lintian: r1259 - in trunk: checks debian testset testset/filenames/debian unpack

To: debian-lint-maint@lists.debian.org
Subject: lintian: r1259 - in trunk: checks debian testset testset/filenames/debian unpack
From: rra@debian.org
Date: Wed, 12 Mar 2008 08:45:32 +0100
Message-id: <[🔎] E1JZLeW-0003ti-B9@mordor.wolffelaar.nl>
Author: rra
Date: 2008-03-12 08:45:30 +0100 (Wed, 12 Mar 2008)
New Revision: 1259

Modified:
   trunk/checks/files
   trunk/checks/files.desc
   trunk/debian/changelog
   trunk/testset/filenames/debian/rules
   trunk/testset/tags.filenames
   trunk/unpack/unpack-binpkg-l1
Log:
  + [RA] Check for numeric owners or groups outside of the reserved
    static ranges.  Patch from H?\195?\165kon Stordahl.  (Closes: #469924)
* unpack/unpack-binpkg-l1:
  + [RA] Extract a tar listing with numeric owners and groups into
    index-owner-id in the lab.

Modified: trunk/checks/files
===================================================================
--- trunk/checks/files	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/checks/files	2008-03-12 07:45:30 UTC (rev 1259)
@@ -90,6 +90,8 @@
 
 # Read package contents...
 open(IN, '<', "index") or fail("cannot open index file index: $!");
+open(NUMERIC, '<', "index-owner-id")
+    or fail("cannot open index file index-owner-id: $!");
 while (<IN>) {
     chop;
 
@@ -97,6 +99,13 @@
     my $link;
     my $operm;
 
+    my $numeric = <NUMERIC>;
+    chop $numeric;
+    fail("cannot read index file index-owner-id") unless defined $numeric;
+    my ($owner_id, $file_chk) = (split(' ', $numeric, 6))[1, 5];
+    fail("mismatching contents of index files: $file $file_chk")
+	if $file ne $file_chk;
+
     $file =~ s,^\./,,;
 
     if ($file =~ s/ link to (.*)//) {
@@ -128,6 +137,14 @@
 	tag "package-contains-ancient-file", "$file $date";
     }
 
+    my ($owner_uid, $owner_gid) = split ('/', $owner_id);
+    if (!($owner_uid < 100 || $owner_uid == 65534
+	  || ($owner_uid >= 60000 && $owner_uid < 65000))
+	|| !($owner_gid < 100 || $owner_gid == 65534
+	     || ($owner_gid >= 60000 && $owner_gid < 65000))) {
+	tag "wrong-file-owner-uid-or-gid", $file, $owner_id;
+    }
+
     # *.devhelp and *.devhelp2 files must be accessible from a directory in
     # the devhelp search path: /usr/share/devhelp/books and
     # /usr/share/gtk-doc/html.  We therefore look for any links in one of
@@ -860,6 +877,9 @@
 }
 close(IN);
 
+fail("mismatching contents of index files") if <NUMERIC>;
+close(NUMERIC);
+
 #check for sect: games but nothing in /usr/games. Check for any binary to
 #save ourselves from game-data false positives:
 if ($pkg_section =~ m,games$,

Modified: trunk/checks/files.desc
===================================================================
--- trunk/checks/files.desc	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/checks/files.desc	2008-03-12 07:45:30 UTC (rev 1259)
@@ -732,3 +732,13 @@
  <tt>/usr/share/linda/overrides</tt>.  Linda is obsolete and has been
  removed from the archive as of 2008-03-04.  Linda overrides should
  probably be dropped from packages.
+
+Tag: wrong-file-owner-uid-or-gid
+Type: error
+Info: The user or group ID of the owner of the file is invalid. The
+ owner user and group IDs must be in the set of globally allocated
+ IDs, because other IDs are dynamically allocated and might be used
+ for varying purposes on different systems, or are reserved. The set
+ of the allowed, globally allocated IDs consists of the ranges 0-99,
+ 64000-64999 and 65534.
+Ref: policy 9.2

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/debian/changelog	2008-03-12 07:45:30 UTC (rev 1259)
@@ -19,6 +19,8 @@
     + [RA] /etc/init.d/{skeleton,README} don't need to be executable.
     + [RA] Warn about linda overrides since linda has been removed from
       the archive.  Thanks, Y Giridhar Appaji Nag.  (Closes: #469603)
+    + [RA] Check for numeric owners or groups outside of the reserved
+      static ranges.  Patch from Håkon Stordahl.  (Closes: #469924)
   * checks/scripts:
     + [RA] Attempt to quash some Perl warnings.
     + [RA] *.py files in /usr/{lib,share}, /etc/init.d/skeleton, and *.ex
@@ -39,6 +41,9 @@
 
   * unpack/list-srcpkg:
     + [RA] Fix syntax error introduced by Uploaders support.
+  * unpack/unpack-binpkg-l1:
+    + [RA] Extract a tar listing with numeric owners and groups into
+      index-owner-id in the lab.
 
  -- Russ Allbery <rra@debian.org>  Tue, 04 Mar 2008 13:07:18 -0800
 

Modified: trunk/testset/filenames/debian/rules
===================================================================
--- trunk/testset/filenames/debian/rules	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/testset/filenames/debian/rules	2008-03-12 07:45:30 UTC (rev 1259)
@@ -125,6 +125,13 @@
 	touch debian/tmp/usr/bin/bin/bad
 	chmod 755 debian/tmp/usr/bin/bin/bad
 
+	# Create some files with invalid ownership.
+	set -e; for owner in 100:0 0:2001 30001:65535 65535:65001; do \
+	      touch debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+	      chmod 644 debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+	      chown "$$owner" debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+	done
+
 	install -m 644 debian/changelog debian/tmp/usr/share/doc/filenames/Changes
 	gzip -9 debian/tmp/usr/share/doc/filenames/Changes
 	ln -s Changes.gz debian/tmp/usr/share/doc/filenames/changelog.gz

Modified: trunk/testset/tags.filenames
===================================================================
--- trunk/testset/tags.filenames	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/testset/tags.filenames	2008-03-12 07:45:30 UTC (rev 1259)
@@ -29,6 +29,10 @@
 E: filenames: symlink-should-be-absolute usr/lib/filenames/symlink1wrong ../../../etc/symlink
 E: filenames: use-of-compat-symlink usr/bin/X11/
 E: filenames: use-of-compat-symlink usr/bin/X11/testxbin
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-0:2001 0/2001
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-100:0 100/0
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-30001:65535 30001/65535
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-65535:65001 65535/65001
 E: more-filename-games: no-copyright-file
 I: filename-games: no-md5sums-control-file
 I: filenames: file-in-usr-something-x11-without-pre-depends usr/include/X11/

Modified: trunk/unpack/unpack-binpkg-l1
===================================================================
--- trunk/unpack/unpack-binpkg-l1	2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/unpack/unpack-binpkg-l1	2008-03-12 07:45:30 UTC (rev 1259)
@@ -80,6 +80,15 @@
 	 "$base_dir/index") == 0
     or fail();
 
+# (replaces dpkg-deb -c)
+# create index file for package with owner IDs instead of names
+pipeline((sub { exec "dpkg-deb", "--fsys-tarfile", $file }),
+	 (sub { exec "tar", "--numeric-owner", "-tvf", "-" }),
+	 (sub { exec "sed", "-e", "s/^h/-/" }),
+	 (sub { exec "sort", "-k", "6" }),
+	 "$base_dir/index-owner-id") == 0
+    or fail();
+
 # get package control information
 my $data = (read_dpkg_control("$base_dir/control/control"))[0];
 $data->{'source'} or ($data->{'source'} = $data->{'package'});
Reply to:
Prev by Date: Processed: Lintian bugs fixed in revision r1258
Next by Date: lintian: r1260 - in trunk: debian frontend
Previous by thread: Processed: Lintian bugs fixed in revision r1258
Next by thread: lintian: r1260 - in trunk: debian frontend
Index(es):
- Date
- Thread