Hello community, here is the log from the commit of package rpmlint for openSUSE:Factory checked in at Wed May 18 11:23:38 CEST 2011.
-------- --- rpmlint/rpmlint.changes 2011-05-11 14:31:54.000000000 +0200 +++ /mounts/work_src_done/STABLE/rpmlint/rpmlint.changes 2011-05-17 12:42:52.000000000 +0200 @@ -1,0 +2,6 @@ +Tue May 17 09:41:43 UTC 2011 - [email protected] + +- update rpmlint-pie.diff and suse-file-var-run.diff with upstream + accepted variant + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- rpmlint-typo.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.qlXPww/_old 2011-05-18 11:23:05.000000000 +0200 +++ /var/tmp/diff_new_pack.qlXPww/_new 2011-05-18 11:23:05.000000000 +0200 @@ -23,7 +23,7 @@ BuildRequires: rpm-python Summary: Rpm correctness checker Version: 1.1 -Release: 35 +Release: 37 Source0: %{name}-%{version}.tar.bz2 Source1: config Source1001: config.in @@ -71,6 +71,7 @@ Patch8: suse-binarieschecks.diff Patch9: no-doc-for-lib.diff Patch10: add-scoring-support.diff +# accepted upstream Patch11: suse-file-var-run.diff Patch12: usr-arch.diff Patch13: script-interpreter-only-for-exec-scripts.diff @@ -122,10 +123,13 @@ Patch84: extend-suse-conffiles-check.diff Patch85: suse-changelog.patch Patch86: suse-rclink-check.diff -# already upstream +# accepted upstream Patch87: rpmlint-add-details.diff Patch88: suse-speccheck-utf8.diff +# accepted upstream Patch89: rpmlint-pie.diff +# accepted upstream +Patch90: rpmlint-typo.diff %py_requires %description @@ -206,6 +210,7 @@ %patch87 -p1 %patch88 %patch89 -p1 +%patch90 -p1 cp -p %{SOURCE1} . cp -p %{SOURCE2} . cp -p %{SOURCE3} . ++++++ pie.config ++++++ --- /var/tmp/diff_new_pack.qlXPww/_old 2011-05-18 11:23:05.000000000 +0200 +++ /var/tmp/diff_new_pack.qlXPww/_new 2011-05-18 11:23:05.000000000 +0200 @@ -3,8 +3,7 @@ # This file should list daemons and programs that are likely to be set setuid # by users. Files listed in permissions.eays are automatically checked. -setOption("PieExecutables", -( +pie_execs = ( "/bin/ping", "/bin/ping6", "/bin/su", @@ -231,4 +230,5 @@ "/usr/sbin/ypserv", "/usr/bin/zone2ldap", ) -) + +setOption('PieExecutables', '^(?:%s)$' % '|'.join(pie_execs)) ++++++ rpmlint-pie.diff ++++++ --- /var/tmp/diff_new_pack.qlXPww/_old 2011-05-18 11:23:05.000000000 +0200 +++ /var/tmp/diff_new_pack.qlXPww/_new 2011-05-18 11:23:05.000000000 +0200 @@ -1,56 +1,61 @@ -From cdf3d7e6338e8133d9b2b8f19de8e5a3308327bc Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel <[email protected]> -Date: Mon, 9 May 2011 11:54:48 +0200 -Subject: [PATCH] check for position independent executables +From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001 +From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856> +Date: Sun, 15 May 2011 09:05:04 +0000 +Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel). +git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856 --- - BinariesCheck.py | 11 +++++++++++ + BinariesCheck.py | 10 ++++++++++ config | 4 ++++ - 2 files changed, 15 insertions(+), 0 deletions(-) + 2 files changed, 14 insertions(+), 0 deletions(-) Index: rpmlint-1.1/BinariesCheck.py =================================================================== --- rpmlint-1.1.orig/BinariesCheck.py +++ rpmlint-1.1/BinariesCheck.py -@@ -25,6 +25,9 @@ DEFAULT_SYSTEM_LIB_PATHS = ( - '/lib', '/usr/lib', '/usr/X11R6/lib', - '/lib64', '/usr/lib64', '/usr/X11R6/lib64') - -+DEFAULT_PIE_EXECUTABLES = ( -+) -+ - class BinaryInfo: - - needed_regex = re.compile('\s+\(NEEDED\).*\[(\S+)\]') -@@ -189,6 +192,7 @@ so_regex = re.compile('/lib(64)?/[^/]+\. +@@ -189,6 +189,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\. validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$') sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC') system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS) -+pie_executables = Config.getOption('PieExecutables', DEFAULT_PIE_EXECUTABLES) ++pie_exec_re = Config.getOption('PieExecutables') ++if pie_exec_re: pie_exec_re = re.compile(pie_exec_re) usr_lib_regex = re.compile('^/usr/lib(64)?/') bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/') soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*') -@@ -377,6 +381,9 @@ class BinariesCheck(AbstractCheck.Abstra +@@ -377,6 +379,11 @@ class BinariesCheck(AbstractCheck.Abstra if not is_exec and not is_shobj: continue -+ if fname in pie_executables and not is_shobj: -+ printError(pkg, 'not-a-position-independent-executable', fname) ++ if is_shobj and not is_exec and '.so' not in fname and \ ++ bin_regex.search(fname): ++ # pkgfile.magic does not contain "executable" for PIEs ++ is_exec = True + if is_exec: if bin_regex.search(fname): -@@ -598,6 +605,10 @@ that use prelink, make sure that prelink - placing a blacklist file in /etc/prelink.conf.d. For more information, see - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256900#49''', - -+'not-a-position-independent-executable', -+'''As per distribution policy the binary must be position independent. Add -+-fPIE to CFLAGS and -pie to LDFLAGS''' +@@ -385,6 +392,10 @@ class BinariesCheck(AbstractCheck.Abstra + if ocaml_mixed_regex.search(bin_info.tail): + printWarning(pkg, 'ocaml-mixed-executable', fname) + ++ if not is_shobj and pie_exec_re and pie_exec_re.search(fname): ++ printError(pkg, 'non-position-independent-executable', ++ fname) + - 'unstripped-binary-or-object', - '''stripping debug info from binaries happens automatically according to global + if bin_info.readelf_error: + continue + +@@ -603,6 +614,10 @@ http://bugs.debian.org/cgi-bin/bugreport project settings. So there's normally no need to manually strip binaries. + Left over unstripped binaries could therefore indicate a bug in the automatic + stripping process.''', ++ ++'non-position-independent-executable', ++'''This executable must be position independent. Check that it is built with ++-fPIE/-fpie in compiler flags and -pie in linker flags.''', + ) + + # BinariesCheck.py ends here Index: rpmlint-1.1/config =================================================================== --- rpmlint-1.1.orig/config @@ -59,9 +64,9 @@ # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64')) -+# List of binaries that must be position independent executables -+# Type: tuple of strings, default: empty -+#setOption("PieExecutables", ('/bin/ping', '/bin/su')) ++# Executables that must be compiled as position independent. ++# Type: regex, default: None ++#setOption("PieExecutables", '^/bin/(ping6?|su)$') + # Whether to want default start/stop runlevels specified in init scripts. # Type: boolean, default: True ++++++ rpmlint-typo.diff ++++++ >From 75b89dd25fc1d653131f27702030b8b829759317 Mon Sep 17 00:00:00 2001 From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856> Date: Wed, 11 May 2011 16:25:39 +0000 Subject: [PATCH] Fix setting message type for reasons with badness threshold defined (Ludwig Nussel). git-svn-id: http://rpmlint.zarb.org/svn/trunk@1862 9bc8b190-ac0f-0410-8968-dc7d1f502856 --- Filter.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/Filter.py b/Filter.py index 5f076cd..6549131 100644 --- a/Filter.py +++ b/Filter.py @@ -49,7 +49,7 @@ def _print(msgtype, pkg, reason, details): badness = Config.badness(reason) # anything with badness is an error if badness: - msgtype == 'E' + msgtype = 'E' # errors without badness become warnings elif msgtype == 'E': msgtype = 'W' -- 1.7.3.4 ++++++ suse-file-var-run.diff ++++++ --- /var/tmp/diff_new_pack.qlXPww/_old 2011-05-18 11:23:05.000000000 +0200 +++ /var/tmp/diff_new_pack.qlXPww/_new 2011-05-18 11:23:05.000000000 +0200 @@ -1,48 +1,44 @@ -From 811469ebe70ea65029d64ae2e7bc6e9828f59c9e Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel <[email protected]> -Date: Wed, 11 May 2011 13:15:22 +0200 -Subject: [PATCH] check for files in /var/run and /var/lock +From d685ddb42daa5d3b122c0486cc1d4f2dde6c466f Mon Sep 17 00:00:00 2001 +From: scop <scop@9bc8b190-ac0f-0410-8968-dc7d1f502856> +Date: Fri, 13 May 2011 17:10:53 +0000 +Subject: [PATCH] Warn about non-ghost files in /var/run and /var/lock (based on patch from Ludwig Nussel). -nowadays /var/run and /var/lock move to using tmpfs so disallow -packaging files there +git-svn-id: http://rpmlint.zarb.org/svn/trunk@1863 9bc8b190-ac0f-0410-8968-dc7d1f502856 --- FilesCheck.py | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) -diff --git a/FilesCheck.py b/FilesCheck.py -index a82b4b8..0f43927 100644 ---- a/FilesCheck.py -+++ b/FilesCheck.py -@@ -443,6 +443,10 @@ class FilesCheck(AbstractCheck.AbstractCheck): +Index: rpmlint-1.1/FilesCheck.py +=================================================================== +--- rpmlint-1.1.orig/FilesCheck.py ++++ rpmlint-1.1/FilesCheck.py +@@ -911,6 +911,12 @@ class FilesCheck(AbstractCheck.AbstractC printError(pkg, 'dir-or-file-in-usr-local', f) elif f.startswith('/var/local/'): printError(pkg, 'dir-or-file-in-var-local', f) -+ elif f.startswith('/var/run/') and f not in ghost_files: -+ printError(pkg, 'dir-or-file-in-var-run', f) ++ elif f.startswith('/var/run/'): ++ if f not in ghost_files: ++ printWarning(pkg, 'non-ghost-in-var-run', f) + elif f.startswith('/var/lock/'): -+ printError(pkg, 'dir-or-file-in-var-lock', f) ++ if f not in ghost_files: ++ printWarning(pkg, 'non-ghost-in-var-lock', f) elif sub_bin_regex.search(f): printError(pkg, 'subdir-in-bin', f) elif f.startswith('/home/'): -@@ -1019,6 +1023,18 @@ for packages to install files in this directory.''', +@@ -1478,6 +1484,16 @@ for packages to install files in this di '''A file in the package is located in /var/local. It's not permitted for packages to install files in this directory.''', -+'dir-or-file-in-var-run', -+'''A file or directory in the package is located in /var/run. It's not -+permitted for packages to install files in this directory as it might -+be created as tmpfs during boot. Mark the files in question as %ghost and -+create them at run time instead.''', ++'non-ghost-in-var-run', ++'''A file or directory in the package is located in /var/run. Files installed ++in this directory should be marked as %ghost and created at runtime to work ++properly in tmpfs /var/run setups.''', + -+'dir-or-file-in-var-lock', -+'''A file or directory in the package is located in /var/lock. It's -+not permitted for packages to install files in this directory as it -+is a) reserved for legacy device lock files and b) might be created -+as tmpfs during boot.''', ++'non-ghost-in-var-lock', ++'''A file or directory in the package is located in /var/lock. Files installed ++in this directory should be marked as %ghost and created at runtime to work ++properly in tmpfs /var/lock setups.''', + 'subdir-in-bin', '''The package contains a subdirectory in /usr/bin. It's not permitted to create a subdir there. Create it in /usr/lib/ instead.''', --- -1.7.3.4 - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
