[lintian] 02/02: checks/apache2.{desc, pm}: Avoid false positives in apache2-deprecated-auth-config where the offending lines are wrapped in suitable "IfModule" or "IfVersion" directives. (Closes: #788991, 710656)
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository lintian.
commit c05154fa1ddb3f665b8dba6581a33d6a04f20c18
Author: Chris Lamb <lamby@debian.org>
Date: Sat Dec 30 22:57:40 2017 +0000
checks/apache2.{desc,pm}: Avoid false positives in apache2-deprecated-auth-config where the offending lines are wrapped in suitable "IfModule" or "IfVersion" directives. (Closes: #788991, 710656)
---
checks/apache2.desc | 4 ++++
checks/apache2.pm | 7 ++++++-
debian/changelog | 5 ++++-
.../debian/debian/phpmyfoo2.install | 1 +
.../debian/false-positives.conf | 12 ++++++++++++
t/tests/apache2-webapplications-general/tags | 1 +
6 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/checks/apache2.desc b/checks/apache2.desc
index 437a5a2..60115dc 100644
--- a/checks/apache2.desc
+++ b/checks/apache2.desc
@@ -144,3 +144,7 @@ Info: The package is using some of the deprecated authentication configuration
semantics. The configuration directives should be replaced with a suitable
combination of <RequireAll>, <RequireAny>, Require all, Require local,
Require ip, and Require method.
+ .
+ Alternatively, the offending lines can be wrapped between
+ <IfModule !mod_authz_core.c> ... </IfModule> or
+ <IfVersion < 2.3> ... </IfVersion> directives.
diff --git a/checks/apache2.pm b/checks/apache2.pm
index d14e779..843fbcb 100644
--- a/checks/apache2.pm
+++ b/checks/apache2.pm
@@ -224,11 +224,15 @@ sub inspect_conf_file {
# Don't follow unsafe links
return if not $file->is_open_ok;
my $fd = $file->open;
+ my $skip = 0;
while (<$fd>) {
+ $skip++
+ if m{<\s*IfModule.*!\s*mod_authz_core}
+ or m{<\s*IfVersion\s+<\s*2\.3};
for my $directive ('Order', 'Satisfy', 'Allow', 'Deny',
qr{</?Limit.*?>}xsm, qr{</?LimitExcept.*?>}xsm) {
- if (m{\A \s* ($directive) (?:\s+|\Z)}xsm) {
+ if (m{\A \s* ($directive) (?:\s+|\Z)}xsm and not $skip) {
tag 'apache2-deprecated-auth-config', $file, "(line $.)", $1;
}
}
@@ -246,6 +250,7 @@ sub inspect_conf_file {
}
}
+ $skip-- if m{<\s*/\s*If(Module|Version)};
}
close($fd);
return;
diff --git a/debian/changelog b/debian/changelog
index 6d63866..61c5cf7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,9 +2,12 @@ lintian (2.5.67) UNRELEASED; urgency=medium
XXX: generate tag summary
- * checks/apache2.pm:
+ * checks/apache2.{desc,pm}:
+ [CL] Include the offending filename and line number in the output of
apache2-deprecated-auth-config and apache2-unparsable-dependency.
+ + [CL] Avoid false positives in apache2-deprecated-auth-config where
+ the offending lines are wrapped in suitable "IfModule" or "IfVersion"
+ directives. (Closes: #788991, 710656)
* checks/changelog-file.{desc,pm}:
+ [CL] Warn about changelog entries that have incorrectly formatted
dates. (Closes: #793406)
diff --git a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
index d47d625..b2da1d6 100644
--- a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
+++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo2.install
@@ -1,2 +1,3 @@
phpmyfoo2 /etc/apache2/conf-available
local-phpmyfoo2.conf /etc/apache2/conf-available
+false-positives.conf /etc/apache2/conf-available
diff --git a/t/tests/apache2-webapplications-general/debian/false-positives.conf b/t/tests/apache2-webapplications-general/debian/false-positives.conf
new file mode 100644
index 0000000..e54f470
--- /dev/null
+++ b/t/tests/apache2-webapplications-general/debian/false-positives.conf
@@ -0,0 +1,12 @@
+Alias /foo /usr/share/foo
+
+<Directory /usr/share/foo>
+ <IfModule !mod_authz_core.c>
+ Order deny, allow
+ Require valid-user
+ </IfModule>
+ <IfVersion < 2.3>
+ Order deny, allow
+ Require valid-user
+ </IfVersion>
+</Directory>
diff --git a/t/tests/apache2-webapplications-general/tags b/t/tests/apache2-webapplications-general/tags
index 58a32e3..bc48287 100644
--- a/t/tests/apache2-webapplications-general/tags
+++ b/t/tests/apache2-webapplications-general/tags
@@ -1,4 +1,5 @@
E: phpmyfoo2: apache2-configuration-files-need-conf-suffix etc/apache2/conf-available/phpmyfoo2
+W: phpmyfoo2: non-standard-apache2-configuration-name false-positives.conf != phpmyfoo2.conf
W: phpmyfoo2: non-standard-apache2-configuration-name local-phpmyfoo2.conf != phpmyfoo2.conf
W: phpmyfoo2: non-standard-apache2-configuration-name phpmyfoo2 != phpmyfoo2.conf
W: phpmyfoo3: apache2-deprecated-auth-config etc/apache2/conf.d/phpmyfoo.conf (line 11) </Limit>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: