuln:product>cpe:/o:netbsd:netbsd:1.5</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.7</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.8</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp1:datacenter_server</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp2:datacenter_server</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.3</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.10</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp1:server</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.5</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.12</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.2</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.7</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.4</vuln:product> + <vuln:product>cpe:/o:freebsd:freebsd:4.6</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp2:server</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.18</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.1</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.15</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000:::server</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.17</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.14</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.2</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000:::professional</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.11</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.5</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.16</vuln:product> + <vuln:product>cpe:/o:microsoft:windows_2000::sp1:professional</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.13</vuln:product> + <vuln:product>cpe:/o:linux:linux_kernel:2.4.3</vuln:product> + </vuln:vulnerable-software-list> + <vuln:cve-id>CVE-2003-0001</vuln:cve-id> + <vuln:published-datetime>2003-01-17T00:00:00.000-05:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-24T13:05:47.073-05:00</vuln:last-modified-datetime> + <vuln:cvss> + <cvss:base_metrics> + <cvss:score>5.0</cvss:score> + <cvss:access-vector>NETWORK</cvss:access-vector> + <cvss:access-complexity>LOW</cvss:access-complexity> + <cvss:authentication>NONE</cvss:authentication> + <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact> + <cvss:integrity-impact>NONE</cvss:integrity-impact> + <cvss:availability-impact>NONE</cvss:availability-impact> + <cvss:source>http://nvd.nist.gov</cvss:source> + <cvss:generated-on-datetime>2015-11-24T12:23:33.593-05:00</cvss:generated-on-datetime> + </cvss:base_metrics> + </vuln:cvss> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2665" name="oval:org.mitre.oval:def:2665"/> + <vuln:cwe id="CWE-200"/> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>CERT-VN</vuln:source> + <vuln:reference href="http://www.kb.cert.org/vuls/id/412115" xml:lang="en">VU#412115</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded" xml:lang="en">20030117 Re: More information regarding Etherleak</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded" xml:lang="en">20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>REDHAT</vuln:source> + <vuln:reference href="http://www.redhat.com/support/errata/RHSA-2003-088.html" xml:lang="en">RHSA-2003:088</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>REDHAT</vuln:source> + <vuln:reference href="http://www.redhat.com/support/errata/RHSA-2003-025.html" xml:lang="en">RHSA-2003:025</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>OSVDB</vuln:source> + <vuln:reference href="http://www.osvdb.org/9962" xml:lang="en">9962</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" xml:lang="en">http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>ATSTAKE</vuln:source> + <vuln:reference href="http://www.atstake.com/research/advisories/2003/a010603-1.txt" xml:lang="en">A010603-1</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>FULLDISC</vuln:source> + <vuln:reference href="http://seclists.org/fulldisclosure/2015/Apr/5" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html" xml:lang="en">http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2" xml:lang="en">20030110 More information regarding Etherleak</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>VULNWATCH</vuln:source> + <vuln:reference href="http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" xml:lang="en">20030110 More information regarding Etherleak</vuln:reference> + </vuln:references> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2665" name="oval:org.mitre.oval:def:2665"/> + </vuln:scanner> + <vuln:summary>Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.</vuln:summary> + </entry> + <entry id="CVE-2004-0230"> + <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/a:tcp:tcp"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-software-list> + <vuln:product>cpe:/a:tcp:tcp</vuln:product> + </vuln:vulnerable-software-list> + <vuln:cve-id>CVE-2004-0230</vuln:cve-id> + <vuln:published-datetime>2004-08-18T00:00:00.000-04:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-24T13:06:40.597-05:00</vuln:last-modified-datetime> + <vuln:cvss> + <cvss:base_metrics> + <cvss:score>5.0</cvss:score> + <cvss:access-vector>NETWORK</cvss:access-vector> + <cvss:access-complexity>LOW</cvss:access-complexity> + <cvss:authentication>NONE</cvss:authentication> + <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact> + <cvss:integrity-impact>NONE</cvss:integrity-impact> + <cvss:availability-impact>PARTIAL</cvss:availability-impact> + <cvss:source>http://nvd.nist.gov</cvss:source> + <cvss:generated-on-datetime>2015-11-24T12:17:30.930-05:00</cvss:generated-on-datetime> + </cvss:base_metrics> + </vuln:cvss> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5711" name="oval:org.mitre.oval:def:5711"/> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4791" name="oval:org.mitre.oval:def:4791"/> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3508" name="oval:org.mitre.oval:def:3508"/> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:270" name="oval:org.mitre.oval:def:270"/> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2689" name="oval:org.mitre.oval:def:2689"/> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>CERT</vuln:source> + <vuln:reference href="http://www.us-cert.gov/cas/techalerts/TA04-111A.html" xml:lang="en">TA04-111A</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CERT-VN</vuln:source> + <vuln:reference href="http://www.kb.cert.org/vuls/id/415294" xml:lang="en">VU#415294</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&id=SB10053" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&id=SB10053</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>XF</vuln:source> + <vuln:reference href="http://xforce.iss.net/xforce/xfdb/15886" xml:lang="en">tcp-rst-dos(15886)</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>VUPEN</vuln:source> + <vuln:reference href="http://www.vupen.com/english/advisories/2006/3983" xml:lang="en">ADV-2006-3983</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://www.uniras.gov.uk/vuls/2004/236929/index.htm" xml:lang="en">http://www.uniras.gov.uk/vuls/2004/236929/index.htm</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>BID</vuln:source> + <vuln:reference href="http://www.securityfocus.com/bid/10183" xml:lang="en">10183</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>HP</vuln:source> + <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded" xml:lang="en">SSRT061264</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>OSVDB</vuln:source> + <vuln:reference href="http://www.osvdb.org/4030" xml:lang="en">4030</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MS</vuln:source> + <vuln:reference href="http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx" xml:lang="en">MS06-064</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MS</vuln:source> + <vuln:reference href="http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx" xml:lang="en">MS05-019</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CISCO</vuln:source> + <vuln:reference href="http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml" xml:lang="en">20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>FULLDISC</vuln:source> + <vuln:reference href="http://seclists.org/fulldisclosure/2015/Apr/5" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html" xml:lang="en">http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>HP</vuln:source> + <vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&m=108506952116653&w=2" xml:lang="en">SSRT4696</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BUGTRAQ</vuln:source> + <vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&m=108302060014745&w=2" xml:lang="en">20040425 Perl code exploting TCP not checking RST ACK.</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://kb.juniper.net/JSA10638" xml:lang="en">http://kb.juniper.net/JSA10638</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SGI</vuln:source> + <vuln:reference href="ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc" xml:lang="en">20040403-01-A</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SCO</vuln:source> + <vuln:reference href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt" xml:lang="en">SCOSA-2005.14</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SCO</vuln:source> + <vuln:reference href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt" xml:lang="en">SCOSA-2005.9</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SCO</vuln:source> + <vuln:reference href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt" xml:lang="en">SCOSA-2005.3</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>NETBSD</vuln:source> + <vuln:reference href="ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc" xml:lang="en">NetBSD-SA2004-006</vuln:reference> + </vuln:references> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:3508" name="oval:org.mitre.oval:def:3508"/> + </vuln:scanner> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:270" name="oval:org.mitre.oval:def:270"/> + </vuln:scanner> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2689" name="oval:org.mitre.oval:def:2689"/> + </vuln:scanner> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5711" name="oval:org.mitre.oval:def:5711"/> + </vuln:scanner> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4791" name="oval:org.mitre.oval:def:4791"/> + </vuln:scanner> + <vuln:summary>TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.</vuln:summary> + </entry> + <entry id="CVE-2008-2335"> + <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/a:vastal:phpvid:1.2"/> + <cpe-lang:fact-ref name="cpe:/a:vastal:phpvid:1.1"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-software-list> + <vuln:product>cpe:/a:vastal:phpvid:1.1</vuln:product> + <vuln:product>cpe:/a:vastal:phpvid:1.2</vuln:product> + </vuln:vulnerable-software-list> + <vuln:cve-id>CVE-2008-2335</vuln:cve-id> + <vuln:published-datetime>2008-05-19T09:20:00.000-04:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-24T11:45:25.057-05:00</vuln:last-modified-datetime> + <vuln:cvss> + <cvss:base_metrics> + <cvss:score>4.3</cvss:score> + <cvss:access-vector>NETWORK</cvss:access-vector> + <cvss:access-complexity>MEDIUM</cvss:access-complexity> + <cvss:authentication>NONE</cvss:authentication> + <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact> + <cvss:integrity-impact>PARTIAL</cvss:integrity-impact> + <cvss:availability-impact>NONE</cvss:availability-impact> + <cvss:source>http://nvd.nist.gov</cvss:source> + <cvss:generated-on-datetime>2015-11-24T10:50:05.737-05:00</cvss:generated-on-datetime> + </cvss:base_metrics> + </vuln:cvss> + <vuln:cwe id="CWE-79"/> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>XF</vuln:source> + <vuln:reference href="http://xforce.iss.net/xforce/xfdb/42450" xml:lang="en">phpvid-query-xss(42450)</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>VUPEN</vuln:source> + <vuln:reference href="http://www.vupen.com/english/advisories/2008/2552" xml:lang="en">ADV-2008-2552</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BID</vuln:source> + <vuln:reference href="http://www.securityfocus.com/bid/29238" xml:lang="en">29238</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MILW0RM</vuln:source> + <vuln:reference href="http://www.milw0rm.com/exploits/6422" xml:lang="en">6422</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>EXPLOIT-DB</vuln:source> + <vuln:reference href="http://www.exploit-db.com/exploits/27519" xml:lang="en">27519</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/" xml:lang="en">http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>FULLDISC</vuln:source> + <vuln:reference href="http://seclists.org/fulldisclosure/2015/Mar/59" xml:lang="en">20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>OSVDB</vuln:source> + <vuln:reference href="http://osvdb.org/show/osvdb/45171" xml:lang="en">45171</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://holisticinfosec.org/content/view/65/45/" xml:lang="en">http://holisticinfosec.org/content/view/65/45/</vuln:reference> + </vuln:references> + <vuln:summary>Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.</vuln:summary> + </entry> + <entry id="CVE-2008-3522"> + <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/a:redhat:enterprise_virtualization:3.5"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/a:jasper_project:jasper:1.900.1"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-software-list> + <vuln:product>cpe:/a:redhat:enterprise_virtualization:3.5</vuln:product> + <vuln:product>cpe:/a:jasper_project:jasper:1.900.1</vuln:product> + </vuln:vulnerable-software-list> + <vuln:cve-id>CVE-2008-3522</vuln:cve-id> + <vuln:published-datetime>2008-10-02T14:18:05.790-04:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-24T11:46:04.933-05:00</vuln:last-modified-datetime> + <vuln:cvss> + <cvss:base_metrics> + <cvss:score>10.0</cvss:score> + <cvss:access-vector>NETWORK</cvss:access-vector> + <cvss:access-complexity>LOW</cvss:access-complexity> + <cvss:authentication>NONE</cvss:authentication> + <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact> + <cvss:integrity-impact>COMPLETE</cvss:integrity-impact> + <cvss:availability-impact>COMPLETE</cvss:availability-impact> + <cvss:source>http://nvd.nist.gov</cvss:source> + <cvss:generated-on-datetime>2015-11-24T10:05:46.467-05:00</cvss:generated-on-datetime> + </cvss:base_metrics> + </vuln:cvss> + <vuln:security-protection>ALLOWS_ADMIN_ACCESS</vuln:security-protection> + <vuln:cwe id="CWE-119"/> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>XF</vuln:source> + <vuln:reference href="http://xforce.iss.net/xforce/xfdb/45623" xml:lang="en">jasper-jasstreamprintf-bo(45623)</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>UBUNTU</vuln:source> + <vuln:reference href="http://www.ubuntu.com/usn/USN-742-1" xml:lang="en">USN-742-1</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BID</vuln:source> + <vuln:reference href="http://www.securityfocus.com/bid/31470" xml:lang="en">31470</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MANDRIVA</vuln:source> + <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" xml:lang="en">MDVSA-2009:164</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MANDRIVA</vuln:source> + <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:144" xml:lang="en">MDVSA-2009:144</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MANDRIVA</vuln:source> + <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" xml:lang="en">MDVSA-2009:142</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>GENTOO</vuln:source> + <vuln:reference href="http://security.gentoo.org/glsa/glsa-200812-18.xml" xml:lang="en">GLSA-200812-18</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>REDHAT</vuln:source> + <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2015-0698.html" xml:lang="en">RHSA-2015:0698</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://bugs.gentoo.org/show_bug.cgi?id=222819" xml:lang="en">http://bugs.gentoo.org/show_bug.cgi?id=222819</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" xml:lang="en">http://bugs.gentoo.org/attachment.cgi?id=163282&action=view</vuln:reference> + </vuln:references> + <vuln:summary>Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.</vuln:summary> + </entry> + <entry id="CVE-2009-3301"> + <vuln:vulnerable-configuration id="http://www.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.1.1"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.1.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.0.1"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.0.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.1"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.1.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:1.1.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.2"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.3"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.3.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.3.1"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.2.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.2.1"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.0.0"/> + <cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.0.3"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-configuration id="http://www.nist.gov/"> + <cpe-lang:logical-test operator="OR" negate="false"> + <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~"/> + <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.10"/> + <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:9.10"/> + <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:8.04:-:lts"/> + </cpe-lang:logical-test> + </vuln:vulnerable-configuration> + <vuln:vulnerable-software-list> + <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~</vuln:product> + <vuln:product>cpe:/o:canonical:ubuntu_linux:8.04:-:lts</vuln:product> + <vuln:product>cpe:/o:canonical:ubuntu_linux:10.10</vuln:product> + <vuln:product>cpe:/a:sun:openoffice.org:2.1.0</vuln:product> + <vuln:product>cpe:/a:sun:openoffice.org:2.3.0</vuln:product> + <vuln:product>cpe:/a:sun:openoffice.org:2.2.1</vuln:product> + <!-- snipped --> + </vuln:vulnerable-software-list> + <vuln:cve-id>CVE-2009-3301</vuln:cve-id> + <vuln:published-datetime>2010-02-16T14:30:00.533-05:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-17T10:59:44.723-05:00</vuln:last-modified-datetime> + <vuln:cvss> + <cvss:base_metrics> + <cvss:score>9.3</cvss:score> + <cvss:access-vector>NETWORK</cvss:access-vector> + <cvss:access-complexity>MEDIUM</cvss:access-complexity> + <cvss:authentication>NONE</cvss:authentication> + <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact> + <cvss:integrity-impact>COMPLETE</cvss:integrity-impact> + <cvss:availability-impact>COMPLETE</cvss:availability-impact> + <cvss:source>http://nvd.nist.gov</cvss:source> + <cvss:generated-on-datetime>2015-11-17T10:02:50.097-05:00</cvss:generated-on-datetime> + </cvss:base_metrics> + </vuln:cvss> + <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10423" name="oval:org.mitre.oval:def:10423"/> + <vuln:cwe id="CWE-189"/> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>CERT</vuln:source> + <vuln:reference href="http://www.us-cert.gov/cas/techalerts/TA10-287A.html" xml:lang="en">TA10-287A</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=533038" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=533038</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>XF</vuln:source> + <vuln:reference href="http://xforce.iss.net/xforce/xfdb/56240" xml:lang="en">openoffice-word-sprmtdeftable-bo(56240)</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>VUPEN</vuln:source> + <vuln:reference href="http://www.vupen.com/english/advisories/2010/2905" xml:lang="en">ADV-2010-2905</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>VUPEN</vuln:source> + <vuln:reference href="http://www.vupen.com/english/advisories/2010/0635" xml:lang="en">ADV-2010-0635</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>VUPEN</vuln:source> + <vuln:reference href="http://www.vupen.com/english/advisories/2010/0366" xml:lang="en">ADV-2010-0366</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>UBUNTU</vuln:source> + <vuln:reference href="http://www.ubuntu.com/usn/USN-903-1" xml:lang="en">USN-903-1</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>BID</vuln:source> + <vuln:reference href="http://www.securityfocus.com/bid/38218" xml:lang="en">38218</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>REDHAT</vuln:source> + <vuln:reference href="http://www.redhat.com/support/errata/RHSA-2010-0101.html" xml:lang="en">RHSA-2010:0101</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html" xml:lang="en">http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY"> + <vuln:source>CONFIRM</vuln:source> + <vuln:reference href="http://www.openoffice.org/security/bulletin.html" xml:lang="en">http://www.openoffice.org/security/bulletin.html</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MANDRIVA</vuln:source> + <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" xml:lang="en">MDVSA-2010:221</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>GENTOO</vuln:source> + <vuln:reference href="http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" xml:lang="en">GLSA-201408-19</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>DEBIAN</vuln:source> + <vuln:reference href="http://www.debian.org/security/2010/dsa-1995" xml:lang="en">DSA-1995</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SECTRACK</vuln:source> + <vuln:reference href="http://securitytracker.com/id?1023591" xml:lang="en">1023591</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>SUSE</vuln:source> + <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" xml:lang="en">SUSE-SA:2010:017</vuln:reference> + </vuln:references> + <vuln:scanner> + <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10423" name="oval:org.mitre.oval:def:10423"/> + </vuln:scanner> + <vuln:summary>Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.</vuln:summary> + </entry> + <entry id="CVE-2015-8330"> + <vuln:cve-id>CVE-2015-8330</vuln:cve-id> + <vuln:published-datetime>2015-11-24T15:59:25.897-05:00</vuln:published-datetime> + <vuln:last-modified-datetime>2015-11-24T15:59:26.930-05:00</vuln:last-modified-datetime> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015" xml:lang="en">https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015</vuln:reference> + </vuln:references> + <vuln:references xml:lang="en" reference_type="UNKNOWN"> + <vuln:source>MISC</vuln:source> + <vuln:reference href="http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/" xml:lang="en">http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/</vuln:reference> + </vuln:references> + <vuln:summary>The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619.</vuln:summary> + </entry> +</nvd> diff --git a/tests/cve.scm b/tests/cve.scm new file mode 100644 index 0000000000..26bc560e52 --- /dev/null +++ b/tests/cve.scm @@ -0,0 +1,69 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (test-cve) + #:use-module (guix cve) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + +(define %sample + (search-path %load-path "tests/cve-sample.xml")) + +(define (vulnerability id packages) + (make-struct (@@ (guix cve) <vulnerability>) 0 id packages)) + +(define %expected-vulnerabilities + ;; What we should get when reading %SAMPLE. + (list + ;; CVE-2003-0001 has no "/a" in its product list so it is omitted. + ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number. + (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2"))) + (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5") + ("jasper" . "1.900.1"))) + (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0") + ("openoffice.org" . "2.3.0") + ("openoffice.org" . "2.2.1"))) + ;; CVE-2015-8330 has no software list. + )) + + +(test-begin "cve") + +(test-equal "xml->vulnerabilities" + %expected-vulnerabilities + (call-with-input-file %sample xml->vulnerabilities)) + +(test-equal "" + (list `(("1.1" . ,(first %expected-vulnerabilities)) + ("1.2" . ,(first %expected-vulnerabilities))) + '() + '() + (list (second %expected-vulnerabilities)) + (list (third %expected-vulnerabilities))) + (let* ((vulns (call-with-input-file %sample xml->vulnerabilities)) + (lookup (vulnerabilities->lookup-proc vulns))) + (list (lookup "phpvid") + (lookup "jasper" "2.0") + (lookup "foobar") + (lookup "jasper" "1.900.1") + (lookup "openoffice.org" "2.3.0")))) + +(test-end "cve") + + +(exit (= (test-runner-fail-count (test-runner-current)) 0)) diff --git a/tests/derivations.scm b/tests/derivations.scm index 9fc96c71ae..1bbc93fe5c 100644 --- a/tests/derivations.scm +++ b/tests/derivations.scm @@ -670,6 +670,26 @@ (((? string? item)) (string=? item (derivation->output-path drv)))))))))) +(test-assert "derivation-prerequisites-to-build in 'check' mode" + (with-store store + (let* ((dep (build-expression->derivation store "dep" + `(begin ,(random-text) + (mkdir %output)))) + (drv (build-expression->derivation store "to-check" + '(mkdir %output) + #:inputs `(("dep" ,dep))))) + (build-derivations store (list drv)) + (delete-paths store (list (derivation->output-path dep))) + + ;; In 'check' mode, DEP must be rebuilt. + (and (null? (derivation-prerequisites-to-build store drv)) + (match (derivation-prerequisites-to-build store drv + #:mode (build-mode + check)) + ((input) + (string=? (derivation-input-path input) + (derivation-file-name dep)))))))) + (test-assert "build-expression->derivation with expression returning #f" (let* ((builder '(begin (mkdir %output) diff --git a/tests/gexp.scm b/tests/gexp.scm index 4860a8e79c..87c774782a 100644 --- a/tests/gexp.scm +++ b/tests/gexp.scm @@ -600,7 +600,7 @@ ;; If we're going to hit the silly shebang limit (128 chars on Linux-based ;; systems), then skip the following test. -(test-skip (if (> (string-length shebang) 127) 1 0)) +(test-skip (if (> (string-length shebang) 127) 2 0)) (test-assertm "gexp->script" (mlet* %store-monad ((n -> (random (expt 2 50))) diff --git a/tests/gnu-maintenance.scm b/tests/gnu-maintenance.scm new file mode 100644 index 0000000000..e7296137dc --- /dev/null +++ b/tests/gnu-maintenance.scm @@ -0,0 +1,44 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (test-gnu-maintenance) + #:use-module (guix gnu-maintenance) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + +(test-begin "gnu-maintenance") + +(test-assert "release-file?" + (and (every (lambda (project+file) + (apply release-file? project+file)) + '(("gcc" "gcc-5.3.0.tar.bz2") + ("texmacs" "TeXmacs-1.0.7.9-src.tar.gz") + ("icecat" "icecat-38.4.0-gnu1.tar.bz2") + ("mit-scheme" "mit-scheme-9.2.tar.gz"))) + (every (lambda (project+file) + (not (apply release-file? project+file))) + '(("guile" "guile-www-1.1.1.tar.gz") + ("guile" "guile-2.0.11.tar.gz.sig") + ("mit-scheme" "mit-scheme-9.2-i386.tar.gz") + ("mit-scheme" "mit-scheme-9.2-doc-pdf.tar.gz") + ("gnutls" "gnutls-3.2.18-w32.zip"))))) + +(test-end) + + +(exit (= (test-runner-fail-count (test-runner-current)) 0)) diff --git a/tests/graph.scm b/tests/graph.scm index f454b06351..ad8aea0ada 100644 --- a/tests/graph.scm +++ b/tests/graph.scm @@ -18,14 +18,19 @@ (define-module (test-graph) #:use-module (guix tests) + #:use-module (guix graph) #:use-module (guix scripts graph) #:use-module (guix packages) #:use-module (guix derivations) #:use-module (guix store) #:use-module (guix monads) #:use-module (guix build-system gnu) + #:use-module (guix build-system trivial) #:use-module (guix gexp) + #:use-module (guix utils) #:use-module (gnu packages) + #:use-module (gnu packages base) + #:use-module (gnu packages guile) #:use-module (gnu packages bootstrap) #:use-module (ice-9 match) #:use-module (srfi srfi-1) @@ -110,7 +115,7 @@ edges." ".drv"))) implicit))))))) -(test-assert "bag DAG" +(test-assert "bag DAG" ;a big town in Iraq (let-values (((backend nodes+edges) (make-recording-backend))) (let ((p (dummy-package "p"))) (run-with-store %store @@ -129,6 +134,32 @@ edges." (((labels packages) ...) (map package-full-name packages)))))))) +(test-assert "bag DAG, including origins" + (let-values (((backend nodes+edges) (make-recording-backend))) + (let* ((m (lambda* (uri hash-type hash name #:key system) + (text-file "foo-1.2.3.tar.gz" "This is a fake!"))) + (o (origin (method m) (uri "the-uri") (sha256 #vu8(0 1 2)))) + (p (dummy-package "p" (source o)))) + (run-with-store %store + (export-graph (list p) 'port + #:node-type %bag-with-origins-node-type + #:backend backend)) + ;; We should see O among the nodes, with an edge coming from P. + (let-values (((nodes edges) (nodes+edges))) + (run-with-store %store + (mlet %store-monad ((o* (lower-object o)) + (p* (lower-object p))) + (return + (and (find (match-lambda + ((file "the-uri") #t) + (_ #f)) + nodes) + (find (match-lambda + ((source target) + (and (string=? source (derivation-file-name p*)) + (string=? target o*)))) + edges))))))))) + (test-assert "derivation DAG" (let-values (((backend nodes+edges) (make-recording-backend))) (run-with-store %store @@ -187,6 +218,38 @@ edges." (list out txt)) (equal? edges `((,out ,txt))))))))))) +(test-assert "node-edges" + (run-with-store %store + (let ((packages (fold-packages cons '()))) + (mlet %store-monad ((edges (node-edges %package-node-type packages))) + (return (and (null? (edges grep)) + (lset= eq? + (edges guile-2.0) + (match (package-direct-inputs guile-2.0) + (((labels packages _ ...) ...) + packages))))))))) + +(test-assert "node-transitive-edges + node-back-edges" + (run-with-store %store + (let ((packages (fold-packages cons '())) + (bootstrap? (lambda (package) + (string-contains + (location-file (package-location package)) + "bootstrap.scm"))) + (trivial? (lambda (package) + (eq? (package-build-system package) + trivial-build-system)))) + (mlet %store-monad ((edges (node-back-edges %bag-node-type packages))) + (let* ((glibc (canonical-package glibc)) + (dependents (node-transitive-edges (list glibc) edges)) + (diff (lset-difference eq? packages dependents))) + ;; All the packages depend on libc, except bootstrap packages and + ;; some that use TRIVIAL-BUILD-SYSTEM. + (return (null? (remove (lambda (package) + (or (trivial? package) + (bootstrap? package))) + diff)))))))) + (test-end "graph") diff --git a/tests/guix-build.sh b/tests/guix-build.sh index a72ce0911d..f7fb3c5b64 100644 --- a/tests/guix-build.sh +++ b/tests/guix-build.sh @@ -167,6 +167,33 @@ guix build -e "(begin guix build -e '#~(mkdir #$output)' -d guix build -e '#~(mkdir #$output)' -d | grep 'gexp\.drv' +# Building from a package file. +cat > "$module_dir/package.scm"<<EOF +(use-modules (gnu)) +(use-package-modules bootstrap) + +%bootstrap-guile +EOF +guix build --file="$module_dir/package.scm" + +# Building from a monadic procedure file. +cat > "$module_dir/proc.scm"<<EOF +(use-modules (guix gexp)) +(lambda () + (gexp->derivation "test" + (gexp (mkdir (ungexp output))))) +EOF +guix build --file="$module_dir/proc.scm" --dry-run + +# Building from a gexp file. +cat > "$module_dir/gexp.scm"<<EOF +(use-modules (guix gexp)) + +(gexp (mkdir (ungexp output))) +EOF +guix build --file="$module_dir/gexp.scm" -d +guix build --file="$module_dir/gexp.scm" -d | grep 'gexp\.drv' + # Using 'GUIX_BUILD_OPTIONS'. GUIX_BUILD_OPTIONS="--dry-run" export GUIX_BUILD_OPTIONS diff --git a/tests/guix-download.sh b/tests/guix-download.sh index 7af6f181f6..6283772c48 100644 --- a/tests/guix-download.sh +++ b/tests/guix-download.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2012 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2012, 2015 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -34,3 +34,7 @@ then false; else true; fi # This one should succeed. guix download "file://$abs_top_srcdir/README" + +# This one should fail. +if guix download "file:///does-not-exist" "file://$abs_top_srcdir/README" +then false; else true; fi diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh new file mode 100644 index 0000000000..703ab31d27 --- /dev/null +++ b/tests/guix-environment-container.sh @@ -0,0 +1,90 @@ +# GNU Guix --- Functional package management for GNU +# Copyright © 2015 David Thompson <davet@gnu.org> +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +# +# Test 'guix environment'. +# + +set -e + +guix environment --version + +if ! guile -c '((@@ (guix scripts environment) assert-container-features))' +then + # User containers are not supported; skip this test. + exit 77 +fi + +tmpdir="t-guix-environment-$$" +trap 'rm -r "$tmpdir"' EXIT + +mkdir "$tmpdir" + +# Make sure the exit value is preserved. +if guix environment --container --ad-hoc --bootstrap guile-bootstrap \ + -- guile -c '(exit 42)' +then + false +else + test $? = 42 +fi + +# Make sure that the right directories are mapped. +mount_test_code=" +(use-modules (ice-9 rdelim) + (ice-9 match) + (srfi srfi-1)) + +(define mappings + (filter-map (lambda (line) + (match (string-split line #\space) + ;; Empty line. + ((\"\") #f) + ;; Ignore these types of file systems. + ((_ _ (or \"tmpfs\" \"proc\" \"sysfs\" \"devtmpfs\" + \"devpts\" \"cgroup\" \"mqueue\") _ _ _) + #f) + ((_ mount _ _ _ _) + mount))) + (string-split (call-with-input-file \"/proc/mounts\" read-string) + #\newline))) + +(for-each (lambda (mount) + (display mount) + (newline)) + mappings)" + +guix environment --container --ad-hoc --bootstrap guile-bootstrap \ + -- guile -c "$mount_test_code" > $tmpdir/mounts + +cat "$tmpdir/mounts" +test `wc -l < $tmpdir/mounts` -eq 3 + +current_dir="`cd $PWD; pwd -P`" +grep -e "$current_dir$" $tmpdir/mounts # current directory +grep $(guix build guile-bootstrap) $tmpdir/mounts +grep -e "$NIX_STORE_DIR/.*-bash" $tmpdir/mounts # bootstrap bash + +rm $tmpdir/mounts + +if guix environment --bootstrap --container \ + --ad-hoc bootstrap-binaries -- kill -SEGV 2 +then false; +else + test $? -gt 127 +fi diff --git a/tests/guix-environment.sh b/tests/guix-environment.sh index f91c78a801..aed27c103c 100644 --- a/tests/guix-environment.sh +++ b/tests/guix-environment.sh @@ -29,6 +29,10 @@ trap 'rm -r "$tmpdir"' EXIT mkdir "$tmpdir" +# 'guix environment' launches /bin/sh if 'SHELL' is unset, so export 'SHELL' +# since we know it's valid (build environments lack /bin/sh.) +export SHELL + # Check the environment variables for the bootstrap Guile. guix environment --ad-hoc guile-bootstrap --pure --search-paths > "$tmpdir/a" guix environment --ad-hoc guile-bootstrap:out --pure --search-paths > "$tmpdir/b" @@ -97,4 +101,29 @@ then # Make sure the "debug" output is not listed. if grep -E "$make_boot0_debug" "$tmpdir/a"; then false; else true; fi + + # Compute the build environment for the initial GNU Make, but add in the + # bootstrap Guile as an ad-hoc addition. + guix environment -e '(@@ (gnu packages commencement) gnu-make-boot0)' \ + --ad-hoc guile-bootstrap --no-substitutes --search-paths \ + --pure > "$tmpdir/a" + + # Make sure the bootstrap binaries are all listed where they belong. + cat $tmpdir/a + grep -E '^export PATH=.*-bootstrap-binaries-0/bin' "$tmpdir/a" + grep -E '^export PATH=.*-guile-bootstrap-2.0/bin' "$tmpdir/a" + grep -E '^export CPATH=.*-gcc-bootstrap-0/include' "$tmpdir/a" + grep -E '^export CPATH=.*-glibc-bootstrap-0/include' "$tmpdir/a" + grep -E '^export LIBRARY_PATH=.*-glibc-bootstrap-0/lib' "$tmpdir/a" + + # Make sure a package list can be used with -e. + expr_list_test_code=" +(list (@@ (gnu packages commencement) gnu-make-boot0) + (@ (gnu packages bootstrap) %bootstrap-guile))" + + guix environment --ad-hoc --no-substitutes --search-paths --pure \ + -e "$expr_list_test_code" > "$tmpdir/a" + + grep -E '^export PATH=.*-make-boot0-4.1/bin' "$tmpdir/a" + grep -E '^export PATH=.*-guile-bootstrap-2.0/bin' "$tmpdir/a" fi diff --git a/tests/guix-gc.sh b/tests/guix-gc.sh index c1eb66cef5..a100f186f5 100644 --- a/tests/guix-gc.sh +++ b/tests/guix-gc.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -25,6 +25,12 @@ guix gc --version trap "rm -f guix-gc-root" EXIT rm -f guix-gc-root +# For some operations, passing extra arguments is an error. +for option in "" "-C 500M" "--verify" "--optimize" +do + if guix gc $option whatever; then false; else true; fi +done + # Check the references of a .drv. drv="`guix build guile-bootstrap -d`" out="`guix build guile-bootstrap`" diff --git a/tests/guix-graph.sh b/tests/guix-graph.sh index e0cbebb753..4d5a755bc1 100644 --- a/tests/guix-graph.sh +++ b/tests/guix-graph.sh @@ -24,7 +24,7 @@ guix graph --version for package in guile-bootstrap coreutils python do - for graph in package bag-emerged bag + for graph in package bag-emerged bag bag-with-origins do guix graph -t "$graph" "$package" | grep "$package" done diff --git a/tests/guix-package-net.sh b/tests/guix-package-net.sh index 14222cfd25..35ef6ff1a0 100644 --- a/tests/guix-package-net.sh +++ b/tests/guix-package-net.sh @@ -46,9 +46,10 @@ fi profile="t-profile-$$" +profile_alt="t-profile-alt-$$" rm -f "$profile" -trap 'rm -f "$profile" "$profile-"[0-9]* ; rm -rf t-home-'"$$" EXIT +trap 'rm -f "$profile" "$profile_alt" "$profile-"[0-9]* ; rm -rf t-home-'"$$" EXIT guix package --bootstrap -p "$profile" -i guile-bootstrap @@ -156,6 +157,15 @@ guix package -p "$profile" --switch-generation=2 guix package -p "$profile" --delete-generations=3 test -z "`guix package -p "$profile" -l 3`" +# Search path of combined profiles. 'LIBRARY_PATH' should show up only in the +# combination, not in the individual profiles. +rm "$profile" +guix package --bootstrap -p "$profile" -i guile-bootstrap +guix package --bootstrap -p "$profile_alt" -i gcc-bootstrap +if guix package -p "$profile" --search-paths | grep LIBRARY_PATH +then false; fi +guix package -p "$profile" -p "$profile_alt" --search-paths \ + | grep "LIBRARY_PATH.*$profile/lib" # # Try with the default profile. diff --git a/tests/guix-system.sh b/tests/guix-system.sh index d99c9bd07b..e20bc98713 100644 --- a/tests/guix-system.sh +++ b/tests/guix-system.sh @@ -71,13 +71,7 @@ else grep "$tmpfile:9:.*[Uu]nbound variable.*GRUB-config" "$errorfile" fi -# Reporting of duplicate service identifiers. - -cat > "$tmpfile" <<EOF -(use-modules (gnu)) -(use-service-modules networking) - -(operating-system +OS_BASE=' (host-name "antelope") (timezone "Europe/Paris") (locale "en_US.UTF-8") @@ -85,11 +79,20 @@ cat > "$tmpfile" <<EOF (bootloader (grub-configuration (device "/dev/sdX"))) (file-systems (cons (file-system (device "root") - (title 'label) + (title (string->symbol "label")) (mount-point "/") (type "ext4")) %base-file-systems)) +' +# Reporting of duplicate service identifiers. + +cat > "$tmpfile" <<EOF +(use-modules (gnu)) +(use-service-modules networking) + +(operating-system + $OS_BASE (services (cons* (dhcp-client-service) (dhcp-client-service) ;twice! %base-services))) @@ -103,6 +106,36 @@ else grep "service 'networking'.*more than once" "$errorfile" fi +# Reporting unmet dmd requirements. + +cat > "$tmpfile" <<EOF +(use-modules (gnu) (gnu services dmd)) +(use-service-modules networking) + +(define buggy-service-type + (dmd-service-type + 'buggy + (lambda _ + (dmd-service + (provision '(buggy!)) + (requirement '(does-not-exist)) + (start #t))))) + +(operating-system + $OS_BASE + (services (cons (service buggy-service-type #t) + %base-services))) +EOF + +if guix system build "$tmpfile" 2> "$errorfile" +then + exit 1 +else + grep "service 'buggy!'.*'does-not-exist'.*undefined" "$errorfile" +fi + +# Reporting inconsistent user accounts. + make_user_config () { cat > "$tmpfile" <<EOF diff --git a/tests/hackage.scm b/tests/hackage.scm index 229bee35ea..b608ccd866 100644 --- a/tests/hackage.scm +++ b/tests/hackage.scm @@ -50,8 +50,28 @@ build-depends: } ") +;; Check compiler implementation test with and without spaces. +(define test-cabal-3 + "name: foo +version: 1.0.0 +homepage: http://test.org +synopsis: synopsis +description: description +license: BSD3 +library + if impl(ghc >= 7.2 && < 7.6) + Build-depends: ghc-a + if impl(ghc>=7.2&&<7.6) + Build-depends: ghc-b + if impl(ghc == 7.8) + Build-depends: + HTTP >= 4000.2.5 && < 4000.3, + mtl >= 2.0 && < 3 +") + ;; A fragment of a real Cabal file with minor modification to check precedence -;; of 'and' over 'or'. +;; of 'and' over 'or', missing final newline, spaces between keywords and +;; parentheses and between key and column. (define test-read-cabal-1 "name: test-me library @@ -66,24 +86,23 @@ library Build-depends: base >= 3 && < 4 else Build-depends: base < 3 - if flag(base4point8) || flag(base4) && flag(base3) + if flag(base4point8) || flag (base4) && flag(base3) Build-depends: random - Build-depends: containers + Build-depends : containers -- Modules that are always built. Exposed-Modules: - Test.QuickCheck.Exception -") + Test.QuickCheck.Exception") (test-begin "hackage") -(define (eval-test-with-cabal test-cabal) +(define* (eval-test-with-cabal test-cabal #:key (cabal-environment '())) (mock ((guix import hackage) hackage-fetch (lambda (name-version) (call-with-input-string test-cabal read-cabal))) - (match (hackage->guix-package "foo") + (match (hackage->guix-package "foo" #:cabal-environment cabal-environment) (('package ('name "ghc-foo") ('version "1.0.0") @@ -116,6 +135,10 @@ library (test-assert "hackage->guix-package test 2" (eval-test-with-cabal test-cabal-2)) +(test-assert "hackage->guix-package test 3" + (eval-test-with-cabal test-cabal-3 + #:cabal-environment '(("impl" . "ghc-7.8")))) + (test-assert "read-cabal test 1" (match (call-with-input-string test-read-cabal-1 read-cabal) ((("name" ("test-me")) diff --git a/tests/lint.scm b/tests/lint.scm index 3f149562d4..df82593a9e 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -512,6 +512,40 @@ requests." (check-source pkg)))) "not reachable: 404"))) +(test-assert "cve" + (mock ((guix scripts lint) package-vulnerabilities (const '())) + (string-null? + (with-warnings (check-vulnerabilities (dummy-package "x")))))) + +(test-assert "cve: one vulnerability" + (mock ((guix scripts lint) package-vulnerabilities + (lambda (package) + (list (make-struct (@@ (guix cve) <vulnerability>) 0 + "CVE-2015-1234" + (list (cons (package-name package) + (package-version package))))))) + (string-contains + (with-warnings + (check-vulnerabilities (dummy-package "pi" (version "3.14")))) + "vulnerable to CVE-2015-1234"))) + +(test-assert "cve: one patched vulnerability" + (mock ((guix scripts lint) package-vulnerabilities + (lambda (package) + (list (make-struct (@@ (guix cve) <vulnerability>) 0 + "CVE-2015-1234" + (list (cons (package-name package) + (package-version package))))))) + (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package "pi" + (version "3.14") + (source + (dummy-origin + (patches + (list "/a/b/pi-CVE-2015-1234.patch")))))))))) + (test-assert "formatting: lonely parentheses" (string-contains (with-warnings diff --git a/tests/pypi.scm b/tests/pypi.scm index c772474b82..960b8cd32a 100644 --- a/tests/pypi.scm +++ b/tests/pypi.scm @@ -84,8 +84,7 @@ baz > 13.37") ('version "1.0.0") ('source ('origin ('method 'url-fetch) - ('uri ('string-append "https://example.com/foo-" - 'version ".tar.gz")) + ('uri (pypi-uri "foo" version)) ('sha256 ('base32 (? string? hash))))) diff --git a/tests/store.scm b/tests/store.scm index 96b64781dd..394c06bc0f 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -20,6 +20,7 @@ #:use-module (guix tests) #:use-module (guix store) #:use-module (guix utils) + #:use-module (guix monads) #:use-module (guix hash) #:use-module (guix base32) #:use-module (guix packages) @@ -592,6 +593,72 @@ (equal? (list file0) (references %store file1)) (equal? (list file1) (references %store file2)))))) +(test-assert "write-file & export-path yield the same result" + ;; Here we compare 'write-file' and the daemon's own implementation. + ;; 'write-file' is the reference because we know it sorts file + ;; deterministically. Conversely, the daemon uses 'readdir' and the entries + ;; currently happen to be sorted as a side-effect of some unrelated + ;; operation (search for 'unhacked' in archive.cc.) Make sure we detect any + ;; changes there. + (run-with-store %store + (mlet* %store-monad ((drv1 (package->derivation %bootstrap-guile)) + (out1 -> (derivation->output-path drv1)) + (data -> (unfold (cut >= <> 26) + (lambda (i) + (random-bytevector 128)) + 1+ 0)) + (build + -> #~(begin + (use-modules (rnrs io ports) (srfi srfi-1)) + (let () + (define letters + (map (lambda (i) + (string + (integer->char + (+ i (char->integer #\a))))) + (iota 26))) + (define (touch file data) + (call-with-output-file file + (lambda (port) + (put-bytevector port data)))) + + (mkdir #$output) + (chdir #$output) + + ;; The files must be different so they have + ;; different inode numbers, and the inode + ;; order must differ from the lexicographic + ;; order. + (for-each touch + (append (drop letters 10) + (take letters 10)) + (list #$@data)) + #t))) + (drv2 (gexp->derivation "bunch" build)) + (out2 -> (derivation->output-path drv2)) + (item-info -> (store-lift query-path-info))) + (mbegin %store-monad + (built-derivations (list drv1 drv2)) + (foldm %store-monad + (lambda (item result) + (define ref-hash + (let-values (((port get) (open-sha256-port))) + (write-file item port) + (close-port port) + (get))) + + ;; 'query-path-info' returns a hash produced by using the + ;; daemon's C++ 'dump' function, which is the implementation + ;; under test. + (>>= (item-info item) + (lambda (info) + (return + (and result + (bytevector=? (path-info-hash info) ref-hash)))))) + #t + (list out1 out2)))) + #:guile-for-build (%guile-for-build))) + (test-assert "import corrupt path" (let* ((text (random-text)) (file (add-text-to-store %store "text" text)) @@ -689,6 +756,81 @@ ;; Delete the corrupt item to leave the store in a clean state. (delete-paths s (list file))))))) +(test-assert "build-things, check mode" + (with-store store + (call-with-temporary-output-file + (lambda (entropy entropy-port) + (write (random-text) entropy-port) + (force-output entropy-port) + (let* ((drv (build-expression->derivation + store "non-deterministic" + `(begin + (use-modules (rnrs io ports)) + (let ((out (assoc-ref %outputs "out"))) + (call-with-output-file out + (lambda (port) + ;; Rely on the fact that tests do not use the + ;; chroot, and thus ENTROPY is readable. + (display (call-with-input-file ,entropy + get-string-all) + port))) + #t)) + #:guile-for-build + (package-derivation store %bootstrap-guile (%current-system)))) + (file (derivation->output-path drv))) + (and (build-things store (list (derivation-file-name drv))) + (begin + (write (random-text) entropy-port) + (force-output entropy-port) + (guard (c ((nix-protocol-error? c) + (pk 'determinism-exception c) + (and (not (zero? (nix-protocol-error-status c))) + (string-contains (nix-protocol-error-message c) + "deterministic")))) + ;; This one will produce a different result. Since we're in + ;; 'check' mode, this must fail. + (build-things store (list (derivation-file-name drv)) + (build-mode check)) + #f)))))))) + +(test-assert "build multiple times" + (with-store store + ;; Ask to build twice. + (set-build-options store #:rounds 2 #:use-substitutes? #f) + + (call-with-temporary-output-file + (lambda (entropy entropy-port) + (write (random-text) entropy-port) + (force-output entropy-port) + (let* ((drv (build-expression->derivation + store "non-deterministic" + `(begin + (use-modules (rnrs io ports)) + (let ((out (assoc-ref %outputs "out"))) + (call-with-output-file out + (lambda (port) + ;; Rely on the fact that tests do not use the + ;; chroot, and thus ENTROPY is accessible. + (display (call-with-input-file ,entropy + get-string-all) + port) + (call-with-output-file ,entropy + (lambda (port) + (write 'foobar port))))) + #t)) + #:guile-for-build + (package-derivation store %bootstrap-guile (%current-system)))) + (file (derivation->output-path drv))) + (guard (c ((nix-protocol-error? c) + (pk 'multiple-build c) + (and (not (zero? (nix-protocol-error-status c))) + (string-contains (nix-protocol-error-message c) + "deterministic")))) + ;; This one will produce a different result on the second run. + (current-build-output-port (current-error-port)) + (build-things store (list (derivation-file-name drv))) + #f)))))) + (test-equal "store-lower" "Lowered." (let* ((add (store-lower text-file)) diff --git a/tests/substitute.scm b/tests/substitute.scm index 85698127fa..9d907e7abf 100644 --- a/tests/substitute.scm +++ b/tests/substitute.scm @@ -167,8 +167,8 @@ a file for NARINFO." (call-with-narinfo narinfo (lambda () body ...))) ;; Transmit these options to 'guix substitute'. -(set! (@@ (guix scripts substitute) %cache-url) - (getenv "GUIX_BINARY_SUBSTITUTE_URL")) +(set! (@@ (guix scripts substitute) %cache-urls) + (list (getenv "GUIX_BINARY_SUBSTITUTE_URL"))) (test-equal "query narinfo without signature" "" ; not substitutable diff --git a/tests/syscalls.scm b/tests/syscalls.scm index 86783b96c4..a57a9ca9f9 100644 --- a/tests/syscalls.scm +++ b/tests/syscalls.scm @@ -20,6 +20,7 @@ (define-module (test-syscalls) #:use-module (guix utils) #:use-module (guix build syscalls) + #:use-module (gnu build linux-container) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64) @@ -80,7 +81,11 @@ (define (user-namespace pid) (string-append "/proc/" (number->string pid) "/ns/user")) -(unless (file-exists? (user-namespace (getpid))) +(define perform-container-tests? + (and (user-namespace-supported?) + (unprivileged-user-namespace-supported?))) + +(unless perform-container-tests? (test-skip 1)) (test-assert "clone" (match (clone (logior CLONE_NEWUSER SIGCHLD)) @@ -93,7 +98,7 @@ ((_ . status) (= 42 (status:exit-val status)))))))) -(unless (file-exists? (user-namespace (getpid))) +(unless perform-container-tests? (test-skip 1)) (test-assert "setns" (match (clone (logior CLONE_NEWUSER SIGCHLD)) @@ -122,7 +127,7 @@ (waitpid fork-pid) result)))))))) -(unless (file-exists? (user-namespace (getpid))) +(unless perform-container-tests? (test-skip 1)) (test-assert "pivot-root" (match (pipe) diff --git a/tests/utils.scm b/tests/utils.scm index b65d6d20ba..04a859fc9d 100644 --- a/tests/utils.scm +++ b/tests/utils.scm @@ -318,6 +318,12 @@ (string-append (%store-prefix) "/qvs2rj2ia5vci3wsdb7qvydrmacig4pg-bash-4.2-p24"))) +(test-equal "canonical-newline-port" + "This is a journey\nInto the sound\nA journey ...\n" + (let ((port (open-string-input-port + "This is a journey\r\nInto the sound\r\nA journey ...\n"))) + (get-string-all (canonical-newline-port port)))) + (test-end) (false-if-exception (delete-file temp-file)) |