SHA256
1
0
forked from pool/rpmlint

Accepting request 507659 from home:msmeissn:branches:devel:openSUSE:Factory:rpmlint

- rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch:
  adjust testsuite to match new PIE warning, for both
  Leap 42.3 and Factory.

- rpmlint-all-pie.patch: for non-PIE built binaries emit a warning
  to suggest build them as PIE.

OBS-URL: https://build.opensuse.org/request/show/507659
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=464
This commit is contained in:
Dirk Mueller 2017-07-04 12:30:44 +00:00 committed by Git OBS Bridge
parent 43093447af
commit ad07ffcc10
7 changed files with 159 additions and 3 deletions

25
rpmlint-all-pie.patch Normal file
View File

@ -0,0 +1,25 @@
Index: rpmlint-rpmlint-1.8/BinariesCheck.py
===================================================================
--- rpmlint-rpmlint-1.8.orig/BinariesCheck.py
+++ rpmlint-rpmlint-1.8/BinariesCheck.py
@@ -560,6 +560,9 @@ class BinariesCheck(AbstractCheck.Abstra
if not is_shobj and pie_exec_re and pie_exec_re.search(fname):
printError(pkg, 'non-position-independent-executable',
fname)
+ if not is_shobj:
+ printError(pkg, 'position-independent-executable-suggested',
+ fname)
if bin_info.readelf_error:
continue
@@ -809,6 +812,10 @@ stripping process.''',
'''This executable must be position independent. Check that it is built with
-fPIE/-fpie in compiler flags and -pie in linker flags.''',
+'position-independent-executable-suggested',
+'''This executable should be position independent (all binaries should). Check
+that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''',
+
'missing-call-to-setgroups-before-setuid',
'''This executable is calling setuid and setgid without setgroups or
initgroups. There is a high probability this means it didn't relinquish all

26
rpmlint-pie-factory.patch Normal file
View File

@ -0,0 +1,26 @@
Index: rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/pie.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref
@@ -1,4 +1,5 @@
+pie: W: position-independent-executable-suggested /usr/bin/telnet
pie: W: permissions-incorrect /bin/mount has mode 0755 but should be 04755
pie: E: non-position-independent-executable (Badness: 10000) /usr/bin/telnet
pie: W: missing-call-to-setgroups-before-setuid /bin/mount
-1 packages and 0 specfiles checked; 1 errors, 2 warnings.
+1 packages and 0 specfiles checked; 1 errors, 3 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/permissions1.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref
@@ -1,3 +1,4 @@
+permissions1: W: position-independent-executable-suggested /bin/ls
permissions1: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/test
permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/ls
permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/su
@@ -8,4 +9,4 @@ permissions1: W: permissions-incorrect-o
permissions1: W: permissions-incorrect /bin/su has mode 0755 but should be 04755
permissions1: E: permissions-file-setuid-bit (Badness: 10000) /bin/ls is packaged with setuid/setgid bits (04755)
permissions1: W: non-position-independent-executable /bin/ls
-1 packages and 0 specfiles checked; 2 errors, 8 warnings.
+1 packages and 0 specfiles checked; 2 errors, 9 warnings.

88
rpmlint-pie-leap42.patch Normal file
View File

@ -0,0 +1,88 @@
Index: rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/srv.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref
@@ -1,4 +1,5 @@
srv: E: suse-filelist-forbidden-srv (Badness: 10000) /usr/local/ftp is not allowed in SUSE
srv: W: suse-filelist-forbidden-fhs23 /usr/local is not allowed in FHS 2.3
+srv: W: position-independent-executable-suggested /usr/local/ftp/foo
srv: W: call-to-mktemp /usr/local/ftp/foo
-1 packages and 0 specfiles checked; 1 errors, 2 warnings.
+1 packages and 0 specfiles checked; 1 errors, 3 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref
@@ -1,5 +1,6 @@
debug: W: static-library-without-symtab /usr/lib/foo/t2.a
debug: W: static-library-without-debuginfo /usr/lib/foo/t.a
+debug: W: position-independent-executable-suggested /usr/bin/t
debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 3 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/game.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/game.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/game.ref
@@ -1,5 +1,7 @@
game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib/blub is not allowed in SUSE
game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib is not allowed in SUSE
+game: W: position-independent-executable-suggested /usr/games/foo
+game: W: position-independent-executable-suggested /usr/games/lib/blub
game: W: call-to-mktemp /usr/games/foo
game: W: call-to-mktemp /usr/games/lib/blub
-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 4 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug2.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref
@@ -1,4 +1,5 @@
debug2: W: static-library-without-symtab /usr/lib/foo/t2.a
+debug2: W: position-independent-executable-suggested /usr/bin/t
debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
-1 packages and 0 specfiles checked; 2 errors, 1 warnings.
+1 packages and 0 specfiles checked; 2 errors, 2 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/chroot.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref
@@ -1,2 +1,4 @@
+chroot: W: position-independent-executable-suggested /usr/bin/call_chroot_with_chdir
+chroot: W: position-independent-executable-suggested /usr/bin/call_chroot
chroot: W: missing-call-to-chdir-with-chroot /usr/bin/call_chroot
-1 packages and 0 specfiles checked; 0 errors, 1 warnings.
+1 packages and 0 specfiles checked; 0 errors, 3 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug1.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref
@@ -1,5 +1,6 @@
debug1: W: static-library-without-symtab /usr/lib/foo/t2.a
debug1: W: static-library-without-debuginfo /usr/lib/foo/t.a
+debug1: W: position-independent-executable-suggested /usr/bin/t
debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a
debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a
-1 packages and 0 specfiles checked; 2 errors, 2 warnings.
+1 packages and 0 specfiles checked; 2 errors, 3 warnings.
Index: rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref
===================================================================
--- rpmlint-tests-84.87+git20170418.092177d.orig/tests/gethostbyname.ref
+++ rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref
@@ -1,7 +1,13 @@
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2_r
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr_r
+gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname_r
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2_r
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr_r
gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname_r
-1 packages and 0 specfiles checked; 0 errors, 0 warnings.
+1 packages and 0 specfiles checked; 0 errors, 6 warnings.

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Jul 2 16:30:01 UTC 2017 - meissner@suse.com
- rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch:
adjust testsuite to match new PIE warning, for both
Leap 42.3 and Factory.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 18 13:49:18 UTC 2017 - opensuse-packaging@opensuse.org Tue Apr 18 13:49:18 UTC 2017 - opensuse-packaging@opensuse.org

View File

@ -32,6 +32,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.opensuse.org/ Url: http://www.opensuse.org/
Source: rpmlint-tests-%version.tar.xz Source: rpmlint-tests-%version.tar.xz
Patch1: 0001-Update-varrun-test-for-Leap-42.2-severity-reduction.patch Patch1: 0001-Update-varrun-test-for-Leap-42.2-severity-reduction.patch
Patch2: rpmlint-pie-leap42.patch
Patch3: rpmlint-pie-factory.patch
%description %description
This package doesn't actually contain any files and is not meant to This package doesn't actually contain any files and is not meant to
@ -43,6 +45,10 @@ regression tests against rpmlint(-mini).
%if 0%{?sle_version} >= 120200 %if 0%{?sle_version} >= 120200
%patch1 -p1 %patch1 -p1
%endif %endif
%if 0%{?suse_version} < 1330
%patch2 -p1
%endif
%patch3 -p1
%build %build
mkdir rpms mkdir rpms
@ -50,7 +56,4 @@ make test
%install %install
%clean
rm -rf %buildroot
%changelog %changelog

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Jun 22 08:33:11 UTC 2017 - meissner@suse.com
- rpmlint-all-pie.patch: for non-PIE built binaries emit a warning
to suggest build them as PIE.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 6 18:33:56 UTC 2017 - marec@detebe.org Tue Jun 6 18:33:56 UTC 2017 - marec@detebe.org

View File

@ -125,6 +125,7 @@ Patch67: suse-readd_terminator_in_regex.patch
Patch68: boo1027577-license_tag.patch Patch68: boo1027577-license_tag.patch
# Fix check for 'missing-call-to-chdir-with-chroot' on ARM, relax check on PPC # Fix check for 'missing-call-to-chdir-with-chroot' on ARM, relax check on PPC
Patch69: BinariesCheck_fix_chroot_check_on_non_x86.patch Patch69: BinariesCheck_fix_chroot_check_on_non_x86.patch
Patch70: rpmlint-all-pie.patch
# PATCHLIST END # PATCHLIST END
# BuildArch must at the end. is a bug: https://bugzilla.suse.com/show_bug.cgi?id=926766 # BuildArch must at the end. is a bug: https://bugzilla.suse.com/show_bug.cgi?id=926766
BuildArch: noarch BuildArch: noarch