[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, master, updated. 2.4.3-161-g2d27e5d

The following commit has been merged in the master branch:
commit 1f53f8dadb48fadc8b70a60ad7a2797e352958e4
Author: Raphael Geissert <atomo64@gmail.com>
Date:   Tue Jan 25 18:41:24 2011 -0600

    Merge all the embedded-lib* tags into embedded-library
    
    Since we are breaking overrides I use the opportunity to also
    cleanup the mess I caused.

diff --git a/checks/binaries b/checks/binaries
index 4ecc7d3..f950168 100644
--- a/checks/binaries
+++ b/checks/binaries
@@ -73,6 +73,15 @@ our %arch_64bit_equivs = (
 );
 
 our %EMBEDDED_LIBRARIES = (
+	# We exclude version strings starting with "4 " since that's a mark of the
+	# Pascal implementation, which is not what this tag is designed to detect.
+	# (The "4" is actually the string length (52 characters) in the Pascal
+	# counted string format.)
+	'zlib'		=> {
+			    source => qr'(?:zlib|klibc|kfreebsd-kernel-di-\w+)',
+			    match => qr'(?m)(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])'
+			   },
+
 	'bzip2'		=> qr'(?m)^This is a bug in bzip2',
 	'expat'		=> qr'(?m)^requested feature requires XML_DTD support in Expat',
 	'file'		=> qr'(?m)^could not find any magic files',
@@ -93,6 +102,10 @@ our %EMBEDDED_LIBRARIES = (
 	'libmsn'	=> qr'The MSN server has terminated the connection with an unknown reason code\.',
 	'libmikmod'	=> qr'APUN \(APlayer\) and UNI \(MikMod\)',
 	'libmysqlclient'=> {source => qr'mysql-\d.*', match => qr'MySQL client ran out of memory'},
+	'libpng'	=> qr'(?m)^Potential overflow in png_zalloc',
+	'libjpeg'	=> { source => qr'^libjpeg.*',
+			     match => qr'(?m)^Caution: quantization tables are too coarse for baseline JPEG'},
+	'openjpeg'	=> qr'tcd_decode: incomplete bistream',
 );
 
 our $multiarch;
@@ -298,32 +311,6 @@ foreach my $file (@{$info->sorted_file_info}) {
 	}
     }
 
-    # We exclude version strings starting with "4 " since that's a mark of the
-    # Pascal implementation, which is not what this tag is designed to detect.
-    # (The "4" is actually the string length (52 characters) in the Pascal
-    # counted string format.)
-    if ($info->field('source') ne 'zlib' and $info->field('source') ne 'klibc'
-	and $info->field('source') ne 'kfreebsd-kernel-di-amd64'
-	and $info->field('source') ne 'kfreebsd-kernel-di-i386'
-	and $strings =~ /(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])/m) {
-	tag "embedded-zlib", $file;
-    }
-
-    if ($info->field('source') ne 'libpng'
-	and $strings =~ /^Potential overflow in png_zalloc/m) {
-	tag "embedded-libpng", $file;
-    }
-
-    if ($info->field('source') !~ '^libjpeg.*'
-	and $strings =~ /^Caution: quantization tables are too coarse for baseline JPEG/m) {
-	tag "embedded-libjpeg", $file;
-    }
-
-    if ($info->field('source') ne 'openjpeg'
-	and $strings =~ /tcd_decode: incomplete bistream/) {
-	tag "embedded-libopenjpeg", $file;
-    }
-
     while (my ($src, $regex) = each %EMBEDDED_LIBRARIES) {
 	if (ref $regex eq 'HASH') {
 	    next if ($info->field('source') =~ m/^$regex->{'source'}$/);
diff --git a/checks/binaries.desc b/checks/binaries.desc
index 987f657..bf35dc3 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -253,57 +253,6 @@ Info: Lintian found a spelling error in the given binary.  Lintian has a
  This tag may produce false positives for words that contain non-ASCII
  characters due to limitations in <tt>strings</tt>.
 
-Tag: embedded-zlib
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to zlib.
- Doing this is strongly discouraged due to the extra work needed by the
- security team to fix all the extra embedded copies or trigger the package
- rebuilds, as appropriate.
- .
- Some packages have to use a modified version of zlib due to requirements
- in that package.  If this is the case, please add an override.
-
-Tag: embedded-libpng
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to libpng.
- Doing this is strongly discouraged due to the extra work needed by the
- security team to fix all the extra embedded copies or trigger the package
- rebuilds, as appropriate.
- .
- If the package uses a modified version of libpng it is highly recommended
- to coordinate with the libpng maintainer to include the changes on the
- system version of the library.
-
-Tag: embedded-libjpeg
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to
- libjpeg.  Doing this is strongly discouraged due to the extra work needed
- by the security team to fix all the extra embedded copies or trigger the
- package rebuilds, as appropriate.
- .
- If the package uses a modified version of libjpeg it is highly
- recommended to coordinate with the libjpeg maintainer to include the
- changes on the system version of the library.
-
-Tag: embedded-libopenjpeg
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to
- libopenjpeg.  Doing this is strongly discouraged due to the extra work
- needed by the security team to fix all the extra embedded copies or
- trigger the package rebuilds, as appropriate.
- .
- If the package uses a modified version of libopenjpeg it is highly
- recommended to coordinate with the libopenjpeg maintainer to include the
- changes on the system version of the library.
-
 Tag: embedded-library
 Severity: serious
 Certainty: possible
diff --git a/t/tests/binaries-embedded-libs/desc b/t/tests/binaries-embedded-libs/desc
index 78f3d88..afab566 100644
--- a/t/tests/binaries-embedded-libs/desc
+++ b/t/tests/binaries-embedded-libs/desc
@@ -4,8 +4,4 @@ Architecture: any
 Version: 1.0
 Description: Package with binary with library-unique strings
 Test-For:
- embedded-zlib
- embedded-libpng
- embedded-libjpeg
- embedded-libopenjpeg
  embedded-library
diff --git a/t/tests/binaries-embedded-libs/tags b/t/tests/binaries-embedded-libs/tags
index b669bca..9c2e496 100644
--- a/t/tests/binaries-embedded-libs/tags
+++ b/t/tests/binaries-embedded-libs/tags
@@ -1,12 +1,12 @@
-E: binaries-embedded-libs: embedded-libjpeg usr/bin/libjpeg
-E: binaries-embedded-libs: embedded-libopenjpeg usr/bin/libopenjpeg
-E: binaries-embedded-libs: embedded-libpng usr/bin/libpng
 E: binaries-embedded-libs: embedded-library usr/bin/libbz2: bzip2
 E: binaries-embedded-libs: embedded-library usr/bin/libexpat: expat
+E: binaries-embedded-libs: embedded-library usr/bin/libjpeg: libjpeg
 E: binaries-embedded-libs: embedded-library usr/bin/libm: libm
 E: binaries-embedded-libs: embedded-library usr/bin/libmagic: file
+E: binaries-embedded-libs: embedded-library usr/bin/libopenjpeg: openjpeg
 E: binaries-embedded-libs: embedded-library usr/bin/libpcre3: pcre3
+E: binaries-embedded-libs: embedded-library usr/bin/libpng: libpng
 E: binaries-embedded-libs: embedded-library usr/bin/libsqlite: sqlite
 E: binaries-embedded-libs: embedded-library usr/bin/libtiff: tiff
 E: binaries-embedded-libs: embedded-library usr/bin/libxml2: libxml2
-E: binaries-embedded-libs: embedded-zlib usr/bin/zlib
+E: binaries-embedded-libs: embedded-library usr/bin/zlib: zlib

-- 
Debian package checker
Reply to: