[SCM] Debian package checker branch, master, updated. 2.5.12-23-ge42888e
The following commit has been merged in the master branch:
commit e42888ebc2ebc65df6150b010616b04d4052301c
Author: Niels Thykier <niels@thykier.net>
Date: Sat Apr 20 19:24:53 2013 +0200
L::Util: Alter the return value of normalize_pkg_path
Alter the return value of normalize_pkg_path in the special cases
(i.e. return root dir and unsafe paths) to be consistent with the
ones used by Lintian::Path's link_normalized.
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/cruft b/checks/cruft
index e4de909..07a097f 100644
--- a/checks/cruft
+++ b/checks/cruft
@@ -360,13 +360,13 @@ sub find_cruft {
my $target = readlink($_);
my $dirname = dirname($_);
my $normalized = normalize_pkg_path($dirname, $target);
- if (not $normalized) {
+ if (not defined($normalized)) {
# skip unsafe symlinks too
tag 'source-contains-unsafe-symlink', $_;
return;
}
# This check may appear redundant, but it is not!
- # normalized_pkg_path tells us that the link can "safely be
+ # normalize_pkg_path tells us that the link can "safely be
# normalized without escaping the root". But it tells us
# nothing about the target of the link (which could be an
# unsafe symlink). Example
diff --git a/checks/java b/checks/java
index b669336..93a773d 100644
--- a/checks/java
+++ b/checks/java
@@ -157,6 +157,8 @@ for my $jar_file (sort keys %{$java_info}) {
if($p =~ m#/#o) {
my $target = normalize_pkg_path($jar_dir, $p);
my $tinfo;
+ # Can it be normalized?
+ next unless defined($target);
# Relative link to usr/share/java ? Works if we
# are depending of a Java library.
next if $target =~ m,^usr/share/java/[^/]+.jar$,o
diff --git a/debian/changelog b/debian/changelog
index fcb118f..35caec0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,7 +35,9 @@ lintian (2.5.13) UNRELEASED; urgency=low
+ [NT] Require that the input file is present for
read_dpkg_control and get_deb_control.
+ [NT] In copy_dir, pass --reflink=auto to cp.
- + [NT] Rename resolve_pkg_path to normalize_pkg_path.
+ + [NT] Replace resolve_pkg_path with to normalize_pkg_path.
+ The latter has slightly different return values in some
+ cases.
* reporting/harness:
+ [NT] Stop exporting ENV variables that lintian no longer
diff --git a/lib/Lintian/Collect/Package.pm b/lib/Lintian/Collect/Package.pm
index 8abe25d..cc5bab2 100644
--- a/lib/Lintian/Collect/Package.pm
+++ b/lib/Lintian/Collect/Package.pm
@@ -267,7 +267,7 @@ sub _fetch_extracted_dir {
if ($filename =~ m{(?: ^|/ ) \.\. (?: /|$ )}xsm) {
# possible traversal - double check it and (if needed)
# stop it before it gets out of hand.
- if (normalize_pkg_path('/', $filename) eq '') {
+ if (!defined(normalize_pkg_path('/', $filename))) {
croak qq{The path "$file" is not within the package root};
}
}
diff --git a/lib/Lintian/Path.pm b/lib/Lintian/Path.pm
index e2a4242..63bc261 100644
--- a/lib/Lintian/Path.pm
+++ b/lib/Lintian/Path.pm
@@ -271,12 +271,6 @@ sub link_normalized {
# hardlinks are always relative to the package root
$dir = '/' if $self->is_hardlink;
my $target = normalize_pkg_path($dir, $link);
- if ($target) {
- # map "." to ''.
- $target = '' if $target eq '.';
- } else {
- $target = undef;
- }
$self->{'link_target'} = $target;
return $target;
}
diff --git a/lib/Lintian/Util.pm b/lib/Lintian/Util.pm
index 2760c87..d83a6f4 100644
--- a/lib/Lintian/Util.pm
+++ b/lib/Lintian/Util.pm
@@ -1104,10 +1104,13 @@ As the name suggests, this is a path "normalization" rather than a
true path resolution (for that use Cwd::realpath). Particularly,
it assumes none of the path segments are symlinks.
-Note it will return '.' if the result is the package root.
+normalize_pkg_path will return C<q{}> (i.e. the empty string) if the
+target is the root dir and C<undef> if the path cannot be normalized
+without escaping the package root. NB: These special cases are
+different than resolve_pkg_path.
-Returns a non-truth value, if the path cannot be normalized without
-escaping the the package root.
+B<NOTE>: CURDIR is assumed to be normalized. In particularly, it must
+not have any ".." path segments in it.
B<CAVEAT>: This function is I<not always sufficient> to test if it is
safe to open a given symlink. Use
@@ -1119,26 +1122,36 @@ Examples:
normalize_pkg_path('/usr/share/java', '../ant/file') eq 'usr/share/ant/file'
normalize_pkg_path('/usr/share/java', '../../../usr/share/ant/file') eq 'usr/share/ant/file'
- normalize_pkg_path('/', 'usr/..') eq '.';
+ normalize_pkg_path('/', 'usr/..') eq q{};
- The following will give a non-truth result:
+ The following will return C<undef>:
normalize_pkg_path('/usr/bin', '../../../../etc/passwd')
normalize_pkg_path('/usr/bin', '/../etc/passwd')
-The sub was named resolve_pkg_path in Lintian << 2.5.13~.
+The sub was named resolve_pkg_path in Lintian << 2.5.13~ and had its
+return value changed.
=item resolve_pkg_path (CURDIR, DEST)
Deprecated alias of normalize_pkg_path for << 2.5.13~. This will go
away in >= 2.5.14~.
+UPGRADING: resolve_pkg_path returns '.' for the root dir and C<q{}>
+for an "unsafe" path. normalize_pkg_path returns C<q{}> for the root
+dir and C<undef> for an unsafe path (this is the same as
+L<link_resolved|Lintian::Path/link_resolved>.
+
=cut
sub resolve_pkg_path {
warnings::warnif('deprecated',
'resolve_pkg_path was renamed to normalize_pkg_path');
- goto \&normalize_pkg_path;
+ my $ret = normalize_pkg_path(@_);
+ # Keep the old behaviour
+ return q{} unless defined($ret);
+ return q{.} if $ret eq q{};
+ return $ret;
}
sub normalize_pkg_path {
@@ -1147,7 +1160,7 @@ sub normalize_pkg_path {
my $target;
$dest =~ s,//++,/,go;
# short curcuit $dest eq '/' case.
- return '.' if $dest eq '/';
+ return q{} if $dest eq '/';
# remove any initial ./ and trailing slashes.
$dest =~ s,^\./,,o;
$dest =~ s,/$,,o;
@@ -1164,9 +1177,8 @@ sub normalize_pkg_path {
$curdir =~ s,^/,,o;
$curdir =~ s,^\./,,o;
# Short circuit the '.' (or './' -> '') case.
- if ($dest eq '.' or $dest eq '') {
+ if ($dest eq '.' or $dest eq q{}) {
$curdir =~ s,^/,,o;
- return '.' unless $curdir;
return $curdir;
}
# Relative path from src
@@ -1180,7 +1192,7 @@ sub normalize_pkg_path {
while ($target = shift @dc) {
if($target eq '..') {
# are we out of bounds?
- return '' unless @cc;
+ return unless @cc;
# usr/share/java + '..' -> usr/share
pop @cc;
} else {
@@ -1188,7 +1200,7 @@ sub normalize_pkg_path {
push @cc, $target;
}
}
- return '.' unless @cc;
+ return q{} unless @cc;
return join '/', @cc;
}
diff --git a/t/scripts/Lintian/Util/path.t b/t/scripts/Lintian/Util/path.t
index a481736..c0aa2a5 100644
--- a/t/scripts/Lintian/Util/path.t
+++ b/t/scripts/Lintian/Util/path.t
@@ -10,17 +10,17 @@ BEGIN { use_ok('Lintian::Util', qw(normalize_pkg_path)); }
# Safe - absolute
is(normalize_pkg_path('/usr/share/java', '/usr/share/ant/file'), 'usr/share/ant/file', 'Safe absolute path');
-is(normalize_pkg_path('/usr/share/ant', '/'), '.', 'Safe absolute root');
+is(normalize_pkg_path('/usr/share/ant', '/'), q{}, 'Safe absolute root');
# Safe - relative
is(normalize_pkg_path('/usr/share/java', './file'), 'usr/share/java/file', 'Safe simple same-dir path');
is(normalize_pkg_path('/usr/share/java', '../ant/file'), 'usr/share/ant/file', 'Safe simple relative path');
is(normalize_pkg_path('/usr/share/java', '../../../usr/share/ant/file'), 'usr/share/ant/file', 'Safe absurd relative path');
is(normalize_pkg_path('/usr/share/java', '.'), 'usr/share/java', 'Safe relative dot path');
-is(normalize_pkg_path('/', '.'), '.', 'Safe relative root dot');
-is(normalize_pkg_path('/', 'usr/..'), '.', 'Safe absurd relative root path');
-is(normalize_pkg_path('/usr/share/java', '../../../'), '.', 'Safe absurd relative path to root');
+is(normalize_pkg_path('/', '.'), q{}, 'Safe relative root dot');
+is(normalize_pkg_path('/', 'usr/..'), q{}, 'Safe absurd relative root path');
+is(normalize_pkg_path('/usr/share/java', '../../../'), q{}, 'Safe absurd relative path to root');
# Unsafe
-ok(!normalize_pkg_path('/usr/share/ant', '../../../../etc/passwd'), 'Unsafe - relative escape root');
-ok(!normalize_pkg_path('/usr/share/ant', '/../etc/passwd'), 'Unsafe - absolute escape root');
+is(normalize_pkg_path('/usr/share/ant', '../../../../etc/passwd'), undef, 'Unsafe - relative escape root');
+is(normalize_pkg_path('/usr/share/ant', '/../etc/passwd'), undef, 'Unsafe - absolute escape root');
--
Debian package checker
Reply to: