lintian: r553 - in trunk: checks debian testset testset/maintainer-scripts/debian
Author: rra
Date: 2006-01-23 01:49:24 +0100 (Mon, 23 Jan 2006)
New Revision: 553
Modified:
trunk/checks/scripts
trunk/debian/changelog
trunk/testset/maintainer-scripts/debian/postinst
trunk/testset/tags.maintainer-scripts
Log:
* checks/scripts:
+ [RA] Allow /tmp in variable settings. It's likely to be a false
positive. Reported by Frank Ku"ster. (Closes: #344998)
Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts 2006-01-22 22:09:29 UTC (rev 552)
+++ trunk/checks/scripts 2006-01-23 00:49:24 UTC (rev 553)
@@ -417,7 +417,7 @@
next if m,^\s*\#,; # skip comment lines
s/\#.*$//; # eat comments
chomp();
- if (m,\W(/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) {
+ if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) {
tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", "$file:$."
unless $warned_tmp;
$warned_tmp = 1;
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-01-22 22:09:29 UTC (rev 552)
+++ trunk/debian/changelog 2006-01-23 00:49:24 UTC (rev 553)
@@ -9,8 +9,11 @@
* checks/menu-format.desc:
+ [RA] Use "menu manual" rather than "menu" for references to more
clearly distinguish from the Debian Menu Policy. (Closes: #347510)
+ * checks/scripts:
+ + [RA] Allow /tmp in variable settings. It's likely to be a false
+ positive. Reported by Frank Küster. (Closes: #344998)
- -- Russ Allbery <rra@debian.org> Sun, 22 Jan 2006 14:08:12 -0800
+ -- Russ Allbery <rra@debian.org> Sun, 22 Jan 2006 16:27:20 -0800
lintian (1.23.15) unstable; urgency=low
Modified: trunk/testset/maintainer-scripts/debian/postinst
===================================================================
--- trunk/testset/maintainer-scripts/debian/postinst 2006-01-22 22:09:29 UTC (rev 552)
+++ trunk/testset/maintainer-scripts/debian/postinst 2006-01-23 00:49:24 UTC (rev 553)
@@ -37,3 +37,16 @@
update-rc.d foo defaults >/dev/null
update-rc.d $FOO defaults
update-rc.d foo remove
+
+# valid
+FOO=/tmp
+FOO=/var/tmp
+: ${FOO:=/tmp}
+FOO=`mktemp /tmp/scripts.XXXXXX`
+rm "$FOO"
+FOO=`tempfile -n/tmp/scripts.tmp`
+mkdir /var/tmp/scripts
+# invalid
+echo foo >>/tmp/scripts.tmp
+rm /tmp/scripts.tmp
+rmdir /var/tmp/scripts
Modified: trunk/testset/tags.maintainer-scripts
===================================================================
--- trunk/testset/tags.maintainer-scripts 2006-01-22 22:09:29 UTC (rev 552)
+++ trunk/testset/tags.maintainer-scripts 2006-01-23 00:49:24 UTC (rev 553)
@@ -38,6 +38,7 @@
W: maintainer-scripts: possible-bashism-in-maintainer-script prerm:31 'trap "echo hi" EXIT HUP 3'
W: maintainer-scripts: possible-bashism-in-maintainer-script prerm:33 '[['
W: maintainer-scripts: possible-bashism-in-maintainer-script prerm:34 ' kill -HUP'
+W: maintainer-scripts: possibly-insecure-handling-of-tmp-files-in-maintainer-script postinst:50
W: maintainer-scripts: postinst-does-not-load-confmodule
W: maintainer-scripts: postinst-should-not-set-usr-doc-link
W: maintainer-scripts: postrm-does-not-purge-debconf
Reply to: