[SCM] Debian package checker branch, master, updated. 2.2.13-50-gbd5784d
The following commit has been merged in the master branch:
commit bd5784d44c763895e68ee07a6c0763e5a0f992f7
Author: Russ Allbery <rra@debian.org>
Date: Sat Aug 15 20:02:36 2009 -0700
Avoid false positives with commands with paths in maintainer scripts
* checks/scripts:
+ [RA] Avoid command-with-path-in-maintainer-script false positives
with backtick expressions as arguments to commands. Thanks, Stefan
Fritsch. (Closes: #536397)
diff --git a/checks/scripts b/checks/scripts
index 77c18d3..eb1785b 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -830,9 +830,6 @@ while (<SCRIPTS>) {
tag "maintainer-script-modifies-ld-so-conf", "$file:$."
unless $pkg =~ /^libc/;
}
- if (m,$LEADIN(/(usr/)?s?bin/[\w.+-]+)(\s|;|$),) {
- tag "command-with-path-in-maintainer-script", "$file:$. $1";
- }
# Ancient dpkg feature tests.
if (m/${LEADIN}dpkg\s+--assert-support-predepends\b/) {
@@ -852,6 +849,28 @@ while (<SCRIPTS>) {
if (m,${LEADIN}(?:/usr/bin/)?fc-cache(\s|\Z),) {
tag 'fc-cache-used-in-maintainer-script', "$file:$.";
}
+
+ # Check for running commands with a leading path.
+ #
+ # Unfortunately, our $LEADIN string doesn't work well for this
+ # in the presence of commands that contain backquoted
+ # expressions because it can't tell the difference between the
+ # initial backtick and the closing backtick. We therefore
+ # first extract all backquoted expressions and check them
+ # separately, and then remove them from a copy of a string and
+ # then check it for bashisms.
+ while (m,\`([^\`]+)\`,g) {
+ my $cmd = $1;
+ if ($cmd =~ m,$LEADIN(/(usr/)?s?bin/[\w.+-]+)(\s|;|\z),) {
+ tag "command-with-path-in-maintainer-script",
+ "$file:$. $1";
+ }
+ }
+ my $cmd = $_;
+ $cmd =~ s/\`[^\`]+\`//g;
+ if ($cmd =~ m,$LEADIN(/(usr/)?s?bin/[\w.+-]+)(\s|;|$),) {
+ tag "command-with-path-in-maintainer-script", "$file:$. $1";
+ }
}
}
if (m,\bsuidregister\b,) {
diff --git a/debian/changelog b/debian/changelog
index 68274df..13b5095 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -73,6 +73,9 @@ lintian (2.2.14) UNRELEASED; urgency=low
(Closes: #534942)
+ [RA] Warn about maintainter scripts that modify /etc/ld.so.conf.
Policy 3.8.3 no longer permits this.
+ + [RA] Avoid command-with-path-in-maintainer-script false positives
+ with backtick expressions as arguments to commands. Thanks, Stefan
+ Fritsch. (Closes: #536397)
* checks/watch-file:
+ [RA] Fix false positives in debian-watch-file-should-mangle-version
when an upstream version is specified in the watch file and give the
diff --git a/t/tests/scripts-maintainer-general/debian/debian/postinst b/t/tests/scripts-maintainer-general/debian/debian/postinst
index c553f07..e48a2c5 100755
--- a/t/tests/scripts-maintainer-general/debian/debian/postinst
+++ b/t/tests/scripts-maintainer-general/debian/debian/postinst
@@ -109,4 +109,12 @@ echo '/usr/local/lib' >> /etc/ld.so.conf
( cat /etc/ld.so.conf ; echo '/usr/local/lib' ) > /etc/ld.so.conf.new
mv /etc/ld.so.conf.new /etc/ld.so.conf
+# Further tests for commands with paths in maintainer scripts. The following
+# should not trigger a tag (Bug#536397).
+chmod `dpkg-statoverride --list /usr/sbin/apache2 | cut -f 3` /usr/sbin/apache2
+
+# These, however, should.
+true `basename "$0"` `/usr/bin/foo bar`
+true `/usr/bin/foo "$0"`
+
#DEBHELPER#
diff --git a/t/tests/scripts-maintainer-general/tags b/t/tests/scripts-maintainer-general/tags
index cddaeb8..e0b8c5e 100644
--- a/t/tests/scripts-maintainer-general/tags
+++ b/t/tests/scripts-maintainer-general/tags
@@ -9,6 +9,8 @@ E: scripts-maintainer-general: maintainer-script-modifies-netbase-managed-file p
E: scripts-maintainer-general: maintainer-script-uses-dpkg-status-directly postinst
E: scripts-maintainer-general: read-in-maintainer-script postinst:10
E: scripts-maintainer-general: suidregister-used-in-maintainer-script postinst
+W: scripts-maintainer-general: command-with-path-in-maintainer-script postinst:117 /usr/bin/foo
+W: scripts-maintainer-general: command-with-path-in-maintainer-script postinst:118 /usr/bin/foo
W: scripts-maintainer-general: command-with-path-in-maintainer-script postinst:91 /usr/bin/baz
W: scripts-maintainer-general: deprecated-chown-usage postinst:14 'chown root.root'
W: scripts-maintainer-general: deprecated-chown-usage postinst:84 'chown -R root.root'
--
Debian package checker
Reply to: