Accepting request 509371 from devel:openSUSE:Factory:rpmlint

- Adding pam_dbus (bsc#1039709) (forwarded request 509368 from krahmer) OBS-URL: https://build.opensuse.org/request/show/509371 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=274
2017-07-17 07:00:51 +00:00 · 2017-07-17 07:00:51 +00:00 · 699738811d
commit 699738811d
parent 030f3c6274 38e9ccdbfe
8 changed files with 169 additions and 4 deletions
--- a/6
+++ b/6
@ -759,7 +759,11 @@ setOption("DBUSServices.WhiteList", (
    # openqa (bsc#1039290)
    "org.opensuse.openqa.conf",
    "openqa-scheduler.service",
-    "openqa-websockets.service"
+    "openqa-websockets.service",
+    # pam_dbus (bsc#1039709). Take care to
+    # never enable/integrate this by default (see bsc comments)
+    "pam_dbus.conf",
+    "pam_dbus.service"
 ))

 setOption("PAMModules.WhiteList", (
--- a/rpmlint-all-pie.patch
+++ b/rpmlint-all-pie.patch
@ -0,0 +1,25 @@
+Index: rpmlint-rpmlint-1.8/BinariesCheck.py
+===================================================================
+--- rpmlint-rpmlint-1.8.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.8/BinariesCheck.py
+@@ -560,6 +560,9 @@ class BinariesCheck(AbstractCheck.Abstra
+                 if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
+                     printError(pkg, 'non-position-independent-executable',
+                                fname)
+                if not is_shobj:
+                    printError(pkg, 'position-independent-executable-suggested',
+                               fname)
+ 
+             if bin_info.readelf_error:
+                 continue
+@@ -809,6 +812,10 @@ stripping process.''',
+ '''This executable must be position independent.  Check that it is built with
+ -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+ 
+'position-independent-executable-suggested',
+'''This executable should be position independent (all binaries should).  Check
+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+
+ 'missing-call-to-setgroups-before-setuid',
+ '''This executable is calling setuid and setgid without setgroups or
+ initgroups. There is a high probability this means it didn't relinquish all
--- a/rpmlint-pie-factory.patch
+++ b/rpmlint-pie-factory.patch
@ -0,0 +1,26 @@
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/pie.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref
+@@ -1,4 +1,5 @@
+pie: W: position-independent-executable-suggested /usr/bin/telnet
+ pie: W: permissions-incorrect /bin/mount has mode 0755 but should be 04755
+ pie: E: non-position-independent-executable (Badness: 10000) /usr/bin/telnet
+ pie: W: missing-call-to-setgroups-before-setuid /bin/mount
+-1 packages and 0 specfiles checked; 1 errors, 2 warnings.
+1 packages and 0 specfiles checked; 1 errors, 3 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/permissions1.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref
+@@ -1,3 +1,4 @@
+permissions1: W: position-independent-executable-suggested /bin/ls
+ permissions1: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/test
+ permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/ls
+ permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/su
+@@ -8,4 +9,4 @@ permissions1: W: permissions-incorrect-o
+ permissions1: W: permissions-incorrect /bin/su has mode 0755 but should be 04755
+ permissions1: E: permissions-file-setuid-bit (Badness: 10000) /bin/ls is packaged with setuid/setgid bits (04755)
+ permissions1: W: non-position-independent-executable /bin/ls
+-1 packages and 0 specfiles checked; 2 errors, 8 warnings.
+1 packages and 0 specfiles checked; 2 errors, 9 warnings.
--- a/rpmlint-pie-leap42.patch
+++ b/rpmlint-pie-leap42.patch
@ -0,0 +1,88 @@
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/srv.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref
+@@ -1,4 +1,5 @@
+ srv: E: suse-filelist-forbidden-srv (Badness: 10000) /usr/local/ftp is not allowed in SUSE
+ srv: W: suse-filelist-forbidden-fhs23 /usr/local is not allowed in FHS 2.3
+srv: W: position-independent-executable-suggested /usr/local/ftp/foo
+ srv: W: call-to-mktemp /usr/local/ftp/foo
+-1 packages and 0 specfiles checked; 1 errors, 2 warnings.
+1 packages and 0 specfiles checked; 1 errors, 3 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref
+@@ -1,5 +1,6 @@
+ debug: W: static-library-without-symtab /usr/lib/foo/t2.a
+ debug: W: static-library-without-debuginfo /usr/lib/foo/t.a
+debug: W: position-independent-executable-suggested /usr/bin/t
+ debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
+ debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
+-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 3 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/game.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/game.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/game.ref
+@@ -1,5 +1,7 @@
+ game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib/blub is not allowed in SUSE
+ game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib is not allowed in SUSE
+game: W: position-independent-executable-suggested /usr/games/foo
+game: W: position-independent-executable-suggested /usr/games/lib/blub
+ game: W: call-to-mktemp /usr/games/foo
+ game: W: call-to-mktemp /usr/games/lib/blub
+-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 4 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug2.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref
+@@ -1,4 +1,5 @@
+ debug2: W: static-library-without-symtab /usr/lib/foo/t2.a
+debug2: W: position-independent-executable-suggested /usr/bin/t
+ debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
+ debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
+-1 packages and 0 specfiles checked; 2 errors, 1 warnings.
+1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/chroot.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref
+@@ -1,2 +1,4 @@
+chroot: W: position-independent-executable-suggested /usr/bin/call_chroot_with_chdir
+chroot: W: position-independent-executable-suggested /usr/bin/call_chroot
+ chroot: W: missing-call-to-chdir-with-chroot /usr/bin/call_chroot
+-1 packages and 0 specfiles checked; 0 errors, 1 warnings.
+1 packages and 0 specfiles checked; 0 errors, 3 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug1.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref
+@@ -1,5 +1,6 @@
+ debug1: W: static-library-without-symtab /usr/lib/foo/t2.a
+ debug1: W: static-library-without-debuginfo /usr/lib/foo/t.a
+debug1: W: position-independent-executable-suggested /usr/bin/t
+ debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
+ debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
+-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 3 warnings.
+Index: rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref
+===================================================================
+--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/gethostbyname.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref
+@@ -1,7 +1,13 @@
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2_r
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr_r
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname_r
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2_r
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr_r
+ gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname_r
+-1 packages and 0 specfiles checked; 0 errors, 0 warnings.
+1 packages and 0 specfiles checked; 0 errors, 6 warnings.
--- a/rpmlint-tests.changes
+++ b/rpmlint-tests.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Jul  2 16:30:01 UTC 2017 - meissner@suse.com
+
+- rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch:
+  adjust testsuite to match new PIE warning, for both
+  Leap 42.3 and Factory.
+
 -------------------------------------------------------------------
 Tue Apr 18 13:49:18 UTC 2017 - opensuse-packaging@opensuse.org

--- a/rpmlint-tests.spec
+++ b/rpmlint-tests.spec
@ -32,6 +32,8 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://www.opensuse.org/
 Source:         rpmlint-tests-%version.tar.xz
 Patch1:         0001-Update-varrun-test-for-Leap-42.2-severity-reduction.patch
+Patch2:         rpmlint-pie-leap42.patch
+Patch3:         rpmlint-pie-factory.patch

 %description
 This package doesn't actually contain any files and is not meant to
@ -43,6 +45,10 @@ regression tests against rpmlint(-mini).
 %if 0%{?sle_version} >= 120200
 %patch1 -p1
 %endif
+%if 0%{?suse_version} < 1330
+%patch2 -p1
+%endif
+%patch3 -p1

 %build
 mkdir rpms
@ -50,7 +56,4 @@ make test

 %install

-%clean
-rm -rf %buildroot
-
 %changelog
--- a/rpmlint.changes
+++ b/rpmlint.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Jul 11 08:48:32 UTC 2017 - krahmer@suse.com
+
+- Adding pam_dbus (bsc#1039709) 
+
+-------------------------------------------------------------------
+Thu Jun 22 08:33:11 UTC 2017 - meissner@suse.com
+
+- rpmlint-all-pie.patch: for non-PIE built binaries emit a warning
+  to suggest build them as PIE.
+
 -------------------------------------------------------------------
 Tue Jun  6 18:33:56 UTC 2017 - marec@detebe.org

--- a/rpmlint.spec
+++ b/rpmlint.spec
@ -125,6 +125,7 @@ Patch67:        suse-readd_terminator_in_regex.patch
 Patch68:        boo1027577-license_tag.patch
 # Fix check for 'missing-call-to-chdir-with-chroot' on ARM, relax check on PPC
 Patch69:        BinariesCheck_fix_chroot_check_on_non_x86.patch
+Patch70:        rpmlint-all-pie.patch
 # PATCHLIST END
 # BuildArch must at the end. is a bug: https://bugzilla.suse.com/show_bug.cgi?id=926766
 BuildArch:      noarch