[lintian] 04/04: Detect bad flag in pkg-config

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 04/04: Detect bad flag in pkg-config
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Sun, 08 Oct 2017 08:19:21 +0000
Message-id: <[🔎] E1e16nw-00033T-VQ@moszumanska.debian.org>
Reply-to: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
In-reply-to: <[🔎] 20171008081908.10911.71033@moszumanska.debian.org>
References: <[🔎] 20171008081908.10911.71033@moszumanska.debian.org>
This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch sl2
in repository lintian.

commit e24e54de93bf46708337dac7d21c899d8bcd863f
Author: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
Date:   Sat Jul 5 13:55:38 2014 +0200

    Detect bad flag in pkg-config
    
    Bad flag in pkg-config could lead to FTBFS. Detect it.
    
    Signed-off-by: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
---
 checks/files.desc                                  |  8 +++++
 checks/files.pm                                    | 17 ++++++++++-
 data/files/pkg-config-bad-regex                    | 35 ++++++++++++++++++++++
 debian/changelog                                   |  2 ++
 t/tests/files-pkgconfig/debian/indep-really-bad.pc | 29 ++++++++++++++++++
 t/tests/files-pkgconfig/tags                       | 20 +++++++++++++
 6 files changed, 110 insertions(+), 1 deletion(-)

diff --git a/checks/files.desc b/checks/files.desc
index a77c94c..dd9a9ee 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -1505,6 +1505,14 @@ Info: The arch all pkg-config file contains a reference to a multi-arch path.
  referencing a i386-linux-gnu file. In this case the usual cure is to
  fix this path.
 
+Tag: pkg-config-bad-directive
+Severity: serious
+Certainty: possible
+Info: The pkg-config file contains a wrong directive.
+ .
+ The following file include a wrong directive. This could lead to
+ FTBFS or leak private compile flags to another package.
+
 Tag: dir-or-file-in-home
 Severity: serious
 Certainty: certain
diff --git a/checks/files.pm b/checks/files.pm
index 35b0e40..bf88c15 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -74,6 +74,10 @@ my $PRIVACY_BREAKER_TAG_ATTR= Lintian::Data->new(
         };
     });
 
+my $PKG_CONFIG_BAD_REGEX
+  = Lintian::Data->new('files/pkg-config-bad-regex',qr/~~~~~/,
+    sub { return  qr/$_[0]/xsm;});
+
 my $COMPRESS_FILE_EXTENSIONS
   = Lintian::Data->new('files/compressed-file-extensions',
     qr/\s++/,sub { return qr/\Q$_[0]\E/ });
@@ -580,6 +584,8 @@ sub run {
                 my $sfd = Lintian::SlidingWindow->new($fd);
               BLOCK:
                 while (my $block = $sfd->readwindow()) {
+                    # remove continuation line
+                    $block =~ s,\\\n, ,gxsm;
                     # check if pkgconfig file include path point to
                     # arch specific dir
                   MULTI_ARCH_DIR:
@@ -594,7 +600,16 @@ sub run {
                             tag 'pkg-config-multi-arch-wrong-dir',$file,
                               'full text contains architecture specific dir',
                               $pkgconfig_dir;
-                            last BLOCK;
+                            last MULTI_ARCH_DIR;
+                        }
+                    }
+                  PKG_CONFIG_TABOO:
+                    foreach my $taboo ($PKG_CONFIG_BAD_REGEX->all) {
+                        my $regex = $PKG_CONFIG_BAD_REGEX->value($taboo);
+                        if ($block =~ m{$regex}xms) {
+                            my $extra = $1 // '';
+                            $extra =~ s/\s+/ /g;
+                            tag 'pkg-config-bad-directive', $file, $extra;
                         }
                     }
                 }
diff --git a/data/files/pkg-config-bad-regex b/data/files/pkg-config-bad-regex
new file mode 100644
index 0000000..e1bf596
--- /dev/null
+++ b/data/files/pkg-config-bad-regex
@@ -0,0 +1,35 @@
+# a list of pkg-config bad contruction
+# regex (xms)
+# found in omnithread3.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]__linux__) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]__x86_64__) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-D__OSVERSION__=\d+) \s
+# found in znc.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-g\d*) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-D_FORTIFY_SOURCE=\d+) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-O[s0-9]) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-W\S*) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-fvisibility=\w+) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-fPI[CE]) \s
+# found in dolfin.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?stack-protector) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (--param=ssp-buffer-size=\d+) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?rounding-math) \s
+# found in clam_core.pc
+[:=\h](-[IL](?:/usr/local/|/var/cache/pbuilder/build/|/var/lib/s?buildd?/)\S*)\s
+# found in scilab.pc
+^((?:[cC]flags\h*:|CFLAGS\h*=) (?:\V*\h)? -l\S+) \s
+# found meep.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-march=\S+) \s
+# found opensaml.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]NDEBUG) \s
+# found in libspatialindex.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-pedantic) \s
+# found in common-cpp.pc
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]NEW_STDCPP) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?check-new) \s
+^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?inline) \s
+# found in libbt.pc
+^(?:[lL]ibs\h*:|LDFLAGS\h*=) (?:\V*\h)? (-Wl,z,relro) \s
+
+
diff --git a/debian/changelog b/debian/changelog
index fc98097..6399442 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,8 @@ lintian (2.5.25) UNRELEASED; urgency=medium
     + [RG,NT] Check for invalid named p11-kit modules in
       /usr/share/p11-kit modules.  (Closes: #741346)
     + [BR] Detect cross architecture pkg-config file.
+    + [BR] Add a sanity check for pkg-config files.
+      (Closes: #676803).
 
   * data/files/js-libraries:
     + [NT] Apply patch from Marcelo Jorge Vieira to correct
diff --git a/t/tests/files-pkgconfig/debian/indep-really-bad.pc b/t/tests/files-pkgconfig/debian/indep-really-bad.pc
new file mode 100644
index 0000000..034e442
--- /dev/null
+++ b/t/tests/files-pkgconfig/debian/indep-really-bad.pc
@@ -0,0 +1,29 @@
+Name: indep-good
+Description: A library good
+Requires:
+Version: 3.1.3
+Libs:
+Cflags: \
+    -I/usr/local/somewhere \
+    -D__linux__ \
+    -D__x86_64__ \
+    -D__OSVERSION__=2\
+    -g \
+    -D_FORTIFY_SOURCE=2 \
+    -O2 \
+    -Wall \
+    -fvisibility=hidden \
+    -fPIE \
+    -fstack-protector \
+    --param=ssp-buffer-size=2 \
+    -frounding-math \
+    -lmath \
+    -march=core2 \
+    -DNDEBUG \
+    -pedantic \
+    -DNEW_STDCPP \
+    -fno-check-new \
+    -fno-inline \
+    -Wl,z,relro
+
+    
diff --git a/t/tests/files-pkgconfig/tags b/t/tests/files-pkgconfig/tags
index a3933e9..d834400 100644
--- a/t/tests/files-pkgconfig/tags
+++ b/t/tests/files-pkgconfig/tags
@@ -1,2 +1,22 @@
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc --param=ssp-buffer-size=2
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -DNDEBUG
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -DNEW_STDCPP
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D_FORTIFY_SOURCE=2
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__OSVERSION__=2
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__linux__
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__x86_64__
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -I/usr/local/somewhere
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -O2
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -Wl,z,relro
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fPIE
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fno-check-new
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fno-inline
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -frounding-math
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fstack-protector
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fvisibility=hidden
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -g
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -march=core2
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -pedantic
+E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc Cflags: -I/usr/local/somewhere -D__linux__ -D__x86_64__ -D__OSVERSION__=2 -g -D_FORTIFY_SOURCE=2 -O2 -Wall -fvisibility=hidden -fPIE -fstack-protector --param=ssp-buffer-size=2 -frounding-math -lmath
 E: pkgconfig-all: pkg-config-multi-arch-wrong-dir usr/lib/pkgconfig/indep-include-arch.pc full text contains architecture specific dir ARCH
 E: pkgconfig-any: pkg-config-multi-arch-wrong-dir usr/lib/x86_64-linux-gnu/pkgconfig/arch-cross.pc full text contains architecture specific dir ARCH

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to:
References:
- [lintian] branch sl2 created (now e24e54d)
  - From: Chris Lamb <chris@chris-lamb.co.uk>
Prev by Date: [lintian] 01/01: c/rules: Check for unnecessary SOURCE_DATE_EPOCH assignments
Next by Date: [lintian] 01/01: WIP: Add init.d-script-needs-depends-on-lsb-base-for-status-of-proc tag.
Previous by thread: [lintian] 03/04: Add changelog for previous commit
Next by thread: [lintian] 01/04: Prepare detection of arch problem in pkg-config
Index(es):
- Date
- Thread