[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, lenny, updated. 1.24.2.1-4-gc8d01f0



The following commit has been merged in the lenny branch:
commit cbac2be31d142fb521c376c5d8a903b5fd4a7f07
Author: Raphael Geissert <atomo64@gmail.com>
Date:   Wed Jan 20 13:36:12 2010 -0600

    Fix CVE-2009-4014, format string vulnerabilities
    
    Multiple check scripts and the lintian frontend were using
    user-provided input as part of the sprintf/printf format string.

diff --git a/checks/control-files b/checks/control-files
index d12ce36..ee69e2a 100644
--- a/checks/control-files
+++ b/checks/control-files
@@ -102,7 +102,7 @@ while (<IN>) {
     # correct permissions?
     unless ($operm == $ctrl{$file}) {
 	tag "control-file-has-bad-permissions",
-	    sprintf("$file %04o != %04o",$operm,$ctrl{$file});
+	    sprintf("%s %04o != %04o",$file,$operm,$ctrl{$file});
     }
 
     # correct owner?
diff --git a/checks/files b/checks/files
index 4a177c7..efb9af5 100644
--- a/checks/files
+++ b/checks/files
@@ -178,12 +178,12 @@ while (<IN>) {
 	}
 	# ---------------- /etc/cron.d
 	elsif ($file =~ m,^etc/cron\.d/\S, and $operm != 0644) {
-	    tag "bad-permissions-for-etc-cron.d-script", sprintf("$file %04o != 0644",$operm);
+	    tag "bad-permissions-for-etc-cron.d-script", sprintf("%s %04o != 0644",$file,$operm);
 	}
 	# ---------------- /etc/emacs.*
 	elsif ($file =~ m,^etc/emacs.*/\S, and $perm =~ m/^-/
 	       and $operm != 0644) {
-	    tag "bad-permissions-for-etc-emacs-script", sprintf("$file %04o != 0644",$operm);
+	    tag "bad-permissions-for-etc-emacs-script", sprintf("%s %04o != 0644",$file,$operm);
 	}
 	# ---------------- /etc/gconf/schemas
 	elsif ($file =~ m,^etc/gconf/schemas/\S,) {
@@ -195,7 +195,7 @@ while (<IN>) {
 	       and $operm != 0755
 	       and $perm =~ m/^-/) {
 	    tag "non-standard-file-permissions-for-etc-init.d-script",
-		sprintf("$file %04o != 0755",$operm);
+		sprintf("%s %04o != 0755",$file,$operm);
 	}
 	#----------------- /etc/pam.conf
 	elsif ($file =~ m,^etc/pam.conf, and $pkg ne "libpam-runtime" ) {
@@ -692,11 +692,11 @@ while (<IN>) {
 
 	    # Check for setuid and setgid that isn't expected.
 	    if ($setuid and $setgid) {
-		tag "setuid-gid-binary", $file, sprintf("%04o $owner",$operm);
+		tag "setuid-gid-binary", $file, sprintf("%04o %s",$operm,$owner);
 	    } elsif ($setuid) {
-		tag "setuid-binary", $file, sprintf("%04o $owner",$operm);
+		tag "setuid-binary", $file, sprintf("%04o %s",$operm,$owner);
 	    } elsif ($setgid) {
-		tag "setgid-binary", $file, sprintf("%04o $owner",$operm);
+		tag "setgid-binary", $file, sprintf("%04o %s",$operm,$owner);
 	    }
 
 	    # Check for permission problems other than the setuid status.
diff --git a/checks/menu-format b/checks/menu-format
index ecd2d7b..1f5cc85 100644
--- a/checks/menu-format
+++ b/checks/menu-format
@@ -409,7 +409,7 @@ while (<IN>) {
 
     if ($perm =~ m,^-, && $file =~ m,/usr/share/applications/.*\.desktop$,) {
         if ($perm =~ m,x,o) {
-            tag "executable-desktop-file", sprintf("$file %04o",$operm);
+            tag "executable-desktop-file", sprintf("%s %04o",$file,$operm);
         }
         unless (m,template,) {
             push (@desktop_files, $file);
diff --git a/checks/menus b/checks/menus
index 6674d33..b8064ff 100644
--- a/checks/menus
+++ b/checks/menus
@@ -104,7 +104,7 @@ while (<IN>) {
 	# menu file?
 	if ($file =~ m,^usr/(lib|share)/menu/\S,o) { # correct permissions?
 	    if ($perm =~ m,x,o) {
-		tag "executable-menu-file", sprintf("$file %04o",$operm);
+		tag "executable-menu-file", sprintf("%s %04o",$file,$operm);
 	    }
 
 	    next if $file =~ m,^usr/(lib|share)/menu/README$,;
diff --git a/frontend/lintian b/frontend/lintian
index d2ab086..59887d4 100755
--- a/frontend/lintian
+++ b/frontend/lintian
@@ -1674,8 +1674,9 @@ sub schedule_package {
 
     if ( $already_scheduled{$s}++ ) {
 	if ($verbose) {
-	    printf "N: Ignoring duplicate %s package $pkg (version $ver)\n",
-		$type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb');
+	    printf "N: Ignoring duplicate %s package %s (version %s)\n",
+		$type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb'),
+		$pkg, $ver;
 	}
 	return;
     }

-- 
Debian package checker


Reply to: