[SCM] Debian package checker branch, master, updated. 2.3.4-90-g45ab5f1
The following commit has been merged in the master branch:
commit 52ca0ed2c94f597afa227a2e508f0cc0f6e03ab5
Author: Raphael Geissert <atomo64@gmail.com>
Date: Wed Apr 7 13:50:17 2010 -0500
Detect embedded copies of lib{,open}jpeg
Again, detect them based on a rather unique error string.
* checks/binaries{,.desc}:
+ [RG] Detect embedded copies of lib{,open}jpeg.
diff --git a/checks/binaries b/checks/binaries
index b3187b5..48d4371 100644
--- a/checks/binaries
+++ b/checks/binaries
@@ -283,6 +283,16 @@ foreach my $file (sort keys %{$info->file_info}) {
tag "embedded-libpng", $file;
}
+ if ($info->field('source') !~ '^libjpeg.*'
+ and $strings =~ /quantization tables are too coarse for baseline JPEG/) {
+ tag "embedded-libjpeg", $file;
+ }
+
+ if ($info->field('source') ne 'openjpeg'
+ and $strings =~ /tcd_decode: incomplete bistream/) {
+ tag "embedded-libopenjpeg", $file;
+ }
+
# binary or shared object?
next unless ($fileinfo =~ m/executable/) or ($fileinfo =~ m/shared object/);
next if $type eq 'udeb';
diff --git a/checks/binaries.desc b/checks/binaries.desc
index d5075b5..a22d0dc 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -275,6 +275,32 @@ Info: The given ELF object appears to have been statically linked to libpng.
to coordinate with the libpng maintainer to include the changes on the
system version of the library.
+Tag: embedded-libjpeg
+Severity: serious
+Certainty: possible
+Ref: policy 4.13
+Info: The given ELF object appears to have been statically linked to
+ libjpeg. Doing this is strongly discouraged due to the extra work needed
+ by the security team to fix all the extra embedded copies or trigger the
+ package rebuilds, as appropriate.
+ .
+ If the package uses a modified version of libjpeg it is highly
+ recommended to coordinate with the libjpeg maintainer to include the
+ changes on the system version of the library.
+
+Tag: embedded-libopenjpeg
+Severity: serious
+Certainty: possible
+Ref: policy 4.13
+Info: The given ELF object appears to have been statically linked to
+ libopenjpeg. Doing this is strongly discouraged due to the extra work
+ needed by the security team to fix all the extra embedded copies or
+ trigger the package rebuilds, as appropriate.
+ .
+ If the package uses a modified version of libopenjpeg it is highly
+ recommended to coordinate with the libopenjpeg maintainer to include the
+ changes on the system version of the library.
+
Tag: debug-symbols-directly-in-usr-lib-debug
Severity: important
Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index 0e67141..a6b6e8d 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ lintian (2.4.0) UNRELEASED; urgency=low
* checks/binaries{,.desc}:
+ [ADB] Use Lintian::Check::check_spelling()
- + [RG] Detect embedded copies of libpng.
+ + [RG] Detect embedded copies of libpng, lib{,open}jpeg.
* checks/changelog-file:
+ [ADB] Use Lintian::Check::check_spelling()
* checks/changes-file{,.desc}:
diff --git a/t/tests/binaries-embedded-libs/debian/Makefile b/t/tests/binaries-embedded-libs/debian/Makefile
index 2a763d2..357b8d9 100644
--- a/t/tests/binaries-embedded-libs/debian/Makefile
+++ b/t/tests/binaries-embedded-libs/debian/Makefile
@@ -1,4 +1,4 @@
-BINARIES := zlib libpng
+BINARIES := zlib libpng libjpeg libopenjpeg
all: $(BINARIES)
diff --git a/t/tests/binaries-embedded-libs/debian/libjpeg.c b/t/tests/binaries-embedded-libs/debian/libjpeg.c
new file mode 100644
index 0000000..ddf2cc9
--- /dev/null
+++ b/t/tests/binaries-embedded-libs/debian/libjpeg.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+/*
+ * The quantization tables warning message is unique enough to be used to
+ * detect embedded or statically-linked copies of libjpeg.
+ */
+static const char quantization_tables_warning[]
+ = "Caution: quantization tables are too coarse for baseline JPEG";
+
+int
+main(void)
+{
+ printf("%s\n", quantization_tables_warning);
+}
diff --git a/t/tests/binaries-embedded-libs/debian/libopenjpeg.c b/t/tests/binaries-embedded-libs/debian/libopenjpeg.c
new file mode 100644
index 0000000..0dd0f28
--- /dev/null
+++ b/t/tests/binaries-embedded-libs/debian/libopenjpeg.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+/*
+ * The tcd_decode error message appears to be unique enough to be used to
+ * detect embedded or statically-linked copies of libopenjpeg.
+ */
+static const char tcd_error[]
+ = "tcd_decode: incomplete bistream";
+
+int
+main(void)
+{
+ printf("%s\n", tcd_error);
+}
diff --git a/t/tests/binaries-embedded-libs/desc b/t/tests/binaries-embedded-libs/desc
index e2eff6e..1f0c468 100644
--- a/t/tests/binaries-embedded-libs/desc
+++ b/t/tests/binaries-embedded-libs/desc
@@ -6,3 +6,5 @@ Description: Package with binary with library-unique strings
Test-For:
embedded-zlib
embedded-libpng
+ embedded-libjpeg
+ embedded-libopenjpeg
diff --git a/t/tests/binaries-embedded-libs/tags b/t/tests/binaries-embedded-libs/tags
index f32be42..40588c1 100644
--- a/t/tests/binaries-embedded-libs/tags
+++ b/t/tests/binaries-embedded-libs/tags
@@ -1,4 +1,8 @@
+E: binaries-embedded-libs: embedded-libjpeg ./usr/bin/libjpeg
+E: binaries-embedded-libs: embedded-libopenjpeg ./usr/bin/libopenjpeg
E: binaries-embedded-libs: embedded-libpng ./usr/bin/libpng
E: binaries-embedded-libs: embedded-zlib ./usr/bin/zlib
+W: binaries-embedded-libs: binary-without-manpage usr/bin/libjpeg
+W: binaries-embedded-libs: binary-without-manpage usr/bin/libopenjpeg
W: binaries-embedded-libs: binary-without-manpage usr/bin/libpng
W: binaries-embedded-libs: binary-without-manpage usr/bin/zlib
--
Debian package checker
Reply to: