SHA256
1
0
forked from pool/rpmlint

- suse-spdx-license-exceptions.patch: removed fuzziness from patch.

- issue_68_BinariesCheck_lower_memory.patch: split into seperate patches
  issue_68_BinariesCheck_lower_memory-1.patch
  issue_68_BinariesCheck_lower_memory-2.patch
  issue_68_BinariesCheck_lower_memory-3.patch
  issue_68_BinariesCheck_lower_memory-4.patch
  and unfuzzed patch number 3.

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=424
This commit is contained in:
Marcus Meissner 2017-01-31 15:01:29 +00:00 committed by Git OBS Bridge
parent c793b67a68
commit aba168ae61
8 changed files with 206 additions and 193 deletions

View File

@ -0,0 +1,37 @@
From c5871542684bf1439d96f2430fe4f0010070e4db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Skytt=C3=A4?= <ville.skytta@iki.fi>
Date: Sun, 7 Feb 2016 10:10:51 +0200
Subject: [PATCH] BinariesCheck: avoid false chroot w/o chdir when objdump
fails
https://bugzilla.redhat.com/show_bug.cgi?id=1305302
---
BinariesCheck.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index b2c030e..33dfae5 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -210,7 +210,10 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
# on a server like postfix
res = Pkg.getstatusoutput(
('env', 'LC_ALL=C', 'objdump', '-d', path))
- if not res[0]:
+ if res[0]:
+ printWarning(pkg, 'binaryinfo-objdump-failed', file)
+ self.chroot_near_chdir = True # avoid false positive
+ else:
call = []
# we want that :
# 401eb8: e8 c3 f0 ff ff callq 400f80 <free@plt>
@@ -645,6 +648,9 @@ def check_binary(self, pkg):
'binaryinfo-readelf-failed',
'''Executing readelf on this file failed, all checks could not be run.''',
+'binaryinfo-objdump-failed',
+'''Executing objdump on this file failed, all checks could not be run.''',
+
'binaryinfo-tail-failed',
'''Reading trailing bytes of this file failed, all checks could not be run.''',

View File

@ -0,0 +1,83 @@
From be76ea6216987eefe9e863b193657318720bca51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
Date: Sun, 13 Mar 2016 16:01:37 +0100
Subject: [PATCH 1/3] BinariesCheck: lower memory requirements, fix
chroot/chdir detection
Do not read whole output of objdump -d into memory, but read and process
the output while it is created (issue #67).
Also correct expression to find 'chdir@plt' in output (issue #66)
---
BinariesCheck.py | 49 ++++++++++++++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 19 deletions(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index 33dfae5..ee6d00b 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -10,6 +10,7 @@
import re
import stat
import sys
+import subprocess
import rpm
@@ -205,27 +206,37 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
# check if chroot is near chdir (since otherwise, chroot is called
# without chdir)
if self.chroot and self.chdir:
- # FIXME this check is too slow, because forking for objdump is
- # quite slow according to a quick test and that's quite visible
- # on a server like postfix
- res = Pkg.getstatusoutput(
- ('env', 'LC_ALL=C', 'objdump', '-d', path))
- if res[0]:
+ p = subprocess.Popen(
+ ['env', 'LC_ALL=C', 'objdump', '-d', path],
+ stdout=subprocess.PIPE, bufsize=1)
+ with p.stdout:
+ # we want that :
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
+ objdump_call_regex = re.compile(b'callq?\s(.*)')
+ index = 0
+ chroot_index = -99
+ chdir_index = -99
+ for line in p.stdout:
+ r = objdump_call_regex.search(line)
+ if not r:
+ continue
+ if b'@plt' not in r.group(1):
+ pass
+ elif b'chroot@plt' in r.group(1):
+ chroot_index = index
+ if abs(chroot_index - chdir_index) <= 2:
+ self.chroot_near_chdir = True
+ break
+ elif b'chdir@plt' in r.group(1):
+ chdir_index = index
+ if abs(chroot_index - chdir_index) <= 2:
+ self.chroot_near_chdir = True
+ break
+ index += 1
+ if p.wait():
printWarning(pkg, 'binaryinfo-objdump-failed', file)
self.chroot_near_chdir = True # avoid false positive
- else:
- call = []
- # we want that :
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <free@plt>
- for l in res[1].splitlines():
- # call is for x86 32 bits, callq for x86_64
- if l.find('callq ') >= 0 or l.find('call ') >= 0:
- call.append(l.rpartition(' ')[2])
- for index, c in enumerate(call):
- if c.find('chroot@plt') >= 0:
- for i in call[index-2:index+2]:
- if i.find('chdir@plt'):
- self.chroot_near_chdir = True
+
else:
self.readelf_error = True
printWarning(pkg, 'binaryinfo-readelf-failed',

View File

@ -0,0 +1,35 @@
From f61aab52fdcbdc9096f2346ee4ecf9668d8a0fbc Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Wed, 29 Jun 2016 18:28:55 +0200
Subject: [PATCH 2/3] Use default bufsize, move regex compile to common place
---
BinariesCheck.py | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
Index: rpmlint-rpmlint-1.8/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.8.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.8/BinariesCheck.py
@@ -64,6 +64,8 @@ class BinaryInfo:
setuid_call_regex = create_regexp_call(['setresuid', 'seteuid', 'setuid'])
setgroups_call_regex = create_regexp_call(['initgroups', 'setgroups'])
chroot_call_regex = create_regexp_call('chroot')
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
+ objdump_call_regex = re.compile(b'callq?\s(.*)')
forbidden_functions = Config.getOption("WarnOnFunction")
if forbidden_functions:
@@ -234,11 +236,8 @@ class BinaryInfo:
if self.chroot and self.chdir:
p = subprocess.Popen(
['env', 'LC_ALL=C', 'objdump', '-d', path],
- stdout=subprocess.PIPE, bufsize=1)
+ stdout=subprocess.PIPE, bufsize=-1)
with p.stdout:
- # we want that :
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
- objdump_call_regex = re.compile(b'callq?\s(.*)')
index = 0
chroot_index = -99
chdir_index = -99

View File

@ -0,0 +1,22 @@
From 643f42c51f46ed1f377fc099cca818fba2d5a7d0 Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Wed, 29 Jun 2016 18:38:51 +0200
Subject: [PATCH 3/3] Fix last commit
---
BinariesCheck.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index f19ae29..89517c2 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -216,7 +216,7 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
chroot_index = -99
chdir_index = -99
for line in p.stdout:
- r = objdump_call_regex.search(line)
+ r = BinaryInfo.objdump_call_regex.search(line)
if not r:
continue
if b'@plt' not in r.group(1):

View File

@ -1,178 +0,0 @@
From c5871542684bf1439d96f2430fe4f0010070e4db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Skytt=C3=A4?= <ville.skytta@iki.fi>
Date: Sun, 7 Feb 2016 10:10:51 +0200
Subject: [PATCH] BinariesCheck: avoid false chroot w/o chdir when objdump
fails
https://bugzilla.redhat.com/show_bug.cgi?id=1305302
---
BinariesCheck.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index b2c030e..33dfae5 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -210,7 +210,10 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
# on a server like postfix
res = Pkg.getstatusoutput(
('env', 'LC_ALL=C', 'objdump', '-d', path))
- if not res[0]:
+ if res[0]:
+ printWarning(pkg, 'binaryinfo-objdump-failed', file)
+ self.chroot_near_chdir = True # avoid false positive
+ else:
call = []
# we want that :
# 401eb8: e8 c3 f0 ff ff callq 400f80 <free@plt>
@@ -645,6 +648,9 @@ def check_binary(self, pkg):
'binaryinfo-readelf-failed',
'''Executing readelf on this file failed, all checks could not be run.''',
+'binaryinfo-objdump-failed',
+'''Executing objdump on this file failed, all checks could not be run.''',
+
'binaryinfo-tail-failed',
'''Reading trailing bytes of this file failed, all checks could not be run.''',
From be76ea6216987eefe9e863b193657318720bca51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
Date: Sun, 13 Mar 2016 16:01:37 +0100
Subject: [PATCH 1/3] BinariesCheck: lower memory requirements, fix
chroot/chdir detection
Do not read whole output of objdump -d into memory, but read and process
the output while it is created (issue #67).
Also correct expression to find 'chdir@plt' in output (issue #66)
---
BinariesCheck.py | 49 ++++++++++++++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 19 deletions(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index 33dfae5..ee6d00b 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -10,6 +10,7 @@
import re
import stat
import sys
+import subprocess
import rpm
@@ -205,27 +206,37 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
# check if chroot is near chdir (since otherwise, chroot is called
# without chdir)
if self.chroot and self.chdir:
- # FIXME this check is too slow, because forking for objdump is
- # quite slow according to a quick test and that's quite visible
- # on a server like postfix
- res = Pkg.getstatusoutput(
- ('env', 'LC_ALL=C', 'objdump', '-d', path))
- if res[0]:
+ p = subprocess.Popen(
+ ['env', 'LC_ALL=C', 'objdump', '-d', path],
+ stdout=subprocess.PIPE, bufsize=1)
+ with p.stdout:
+ # we want that :
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
+ objdump_call_regex = re.compile(b'callq?\s(.*)')
+ index = 0
+ chroot_index = -99
+ chdir_index = -99
+ for line in p.stdout:
+ r = objdump_call_regex.search(line)
+ if not r:
+ continue
+ if b'@plt' not in r.group(1):
+ pass
+ elif b'chroot@plt' in r.group(1):
+ chroot_index = index
+ if abs(chroot_index - chdir_index) <= 2:
+ self.chroot_near_chdir = True
+ break
+ elif b'chdir@plt' in r.group(1):
+ chdir_index = index
+ if abs(chroot_index - chdir_index) <= 2:
+ self.chroot_near_chdir = True
+ break
+ index += 1
+ if p.wait():
printWarning(pkg, 'binaryinfo-objdump-failed', file)
self.chroot_near_chdir = True # avoid false positive
- else:
- call = []
- # we want that :
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <free@plt>
- for l in res[1].splitlines():
- # call is for x86 32 bits, callq for x86_64
- if l.find('callq ') >= 0 or l.find('call ') >= 0:
- call.append(l.rpartition(' ')[2])
- for index, c in enumerate(call):
- if c.find('chroot@plt') >= 0:
- for i in call[index-2:index+2]:
- if i.find('chdir@plt'):
- self.chroot_near_chdir = True
+
else:
self.readelf_error = True
printWarning(pkg, 'binaryinfo-readelf-failed',
From f61aab52fdcbdc9096f2346ee4ecf9668d8a0fbc Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Wed, 29 Jun 2016 18:28:55 +0200
Subject: [PATCH 2/3] Use default bufsize, move regex compile to common place
---
BinariesCheck.py | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index ee6d00b..f19ae29 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -54,6 +54,8 @@ class BinaryInfo(object):
setuid_call_regex = create_regexp_call('set(?:res|e)?uid')
setgroups_call_regex = create_regexp_call('(?:ini|se)tgroups')
chroot_call_regex = create_regexp_call('chroot')
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
+ objdump_call_regex = re.compile(b'callq?\s(.*)')
forbidden_functions = Config.getOption("WarnOnFunction")
if forbidden_functions:
@@ -208,11 +210,8 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
if self.chroot and self.chdir:
p = subprocess.Popen(
['env', 'LC_ALL=C', 'objdump', '-d', path],
- stdout=subprocess.PIPE, bufsize=1)
+ stdout=subprocess.PIPE, bufsize=-1)
with p.stdout:
- # we want that :
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
- objdump_call_regex = re.compile(b'callq?\s(.*)')
index = 0
chroot_index = -99
chdir_index = -99
From 643f42c51f46ed1f377fc099cca818fba2d5a7d0 Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Wed, 29 Jun 2016 18:38:51 +0200
Subject: [PATCH 3/3] Fix last commit
---
BinariesCheck.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index f19ae29..89517c2 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -216,7 +216,7 @@ def __init__(self, pkg, path, file, is_ar, is_shlib):
chroot_index = -99
chdir_index = -99
for line in p.stdout:
- r = objdump_call_regex.search(line)
+ r = BinaryInfo.objdump_call_regex.search(line)
if not r:
continue
if b'@plt' not in r.group(1):

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Tue Jan 31 14:55:48 UTC 2017 - meissner@suse.com
- suse-spdx-license-exceptions.patch: removed fuzziness from patch.
- issue_68_BinariesCheck_lower_memory.patch: split into seperate patches
issue_68_BinariesCheck_lower_memory-1.patch
issue_68_BinariesCheck_lower_memory-2.patch
issue_68_BinariesCheck_lower_memory-3.patch
issue_68_BinariesCheck_lower_memory-4.patch
and unfuzzed patch number 3.
-------------------------------------------------------------------
Tue Jan 31 14:18:03 UTC 2017 - krahmer@suse.com

View File

@ -116,7 +116,10 @@ Patch63: 0001-Avoid-messing-with-the-error-encoding-Fixes-61.patch
Patch64: omit_BUILDROOT_from_pyo_files.patch
# PATCH-FIX-UPSTREAM 0001-Fix-resolving-Python-source-from-3.5-.opt-12.pyc.patch alarrosa@suse.com -- Fixes resolving python source from files generated following PEP0488
Patch65: 0001-Fix-resolving-Python-source-from-3.5-.opt-12.pyc.patch
Patch66: issue_68_BinariesCheck_lower_memory.patch
Patch661: issue_68_BinariesCheck_lower_memory-1.patch
Patch662: issue_68_BinariesCheck_lower_memory-2.patch
Patch663: issue_68_BinariesCheck_lower_memory-3.patch
Patch664: issue_68_BinariesCheck_lower_memory-4.patch
# Fix a regression introduced by suse-shlib-devel-dependency.diff
Patch67: suse-readd_terminator_in_regex.patch
# PATCHLIST END

View File

@ -7,13 +7,13 @@ Subject: [PATCH] Handle SPDX style license exceptions
TagsCheck.py | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/TagsCheck.py b/TagsCheck.py
index f5b7516..ada84f7 100644
--- a/TagsCheck.py
+++ b/TagsCheck.py
Index: rpmlint-rpmlint-1.8/TagsCheck.py
===================================================================
--- rpmlint-rpmlint-1.8.orig/TagsCheck.py
+++ rpmlint-rpmlint-1.8/TagsCheck.py
@@ -139,6 +139,34 @@ DEFAULT_VALID_LICENSES = (
'Shareware',
)
)
+DEFAULT_VALID_LICENSE_EXCEPTIONS = (
+ '389-exception',
@ -46,7 +46,7 @@ index f5b7516..ada84f7 100644
BAD_WORDS = {
'alot': 'a lot',
'accesnt': 'accent',
@@ -404,6 +432,7 @@ VALID_GROUPS = Config.getOption('ValidGroups', None)
@@ -404,6 +432,7 @@ VALID_GROUPS = Config.getOption('ValidGr
if VALID_GROUPS is None: # get defaults from rpm package only if it's not set
VALID_GROUPS = Pkg.get_default_valid_rpmgroups()
VALID_LICENSES = Config.getOption('ValidLicenses', DEFAULT_VALID_LICENSES)
@ -54,15 +54,15 @@ index f5b7516..ada84f7 100644
INVALID_REQUIRES = map(re.compile, Config.getOption('InvalidRequires', DEFAULT_INVALID_REQUIRES))
packager_regex = re.compile(Config.getOption('Packager'))
changelog_version_regex = re.compile('[^>]([^ >]+)\s*$')
@@ -417,6 +446,7 @@ invalid_url_regex = re.compile(Config.getOption('InvalidURL'), re.IGNORECASE)
lib_package_regex = re.compile('(?:^(?:compat-)?lib.*?(\.so.*)?|libs?[\d-]*)$', re.IGNORECASE)
@@ -418,6 +447,7 @@ lib_package_regex = re.compile('(?:^(?:c
leading_space_regex = re.compile('^\s+')
pkg_config_regex = re.compile('^/usr/(?:lib\d*|share)/pkgconfig/')
license_regex = re.compile('\(([^)]+)\)|\s(?:and|or)\s')
+license_exception_regex = re.compile('(\S+)\sWITH\s(\S+)')
invalid_version_regex = re.compile('([0-9](?:rc|alpha|beta|pre).*)', re.IGNORECASE)
# () are here for grouping purpose in the regexp
forbidden_words_regex = re.compile('(' + Config.getOption('ForbiddenWords') + ')', re.IGNORECASE)
@@ -776,6 +806,10 @@ class TagsCheck(AbstractCheck.AbstractCheck):
@@ -787,6 +817,10 @@ class TagsCheck(AbstractCheck.AbstractCh
# printWarning(pkg, 'package-provides-itself')
# break
@ -73,7 +73,7 @@ index f5b7516..ada84f7 100644
def split_license(license):
return (x.strip() for x in
(l for l in license_regex.split(license) if l))
@@ -786,7 +820,17 @@ class TagsCheck(AbstractCheck.AbstractCheck):
@@ -797,7 +831,17 @@ class TagsCheck(AbstractCheck.AbstractCh
else:
valid_license = True
if rpm_license not in VALID_LICENSES:
@ -92,7 +92,7 @@ index f5b7516..ada84f7 100644
if l1 in VALID_LICENSES:
continue
for l2 in split_license(l1):
@@ -1062,6 +1106,11 @@ your specfile.''',
@@ -1073,6 +1117,11 @@ your specfile.''',
'''The value of the License tag was not recognized. Known values are:
"%s".''' % '", "'.join(VALID_LICENSES),
@ -104,6 +104,3 @@ index f5b7516..ada84f7 100644
'obsolete-not-provided',
'''If a package is obsoleted by a compatible replacement, the obsoleted package
should also be provided in order to not cause unnecessary dependency breakage.
--
2.7.4