[SCM] Debian package checker branch, master, updated. 2.4.3-161-g2d27e5d
The following commit has been merged in the master branch:
commit 1f53f8dadb48fadc8b70a60ad7a2797e352958e4
Author: Raphael Geissert <atomo64@gmail.com>
Date: Tue Jan 25 18:41:24 2011 -0600
Merge all the embedded-lib* tags into embedded-library
Since we are breaking overrides I use the opportunity to also
cleanup the mess I caused.
diff --git a/checks/binaries b/checks/binaries
index 4ecc7d3..f950168 100644
--- a/checks/binaries
+++ b/checks/binaries
@@ -73,6 +73,15 @@ our %arch_64bit_equivs = (
);
our %EMBEDDED_LIBRARIES = (
+ # We exclude version strings starting with "4 " since that's a mark of the
+ # Pascal implementation, which is not what this tag is designed to detect.
+ # (The "4" is actually the string length (52 characters) in the Pascal
+ # counted string format.)
+ 'zlib' => {
+ source => qr'(?:zlib|klibc|kfreebsd-kernel-di-\w+)',
+ match => qr'(?m)(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])'
+ },
+
'bzip2' => qr'(?m)^This is a bug in bzip2',
'expat' => qr'(?m)^requested feature requires XML_DTD support in Expat',
'file' => qr'(?m)^could not find any magic files',
@@ -93,6 +102,10 @@ our %EMBEDDED_LIBRARIES = (
'libmsn' => qr'The MSN server has terminated the connection with an unknown reason code\.',
'libmikmod' => qr'APUN \(APlayer\) and UNI \(MikMod\)',
'libmysqlclient'=> {source => qr'mysql-\d.*', match => qr'MySQL client ran out of memory'},
+ 'libpng' => qr'(?m)^Potential overflow in png_zalloc',
+ 'libjpeg' => { source => qr'^libjpeg.*',
+ match => qr'(?m)^Caution: quantization tables are too coarse for baseline JPEG'},
+ 'openjpeg' => qr'tcd_decode: incomplete bistream',
);
our $multiarch;
@@ -298,32 +311,6 @@ foreach my $file (@{$info->sorted_file_info}) {
}
}
- # We exclude version strings starting with "4 " since that's a mark of the
- # Pascal implementation, which is not what this tag is designed to detect.
- # (The "4" is actually the string length (52 characters) in the Pascal
- # counted string format.)
- if ($info->field('source') ne 'zlib' and $info->field('source') ne 'klibc'
- and $info->field('source') ne 'kfreebsd-kernel-di-amd64'
- and $info->field('source') ne 'kfreebsd-kernel-di-i386'
- and $strings =~ /(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])/m) {
- tag "embedded-zlib", $file;
- }
-
- if ($info->field('source') ne 'libpng'
- and $strings =~ /^Potential overflow in png_zalloc/m) {
- tag "embedded-libpng", $file;
- }
-
- if ($info->field('source') !~ '^libjpeg.*'
- and $strings =~ /^Caution: quantization tables are too coarse for baseline JPEG/m) {
- tag "embedded-libjpeg", $file;
- }
-
- if ($info->field('source') ne 'openjpeg'
- and $strings =~ /tcd_decode: incomplete bistream/) {
- tag "embedded-libopenjpeg", $file;
- }
-
while (my ($src, $regex) = each %EMBEDDED_LIBRARIES) {
if (ref $regex eq 'HASH') {
next if ($info->field('source') =~ m/^$regex->{'source'}$/);
diff --git a/checks/binaries.desc b/checks/binaries.desc
index 987f657..bf35dc3 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -253,57 +253,6 @@ Info: Lintian found a spelling error in the given binary. Lintian has a
This tag may produce false positives for words that contain non-ASCII
characters due to limitations in <tt>strings</tt>.
-Tag: embedded-zlib
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to zlib.
- Doing this is strongly discouraged due to the extra work needed by the
- security team to fix all the extra embedded copies or trigger the package
- rebuilds, as appropriate.
- .
- Some packages have to use a modified version of zlib due to requirements
- in that package. If this is the case, please add an override.
-
-Tag: embedded-libpng
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to libpng.
- Doing this is strongly discouraged due to the extra work needed by the
- security team to fix all the extra embedded copies or trigger the package
- rebuilds, as appropriate.
- .
- If the package uses a modified version of libpng it is highly recommended
- to coordinate with the libpng maintainer to include the changes on the
- system version of the library.
-
-Tag: embedded-libjpeg
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to
- libjpeg. Doing this is strongly discouraged due to the extra work needed
- by the security team to fix all the extra embedded copies or trigger the
- package rebuilds, as appropriate.
- .
- If the package uses a modified version of libjpeg it is highly
- recommended to coordinate with the libjpeg maintainer to include the
- changes on the system version of the library.
-
-Tag: embedded-libopenjpeg
-Severity: serious
-Certainty: possible
-Ref: policy 4.13
-Info: The given ELF object appears to have been statically linked to
- libopenjpeg. Doing this is strongly discouraged due to the extra work
- needed by the security team to fix all the extra embedded copies or
- trigger the package rebuilds, as appropriate.
- .
- If the package uses a modified version of libopenjpeg it is highly
- recommended to coordinate with the libopenjpeg maintainer to include the
- changes on the system version of the library.
-
Tag: embedded-library
Severity: serious
Certainty: possible
diff --git a/t/tests/binaries-embedded-libs/desc b/t/tests/binaries-embedded-libs/desc
index 78f3d88..afab566 100644
--- a/t/tests/binaries-embedded-libs/desc
+++ b/t/tests/binaries-embedded-libs/desc
@@ -4,8 +4,4 @@ Architecture: any
Version: 1.0
Description: Package with binary with library-unique strings
Test-For:
- embedded-zlib
- embedded-libpng
- embedded-libjpeg
- embedded-libopenjpeg
embedded-library
diff --git a/t/tests/binaries-embedded-libs/tags b/t/tests/binaries-embedded-libs/tags
index b669bca..9c2e496 100644
--- a/t/tests/binaries-embedded-libs/tags
+++ b/t/tests/binaries-embedded-libs/tags
@@ -1,12 +1,12 @@
-E: binaries-embedded-libs: embedded-libjpeg usr/bin/libjpeg
-E: binaries-embedded-libs: embedded-libopenjpeg usr/bin/libopenjpeg
-E: binaries-embedded-libs: embedded-libpng usr/bin/libpng
E: binaries-embedded-libs: embedded-library usr/bin/libbz2: bzip2
E: binaries-embedded-libs: embedded-library usr/bin/libexpat: expat
+E: binaries-embedded-libs: embedded-library usr/bin/libjpeg: libjpeg
E: binaries-embedded-libs: embedded-library usr/bin/libm: libm
E: binaries-embedded-libs: embedded-library usr/bin/libmagic: file
+E: binaries-embedded-libs: embedded-library usr/bin/libopenjpeg: openjpeg
E: binaries-embedded-libs: embedded-library usr/bin/libpcre3: pcre3
+E: binaries-embedded-libs: embedded-library usr/bin/libpng: libpng
E: binaries-embedded-libs: embedded-library usr/bin/libsqlite: sqlite
E: binaries-embedded-libs: embedded-library usr/bin/libtiff: tiff
E: binaries-embedded-libs: embedded-library usr/bin/libxml2: libxml2
-E: binaries-embedded-libs: embedded-zlib usr/bin/zlib
+E: binaries-embedded-libs: embedded-library usr/bin/zlib: zlib
--
Debian package checker
Reply to: