diff --git a/config b/config index c4a3354..536959a 100644 --- a/config +++ b/config @@ -197,6 +197,7 @@ setOption('StandardGroups', ( 'qemu', 'quagga', 'quasselcore', + 'rabbitmq', 'radiusd', 'root', 'sabayon-admin', @@ -359,6 +360,7 @@ setOption('StandardUsers', ( 'qemu', 'quagga', 'quasselcore', + 'rabbitmq', 'radiusd', 'radvd', 'root', diff --git a/rpmlint-check-gethostbyname.patch b/rpmlint-check-gethostbyname.patch new file mode 100644 index 0000000..8032e63 --- /dev/null +++ b/rpmlint-check-gethostbyname.patch @@ -0,0 +1,146 @@ +From 415d04b8d4fbb1421b9277294cf94b851c408795 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20Br=C3=BCns?= +Date: Tue, 8 Mar 2016 23:48:45 +0100 +Subject: [PATCH] gethostbyname + +--- + tests/gethostbyname.ignore | 4 ++ + tests/gethostbyname.ref | 7 ++++ + tests/gethostbyname.spec | 101 +++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 112 insertions(+) + create mode 100644 tests/gethostbyname.ignore + create mode 100644 tests/gethostbyname.ref + create mode 100644 tests/gethostbyname.spec + +diff --git a/tests/gethostbyname.ignore b/tests/gethostbyname.ignore +new file mode 100644 +index 0000000..410e7a4 +--- /dev/null ++++ b/tests/gethostbyname.ignore +@@ -0,0 +1,3 @@ ++#addFilter(" files-duplicate") ++addFilter(" no-manual-page-for-binary ") ++#addFilter(" no-binary") +diff --git a/tests/gethostbyname.ref b/tests/gethostbyname.ref +new file mode 100644 +index 0000000..fb4a5b9 +--- /dev/null ++++ b/tests/gethostbyname.ref +@@ -0,0 +1,7 @@ ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2 ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2_r ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr_r ++gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname_r ++1 packages and 0 specfiles checked; 0 errors, 0 warnings. +diff --git a/tests/gethostbyname.spec b/tests/gethostbyname.spec +new file mode 100644 +index 0000000..2cd2457 +--- /dev/null ++++ b/tests/gethostbyname.spec +@@ -0,0 +1,101 @@ ++Name: gethostbyname ++Version: 0 ++Release: 0 ++Group: Development/Tools/Building ++Summary: Lorem ipsum ++License: GPL-2.0+ ++BuildRoot: %_tmppath/%name-%version-build ++Url: http://www.opensuse.org/ ++ ++%description ++Lorem ipsum dolor sit amet, consectetur adipisici elit, sed ++eiusmod tempor incidunt ut labore et dolore magna aliqua. Ut enim ++ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut ++aliquid ex ea commodi consequat. Quis aute iure reprehenderit in ++voluptate velit esse cillum dolore eu fugiat nulla pariatur. ++Excepteur sint obcaecat cupiditat non proident, sunt in culpa qui ++officia deserunt mollit anim id est laborum. ++ ++%prep ++%build ++# int gethostent_r( ++# struct hostent *ret, char *buf, size_t buflen, ++# struct hostent **result, int *h_errnop); ++# ++# int gethostbyaddr_r(const void *addr, socklen_t len, int type, ++# struct hostent *ret, char *buf, size_t buflen, ++# struct hostent **result, int *h_errnop); ++# ++# int gethostbyname_r(const char *name, ++# struct hostent *ret, char *buf, size_t buflen, ++# struct hostent **result, int *h_errnop); ++# ++# int gethostbyname2_r(const char *name, int af, ++# struct hostent *ret, char *buf, size_t buflen, ++# struct hostent **result, int *h_errnop); ++ ++cat < call_gethostbyname.c ++#include ++int main(void) ++{ ++ return gethostbyname("") > 0; ++} ++EOF ++ ++cat < call_gethostbyname2.c ++#include ++int main(void) ++{ ++ return gethostbyname2("", 0) > 0; ++} ++EOF ++ ++cat < call_gethostbyaddr.c ++#include ++int main(void) ++{ ++ return gethostbyaddr(0, 0, 0) > 0; ++} ++EOF ++ ++cat < call_gethostbyaddr_r.c ++#include ++int main(void) ++{ ++ return gethostbyaddr_r(0, 0, 0, 0, 0, 0, 0, 0) > 0; ++} ++EOF ++ ++cat < call_gethostbyname_r.c ++#include ++int main(void) ++{ ++ return gethostbyname_r("", 0, 0, 0, 0, 0) > 0; ++} ++EOF ++ ++cat < call_gethostbyname2_r.c ++#include ++int main(void) ++{ ++ return gethostbyname2_r("", 0, 0, 0, 0, 0, 0) > 0; ++} ++EOF ++ ++%install ++for f in gethostbyname gethostbyname2 gethostbyaddr gethostbyaddr_r gethostbyname_r gethostbyname2_r; do ++ gcc $RPM_OPT_FLAGS -o call_$f call_$f.c ++ strip call_$f ++ install -D -m 755 call_$f %buildroot/usr/bin/call_$f ++done ++ ++%clean ++rm -rf %buildroot ++ ++%files ++%defattr(-,root,root) ++/usr/bin/* ++ ++%changelog ++* Sat Mar 05 2016 stefan.bruens@rwth-aachen.de ++- dummy +-- +2.7.2 + diff --git a/rpmlint-tests.changes b/rpmlint-tests.changes index 9db01bd..bf94c81 100644 --- a/rpmlint-tests.changes +++ b/rpmlint-tests.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 8 22:57:31 UTC 2016 - stefan.bruens@rwth-aachen.de + +- add regression test for boo#970170 + ------------------------------------------------------------------- Mon Nov 30 14:58:36 UTC 2015 - lnussel@suse.de diff --git a/rpmlint-tests.spec b/rpmlint-tests.spec index 33864ce..23568e1 100644 --- a/rpmlint-tests.spec +++ b/rpmlint-tests.spec @@ -30,6 +30,7 @@ Group: Development/Tools/Building BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://www.opensuse.org/ Source: rpmlint-tests-%version.tar.xz +Patch0: rpmlint-check-gethostbyname.patch %description This package doesn't actually contain any files and is not meant to @@ -38,6 +39,7 @@ regression tests against rpmlint(-mini). %prep %setup -q +%patch0 -p1 %build mkdir rpms diff --git a/rpmlint.changes b/rpmlint.changes index 4e87e65..54ca3a8 100644 --- a/rpmlint.changes +++ b/rpmlint.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Mar 14 16:08:20 UTC 2016 - christoph@stop.pe + +- whitelist rabbitmq user and group + +------------------------------------------------------------------- +Tue Mar 8 23:29:11 UTC 2016 - stefan.bruens@rwth-aachen.de + +- Fix boo#970170: rpmlint no longer detects gethostbyname calls, + also detect gethostbyname{,2}{,_r}, gethostbyaddr{,_r} + * update suse-binariescheck.diff + * rpmlint-check-gethostbyname.patch + ------------------------------------------------------------------- Mon Feb 22 08:16:34 UTC 2016 - dmueller@suse.com diff --git a/suse-binarieschecks.diff b/suse-binarieschecks.diff index 19627f4..e1e4556 100644 --- a/suse-binarieschecks.diff +++ b/suse-binarieschecks.diff @@ -20,13 +20,14 @@ index d2ed87a..2e5758e 100644 import AbstractCheck import Config import Pkg -@@ -53,6 +53,9 @@ class BinaryInfo: +@@ -53,6 +53,10 @@ class BinaryInfo: unused_regex = re.compile('^\s+(\S+)') exit_call_regex = create_regexp_call('_?exit') fork_call_regex = create_regexp_call('fork') + debuginfo_regex=re.compile('^\s+\[\s*\d+\]\s+\.debug_.*\s+') + symtab_regex=re.compile('^\s+\[\s*\d+\]\s+\.symtab\s+') -+ gethostbyname_call_regex = re.compile('\s+FUNC\s+.*?\s+(gethostbyname(?:@\S+)?)(?:\s|$)') ++ gethostbyname_call_regex = create_regexp_call(['gethostbyname', 'gethostbyname2', ++ 'gethostbyaddr', 'gethostbyname_r', 'gethostbyname2_r', 'gethostbyaddr_r']) # regexp for setgid setegid setresgid set(?:res|e)?gid setgid_call_regex = create_regexp_call(['setresgid', 'setegid', 'setgid']) setuid_call_regex = create_regexp_call(['setresuid', 'seteuid', 'setuid'])