Your message dated Fri, 01 Oct 2021 08:55:04 +0000 with message-id <[email protected]> and subject line Bug#995261: fixed in lintian 2.107.0 has caused the Debian Bug report #995261, regarding lintian: non-standard-file-perm false positives for files in /etc/sudoers.d/ (missing "return"?) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 995261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995261 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lintian Version: 2.106.1 Severity: normal Tags: patch Hi, lintian today showed me the following warning: W: hobbit-plugins: non-standard-file-perm etc/sudoers.d/xymon 0440 != 0644 But /etc/sudoers.d/README (at least in Debian 11 Bullseye) reads: # Note that there must be at least one file in the sudoers.d directory (this # one will do), and all files in this directory should be mode 0440. Looking at lib/Lintian/Check/Files/Permissions.pm there is already a special handling for files in /etc/sudoers.d/: 183 # sudo requires sudoers files to be mode oct(440) 184 if ( $file->name =~ m{^ etc/sudoers.d/ }msx 185 && $file->operm != $SUDOERS_FILE) { 186 187 $self->hint( 188 'bad-perm-for-file-in-etc-sudoers.d',$file->name, 189 $file->octal_permissions, $NOT_EQUAL, 190 sprintf('%04o', $SUDOERS_FILE)); 191 192 return; 193 } 194 195 $self->hint( 196 'non-standard-file-perm', $file->name, 197 $file->octal_permissions, $NOT_EQUAL, 198 sprintf('%04o', $STANDARD_FILE) 199 )unless $file->operm == $STANDARD_FILE; But if the file in /etc/sudoers.d/ has the expected permissions, the code continues to check against standard permissions instead of returning already. So I think that this if clause in line 184/185 needs to be split up to call return even if the tag is not emitted: # sudo requires sudoers files to be mode oct(440) if ( $file->name =~ m{^ etc/sudoers.d/ }msx ) { if ( $file->operm != $SUDOERS_FILE) { $self->hint( 'bad-perm-for-file-in-etc-sudoers.d',$file->name, $file->octal_permissions, $NOT_EQUAL, sprintf('%04o', $SUDOERS_FILE)); } return; } (Code untested. Might work, though. Can also apply and test the code myself, but I'd appreciate at least a short acknowledgement that the current code is indeed _not_ working as intended. Probably should get a test case, too. :-) Thanks in advance! -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.13.0-trunk-amd64 (SMP w/4 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages lintian depends on: ii binutils 2.37-7 ii bzip2 1.0.8-4 ii clzip 1.12-2 ii diffstat 1.64-1 ii dpkg 1.20.9 ii dpkg-dev 1.20.9 ii file 1:5.39-3 ii gettext 0.21-4 ii gpg 2.2.27-2 ii intltool-debian 0.35.0+20060710.5 ii libapt-pkg-perl 0.1.40 ii libarchive-zip-perl 1.68-1 ii libcapture-tiny-perl 0.48-1 ii libclass-xsaccessor-perl 1.19-3+b7 ii libclone-perl 0.45-1+b1 ii libconfig-tiny-perl 2.26-1 ii libconst-fast-perl 0.014-1.1 ii libcpanel-json-xs-perl 4.26-1 ii libdata-dpath-perl 0.58-1 ii libdata-validate-domain-perl 0.10-1.1 ii libdevel-size-perl 0.83-1+b2 ii libdigest-sha-perl 6.02-1+b3 ii libdpkg-perl 1.20.9 ii libemail-address-xs-perl 1.04-1+b3 ii libencode-perl 3.12-1 ii libfile-basedir-perl 0.09-1 ii libfile-find-rule-perl 0.34-1 ii libfont-ttf-perl 1.06-1.1 ii libhtml-html5-entities-perl 0.004-1.1 ii libio-interactive-perl 1.023-1 ii libio-prompt-tiny-perl 0.003-1 ii libipc-run3-perl 0.048-2 ii libjson-maybexs-perl 1.004003-1 ii liblist-compare-perl 0.55-1 ii liblist-someutils-perl 0.58-1 ii liblist-utilsby-perl 0.11-1 ii libmoo-perl 2.005004-2 ii libmoox-aliases-perl 0.001006-1.1 ii libnamespace-clean-perl 0.27-1 ii libpath-tiny-perl 0.118-1 ii libperlio-gzip-perl 0.19-1+b7 ii libperlio-utf8-strict-perl 0.008-1+b1 ii libproc-processtable-perl 0.611-1 ii libsereal-decoder-perl 4.018+ds-1+b1 ii libsereal-encoder-perl 4.018+ds-1+b1 ii libsort-versions-perl 1.62-1 ii libterm-readkey-perl 2.38-1+b2 ii libtext-glob-perl 0.11-1 ii libtext-levenshteinxs-perl 0.03-4+b8 ii libtext-markdown-discount-perl 0.13-1 ii libtext-xslate-perl 3.5.8-1+b1 ii libtime-duration-perl 1.21-1 ii libtime-moment-perl 0.44-1+b3 ii libtimedate-perl 2.3300-2 ii libtry-tiny-perl 0.30-1 ii libtype-tiny-perl 1.012004-1 ii libunicode-utf8-perl 0.62-1+b2 ii liburi-perl 5.08-1 ii libxml-libxml-perl 2.0134+dfsg-2+b1 ii libyaml-libyaml-perl 0.83+ds-1 ii lzip 1.22-3 ii lzop 1.04-2 ii man-db 2.9.4-2 ii patchutils 0.4.2-1 ii perl [libencode-perl] 5.32.1-6 ii t1utils 1.41-4 ii unzip 6.0-26 ii xz-utils 5.2.5-2 lintian recommends no packages. Versions of packages lintian suggests: ii binutils-multiarch 2.37-7 ii libtext-template-perl 1.60-1 -- no debconf information
--- End Message ---
--- Begin Message ---Source: lintian Source-Version: 2.107.0 Done: Chris Lamb <[email protected]> We believe that the bug you reported is fixed in the latest version of lintian, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <[email protected]> (supplier of updated lintian package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 01 Oct 2021 08:28:20 +0000 Source: lintian Architecture: source Version: 2.107.0 Distribution: unstable Urgency: medium Maintainer: Debian Lintian Maintainers <[email protected]> Changed-By: Chris Lamb <[email protected]> Closes: 918137 968525 971707 994271 994414 994689 994711 994793 994902 995261 Changes: lintian (2.107.0) unstable; urgency=medium . * Summary of tag changes: + Added: - architecture-escape - control-interpreter-without-predepends - ldconfig-escape - runtime-test-file-uses-supported-python-versions-without-test-depends + Removed: - breakout-link - preinst-interpreter-without-predepends - runtime-test-file-uses-supported-python-versions-without-python-all-build-depends . [ Felix Lechner ] * Repurpose breakout-link; split into two new tags to find a use. (Closes: #968525, #971707) * Do not expect files in sudoers.d to have standard file permissions. (Closes: #995261) * Do not flag missing matches for Files-Excluded; uscan already got rid of them. (Closes: #994271) * Fix documentation for --fails-on command line option. (Closes: #994414) * Exempt empty packages so declared from empty-binary-package. (Closes: #994711) * Allow maintainer manual pages for executables also so provided. (Closes: #994689) * Only create diffstat when the diff.gz is mentioned in the dsc or the changes. (Closes: #994793) * Fix minimum version for init-system-helpers in a tag description. (Closes: #918137) * Be ambivalent between /lib and /usr/lib for systemd service files. (See: #992465) * Adopt latest style from website for the standalone HTML output often shown in Salsa CI. * Implement the multiarch selector :any in package relationships. (Closes: #994902) . [ Paul Wise ] * Revert "Upgrade superficial-tests tag to warning". Checksums-Sha1: 990323a8d6ad6ef78a1da399e8cc3dd66cff7c5f 2469 lintian_2.107.0.dsc e505eec7c5363b037328283ac2fb6e5173683947 2055384 lintian_2.107.0.tar.xz cd8d39e19500417d04a9edb57c5a2f05556ce883 6580 lintian_2.107.0_amd64.buildinfo Checksums-Sha256: 50761c017260f8d5db20206f871b1d857b4d901af84e70723c8b43434c168c8d 2469 lintian_2.107.0.dsc 37878172115fed5a21657df8ab1fb908d62f60f24e414cce55d5f1b12f3c4515 2055384 lintian_2.107.0.tar.xz 1d5a54efa3adda8d0d045bbd6626925a4ea928bd7827be583e0dedc30f3b5ca6 6580 lintian_2.107.0_amd64.buildinfo Files: 368b073b0038a00345f3ed39958a44b9 2469 devel optional lintian_2.107.0.dsc 7e45f1deef8837445976f214c867b69b 2055384 devel optional lintian_2.107.0.tar.xz eba8e83b369ea47ba9580cddfc4a5573 6580 devel optional lintian_2.107.0_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFWxwEACgkQHpU+J9Qx HlgWcg//YWOdZ7+w3/c1wy0WxYm5+QoUm1jCHE2hlMRnkP4LjK5Nv7OLVvFltVxn v3RKYOgYYbTJBId+oLpNTX92yXR4sSWzQqhYavAhOxSsySBRFurbRvavUY2OMf2O N2FZ7wOAvm4jKaks9/iTvsAqeCfWDmTky5+/UQKA1va2IXQa0KLAZH8WN1U3NlaU IRYWne1kdMkRZobcixDeWM2De2I5jSkizLNzZ5mUgqEsMDMtmzqh1tNcxOrvou2r IpIy4Fm3DUn/iF8Pav7l8v7Lp+Vl0fFLia0h9/rP4aruVitFCpUzx34RdTfvO3oE o83aEdv9zwNNU8RPyDB2bYi6c6ZnbyTh0qXF4+7A9PK2GDbL0jh0RTia4rHO/9nw V0dLwepy2kvv0LHUO6Qb9R6E06TotwIfJ2mHRUJv8gHm1Hp0ZPmXFQ5Yl3lshKS3 lc9VFkFsggnJwvuXNtZF7z4MAE0DRxHEw8lxe010EguBYKK2h6r0Mchdxb7a2JqI RTMn09iJbjq9ejgAvExu3l7sGbdkOUaoiEy9+vQXw0vxOi7FiFFwC68VgDgj5DTY XTVNvmXMrbfLUbnNiuJElHjgH7+3nWbON9gTlvD/h7aQECSO2bkh1GgTkL7Hs8FR r/pSv+Ag8qtM/ZYkEvum3wVT847VWTetMdvzFwMGqLRFeYApq5E= =HUCi -----END PGP SIGNATURE-----
--- End Message ---
