Author: rra
Date: 2006-03-16 19:14:47 +0100 (Thu, 16 Mar 2006)
New Revision: 581
Added:
trunk/testset/scripts/perl-bizarre-1
trunk/testset/scripts/perl-bizarre-2
trunk/testset/scripts/perl-bizarre-3
Modified:
trunk/checks/scripts
trunk/debian/changelog
trunk/testset/scripts/debian/rules
trunk/testset/tags.scripts
Log:
* checks/scripts:
+ [RA] Allow more variations on leading magic to invoke some
interpreter rather than then shell. Bypass the ELF magic check for
scripts using magic that relies on having no leading #! line.
Reported by Frank Ku"ster. (Closes: #344269)
Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts 2006-03-16 03:42:49 UTC (rev 580)
+++ trunk/checks/scripts 2006-03-16 18:14:47 UTC (rev 581)
@@ -328,6 +328,7 @@
or $scripts{$_}
or $_ =~ m,^usr(/X11R6)?/man/,
or $_ =~ m/\.exe$/ # mono convention
+ or script_is_evil_and_wrong("unpacked/$_")
);
}
@@ -580,12 +581,13 @@
my $ret = 0;
open IN, $filename or fail("cannot open $filename: $!");
my $i = 0;
+ local $_;
while (<IN>) {
chomp;
next if /^#/o;
next if /^$/o;
last if (++$i > 20);
- if (/^\s*exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/o) {
+ if
(/(^\s*|\beval\s*\'|;)?exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/o) {
$ret = 1;
last;
}
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-03-16 03:42:49 UTC (rev 580)
+++ trunk/debian/changelog 2006-03-16 18:14:47 UTC (rev 581)
@@ -60,6 +60,10 @@
(Closes: #351624, #353770)
+ [RA] /usr/bin/tcl is provided by tclx8.3, not tcl. Reported by
James R. Van Zandt. (Closes: #351324)
+ + [RA] Allow more variations on leading magic to invoke some
+ interpreter rather than then shell. Bypass the ELF magic check for
+ scripts using magic that relies on having no leading #! line.
+ Reported by Frank Küster. (Closes: #344269)
* checks/shared-libs:
+ [JvW] Fix postinst-must-call-ldconfig to also get emitted when there is
no postinst at all, instead of just one lacking a ldconfig call
Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules 2006-03-16 03:42:49 UTC (rev 580)
+++ trunk/testset/scripts/debian/rules 2006-03-16 18:14:47 UTC (rev 581)
@@ -23,7 +23,10 @@
install -m 4755 perlfoo $(tmp)/usr/bin/suidperlfoo2
install -m 4755 suidperlfoo $(tmp)/usr/bin/
install -m 755 tkfoo $(tmp)/usr/bin/
- install -m 644 xsession-test $(tmp)/etc/X11/Xsession.d/
+ install -m 644 xsession-test $(tmp)/etc/X11/Xsession.d/
+ install -m 755 perl-bizarre-1 $(tmp)/usr/bin/
+ install -m 755 perl-bizarre-2 $(tmp)/usr/bin/
+ install -m 755 perl-bizarre-3 $(tmp)/usr/bin/
echo "#!/usr/bin/perl" >> $(tmp)/usr/share/scripts/foobar.in
chmod 644 $(tmp)/usr/share/scripts/foobar.in
Added: trunk/testset/scripts/perl-bizarre-1
===================================================================
--- trunk/testset/scripts/perl-bizarre-1 2006-03-16 03:42:49 UTC (rev
580)
+++ trunk/testset/scripts/perl-bizarre-1 2006-03-16 18:14:47 UTC (rev
581)
@@ -0,0 +1,11 @@
+#! /bin/sh
+eval '(exit $?0)' && eval 'PERL_BADLANG=x;export PERL_BADLANG;: \
+;exec perl -x -S -- "$0" ${1+"$@"};#'if 0;
+eval 'setenv PERL_BADLANG x;exec perl -x -S -- "$0" $argv:q;#'.q+
+#!perl -w
+package Htex::a2ping; $0=~/(.*)/s;[EMAIL PROTECTED],'.';do($1);[EMAIL
PROTECTED]@;__END__+if !1;
+# This Perl script was generated by JustLib2 at Wed Apr 23 09:14:13 2003.
+# Don't touch/remove any lines above; http://www.inf.bme.hu/~pts/justlib
+
+# The above was actually seen in the wild and stresses the
+# script_is_evil_and_wrong test.
Added: trunk/testset/scripts/perl-bizarre-2
===================================================================
--- trunk/testset/scripts/perl-bizarre-2 2006-03-16 03:42:49 UTC (rev
580)
+++ trunk/testset/scripts/perl-bizarre-2 2006-03-16 18:14:47 UTC (rev
581)
@@ -0,0 +1,7 @@
+#!/bin/sh
+eval 'exec /usr/bin/perl -wS $0 ${1+"$@"}'
+ if $running_under_some_shell;
+
+# I'm someone following perlrun except without using the Perl #! line.
+# Now something to choke bash.
+while (<>) { if (/%#/) { print } }
Added: trunk/testset/scripts/perl-bizarre-3
===================================================================
--- trunk/testset/scripts/perl-bizarre-3 2006-03-16 03:42:49 UTC (rev
580)
+++ trunk/testset/scripts/perl-bizarre-3 2006-03-16 18:14:47 UTC (rev
581)
@@ -0,0 +1,6 @@
+eval '(exit $?0)' && eval 'exec perl -wS $0 ${1+"$@"}'
+& eval 'exec /usr/bin/perl -wS $0 $argv:q'
+ if $running_under_some_shell;
+
+# More utterly bizarreness from perlrun. This one even doesn't work if
+# there's a valid #! line on the first line. I don't understand why....
Modified: trunk/testset/tags.scripts
===================================================================
--- trunk/testset/tags.scripts 2006-03-16 03:42:49 UTC (rev 580)
+++ trunk/testset/tags.scripts 2006-03-16 18:14:47 UTC (rev 581)
@@ -11,6 +11,9 @@
W: scripts source: source-nmu-has-incorrect-version-number 6
W: scripts: binary-without-manpage lefty-foo
W: scripts: binary-without-manpage make-foo
+W: scripts: binary-without-manpage perl-bizarre-1
+W: scripts: binary-without-manpage perl-bizarre-2
+W: scripts: binary-without-manpage perl-bizarre-3
W: scripts: binary-without-manpage perlfoo
W: scripts: binary-without-manpage py2foo
W: scripts: binary-without-manpage pyfoo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
