Your message dated Fri, 24 Oct 2014 22:24:43 +0000 with message-id <[email protected]> and subject line Bug#762609: fixed in lintian 2.5.29 has caused the Debian Bug report #762609, regarding lintian: new checks: deprecated D-Bus policies to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 762609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762609 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lintian Version: 2.5.27 Severity: wishlist Tags: patch The policy/ACL syntax in dbus-daemon's configuration files has a couple of modes that are supported, but either deprecated or likely to be a bad idea: * <policy at_console="true"> is considered deprecated, with the recommendation that services wishing to behave differently for locally-logged-in users should use PolicyKit; * <(allow|deny) send_interface="..."> without an accompanying send_destination attribute has a global effect on all bus clients, not just the one the package's maintainer is thinking about, so it should be avoided where possible In the short term, I would like lintian.debian.org to tell me how many of our packages fall foul of these traps; longer-term, I would like lintian to complain about them so maintainers fix them. Please consider the attached check. It is marked experimental, for now, until I get a better idea of the size of the problem. bluez_5.23-1_amd64.deb is one example of a package that triggers both of these tags. Regards, S -- System Information: Debian Release: jessie/sid APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lintian depends on: ii binutils 2.24.51.20140918-1 ii bzip2 1.0.6-7 ii diffstat 1.58-1 ii file 1:5.19-2 ii gettext 0.19.2-2 ii hardening-includes 2.5+nmu1 ii intltool-debian 0.35.0+20060710.1 ii libapt-pkg-perl 0.1.29+b2 ii libarchive-zip-perl 1.38-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.37-1+b1 ii libdpkg-perl 1.17.13 ii libemail-valid-perl 1.195-1 ii libfile-basedir-perl 0.03-1 ii libipc-run-perl 0.92-1 ii liblist-moreutils-perl 0.33-2+b1 ii libparse-debianchangelog-perl 1.2.0-1.1 ii libtext-levenshtein-perl 0.09-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.64-1 ii man-db 2.7.0-1 ii patchutils 0.3.3-1 ii perl [libdigest-sha-perl] 5.20.1-1 ii t1utils 1.37-2.1 Versions of packages lintian recommends: ii libautodie-perl 2.25-1 ii libperlio-gzip-perl 0.18-3+b1 ii perl 5.20.1-1 ii perl-modules [libautodie-perl] 5.20.1-1 Versions of packages lintian suggests: ii binutils-multiarch 2.24.51.20140918-1 ii dpkg-dev 1.17.13 ii libhtml-parser-perl 3.71-1+b2 ii libtext-template-perl 1.46-1 ii libyaml-perl 1.11-1 ii xz-utils 5.1.1alpha+20120614-2 -- no debconf information>From d9bc5a624a066ded3ebf22806ddb2ff5d39c5a71 Mon Sep 17 00:00:00 2001 From: Simon McVittie <[email protected]> Date: Tue, 23 Sep 2014 18:36:21 +0100 Subject: [PATCH] Add checks for deprecated D-Bus policies --- checks/dbus.desc | 57 +++++++++++++++++++++++++++++++++++++ checks/dbus.pm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 checks/dbus.desc create mode 100644 checks/dbus.pm diff --git a/checks/dbus.desc b/checks/dbus.desc new file mode 100644 index 0000000..1fe8475 --- /dev/null +++ b/checks/dbus.desc @@ -0,0 +1,57 @@ +Check-Script: dbus +Author: Simon McVittie <[email protected]> +Abbrev: dbus +Type: binary +Info: Checks for deprecated or harmful D-Bus configuration +Needs-Info: unpacked + +Tag: dbus-policy-at-console +Severity: normal +Certainty: certain +Info: The package contains D-Bus policy configuration that uses the + deprecated <tt>at_console</tt> condition to impose a different policy + for users who are "logged in at the console" according to + systemd-logind, ConsoleKit or similar APIs, such as: + . + <policy context="default"> + <deny send_destination="com.example.PowerManagementDaemon"/> + </policy> + <policy at_console="true"> + <allow send_destination="com.example.PowerManagementDaemon"/> + </policy> + . + The maintainers of D-Bus recommend that services should allow or deny + method calls according to broad categories that are not typically altered + by the system administrator (usually either "all users", or only root + and/or a specified system user). If finer-grained authorization + is required, the service should accept the method call message, then call + out to PolicyKit to decide whether to honor the request. PolicyKit can + use system-administrator-configurable policies to make that decision, + including distinguishing between users who are "at the console" and + those who are not. +Ref: https://bugs.freedesktop.org/show_bug.cgi?id=39611 +Experimental: yes + +Tag: dbus-policy-without-send-destination +Severity: normal +Certainty: possible +Info: The package contains D-Bus policy configuration that uses + one of the <tt>send_*</tt> conditions but does not specify a + <tt>send_destination</tt>. + . + Rules of the form + . + <allow send_interface="com.example.MyInterface"/> + . + allow messages with the given interface to be sent to <i>any</i> + service, not just the one installing the rule, which is rarely + what was intended. + . + Similarly, on the system bus, rules of the form + . + <deny send_interface="com.example.MyInterface"/> + . + are redundant with the system bus' default-deny policy, and have + unintended effects on other services. +Ref: https://bugs.freedesktop.org/show_bug.cgi?id=18961,http://lists.freedesktop.org/archives/dbus/2008-February/009401.html +Experimental: yes diff --git a/checks/dbus.pm b/checks/dbus.pm new file mode 100644 index 0000000..9e9e16d --- /dev/null +++ b/checks/dbus.pm @@ -0,0 +1,87 @@ +# dbus -- lintian check script, vaguely based on apache2 -*- perl -*- +# +# Copyright © 2012 Arno Töll +# Copyright © 2014 Collabora Ltd. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::dbus; + +use strict; +use warnings; +use autodie; + +use Lintian::Tags qw(tag); + +sub run { + my ($pkg, $type, $info) = @_; + + if ($type eq 'binary') { + foreach my $file ($info->sorted_index) { + next if $file->is_dir; + + if ($file =~ m{^etc/dbus-1/(?:system|session).d/}) { + my $filename = $info->unpacked($file); + next if -l $filename; + _check_policy($file, $filename); + } + } + } + return; +} + +sub _check_policy { + my $file = shift; + my $filename = shift; + my $callback = shift; + + open(my $fh, '<', $filename); + my $xml; + { + local $/; # read-whole-file mode + $xml = <$fh>; + } + close $fh; + + # Parsing XML via regexes is evil, but good enough here... + # note that we are parsing the entire file as one big string, + # so that we catch <policy\nat_console="true"\n> or whatever. + + if ($xml =~ m{<policy[^>]+at_console=(["'])true\1.*?</policy>}s) { + tag('dbus-policy-at-console', $file); + } + + my @rules; + while ($xml =~ m{(<(?:allow|deny)[^>]+send_\w+=[^>]+>)}sg) { + push @rules, $1; + } + foreach my $rule (@rules) { + if ($rule !~ m{send_destination=}) { + # normalize whitespace a bit + $rule =~ s{\s+}{ }g; + tag('dbus-policy-without-send-destination', $file, $rule); + } + } +} + +1; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et -- 2.1.1
--- End Message ---
--- Begin Message ---Source: lintian Source-Version: 2.5.29 We believe that the bug you reported is fixed in the latest version of lintian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niels Thykier <[email protected]> (supplier of updated lintian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Oct 2014 23:15:52 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.29 Distribution: unstable Urgency: medium Maintainer: Debian Lintian Maintainers <[email protected]> Changed-By: Niels Thykier <[email protected]> Description: lintian - Debian package checker Closes: 762609 763773 765311 765995 766033 766468 Changes: lintian (2.5.29) unstable; urgency=medium . * Summary of tag changes: + Added: - dbus-policy-at-console - dbus-policy-without-send-destination - dbus-session-service-wrong-name - dbus-system-service-wrong-name - invalid-profile-name-in-build-profiles-field - invalid-profile-name-in-source-relation - invalid-restriction-formula-in-build-profiles-field - restriction-formula-with-debhelper-with-conflicting-version - restriction-formula-with-debhelper-without-debhelper-version - restriction-formula-with-versioned-dpkg-dev-conflict - restriction-formula-without-versioned-dpkg-dev-dependency + Removed: - invalid-restriction-label-in-source-relation - invalid-restriction-namespace-in-source-relation - invalid-restriction-term-in-source-relation - restriction-list-with-debhelper-with-conflicting-debhelper-version - restriction-list-with-debhelper-without-debhelper-version - restriction-list-with-versioned-dpkg-dev-conflict - restriction-list-without-versioned-dpkg-dev-dependency - stageX-profile-used-but-no-binary-package-dropped . * checks/{control-file,fields}.{desc,pm}: + [NT] Apply patch from Johannes Schauer to support the new build profile syntax. (Closes: #763773) * checks/dbus.{desc,pm}: + [NT] New check by Simon McVittie to discover some dbus related issues. (Closes: #762609) * checks/nmu.pm: + [JW] Avoid chopping off trailing ">" in emails in the canonicalize subroutine. (Closes: #766468) * checks/rules.pm: + [JW,NT] Fix undef warning for packages with empty an empty d/rules file. (Closes: #766033) * checks/source-copyright.pm: + [NT] Apply patch from Johannes Schauer to optimise the check. + [NT] Optimise for "dir/*" wildcards in DEP-5 copyright files. * checks/watch-file.pm: + [NT] Fix undef warning with some watch files. Thanks to Axel Beckert for reporting the bug. (Closes: #765995) . * collection/{bin-pkg-control,unpacked}: + [NT] Pass "-m" to tar to make it avoid "correcting" the timestamp of the extracted files. Lintian does not need it for correctness, so it can make tar save a few syscalls here. + [NT] Explicitly pass tar options to make it extract files as the current user and applying the users umask. This is mostly to be explicit about how things are extracted. * collection/file-info: + [NT] Stop collecting file-info for "non-files". The output is not used and often trivial / predictable from other data input already available. * collection/strings: + [NT] Stop creating "elf-index" file as nothing uses it. * collection/unpacked: + [NT] Gracefully handle when symlink targets contains newlines. Thanks to Faheem Mitha for reporting the bug. (Closes: #765311) . * frontend/lintian: + [NT] Aggressively reset the environment a well-defined state at start up. Only ENV variables starting with "LINTIAN_" (and a select few well known variables) are preserved. + [NT] Runtime for collections and checks now only requires a single --debug option. Lintian will now also show runtime for other things (e.g. total runtimes). + [NT] Add --perf-debug and --perf-output options to enable logging for performance data. This is mostly intended to allow collecting performance data from archive-wide runs. + [NT] Hide some options in the default output for --help. These can now be shown with "--help=extended". + [NT] Add a new "Developer/special usage options" section in the --help output for some options (e.g. --debug). This section is hidden by default. . * lib/Lintian/Relation.pm: + [NT] Unparsable entries are now included in relation objects rather than being silently discarded. * lib/Lintian/Util.pm: + [NT] Purge even more ENV variables in clean_env. + [NT] Add "pipe_tee" subroutine for tee'ing data from one input file descriptors to one or more output output file descriptors. . * man/lintian.pod.in: + [NT] Document the performance logging options. + [NT] Add a new "Developer/special usage options" section in the --help output for some options (e.g. --debug). . * private/generate-html-docs: + [NT] Add doctype and encoding to generated files. . * reporting/harness: + [NT] Add missing import. * reporting/html_reprots: + [NT] Correct the command line in the creation of the lintian.log.gz. * reporting/{html_reports,templates/*}: + [NT] Correct the generated HTML, which was invalid in some cases. * reporting/templates/{head,lintian.css}.tmpl: + [NT] Define a default "viewport". This slightly improves the output on some mobile devices. + [NT] Add some special cases for "smaller" viewports in the style sheet. * reporting/templates/maintainer.tmpl: + [NT] Correct name of variable to avoid using an undefined variable. . * vendors/ubuntu/main/data/changes-file/known-dists: + [NT] Add "vivid" per request of Iain Lane. Checksums-Sha1: 7057229fb295cdd213c1d39a9570dad4e0c0b780 2693 lintian_2.5.29.dsc dd2de1aa72b612d923c7b9735c8ce1d2ac386a50 1181444 lintian_2.5.29.tar.xz 53519af230c38aa368b0092ee45ded29899d2875 791866 lintian_2.5.29_all.deb Checksums-Sha256: b946bf6a96cba7a9d2d76ba3ef143b31ce95ccb9dbf248361d091a9d515edd38 2693 lintian_2.5.29.dsc 1525ece9ef6529ef015fe2b601a69b4cefc41168808352a40d7d477d54c5764d 1181444 lintian_2.5.29.tar.xz 170ca7d58d71f20cf8ed5b6cd1783985dd120bb7edb6539113572d47c1934f6f 791866 lintian_2.5.29_all.deb Files: c977afbfdd9cb272d21aa47422b9dd31 2693 devel optional lintian_2.5.29.dsc 593c0be5c2c7fcd1013e19bff373d054 1181444 devel optional lintian_2.5.29.tar.xz 0b3d164edb2cd238a61d752b0a2a6c43 791866 devel optional lintian_2.5.29_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUSsNfAAoJEAVLu599gGRCQUwP/2r21P6yKa0KTDJSoqahVsWi xgNbY7x1ioy1FBEMFc5vi3vmxKS1PPxtaHcTfNUQPceItdrQCDa5beLViIxtdkEg EyU9ahBNm3NIGb+2JIHdPjPZuWoCRmXbUCV8K+skx3B2888yVfAXriRw8E61uaQB lpUkkLasxTzQCX68yFW8S3z6HTV8BYnWLavLSWP+wic/j9n8gtKt+zfNS1t4uGmS unI36JMieXaU5d5CWP1EGZ+aA3usKy+Lc8qWpMv6eQk1/YvlY+c4KgKLBDyDTkAw x6WbjAvQBeeoN9D2YItAOlV/1hHF/klCMTVtqO0SJOuG1ORgH2y5waPtYUolA90H 5LtWf/vxBfh0cyUR12kRySTt3Znx8ZqK1CH9QjxJPsZTHRT9iZ2bcfXv2xUH9yAQ hCQaZg8aTeSkM7YazF3U+9YAdFS3Ns2RkZqkYxyk0+Y6Ym5wz0U2ZErqaN/z5uQw b4sFIl8wiVBZ2hjTx7d/GrNs5F8vhapKtUpXG75V6QgYUZ5ZZEXy2nVblw2GTrkk MTfRbw6Uer0i3uOxCczBh3TT1AzBHNfJiwcBxgadaoCQUtyxrNoAZE3U7O+KpFSg 43+W8axiL3g9gt7YT845J9PsAxFXp/ltxZNXk8pYf6W4DuUedurZFMThbN309os3 TF4hrIw4Wg19VRy3WG6b =kYgl -----END PGP SIGNATURE-----
--- End Message ---
