SHA256
1
0
forked from pool/rpmlint

- add suse-rpmlint-all-pie.patch: refresh to handle the pie-executable

case (rename from rpmlint-all-pie.patch)

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=608
This commit is contained in:
Dirk Mueller 2018-07-11 09:09:56 +00:00 committed by Git OBS Bridge
parent ac11dfa3a8
commit 158dcaf71e
5 changed files with 42 additions and 27 deletions

View File

@ -39,4 +39,4 @@ Index: rpmlint-rpmlint-1.10/BinariesCheck.py
+ pie_exec_re and pie_exec_re.search(fname)): + pie_exec_re and pie_exec_re.search(fname)):
printError(pkg, 'non-position-independent-executable', printError(pkg, 'non-position-independent-executable',
fname) fname)
if not is_shobj:

View File

@ -1,25 +0,0 @@
Index: rpmlint-rpmlint-1.10/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.10/BinariesCheck.py
@@ -534,6 +534,9 @@ class BinariesCheck(AbstractCheck.Abstra
if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
printError(pkg, 'non-position-independent-executable',
fname)
+ if not is_shobj:
+ printError(pkg, 'position-independent-executable-suggested',
+ fname)
if bin_info.readelf_error:
continue
@@ -786,6 +789,10 @@ stripping process.''',
'''This executable must be position independent. Check that it is built with
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
+'position-independent-executable-suggested',
+'''This executable should be position independent (all binaries should). Check
+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+
'missing-call-to-setgroups-before-setuid',
'''This executable is calling setuid and setgid without setgroups or
initgroups. There is a high probability this means it didn't relinquish all

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jul 11 09:06:31 UTC 2018 - dmueller@suse.com
- add suse-rpmlint-all-pie.patch: refresh to handle the pie-executable
case (rename from rpmlint-all-pie.patch)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 9 19:37:57 UTC 2018 - dmueller@suse.com Mon Jul 9 19:37:57 UTC 2018 - dmueller@suse.com

View File

@ -83,13 +83,13 @@ Patch66: 0001-Handle-post-scripts-that-contain-non-ascii-character.patch
Patch67: omit_BUILDROOT_from_pyo_files.patch Patch67: omit_BUILDROOT_from_pyo_files.patch
Patch68: 0001-Avoid-false-positives-on-is_elf-check.patch Patch68: 0001-Avoid-false-positives-on-is_elf-check.patch
Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch
Patch70: rpmlint-all-pie.patch
Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch
Patch72: rpmlint-slpp-NUM-NUM.patch Patch72: rpmlint-slpp-NUM-NUM.patch
Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
Patch74: 0001-Always-import-XDG-desktop-files-as-utf8.patch Patch74: 0001-Always-import-XDG-desktop-files-as-utf8.patch
Patch75: 0001-Fix-compatibility-with-file-5.33.patch Patch75: 0001-Fix-compatibility-with-file-5.33.patch
Patch76: update-magic-values-python-37.patch Patch76: update-magic-values-python-37.patch
Patch77: suse-rpmlint-all-pie.patch
BuildRequires: obs-service-format_spec_file BuildRequires: obs-service-format_spec_file
BuildRequires: python3-flake8 BuildRequires: python3-flake8
BuildRequires: python3-pytest BuildRequires: python3-pytest

View File

@ -0,0 +1,34 @@
Index: rpmlint-rpmlint-1.10/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.10/BinariesCheck.py
@@ -543,10 +543,14 @@ class BinariesCheck(AbstractCheck.Abstra
if ocaml_mixed_regex.search(bin_info.tail):
printWarning(pkg, 'ocaml-mixed-executable', fname)
- if ((not is_shobj and not is_pie_exec) and
- pie_exec_re and pie_exec_re.search(fname)):
- printError(pkg, 'non-position-independent-executable',
- fname)
+ if (not is_shobj and not is_pie_exec):
+ if pie_exec_re and pie_exec_re.search(fname):
+ printError(
+ pkg, 'non-position-independent-executable', fname)
+ else:
+ printWarning(
+ pkg, 'position-independent-executable-suggested',
+ fname)
if bin_info.readelf_error:
continue
@@ -798,6 +802,10 @@ stripping process.''',
'''This executable must be position independent. Check that it is built with
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
+'position-independent-executable-suggested',
+'''This executable should be position independent (all binaries should). Check
+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+
'missing-call-to-setgroups-before-setuid',
'''This executable is calling setuid and setgid without setgroups or
initgroups. There is a high probability this means it didn't relinquish all