diff --git a/0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch b/0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch new file mode 100644 index 0000000..61976c8 --- /dev/null +++ b/0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch @@ -0,0 +1,77 @@ +From 5237c197f56698d55fd1d18f8127f6e947350d80 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20Br=C3=BCns?= +Date: Wed, 11 Oct 2017 16:29:21 +0200 +Subject: [PATCH] Binariescheck: Check for chroot/chdir on ARM, PPC + +The assembly on ARM looks almost the same as the x86 assembly, but +with a branch mnemonic (bl) instead of an explicit call. + +On PPC, library function calls use jump tables, so the vicinity check does +not work, but we can at least detect a sole chroot without chdir. +--- + BinariesCheck.py | 28 +++++++++++++++++++--------- + 1 file changed, 19 insertions(+), 9 deletions(-) + +diff --git a/BinariesCheck.py b/BinariesCheck.py +index bd75558..8d224a8 100644 +--- a/BinariesCheck.py ++++ b/BinariesCheck.py +@@ -54,8 +54,6 @@ class BinaryInfo(object): + setuid_call_regex = create_regexp_call(r'set(?:res|e)?uid') + setgroups_call_regex = create_regexp_call(r'(?:ini|se)tgroups') + chroot_call_regex = create_regexp_call('chroot') +- # 401eb8: e8 c3 f0 ff ff callq 400f80 +- objdump_call_regex = re.compile(br'callq?\s(.*)') + debuginfo_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.debug_.*\s+') + symtab_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.symtab\s+') + gethostbyname_call_regex = create_regexp_call(r'(gethostbyname|gethostbyname2|gethostbyaddr|gethostbyname_r|gethostbyname2_r|gethostbyaddr_r)') +@@ -96,6 +94,16 @@ class BinaryInfo(object): + self.mktemp = False + + is_debug = path.endswith('.debug') ++ # Currently this implementation works only on specific ++ # architectures due to reliance on arch specific assembly. ++ if pkg.arch in ['armv6hl', 'armv7hl', 'aarch64']: ++ # 10450: ebffffec bl 10408 ++ BinaryInfo.objdump_call_regex = re.compile(br'\sbl\s+(.*)') ++ elif (pkg.arch.endswith('86') or pkg.arch == 'x86_64'): ++ # 401eb8: e8 c3 f0 ff ff callq 400f80 ++ BinaryInfo.objdump_call_regex = re.compile(br'callq?\s(.*)') ++ else: ++ BinaryInfo.objdump_call_regex = None + + res = Pkg.getstatusoutput( + ('readelf', '-W', '-S', '-l', '-d', '-s', path)) +@@ -204,10 +212,13 @@ class BinaryInfo(object): + + # check if chroot is near chdir (since otherwise, chroot is called + # without chdir) +- # Currently this implementation works only on x86_64 due to reliance +- # on x86_64 specific assembly. Skip it on other architectures +- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and +- self.chroot and self.chdir): ++ if not BinaryInfo.objdump_call_regex and self.chroot and self.chdir: ++ # On some architectures, e.g. PPC, it is to difficult to ++ # find the actual invocations of chroot/chdir, if both ++ # exist assume chroot is fine ++ self.chroot_near_chdir = True ++ ++ elif self.chroot and self.chdir: + p = subprocess.Popen(('objdump', '-d', path), + stdout=subprocess.PIPE, bufsize=-1, + env=dict(os.environ, LC_ALL="C")) +@@ -537,9 +548,8 @@ class BinariesCheck(AbstractCheck.AbstractCheck): + printError(pkg, 'missing-call-to-setgroups-before-setuid', + fname) + +- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and bin_info.chroot): +- if not bin_info.chdir or not bin_info.chroot_near_chdir: +- printError(pkg, 'missing-call-to-chdir-with-chroot', fname) ++ if bin_info.chroot and not bin_info.chroot_near_chdir: ++ printError(pkg, 'missing-call-to-chdir-with-chroot', fname) + + if bin_info.mktemp: + printError(pkg, 'call-to-mktemp', fname) +-- +2.14.2 + diff --git a/_servicedata b/_servicedata index e8890ff..5c1d8f3 100644 --- a/_servicedata +++ b/_servicedata @@ -3,4 +3,4 @@ https://github.com/openSUSE/rpmlint-tests.git 8b163ac0aaf41e8424edbc4074a60f18e9cb9438 https://github.com/openSUSE/rpmlint-checks.git - 9fe029d320afd18bba51bad18cc79324a912c756 \ No newline at end of file + 19a2516ec526f44b39a88e1757fc4f9fa1f3b603 \ No newline at end of file diff --git a/config b/config index 15af9b2..0e5ebe0 100644 --- a/config +++ b/config @@ -108,6 +108,7 @@ setOption('ValidGroups', [ 'Development/Languages/Perl', 'Development/Languages/Python', 'Development/Languages/Ruby', + 'Development/Languages/Rust', 'Development/Languages/Scheme', 'Development/Languages/Tcl', 'Development/Libraries/C and C++', @@ -120,6 +121,7 @@ setOption('ValidGroups', [ 'Development/Libraries/Parallel', 'Development/Libraries/Perl', 'Development/Libraries/Python', + 'Development/Libraries/Rust', 'Development/Libraries/Tcl', 'Development/Libraries/X11', 'Development/Libraries/YaST', @@ -409,6 +411,7 @@ setOption('StandardGroups', ( 'nogroup', 'novell_nogroup', 'novlxtier', + '_nsd', 'ntadmin', 'ntop', 'ntp', @@ -587,6 +590,7 @@ setOption('StandardUsers', ( 'novlifdr', 'novlxregd', 'novlxsrvd', + '_nsd', 'ntop', 'ntp', 'openstack-ceilometer', @@ -675,7 +679,7 @@ add the user to the "config" file and send a submitrequest. '''A file in this package is owned by an unregistered group id. To register the group, please branch the devel:openSUSE:Factory:rpmlint rpmlint package, add the group to the "config" file and send a submitrequest. -''' +''', 'no-changelogname-tag', '''There is no changelog. Please insert a '%changelog' section heading in your spec file and prepare your changes file using e.g. the 'osc vc' command.''', @@ -1027,7 +1031,13 @@ setOption("DBUSServices.WhiteList", ( "connman-nmcompat.conf", "connman.conf", "connman-vpn-dbus.conf", - "net.connman.vpn.service" + "net.connman.vpn.service", + # kcmsddm (bsc#1065563) + "org.kde.kcontrol.kcmsddm.conf", + "org.kde.kcontrol.kcmsddm.service", + # usbauth (bsc#1066877) + "org.opensuse.usbauth.conf", + "org.opensuse.usbauth.service" )) setOption("PAMModules.WhiteList", ( diff --git a/rpmlint-checks-master.tar.xz b/rpmlint-checks-master.tar.xz index ee76e2a..8abc535 100644 --- a/rpmlint-checks-master.tar.xz +++ b/rpmlint-checks-master.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b3e65386ee2a52276b8fb443ee2f8cb71101c08759e4006d2ce94c44c626f78e -size 23268 +oid sha256:31ced77bac654f56787b2d941e7b821696c79116204ff5943e31f1bfa7956f40 +size 23176 diff --git a/rpmlint-tests.spec b/rpmlint-tests.spec index 371a297..4fa1314 100644 --- a/rpmlint-tests.spec +++ b/rpmlint-tests.spec @@ -1,7 +1,7 @@ # # spec file for package rpmlint-tests # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/rpmlint.changes b/rpmlint.changes index 67406e3..d48e0d5 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Mon Jan 15 09:15:19 UTC 2018 - krahmer@suse.com + +- whitelisting usbauth (bsc#1066877) + +------------------------------------------------------------------- +Sun Jan 14 15:36:40 UTC 2018 - ngompa13@gmail.com + +- Add Development/{Languages,Libraries}/Rust groups as noted in wiki + +------------------------------------------------------------------- +Wed Jan 3 10:27:22 UTC 2018 - adam.majer@suse.de + +- add missing comma (,) to config file +- add user/group _nsd for NSD name server + +------------------------------------------------------------------- +Sat Dec 2 16:48:08 UTC 2017 - stefan.bruens@rwth-aachen.de + +- add 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch + +------------------------------------------------------------------- +Wed Nov 29 09:26:18 UTC 2017 - krahmer@suse.com + +- whitelisting kcmsddm (bsc#1065563) + +------------------------------------------------------------------- +Fri Nov 24 10:09:26 UTC 2017 - opensuse-packaging@opensuse.org + +- Update to version master: + * Fix warnings + * Add new rpmlint check for new %{_fillupdir} macro (boo#1069468) + * Open paths within the rpm file itself + * Fix python warning + * BashismCheck: Only check regular files + * Rewrite BashismsCheck to actually work + ------------------------------------------------------------------- Tue Nov 14 15:47:20 UTC 2017 - dimstar@opensuse.org diff --git a/rpmlint.spec b/rpmlint.spec index 1bce79f..33f8db4 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -1,7 +1,7 @@ # # spec file for package rpmlint # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -89,6 +89,7 @@ Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch Patch70: rpmlint-all-pie.patch Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch Patch72: rpmlint-slpp-NUM-NUM.patch +Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch BuildRequires: obs-service-format_spec_file BuildRequires: python3-flake8 BuildRequires: python3-pytest