[SCM] Debian package checker branch, master, updated. 2.3.4-90-g45ab5f1
The following commit has been merged in the master branch:
commit 6fbcbd47e94db7721812c7b5c40ebfc8315e80c2
Author: Raphael Geissert <atomo64@gmail.com>
Date: Wed Apr 7 13:07:32 2010 -0500
Detect embedded copies of libpng
Detect them based on a rather unique error string.
* checks/binaries{,.desc}:
+ [RG] Detect embedded copies of libpng.
diff --git a/checks/binaries b/checks/binaries
index 06c6fb8..b3187b5 100644
--- a/checks/binaries
+++ b/checks/binaries
@@ -278,6 +278,11 @@ foreach my $file (sort keys %{$info->file_info}) {
tag "embedded-zlib", $file;
}
+ if ($info->field('source') ne 'libpng'
+ and $strings =~ /^Potential overflow in png_zalloc/m) {
+ tag "embedded-libpng", $file;
+ }
+
# binary or shared object?
next unless ($fileinfo =~ m/executable/) or ($fileinfo =~ m/shared object/);
next if $type eq 'udeb';
diff --git a/checks/binaries.desc b/checks/binaries.desc
index e04d1e7..d5075b5 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -262,6 +262,19 @@ Info: The given ELF object appears to have been statically linked to zlib.
Some packages have to use a modified version of zlib due to requirements
in that package. If this is the case, please add an override.
+Tag: embedded-libpng
+Severity: serious
+Certainty: possible
+Ref: policy 4.13
+Info: The given ELF object appears to have been statically linked to libpng.
+ Doing this is strongly discouraged due to the extra work needed by the
+ security team to fix all the extra embedded copies or trigger the package
+ rebuilds, as appropriate.
+ .
+ If the package uses a modified version of libpng it is highly recommended
+ to coordinate with the libpng maintainer to include the changes on the
+ system version of the library.
+
Tag: debug-symbols-directly-in-usr-lib-debug
Severity: important
Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index 70f6229..0e67141 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
lintian (2.4.0) UNRELEASED; urgency=low
- * checks/binaries:
+ * checks/binaries{,.desc}:
+ [ADB] Use Lintian::Check::check_spelling()
+ + [RG] Detect embedded copies of libpng.
* checks/changelog-file:
+ [ADB] Use Lintian::Check::check_spelling()
* checks/changes-file{,.desc}:
diff --git a/t/tests/binaries-embedded-zlib/debian/Makefile b/t/tests/binaries-embedded-libpng/debian/Makefile
similarity index 100%
copy from t/tests/binaries-embedded-zlib/debian/Makefile
copy to t/tests/binaries-embedded-libpng/debian/Makefile
diff --git a/t/tests/binaries-embedded-libpng/debian/dummy.c b/t/tests/binaries-embedded-libpng/debian/dummy.c
new file mode 100644
index 0000000..80718a9
--- /dev/null
+++ b/t/tests/binaries-embedded-libpng/debian/dummy.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+/*
+ * The png_zalloc overflow error message is unique enough to be used to
+ * detect embedded or statically-linked copies of libpng.
+ */
+static const char zalloc_error[]
+ = "Potential overflow in png_zalloc()";
+
+int
+main(void)
+{
+ printf("%s\n", zalloc_error);
+}
diff --git a/t/tests/binaries-embedded-libpng/desc b/t/tests/binaries-embedded-libpng/desc
new file mode 100644
index 0000000..e8cdcae
--- /dev/null
+++ b/t/tests/binaries-embedded-libpng/desc
@@ -0,0 +1,6 @@
+Testname: binaries-embedded-libpng
+Sequence: 6000
+Architecture: any
+Version: 1.0
+Description: Package with binary with the png_zalloc error string
+Test-For: embedded-libpng
diff --git a/t/tests/binaries-embedded-libpng/tags b/t/tests/binaries-embedded-libpng/tags
new file mode 100644
index 0000000..f68dee2
--- /dev/null
+++ b/t/tests/binaries-embedded-libpng/tags
@@ -0,0 +1,2 @@
+E: binaries-embedded-libpng: embedded-libpng ./usr/bin/dummy
+W: binaries-embedded-libpng: binary-without-manpage usr/bin/dummy
--
Debian package checker
Reply to: