[SCM] Debian package checker branch, master, updated. 2.5.12-41-g02367f5
The following commit has been merged in the master branch:
commit 02367f508bcbb61b12560926bb29c04e50c94671
Author: Niels Thykier <niels@thykier.net>
Date: Thu Apr 25 23:37:15 2013 +0200
c/cruft: Flag all absolute symlinks in source pkgs as unsafe
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/cruft b/checks/cruft
index 07a097f..bc9f381 100644
--- a/checks/cruft
+++ b/checks/cruft
@@ -359,7 +359,11 @@ sub find_cruft {
if (-l) {
my $target = readlink($_);
my $dirname = dirname($_);
- my $normalized = normalize_pkg_path($dirname, $target);
+ my $normalized;
+ # If it is an absolute link, it escapes the root by default
+ if ($target !~ m{\A / }xsm) {
+ $normalized = normalize_pkg_path($dirname, $target);
+ }
if (not defined($normalized)) {
# skip unsafe symlinks too
tag 'source-contains-unsafe-symlink', $_;
diff --git a/checks/cruft.desc b/checks/cruft.desc
index 4c0c7db..184215f 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -514,7 +514,9 @@ Tag: source-contains-unsafe-symlink
Severity: serious
Certainty: possible
Info: The source contains an unsafe symlink. If followed, the link
- will escape the source root.
+ will escape the source root. Note that all absolute symlinks are
+ unconditionally considered "unsafe" in this case (unlike in binary
+ packages).
.
If it is a part of the package's testsuite, Lintian may have failed
to recognise it as a test. In that case, please override the tag.
diff --git a/debian/changelog b/debian/changelog
index f880bf1..5d079b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,10 +21,12 @@ lintian (2.5.13) UNRELEASED; urgency=low
not have triggered that tag.
+ [NT] Test that all paths listed in the "conffiles" control
file is actually in the package being tested.
- * checks/cruft.desc:
+ * checks/cruft{,.desc}:
+ [JW] Correct the name of the architecture listed in
description of the tag outdated-autotools-helper-file.
(Closes: #706166)
+ + [NT] Flag all absolute symlinks in source packages as
+ "unsafe". (Closes: #697164)
* checks/description:
+ [NT] Skip extended-description-is-probably-too-short
for -dbg packages. Thanks to Paul Wise for the suggestion.
--
Debian package checker
Reply to: