Hello community, here is the log from the commit of package rpmlint for openSUSE:Factory checked in at 2017-07-17 09:00:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rpmlint (Old) and /work/SRC/openSUSE:Factory/.rpmlint.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rpmlint" Mon Jul 17 09:00:51 2017 rev:274 rq:509371 version:1.8 Changes: -------- --- /work/SRC/openSUSE:Factory/rpmlint/rpmlint-tests.changes 2017-05-04 08:53:22.993609421 +0200 +++ /work/SRC/openSUSE:Factory/.rpmlint.new/rpmlint-tests.changes 2017-07-17 09:00:52.598815085 +0200 @@ -1,0 +2,7 @@ +Sun Jul 2 16:30:01 UTC 2017 - [email protected] + +- rpmlint-pie-leap42.patch, rpmlint-pie-factory.patch: + adjust testsuite to match new PIE warning, for both + Leap 42.3 and Factory. + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/rpmlint/rpmlint.changes 2017-06-20 10:57:47.873517110 +0200 +++ /work/SRC/openSUSE:Factory/.rpmlint.new/rpmlint.changes 2017-07-17 09:00:52.662806074 +0200 @@ -1,0 +2,11 @@ +Tue Jul 11 08:48:32 UTC 2017 - [email protected] + +- Adding pam_dbus (bsc#1039709) + +------------------------------------------------------------------- +Thu Jun 22 08:33:11 UTC 2017 - [email protected] + +- rpmlint-all-pie.patch: for non-PIE built binaries emit a warning + to suggest build them as PIE. + +------------------------------------------------------------------- New: ---- rpmlint-all-pie.patch rpmlint-pie-factory.patch rpmlint-pie-leap42.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint-tests.spec ++++++ --- /var/tmp/diff_new_pack.IFRVV3/_old 2017-07-17 09:00:54.382563915 +0200 +++ /var/tmp/diff_new_pack.IFRVV3/_new 2017-07-17 09:00:54.382563915 +0200 @@ -32,6 +32,8 @@ Url: http://www.opensuse.org/ Source: rpmlint-tests-%version.tar.xz Patch1: 0001-Update-varrun-test-for-Leap-42.2-severity-reduction.patch +Patch2: rpmlint-pie-leap42.patch +Patch3: rpmlint-pie-factory.patch %description This package doesn't actually contain any files and is not meant to @@ -43,6 +45,10 @@ %if 0%{?sle_version} >= 120200 %patch1 -p1 %endif +%if 0%{?suse_version} < 1330 +%patch2 -p1 +%endif +%patch3 -p1 %build mkdir rpms @@ -50,7 +56,4 @@ %install -%clean -rm -rf %buildroot - %changelog ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.IFRVV3/_old 2017-07-17 09:00:54.406560536 +0200 +++ /var/tmp/diff_new_pack.IFRVV3/_new 2017-07-17 09:00:54.410559972 +0200 @@ -125,6 +125,7 @@ Patch68: boo1027577-license_tag.patch # Fix check for 'missing-call-to-chdir-with-chroot' on ARM, relax check on PPC Patch69: BinariesCheck_fix_chroot_check_on_non_x86.patch +Patch70: rpmlint-all-pie.patch # PATCHLIST END # BuildArch must at the end. is a bug: https://bugzilla.suse.com/show_bug.cgi?id=926766 BuildArch: noarch ++++++ config ++++++ --- /var/tmp/diff_new_pack.IFRVV3/_old 2017-07-17 09:00:54.582535757 +0200 +++ /var/tmp/diff_new_pack.IFRVV3/_new 2017-07-17 09:00:54.586535194 +0200 @@ -759,7 +759,11 @@ # openqa (bsc#1039290) "org.opensuse.openqa.conf", "openqa-scheduler.service", - "openqa-websockets.service" + "openqa-websockets.service", + # pam_dbus (bsc#1039709). Take care to + # never enable/integrate this by default (see bsc comments) + "pam_dbus.conf", + "pam_dbus.service" )) setOption("PAMModules.WhiteList", ( ++++++ rpmlint-all-pie.patch ++++++ Index: rpmlint-rpmlint-1.8/BinariesCheck.py =================================================================== --- rpmlint-rpmlint-1.8.orig/BinariesCheck.py +++ rpmlint-rpmlint-1.8/BinariesCheck.py @@ -560,6 +560,9 @@ class BinariesCheck(AbstractCheck.Abstra if not is_shobj and pie_exec_re and pie_exec_re.search(fname): printError(pkg, 'non-position-independent-executable', fname) + if not is_shobj: + printError(pkg, 'position-independent-executable-suggested', + fname) if bin_info.readelf_error: continue @@ -809,6 +812,10 @@ stripping process.''', '''This executable must be position independent. Check that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''', +'position-independent-executable-suggested', +'''This executable should be position independent (all binaries should). Check +that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags.''', + 'missing-call-to-setgroups-before-setuid', '''This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all ++++++ rpmlint-pie-factory.patch ++++++ Index: rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/pie.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/pie.ref @@ -1,4 +1,5 @@ +pie: W: position-independent-executable-suggested /usr/bin/telnet pie: W: permissions-incorrect /bin/mount has mode 0755 but should be 04755 pie: E: non-position-independent-executable (Badness: 10000) /usr/bin/telnet pie: W: missing-call-to-setgroups-before-setuid /bin/mount -1 packages and 0 specfiles checked; 1 errors, 2 warnings. +1 packages and 0 specfiles checked; 1 errors, 3 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/permissions1.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/permissions1.ref @@ -1,3 +1,4 @@ +permissions1: W: position-independent-executable-suggested /bin/ls permissions1: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/test permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/ls permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/su @@ -8,4 +9,4 @@ permissions1: W: permissions-incorrect-o permissions1: W: permissions-incorrect /bin/su has mode 0755 but should be 04755 permissions1: E: permissions-file-setuid-bit (Badness: 10000) /bin/ls is packaged with setuid/setgid bits (04755) permissions1: W: non-position-independent-executable /bin/ls -1 packages and 0 specfiles checked; 2 errors, 8 warnings. +1 packages and 0 specfiles checked; 2 errors, 9 warnings. ++++++ rpmlint-pie-leap42.patch ++++++ Index: rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/srv.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/srv.ref @@ -1,4 +1,5 @@ srv: E: suse-filelist-forbidden-srv (Badness: 10000) /usr/local/ftp is not allowed in SUSE srv: W: suse-filelist-forbidden-fhs23 /usr/local is not allowed in FHS 2.3 +srv: W: position-independent-executable-suggested /usr/local/ftp/foo srv: W: call-to-mktemp /usr/local/ftp/foo -1 packages and 0 specfiles checked; 1 errors, 2 warnings. +1 packages and 0 specfiles checked; 1 errors, 3 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/debug.ref @@ -1,5 +1,6 @@ debug: W: static-library-without-symtab /usr/lib/foo/t2.a debug: W: static-library-without-debuginfo /usr/lib/foo/t.a +debug: W: position-independent-executable-suggested /usr/bin/t debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a debug: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a -1 packages and 0 specfiles checked; 2 errors, 2 warnings. +1 packages and 0 specfiles checked; 2 errors, 3 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/game.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/game.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/game.ref @@ -1,5 +1,7 @@ game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib/blub is not allowed in SUSE game: E: suse-filelist-forbidden-games (Badness: 10000) /usr/games/lib is not allowed in SUSE +game: W: position-independent-executable-suggested /usr/games/foo +game: W: position-independent-executable-suggested /usr/games/lib/blub game: W: call-to-mktemp /usr/games/foo game: W: call-to-mktemp /usr/games/lib/blub -1 packages and 0 specfiles checked; 2 errors, 2 warnings. +1 packages and 0 specfiles checked; 2 errors, 4 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug2.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/debug2.ref @@ -1,4 +1,5 @@ debug2: W: static-library-without-symtab /usr/lib/foo/t2.a +debug2: W: position-independent-executable-suggested /usr/bin/t debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a debug2: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a -1 packages and 0 specfiles checked; 2 errors, 1 warnings. +1 packages and 0 specfiles checked; 2 errors, 2 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/chroot.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/chroot.ref @@ -1,2 +1,4 @@ +chroot: W: position-independent-executable-suggested /usr/bin/call_chroot_with_chdir +chroot: W: position-independent-executable-suggested /usr/bin/call_chroot chroot: W: missing-call-to-chdir-with-chroot /usr/bin/call_chroot -1 packages and 0 specfiles checked; 0 errors, 1 warnings. +1 packages and 0 specfiles checked; 0 errors, 3 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/debug1.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/debug1.ref @@ -1,5 +1,6 @@ debug1: W: static-library-without-symtab /usr/lib/foo/t2.a debug1: W: static-library-without-debuginfo /usr/lib/foo/t.a +debug1: W: position-independent-executable-suggested /usr/bin/t debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t.a debug1: E: devel-file-in-non-devel-package (Badness: 50) /usr/lib/foo/t2.a -1 packages and 0 specfiles checked; 2 errors, 2 warnings. +1 packages and 0 specfiles checked; 2 errors, 3 warnings. Index: rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref =================================================================== --- rpmlint-tests-84.87+git20170418.092177d.orig/tests/gethostbyname.ref +++ rpmlint-tests-84.87+git20170418.092177d/tests/gethostbyname.ref @@ -1,7 +1,13 @@ +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2 +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname2_r +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyaddr_r +gethostbyname: W: position-independent-executable-suggested /usr/bin/call_gethostbyname_r gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2 gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname2_r gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyaddr_r gethostbyname: I: binary-or-shlib-calls-gethostbyname /usr/bin/call_gethostbyname_r -1 packages and 0 specfiles checked; 0 errors, 0 warnings. +1 packages and 0 specfiles checked; 0 errors, 6 warnings.
