Bug#734402: lintian: [refining a test] take in account man macros existing in the build tree

[Niels Thykier <niels@thykier.net>]

On 2014-01-06 23:07, Georges Khaznadar wrote:
> Package: lintian
> Version: 2.5.20
> Severity: normal
> Tags: patch
> 
> Dear Maintainer,
> I propose to refine a little the check for warnings in manpages
> Here are my replies to the ordinary questions:
> 

Hi,

Thanks for reporting this issue.

>  [...]
> 
> 
> --- lintian-2.5.20/checks/manpages.pm	2013-11-23 19:04:56.000000000 +0100
> +++ lintian-2.5.20+nmu1/checks/manpages.pm	2014-01-06 23:05:26.040016000 +0100
> @@ -268,6 +268,13 @@
>                  if ($dir) {
>                      chdir($dir);
>                  }
> +                # find the path to man macros if necessary
> +                my $macro_path=$path;
> +                $macro_path =~ s{(.*/unpacked).*}{$1};

Looks like you want:
    my $macro_path = $info->unpacked

> +                $macro_path = `find $macro_path -type d -name tmac| tr '\\n' ':'`;

If so, we can probably settle this one by quoting the $macro_path
variable in the ``.  Otherwise, this is a possible CVE (if $macro_path
is taken from the package, it is a "trivial" matter creating a file/dir
in the package which causes the above line to suffer from shell command
injection).
  Maybe use -print0 if tr supports null -> ":", but that is nitpicking.
 Alternatively there is File::Find.

Personally, I am not familiar with the "tmac" files; are they always
expected in a dir called "tmac"?  And can they really be anywhere in the
package?  Or can we narrow it down to say usr/share/ ?

> +                if ($macro_path){
> +                    $ENV{GROFF_TMAC_PATH}=$macro_path;
> +                }
>                  $ENV{MANROFFSEQ} = '';
>                  $ENV{MANWIDTH} = 80;
>                  exec { $cmd[0] } @cmd
> 

~Niels