Your message dated Wed, 29 Jun 2016 10:19:33 +0000 with message-id <[email protected]> and subject line Bug#826089: fixed in check-all-the-things 2016.06.29 has caused the Debian Bug report #826089, regarding check-all-the-things: group selection enables checks that are to be disabled by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 826089: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826089 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: check-all-the-things Version: 2015.12.10 Severity: important Tags: help security The group selection enables checks that are to be disabled by default due to having (dangerous/todo/etc flags). Checks with these flags should only get enabled when explicitly requested. This is an important issue because it enables dangerous checks when they weren't requested. This problem still occurs in git master where groups/flags have been merged. In git master it also enables checks that modify files. I have tried to fix it but haven't been able to wrap my head around the problem properly. I am hoping some of the folks subscribed to the bugs for check-all-the-things can help fix this issue. If not I will try to focus on fixing it during DebCamp. The below output illustrates this: pabs@chianamo ~ $ mkdir tmp-test-cats-group-selection pabs@chianamo ~ $ cd tmp-test-cats-group-selection/ pabs@chianamo ~/tmp-test-cats-group-selection $ cat /usr/share/check-all-the-things/data/perl [perl-syntax-check] apt = perl match = *.pl *.pm command = perl -wc {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks flags = dangerous [perl-b-lint] apt = perl, libb-lint-perl match = *.pl *.pm prereq = perl -MO=Lint /dev/null command = perl -MO=Lint {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks flags = dangerous ... pabs@chianamo ~/tmp-test-cats-group-selection $ /usr/bin/check-all-the-things -g perl # Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks $ find -type f \( -iname '*.pl' -o -iname '*.pm' \) -exec perl -MO=Lint {} \; | grep -v ' syntax OK$' ./foo.pm syntax OK ./foo.pl syntax OK # Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks $ find -type f \( -iname '*.pl' -o -iname '*.pm' \) -exec perl -wc {} \; | grep -v ' syntax OK$' ./foo.pm syntax OK ./foo.pl syntax OK ... -- System Information: Debian Release: stretch/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (860, 'testing-proposed-updates'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages check-all-the-things depends on: ii python3 3.5.1-3 Versions of packages check-all-the-things recommends: ii acheck 0.5.2 ii appstream 0.9.6-1 pn appstream-glib <none> ii bfbtester 2.0.1-7.1 ii blhc 0.05-0.1 ii bzip2 1.0.6-8 ii cabal-install 1.22.7.0-1 ii cbmc 5.4-2 ii clang 1:3.6-33 ii clang-modernize 1:3.6-33 ii clang-tidy 1:3.6-33 ii cme 1.011-1 ii codespell 1.8-1 ii cppcheck 1.73-1 ii deheader 1.3-1 ii desktop-file-utils 0.22-1 ii devscripts 2.16.4 ii dh-ocaml 1.0.10 ii duck 0.9 ii epubcheck 4.0.1-2 ii fdupes 1.51-1 ii flawfinder 1.31-1 pn fontforge-nox <none> ii freetype2-demos 2.6.3-3+b1 ii gendarme 4.2-1 ii gettext 0.19.7-2 ii gettext-lint 0.4-2.1 ii ghc-mod 5.4.0.0-1+b1 ii golang-go 2:1.6.1-2 ii hlint 1.9.26-1 ii hopenpgp-tools 0.18-1 ii i18nspector 0.24-1 ii iwyu 3.7-1 ii jlint 3.0-4.5+b1 ii jpeginfo 1.6.0-6+b2 ii lacheck 1.26-15 ii libb-lint-perl 1.20-1 ii libconfig-model-dpkg-perl 2.079 ii libconfig-model-perl 2.083-1 ii libperl-critic-perl 1.126-1 ii libpod-pom-perl 2.01-1 ii libxml2-utils 2.9.3+dfsg1-1 ii lintex 1.14-1 ii lintian 2.5.44 ii lua-check 0.15.0-1 ii lzip 1.17-1+b1 ii lzop 1.03-3.2 ii moreutils 0.58-1 ii mp3check 0.8.7-2+b1 ii mp3val 0.1.8-3+b1 ii ocaml-nox 4.02.3-6 ii oggz-tools 1.1.1-5 ii opus-tools 0.1.9-1 ii p7zip 15.14.1+dfsg-2 ii pep8 1.7.0-2 ii perl 5.22.2-1 ii php5-cli 5.6.22+dfsg-1 ii pmccabe 2.6 ii pngcheck 2.3.0-7 ii puppet 3.8.5-2 ii puppet-lint 1.1.0-1 ii pyflakes 1.2.3-1 ii python-bashate 0.3.1-2 ii python-fontforge 20120731.b-7.2 ii python-jpylyzer 1.17.0-1 ii python-magic 1:5.25-2 ii python3-bashate 0.3.1-2 ii python3-doc8 0.6.0-3 ii python3-magic 1:5.25-2 ii python3-ptyprocess 0.5.1-1 ii python3-restructuredtext-lint 0.12.2-2 ii sharutils 1:4.15.2-1 ii shellcheck 0.3.7-5 ii unzip 6.0-20 ii vorbis-tools 1.4.0-10 ii xz-utils 5.1.1alpha+20120614-2.1 check-all-the-things suggests no packages. -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: check-all-the-things Source-Version: 2016.06.29 We believe that the bug you reported is fixed in the latest version of check-all-the-things, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Wise <[email protected]> (supplier of updated check-all-the-things package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jun 2016 10:43:04 +0200 Source: check-all-the-things Binary: check-all-the-things Architecture: source Version: 2016.06.29 Distribution: unstable Urgency: medium Maintainer: Paul Wise <[email protected]> Changed-By: Paul Wise <[email protected]> Description: check-all-the-things - check all of the things! Closes: 826089 Changes: check-all-the-things (2016.06.29) unstable; urgency=medium . * Upload to unstable * New release. - The "Check Some Things Slightly More Securely" release - Warn that running cats in untrusted dirs could have consequences - Does not enable checks with disabled flags unless choosing those flags This prevents running dangerous checks with -f perl (Closes: #826089) - Mitigate Debian perl bug #588017 by passing -m-lib=. to perl-based checks This prevents perl-based commands from running code from the current dir - Fix MIME support: disable MIME in commands when MIME is turned off - Give an error with checks/flags options without check names - Fixes crash when interrupting the first command that is run - Fix checking prerequisites for "cat ... | foo" command-lines - Update dependencies for licensecheck-based checks (see #828830, #828872) - Disable KWStyle - should only be run manually - Add clang-tidy - tidy C++ code using LLVM - Add clang-check - check C++ code using LLVM - Add clang-modernize (jessie-only) - modernize C++ code - Add ocaml-unsafe-features - check compiled OCaml for unsafe features Checksums-Sha1: e48c28d201ee0eea723f77295112241b46265519 1677 check-all-the-things_2016.06.29.dsc f09dd01fbca8c986a4ee1f6b5c6bc619d185f110 28060 check-all-the-things_2016.06.29.tar.xz Checksums-Sha256: 0e0775b32c321a26961367def8a9314e4997b376dd60269426917a87da31c1fb 1677 check-all-the-things_2016.06.29.dsc 508d4dfd3f0666d896b8bd7cbabc556ee5bccc3672b028f7a7c710e094568641 28060 check-all-the-things_2016.06.29.tar.xz Files: 73ecea81f419ed9ef72b0de3ff819234 1677 devel optional check-all-the-things_2016.06.29.dsc cc574ffd2f1e9c76f5dc5ea31d8b3ed6 28060 devel optional check-all-the-things_2016.06.29.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXc5J+AAoJEDEWul6f+mmjpMkQALzHoZHWAh2bDisi1WAV1dNf ymVibEY4vnnty8z2TPBhJnOnAm9APeWHbHKbHNXCb3NcAYjbHS9dErspIltH2nWh 2ATxEiVAPhoDN6mQ7u9J+yi60A3nxK2dqIwCX+bAT/p0olR8D9uVKuSGWyHoO4/F IQB26sRFFhsHo4Mjk5au/NNFRXZvkvi3pUjk3IUBwLGSYBUhctc+Wu+II1nSj0Jq wWnr4MU/N79gAvtWTFbWmx5mG8tEVbi6vPa5SHlX1rUGLeNwc1vQ5HEV8FXZhE0r 5sovwbH8uzNpE8gDOEFAG2H7fXnUwwtC6mj8zA2vu7mBnJL2aTBQS7B6RHEotabP KbRSwsB/F6vDPsxzNFSOyNsZ2LCsTqHWIpl7yBfn1b8l7UOD/jw+vSoaLQh5JTLc MZpMWpu/+6w2iW3gTlOhZfHWZ9NVfV8/kap1Ed/Tbkitd6hoIJLyojgkcnvAi5vz GHxEcgSoskzznX7CXlCwZ/qXXcfCfMDzmrWdHUGpFXf50qTkH7Ehap0H6wFqAMYr WNU2ANnAVdhYHn1KQoCuxV5eEogfoSvWn+1a1xg5hbffYm+Sl3Z5zSu/4CoPuUeY xM4Bc03L+Y1gAabuoq5BtZ/yu0vdBzt9kCrLbK0ZIqED0fuB+mYIhj/X9DsHm5I/ QKaf8EKlnKQGIbRZgHfE =3eec -----END PGP SIGNATURE-----
--- End Message ---
