This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch sl2 in repository lintian.
commit e24e54de93bf46708337dac7d21c899d8bcd863f Author: Bastien ROUCARIÈS <[email protected]> Date: Sat Jul 5 13:55:38 2014 +0200 Detect bad flag in pkg-config Bad flag in pkg-config could lead to FTBFS. Detect it. Signed-off-by: Bastien ROUCARIÈS <[email protected]> --- checks/files.desc | 8 +++++ checks/files.pm | 17 ++++++++++- data/files/pkg-config-bad-regex | 35 ++++++++++++++++++++++ debian/changelog | 2 ++ t/tests/files-pkgconfig/debian/indep-really-bad.pc | 29 ++++++++++++++++++ t/tests/files-pkgconfig/tags | 20 +++++++++++++ 6 files changed, 110 insertions(+), 1 deletion(-) diff --git a/checks/files.desc b/checks/files.desc index a77c94c..dd9a9ee 100644 --- a/checks/files.desc +++ b/checks/files.desc @@ -1505,6 +1505,14 @@ Info: The arch all pkg-config file contains a reference to a multi-arch path. referencing a i386-linux-gnu file. In this case the usual cure is to fix this path. +Tag: pkg-config-bad-directive +Severity: serious +Certainty: possible +Info: The pkg-config file contains a wrong directive. + . + The following file include a wrong directive. This could lead to + FTBFS or leak private compile flags to another package. + Tag: dir-or-file-in-home Severity: serious Certainty: certain diff --git a/checks/files.pm b/checks/files.pm index 35b0e40..bf88c15 100644 --- a/checks/files.pm +++ b/checks/files.pm @@ -74,6 +74,10 @@ my $PRIVACY_BREAKER_TAG_ATTR= Lintian::Data->new( }; }); +my $PKG_CONFIG_BAD_REGEX + = Lintian::Data->new('files/pkg-config-bad-regex',qr/~~~~~/, + sub { return qr/$_[0]/xsm;}); + my $COMPRESS_FILE_EXTENSIONS = Lintian::Data->new('files/compressed-file-extensions', qr/\s++/,sub { return qr/\Q$_[0]\E/ }); @@ -580,6 +584,8 @@ sub run { my $sfd = Lintian::SlidingWindow->new($fd); BLOCK: while (my $block = $sfd->readwindow()) { + # remove continuation line + $block =~ s,\\\n, ,gxsm; # check if pkgconfig file include path point to # arch specific dir MULTI_ARCH_DIR: @@ -594,7 +600,16 @@ sub run { tag 'pkg-config-multi-arch-wrong-dir',$file, 'full text contains architecture specific dir', $pkgconfig_dir; - last BLOCK; + last MULTI_ARCH_DIR; + } + } + PKG_CONFIG_TABOO: + foreach my $taboo ($PKG_CONFIG_BAD_REGEX->all) { + my $regex = $PKG_CONFIG_BAD_REGEX->value($taboo); + if ($block =~ m{$regex}xms) { + my $extra = $1 // ''; + $extra =~ s/\s+/ /g; + tag 'pkg-config-bad-directive', $file, $extra; } } } diff --git a/data/files/pkg-config-bad-regex b/data/files/pkg-config-bad-regex new file mode 100644 index 0000000..e1bf596 --- /dev/null +++ b/data/files/pkg-config-bad-regex @@ -0,0 +1,35 @@ +# a list of pkg-config bad contruction +# regex (xms) +# found in omnithread3.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]__linux__) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]__x86_64__) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-D__OSVERSION__=\d+) \s +# found in znc.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-g\d*) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-D_FORTIFY_SOURCE=\d+) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-O[s0-9]) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-W\S*) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-fvisibility=\w+) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-fPI[CE]) \s +# found in dolfin.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?stack-protector) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (--param=ssp-buffer-size=\d+) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?rounding-math) \s +# found in clam_core.pc +[:=\h](-[IL](?:/usr/local/|/var/cache/pbuilder/build/|/var/lib/s?buildd?/)\S*)\s +# found in scilab.pc +^((?:[cC]flags\h*:|CFLAGS\h*=) (?:\V*\h)? -l\S+) \s +# found meep.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-march=\S+) \s +# found opensaml.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]NDEBUG) \s +# found in libspatialindex.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-pedantic) \s +# found in common-cpp.pc +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-[DU]NEW_STDCPP) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?check-new) \s +^(?:[^:]*flags\h*:|[^=]*FLAGS\h*=) (?:\V*\h)? (-f(?:no-)?inline) \s +# found in libbt.pc +^(?:[lL]ibs\h*:|LDFLAGS\h*=) (?:\V*\h)? (-Wl,z,relro) \s + + diff --git a/debian/changelog b/debian/changelog index fc98097..6399442 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,8 @@ lintian (2.5.25) UNRELEASED; urgency=medium + [RG,NT] Check for invalid named p11-kit modules in /usr/share/p11-kit modules. (Closes: #741346) + [BR] Detect cross architecture pkg-config file. + + [BR] Add a sanity check for pkg-config files. + (Closes: #676803). * data/files/js-libraries: + [NT] Apply patch from Marcelo Jorge Vieira to correct diff --git a/t/tests/files-pkgconfig/debian/indep-really-bad.pc b/t/tests/files-pkgconfig/debian/indep-really-bad.pc new file mode 100644 index 0000000..034e442 --- /dev/null +++ b/t/tests/files-pkgconfig/debian/indep-really-bad.pc @@ -0,0 +1,29 @@ +Name: indep-good +Description: A library good +Requires: +Version: 3.1.3 +Libs: +Cflags: \ + -I/usr/local/somewhere \ + -D__linux__ \ + -D__x86_64__ \ + -D__OSVERSION__=2\ + -g \ + -D_FORTIFY_SOURCE=2 \ + -O2 \ + -Wall \ + -fvisibility=hidden \ + -fPIE \ + -fstack-protector \ + --param=ssp-buffer-size=2 \ + -frounding-math \ + -lmath \ + -march=core2 \ + -DNDEBUG \ + -pedantic \ + -DNEW_STDCPP \ + -fno-check-new \ + -fno-inline \ + -Wl,z,relro + + diff --git a/t/tests/files-pkgconfig/tags b/t/tests/files-pkgconfig/tags index a3933e9..d834400 100644 --- a/t/tests/files-pkgconfig/tags +++ b/t/tests/files-pkgconfig/tags @@ -1,2 +1,22 @@ +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc --param=ssp-buffer-size=2 +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -DNDEBUG +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -DNEW_STDCPP +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D_FORTIFY_SOURCE=2 +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__OSVERSION__=2 +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__linux__ +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -D__x86_64__ +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -I/usr/local/somewhere +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -O2 +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -Wl,z,relro +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fPIE +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fno-check-new +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fno-inline +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -frounding-math +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fstack-protector +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -fvisibility=hidden +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -g +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -march=core2 +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc -pedantic +E: pkgconfig-all: pkg-config-bad-directive usr/lib/pkgconfig/indep-really-bad.pc Cflags: -I/usr/local/somewhere -D__linux__ -D__x86_64__ -D__OSVERSION__=2 -g -D_FORTIFY_SOURCE=2 -O2 -Wall -fvisibility=hidden -fPIE -fstack-protector --param=ssp-buffer-size=2 -frounding-math -lmath E: pkgconfig-all: pkg-config-multi-arch-wrong-dir usr/lib/pkgconfig/indep-include-arch.pc full text contains architecture specific dir ARCH E: pkgconfig-any: pkg-config-multi-arch-wrong-dir usr/lib/x86_64-linux-gnu/pkgconfig/arch-cross.pc full text contains architecture specific dir ARCH -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
