[SCM] Debian package checker branch, lenny, updated. 1.24.2.1-4-gc8d01f0
The following commit has been merged in the lenny branch:
commit cbac2be31d142fb521c376c5d8a903b5fd4a7f07
Author: Raphael Geissert <atomo64@gmail.com>
Date: Wed Jan 20 13:36:12 2010 -0600
Fix CVE-2009-4014, format string vulnerabilities
Multiple check scripts and the lintian frontend were using
user-provided input as part of the sprintf/printf format string.
diff --git a/checks/control-files b/checks/control-files
index d12ce36..ee69e2a 100644
--- a/checks/control-files
+++ b/checks/control-files
@@ -102,7 +102,7 @@ while (<IN>) {
# correct permissions?
unless ($operm == $ctrl{$file}) {
tag "control-file-has-bad-permissions",
- sprintf("$file %04o != %04o",$operm,$ctrl{$file});
+ sprintf("%s %04o != %04o",$file,$operm,$ctrl{$file});
}
# correct owner?
diff --git a/checks/files b/checks/files
index 4a177c7..efb9af5 100644
--- a/checks/files
+++ b/checks/files
@@ -178,12 +178,12 @@ while (<IN>) {
}
# ---------------- /etc/cron.d
elsif ($file =~ m,^etc/cron\.d/\S, and $operm != 0644) {
- tag "bad-permissions-for-etc-cron.d-script", sprintf("$file %04o != 0644",$operm);
+ tag "bad-permissions-for-etc-cron.d-script", sprintf("%s %04o != 0644",$file,$operm);
}
# ---------------- /etc/emacs.*
elsif ($file =~ m,^etc/emacs.*/\S, and $perm =~ m/^-/
and $operm != 0644) {
- tag "bad-permissions-for-etc-emacs-script", sprintf("$file %04o != 0644",$operm);
+ tag "bad-permissions-for-etc-emacs-script", sprintf("%s %04o != 0644",$file,$operm);
}
# ---------------- /etc/gconf/schemas
elsif ($file =~ m,^etc/gconf/schemas/\S,) {
@@ -195,7 +195,7 @@ while (<IN>) {
and $operm != 0755
and $perm =~ m/^-/) {
tag "non-standard-file-permissions-for-etc-init.d-script",
- sprintf("$file %04o != 0755",$operm);
+ sprintf("%s %04o != 0755",$file,$operm);
}
#----------------- /etc/pam.conf
elsif ($file =~ m,^etc/pam.conf, and $pkg ne "libpam-runtime" ) {
@@ -692,11 +692,11 @@ while (<IN>) {
# Check for setuid and setgid that isn't expected.
if ($setuid and $setgid) {
- tag "setuid-gid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setuid-gid-binary", $file, sprintf("%04o %s",$operm,$owner);
} elsif ($setuid) {
- tag "setuid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setuid-binary", $file, sprintf("%04o %s",$operm,$owner);
} elsif ($setgid) {
- tag "setgid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setgid-binary", $file, sprintf("%04o %s",$operm,$owner);
}
# Check for permission problems other than the setuid status.
diff --git a/checks/menu-format b/checks/menu-format
index ecd2d7b..1f5cc85 100644
--- a/checks/menu-format
+++ b/checks/menu-format
@@ -409,7 +409,7 @@ while (<IN>) {
if ($perm =~ m,^-, && $file =~ m,/usr/share/applications/.*\.desktop$,) {
if ($perm =~ m,x,o) {
- tag "executable-desktop-file", sprintf("$file %04o",$operm);
+ tag "executable-desktop-file", sprintf("%s %04o",$file,$operm);
}
unless (m,template,) {
push (@desktop_files, $file);
diff --git a/checks/menus b/checks/menus
index 6674d33..b8064ff 100644
--- a/checks/menus
+++ b/checks/menus
@@ -104,7 +104,7 @@ while (<IN>) {
# menu file?
if ($file =~ m,^usr/(lib|share)/menu/\S,o) { # correct permissions?
if ($perm =~ m,x,o) {
- tag "executable-menu-file", sprintf("$file %04o",$operm);
+ tag "executable-menu-file", sprintf("%s %04o",$file,$operm);
}
next if $file =~ m,^usr/(lib|share)/menu/README$,;
diff --git a/frontend/lintian b/frontend/lintian
index d2ab086..59887d4 100755
--- a/frontend/lintian
+++ b/frontend/lintian
@@ -1674,8 +1674,9 @@ sub schedule_package {
if ( $already_scheduled{$s}++ ) {
if ($verbose) {
- printf "N: Ignoring duplicate %s package $pkg (version $ver)\n",
- $type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb');
+ printf "N: Ignoring duplicate %s package %s (version %s)\n",
+ $type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb'),
+ $pkg, $ver;
}
return;
}
--
Debian package checker
Reply to: