[SCM] Debian package checker branch, master, updated. 2.4.2-11-gf4f7153
The following commit has been merged in the master branch:
commit 3e4b70814b868c85873de00d15c08dc480e0e516
Author: Raphael Geissert <atomo64@gmail.com>
Date: Tue Jul 13 12:54:56 2010 -0500
Detect embedded copies of libbz2, pcre3, and tiff
A new, generic, tag 'embedded-library' is introduced instead of adding
more embedded-<lib-name> tags. The existing tags should be merged at a
later time (some packages already override them.)
diff --git a/checks/binaries b/checks/binaries
index 2134ada..7aace1a 100644
--- a/checks/binaries
+++ b/checks/binaries
@@ -68,6 +68,12 @@ our %arch_64bit_equivs = (
'sparc' => 'sparc64',
);
+our %EMBEDDED_LIBRARIES = (
+ 'bzip2' => qr'(?m)^This is a bug in bzip2',
+ 'pcre3' => qr'this version of PCRE is not compiled with PCRE_UTF8 support',
+ 'tiff' => qr'No space for PixarLog state block',
+);
+
our $multiarch;
sub run {
@@ -297,6 +303,13 @@ foreach my $file (sort keys %{$info->file_info}) {
tag "embedded-libopenjpeg", $file;
}
+ while (my ($src, $regex) = each %EMBEDDED_LIBRARIES) {
+ if ($info->field('source') ne $src
+ and $strings =~ /$regex/) {
+ tag "embedded-library", "$file: $src";
+ }
+ }
+
# binary or shared object?
next unless ($fileinfo =~ m/executable/) or ($fileinfo =~ m/shared object/);
next if $type eq 'udeb';
diff --git a/checks/binaries.desc b/checks/binaries.desc
index a22d0dc..3e11c67 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -301,6 +301,19 @@ Info: The given ELF object appears to have been statically linked to
recommended to coordinate with the libopenjpeg maintainer to include the
changes on the system version of the library.
+Tag: embedded-library
+Severity: serious
+Certainty: possible
+Ref: policy 4.13
+Info: The given ELF object appears to have been statically linked to
+ a library. Doing this is strongly discouraged due to the extra work
+ needed by the security team to fix all the extra embedded copies or
+ trigger the package rebuilds, as appropriate.
+ .
+ If the package uses a modified version of the given library it is highly
+ recommended to coordinate with the library's maintainer to include the
+ changes on the system version of the library.
+
Tag: debug-symbols-directly-in-usr-lib-debug
Severity: important
Certainty: certain
diff --git a/debian/changelog b/debian/changelog
index ce27dc5..95b74c6 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
lintian (2.4.3) UNRELEASED; urgency=low
+ * Summary of tag changes:
+ + Added:
+ - embedded-library
+
+ * checks/binaries{,.desc}:
+ + [RG] Detect embedded copies of libbz2, pcre3, and tiff.
* checks/files
+ [RG] Detect embedded copies of HTMLPurifier.
+ [RG] Detect embedded copies of the Strophe javascript library.
diff --git a/t/tests/binaries-embedded-libs/debian/Makefile b/t/tests/binaries-embedded-libs/debian/Makefile
index 2816381..8629642 100644
--- a/t/tests/binaries-embedded-libs/debian/Makefile
+++ b/t/tests/binaries-embedded-libs/debian/Makefile
@@ -1,4 +1,4 @@
-BINARIES := zlib libpng libjpeg libopenjpeg
+BINARIES := zlib libpng libjpeg libopenjpeg libtiff libpcre3 libbz2
MANPAGES := $(patsubst %,%.1,$(BINARIES))
all: $(BINARIES) $(MANPAGES)
diff --git a/t/tests/binaries-embedded-libs/debian/libbz2.c b/t/tests/binaries-embedded-libs/debian/libbz2.c
new file mode 100644
index 0000000..d0ab79b
--- /dev/null
+++ b/t/tests/binaries-embedded-libs/debian/libbz2.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+
+static const char bzip2_bug[]
+ = "This is a bug in bzip2";
+
+int
+main(void)
+{
+ printf("%s\n", bzip2_bug);
+}
diff --git a/t/tests/binaries-embedded-libs/debian/libpcre3.c b/t/tests/binaries-embedded-libs/debian/libpcre3.c
new file mode 100644
index 0000000..9ec595f
--- /dev/null
+++ b/t/tests/binaries-embedded-libs/debian/libpcre3.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+/*
+ * The PCRE_UTF8 message is unique enough to be used to
+ * detect embedded or statically-linked copies of pcre.
+ */
+static const char pcre_utf8[]
+ = "this version of PCRE is not compiled with PCRE_UTF8 support";
+
+int
+main(void)
+{
+ printf("%s\n", pcre_utf8);
+}
diff --git a/t/tests/binaries-embedded-libs/debian/libtiff.c b/t/tests/binaries-embedded-libs/debian/libtiff.c
new file mode 100644
index 0000000..3d0d34f
--- /dev/null
+++ b/t/tests/binaries-embedded-libs/debian/libtiff.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+/*
+ * The PixarLog error message is unique enough to be used to
+ * detect embedded or statically-linked copies of libtiff.
+ */
+static const char pixarlog_error[]
+ = "No space for PixarLog state block";
+
+int
+main(void)
+{
+ printf("%s\n", pixarlog_error);
+}
diff --git a/t/tests/binaries-embedded-libs/tags b/t/tests/binaries-embedded-libs/tags
index 9030082..2cf9ab0 100644
--- a/t/tests/binaries-embedded-libs/tags
+++ b/t/tests/binaries-embedded-libs/tags
@@ -1,4 +1,7 @@
E: binaries-embedded-libs: embedded-libjpeg ./usr/bin/libjpeg
E: binaries-embedded-libs: embedded-libopenjpeg ./usr/bin/libopenjpeg
E: binaries-embedded-libs: embedded-libpng ./usr/bin/libpng
+E: binaries-embedded-libs: embedded-library ./usr/bin/libbz2: bzip2
+E: binaries-embedded-libs: embedded-library ./usr/bin/libpcre3: pcre3
+E: binaries-embedded-libs: embedded-library ./usr/bin/libtiff: tiff
E: binaries-embedded-libs: embedded-zlib ./usr/bin/zlib
--
Debian package checker
Reply to: