diff --git a/0001-Fix-compatibility-with-file-5.33.patch b/0001-Fix-compatibility-with-file-5.33.patch index 29c0f59..c813f81 100644 --- a/0001-Fix-compatibility-with-file-5.33.patch +++ b/0001-Fix-compatibility-with-file-5.33.patch @@ -39,4 +39,4 @@ Index: rpmlint-rpmlint-1.10/BinariesCheck.py + pie_exec_re and pie_exec_re.search(fname)): printError(pkg, 'non-position-independent-executable', fname) - if not is_shobj: + diff --git a/config b/config index 24e9648..93c5d2a 100644 --- a/config +++ b/config @@ -1179,10 +1179,12 @@ setOption("PAMModules.WhiteList", ( "pam_gdm.so", # pam_slurm (bsc#1007053) "pam_slurm.so", - # pam_script(bsc#1039848) + # pam_script (bsc#1039848) "pam_script.so", - # pam_yubico(bsc#1087060) - "pam_yubico.so" + # pam_yubico (bsc#1087060) + "pam_yubico.so", + # pam_oath (bsc#1089114) + "pam_oath.so" )) # Output filters diff --git a/rpmlint-all-pie.patch b/rpmlint-all-pie.patch deleted file mode 100644 index 2aaa37e..0000000 --- a/rpmlint-all-pie.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: rpmlint-rpmlint-1.10/BinariesCheck.py -=================================================================== ---- rpmlint-rpmlint-1.10.orig/BinariesCheck.py -+++ rpmlint-rpmlint-1.10/BinariesCheck.py -@@ -534,6 +534,9 @@ class BinariesCheck(AbstractCheck.Abstra - if not is_shobj and pie_exec_re and pie_exec_re.search(fname): - printError(pkg, 'non-position-independent-executable', - fname) -+ if not is_shobj: -+ printError(pkg, 'position-independent-executable-suggested', -+ fname) - - if bin_info.readelf_error: - continue -@@ -786,6 +789,10 @@ stripping process.''', - '''This executable must be position independent. Check that it is built with - -fPIE/-fpie in compiler flags and -pie in linker flags.''', - -+'position-independent-executable-suggested', -+'''This executable should be position independent (all binaries should). Check -+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''', -+ - 'missing-call-to-setgroups-before-setuid', - '''This executable is calling setuid and setgid without setgroups or - initgroups. There is a high probability this means it didn't relinquish all diff --git a/rpmlint.changes b/rpmlint.changes index 46d3510..b60ac57 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Wed Jul 11 09:06:31 UTC 2018 - dmueller@suse.com + +- add suse-rpmlint-all-pie.patch: refresh to handle the pie-executable + case (rename from rpmlint-all-pie.patch) + +------------------------------------------------------------------- +Mon Jul 9 19:37:57 UTC 2018 - dmueller@suse.com + +- drop obsolete suse-no-run-ldconfig.diff, + suse-manpages-for-rc-scripts.diff + +------------------------------------------------------------------- +Thu Jul 5 16:48:30 UTC 2018 - matthias.gerstner@suse.com + +- whitelist pam_oath PAM module after audit (bsc#1089114) + ------------------------------------------------------------------- Tue Jul 3 14:09:19 UTC 2018 - mcepl@suse.com diff --git a/rpmlint.spec b/rpmlint.spec index d1cd6ea..e9ed614 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -55,7 +55,6 @@ Patch32: buildroot-in-scripts.diff Patch33: libtool-wrapper-check.diff Patch34: suse-check-optional-dependencies.diff Patch35: noarch-lib64.diff -Patch36: suse-no-run-ldconfig.diff Patch37: description-check.diff Patch38: 0001-Tighten-wrong-script-interpreter-check-to-lower-fals.patch Patch39: selfconflicts-provide.diff @@ -69,7 +68,6 @@ Patch49: extend-suse-conffiles-check.diff Patch50: compressed-backup-regex.diff Patch51: suse-speccheck-utf8.diff Patch52: 0001-Accept-python-abi-as-a-valid-versioned-python-depend.patch -Patch53: suse-manpages-for-rc-scripts.diff Patch54: suse-ignore-specfile-errors.diff Patch55: invalid-filerequires.diff Patch57: check-for-self-provides.diff @@ -85,13 +83,13 @@ Patch66: 0001-Handle-post-scripts-that-contain-non-ascii-character.patch Patch67: omit_BUILDROOT_from_pyo_files.patch Patch68: 0001-Avoid-false-positives-on-is_elf-check.patch Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch -Patch70: rpmlint-all-pie.patch Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch Patch72: rpmlint-slpp-NUM-NUM.patch Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch Patch74: 0001-Always-import-XDG-desktop-files-as-utf8.patch Patch75: 0001-Fix-compatibility-with-file-5.33.patch Patch76: update-magic-values-python-37.patch +Patch77: suse-rpmlint-all-pie.patch BuildRequires: obs-service-format_spec_file BuildRequires: python3-flake8 BuildRequires: python3-pytest diff --git a/suse-manpages-for-rc-scripts.diff b/suse-manpages-for-rc-scripts.diff deleted file mode 100644 index 958201e..0000000 --- a/suse-manpages-for-rc-scripts.diff +++ /dev/null @@ -1,22 +0,0 @@ -From: Some One -Date: Thu, 9 Apr 2015 14:55:40 +0200 -Subject: [PATCH] suse-manpages-for-rc-scripts - -=================================================================== ---- - FilesCheck.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: rpmlint-rpmlint-1.10/FilesCheck.py -=================================================================== ---- rpmlint-rpmlint-1.10.orig/FilesCheck.py -+++ rpmlint-rpmlint-1.10/FilesCheck.py -@@ -1031,7 +1031,7 @@ class FilesCheck(AbstractCheck.AbstractC - for exe, paths in bindir_exes.items(): - if len(paths) > 1: - printWarning(pkg, "duplicate-executable", exe, paths) -- if exe not in man_basenames: -+ if exe not in man_basenames and not exe.startswith("rc") and len(paths) is not 0: - printWarning(pkg, "no-manual-page-for-binary", exe) - - diff --git a/suse-no-run-ldconfig.diff b/suse-no-run-ldconfig.diff deleted file mode 100644 index ba29a36..0000000 --- a/suse-no-run-ldconfig.diff +++ /dev/null @@ -1,39 +0,0 @@ -From: Some One -Date: Thu, 9 Apr 2015 14:55:39 +0200 -Subject: [PATCH] suse-no-run-ldconfig.diff - -=================================================================== ---- - SpecCheck.py | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -Index: rpmlint-rpmlint-1.10/SpecCheck.py -=================================================================== ---- rpmlint-rpmlint-1.10.orig/SpecCheck.py -+++ rpmlint-rpmlint-1.10/SpecCheck.py -@@ -454,6 +454,10 @@ class SpecCheck(AbstractCheck.AbstractCh - 'comparison-operator-in-deptoken', - conf) - -+ if current_section in ('post', 'postun'): -+ if line.find('%run_ldconfig') != -1: -+ printWarning(pkg, 'deprecated-use-of-%run_ldconfig') -+ - if current_section == 'changelog': - for match in AbstractCheck.macro_regex.findall(line): - res = re.match('%+', match) -@@ -771,6 +775,14 @@ may break short circuit builds.''', - '''Make check or other automated regression test should be run in %check, as - they can be disabled with a rpm macro for short circuiting purposes.''', - -+'deprecated-use-of-%run_ldconfig', -+'''According to the new SUSE Packaging Conventions, the use of %run_ldconfig -+is deprecated. Please use /sbin/ldconfig instead, or -+ -+%post(un) -p /sbin/ldconfig -+ -+in the case where ldconfig is the only command to be executed.''', -+ - 'macro-in-%changelog', - '''Macros are expanded in %changelog too, which can in unfortunate cases lead - to the package not building at all, or other subtle unexpected conditions that diff --git a/suse-rpmlint-all-pie.patch b/suse-rpmlint-all-pie.patch new file mode 100644 index 0000000..b7c77d7 --- /dev/null +++ b/suse-rpmlint-all-pie.patch @@ -0,0 +1,34 @@ +Index: rpmlint-rpmlint-1.10/BinariesCheck.py +=================================================================== +--- rpmlint-rpmlint-1.10.orig/BinariesCheck.py ++++ rpmlint-rpmlint-1.10/BinariesCheck.py +@@ -543,10 +543,14 @@ class BinariesCheck(AbstractCheck.Abstra + if ocaml_mixed_regex.search(bin_info.tail): + printWarning(pkg, 'ocaml-mixed-executable', fname) + +- if ((not is_shobj and not is_pie_exec) and +- pie_exec_re and pie_exec_re.search(fname)): +- printError(pkg, 'non-position-independent-executable', +- fname) ++ if (not is_shobj and not is_pie_exec): ++ if pie_exec_re and pie_exec_re.search(fname): ++ printError( ++ pkg, 'non-position-independent-executable', fname) ++ else: ++ printWarning( ++ pkg, 'position-independent-executable-suggested', ++ fname) + + if bin_info.readelf_error: + continue +@@ -798,6 +802,10 @@ stripping process.''', + '''This executable must be position independent. Check that it is built with + -fPIE/-fpie in compiler flags and -pie in linker flags.''', + ++'position-independent-executable-suggested', ++'''This executable should be position independent (all binaries should). Check ++that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''', ++ + 'missing-call-to-setgroups-before-setuid', + '''This executable is calling setuid and setgid without setgroups or + initgroups. There is a high probability this means it didn't relinquish all