lintian: r1259 - in trunk: checks debian testset testset/filenames/debian unpack
Author: rra
Date: 2008-03-12 08:45:30 +0100 (Wed, 12 Mar 2008)
New Revision: 1259
Modified:
trunk/checks/files
trunk/checks/files.desc
trunk/debian/changelog
trunk/testset/filenames/debian/rules
trunk/testset/tags.filenames
trunk/unpack/unpack-binpkg-l1
Log:
+ [RA] Check for numeric owners or groups outside of the reserved
static ranges. Patch from H?\195?\165kon Stordahl. (Closes: #469924)
* unpack/unpack-binpkg-l1:
+ [RA] Extract a tar listing with numeric owners and groups into
index-owner-id in the lab.
Modified: trunk/checks/files
===================================================================
--- trunk/checks/files 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/checks/files 2008-03-12 07:45:30 UTC (rev 1259)
@@ -90,6 +90,8 @@
# Read package contents...
open(IN, '<', "index") or fail("cannot open index file index: $!");
+open(NUMERIC, '<', "index-owner-id")
+ or fail("cannot open index file index-owner-id: $!");
while (<IN>) {
chop;
@@ -97,6 +99,13 @@
my $link;
my $operm;
+ my $numeric = <NUMERIC>;
+ chop $numeric;
+ fail("cannot read index file index-owner-id") unless defined $numeric;
+ my ($owner_id, $file_chk) = (split(' ', $numeric, 6))[1, 5];
+ fail("mismatching contents of index files: $file $file_chk")
+ if $file ne $file_chk;
+
$file =~ s,^\./,,;
if ($file =~ s/ link to (.*)//) {
@@ -128,6 +137,14 @@
tag "package-contains-ancient-file", "$file $date";
}
+ my ($owner_uid, $owner_gid) = split ('/', $owner_id);
+ if (!($owner_uid < 100 || $owner_uid == 65534
+ || ($owner_uid >= 60000 && $owner_uid < 65000))
+ || !($owner_gid < 100 || $owner_gid == 65534
+ || ($owner_gid >= 60000 && $owner_gid < 65000))) {
+ tag "wrong-file-owner-uid-or-gid", $file, $owner_id;
+ }
+
# *.devhelp and *.devhelp2 files must be accessible from a directory in
# the devhelp search path: /usr/share/devhelp/books and
# /usr/share/gtk-doc/html. We therefore look for any links in one of
@@ -860,6 +877,9 @@
}
close(IN);
+fail("mismatching contents of index files") if <NUMERIC>;
+close(NUMERIC);
+
#check for sect: games but nothing in /usr/games. Check for any binary to
#save ourselves from game-data false positives:
if ($pkg_section =~ m,games$,
Modified: trunk/checks/files.desc
===================================================================
--- trunk/checks/files.desc 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/checks/files.desc 2008-03-12 07:45:30 UTC (rev 1259)
@@ -732,3 +732,13 @@
<tt>/usr/share/linda/overrides</tt>. Linda is obsolete and has been
removed from the archive as of 2008-03-04. Linda overrides should
probably be dropped from packages.
+
+Tag: wrong-file-owner-uid-or-gid
+Type: error
+Info: The user or group ID of the owner of the file is invalid. The
+ owner user and group IDs must be in the set of globally allocated
+ IDs, because other IDs are dynamically allocated and might be used
+ for varying purposes on different systems, or are reserved. The set
+ of the allowed, globally allocated IDs consists of the ranges 0-99,
+ 64000-64999 and 65534.
+Ref: policy 9.2
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/debian/changelog 2008-03-12 07:45:30 UTC (rev 1259)
@@ -19,6 +19,8 @@
+ [RA] /etc/init.d/{skeleton,README} don't need to be executable.
+ [RA] Warn about linda overrides since linda has been removed from
the archive. Thanks, Y Giridhar Appaji Nag. (Closes: #469603)
+ + [RA] Check for numeric owners or groups outside of the reserved
+ static ranges. Patch from Håkon Stordahl. (Closes: #469924)
* checks/scripts:
+ [RA] Attempt to quash some Perl warnings.
+ [RA] *.py files in /usr/{lib,share}, /etc/init.d/skeleton, and *.ex
@@ -39,6 +41,9 @@
* unpack/list-srcpkg:
+ [RA] Fix syntax error introduced by Uploaders support.
+ * unpack/unpack-binpkg-l1:
+ + [RA] Extract a tar listing with numeric owners and groups into
+ index-owner-id in the lab.
-- Russ Allbery <rra@debian.org> Tue, 04 Mar 2008 13:07:18 -0800
Modified: trunk/testset/filenames/debian/rules
===================================================================
--- trunk/testset/filenames/debian/rules 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/testset/filenames/debian/rules 2008-03-12 07:45:30 UTC (rev 1259)
@@ -125,6 +125,13 @@
touch debian/tmp/usr/bin/bin/bad
chmod 755 debian/tmp/usr/bin/bin/bad
+ # Create some files with invalid ownership.
+ set -e; for owner in 100:0 0:2001 30001:65535 65535:65001; do \
+ touch debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+ chmod 644 debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+ chown "$$owner" debian/tmp/usr/lib/filenames/wrong-owner-$$owner ; \
+ done
+
install -m 644 debian/changelog debian/tmp/usr/share/doc/filenames/Changes
gzip -9 debian/tmp/usr/share/doc/filenames/Changes
ln -s Changes.gz debian/tmp/usr/share/doc/filenames/changelog.gz
Modified: trunk/testset/tags.filenames
===================================================================
--- trunk/testset/tags.filenames 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/testset/tags.filenames 2008-03-12 07:45:30 UTC (rev 1259)
@@ -29,6 +29,10 @@
E: filenames: symlink-should-be-absolute usr/lib/filenames/symlink1wrong ../../../etc/symlink
E: filenames: use-of-compat-symlink usr/bin/X11/
E: filenames: use-of-compat-symlink usr/bin/X11/testxbin
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-0:2001 0/2001
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-100:0 100/0
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-30001:65535 30001/65535
+E: filenames: wrong-file-owner-uid-or-gid usr/lib/filenames/wrong-owner-65535:65001 65535/65001
E: more-filename-games: no-copyright-file
I: filename-games: no-md5sums-control-file
I: filenames: file-in-usr-something-x11-without-pre-depends usr/include/X11/
Modified: trunk/unpack/unpack-binpkg-l1
===================================================================
--- trunk/unpack/unpack-binpkg-l1 2008-03-12 07:13:25 UTC (rev 1258)
+++ trunk/unpack/unpack-binpkg-l1 2008-03-12 07:45:30 UTC (rev 1259)
@@ -80,6 +80,15 @@
"$base_dir/index") == 0
or fail();
+# (replaces dpkg-deb -c)
+# create index file for package with owner IDs instead of names
+pipeline((sub { exec "dpkg-deb", "--fsys-tarfile", $file }),
+ (sub { exec "tar", "--numeric-owner", "-tvf", "-" }),
+ (sub { exec "sed", "-e", "s/^h/-/" }),
+ (sub { exec "sort", "-k", "6" }),
+ "$base_dir/index-owner-id") == 0
+ or fail();
+
# get package control information
my $data = (read_dpkg_control("$base_dir/control/control"))[0];
$data->{'source'} or ($data->{'source'} = $data->{'package'});
Reply to: