Author: rra Date: 2006-04-01 08:46:55 +0200 (Sat, 01 Apr 2006) New Revision: 598
Modified: trunk/checks/manpages trunk/checks/po-debconf trunk/collection/objdump-info trunk/debian/changelog trunk/lib/Util.pm Log: * checks/manpages: + [RA] Use system_env instead of system and sanitize the environment before running man -l out of caution and to avoid extraneous output when CDPATH is set. Reported by Marc Haber. (Closes: #360217) * checks/po-debconf: + [RA] Use system_env instead of system out of caution and to avoid extraneous output when CDPATH is set. * collection/objdump-info: + [RA] Unset CDPATH before running cd to avoid strange effects from the user's environment. * lib/Util.pm: + [RA] Add system_env, like system but sanitizing the environment. Modified: trunk/checks/manpages =================================================================== --- trunk/checks/manpages 2006-04-01 06:01:57 UTC (rev 597) +++ trunk/checks/manpages 2006-04-01 06:46:55 UTC (rev 598) @@ -235,7 +235,7 @@ # negatives. When man-db is fixed, this limitation should be # removed. if ($path =~ m,/man/man\d/,) { - if (system("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) { + if (system_env("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) { tag "manpage-has-bad-whatis-entry", "$file"; } } @@ -244,14 +244,22 @@ # parent directory before running man so that .so directives are # processed properly. (Yes, there are man pages that include other # pages with .so but aren't simple links; rbash, for instance.) - my $cmd; - if ($file =~ m,^(.*)/(man\d/.*)$,) { - $cmd = "cd unpacked/\Q$1\E && LANG=C man -l \Q$2\E"; - } else { - $cmd = "LANG=C man -l unpacked/\Q$file\E"; - } - open MANERRS, '-|', "($cmd >/dev/null) 2>&1" - or fail("cannot run man -l: $!"); + my $cmd; + if ($file =~ m,^(.*)/(man\d/.*)$,) { + $cmd = "cd unpacked/\Q$1\E && man -l \Q$2\E"; + } else { + $cmd = "man -l unpacked/\Q$file\E"; + } + my $pid = open MANERRS, '-|'; + if (not defined $pid) { + fail("cannot run man -l: $!"); + } elsif ($pid == 0) { + my %newenv = (LANG => 'C', PATH => $ENV{PATH}); + undef %ENV; + %ENV = %newenv; + exec "($cmd >/dev/null) 2>&1" + or fail("cannot run man -l: $!"); + } while (<MANERRS>) { # ignore progress information from man next if /^Reformatting/; Modified: trunk/checks/po-debconf =================================================================== --- trunk/checks/po-debconf 2006-04-01 06:01:57 UTC (rev 597) +++ trunk/checks/po-debconf 2006-04-01 06:46:55 UTC (rev 598) @@ -76,8 +76,8 @@ if (-x "/usr/bin/msgcmp" && -x "/usr/share/intltool-debian/intltool-update" ) { if ($missing_files == 0) { $ENV{"INTLTOOL_EXTRACT"} ||= "/usr/share/intltool-debian/intltool-extract"; - system("cd debfiles/po && /usr/share/intltool-debian/intltool-update --gettext-package=test --pot"); - system("/usr/bin/msgcmp debfiles/po/test.pot debfiles/po/templates.pot >/dev/null 2>&1") == 0 + system_env("cd debfiles/po && /usr/share/intltool-debian/intltool-update --gettext-package=test --pot"); + system_env("/usr/bin/msgcmp debfiles/po/test.pot debfiles/po/templates.pot >/dev/null 2>&1") == 0 or tag "newer-debconf-templates"; } } else { @@ -106,7 +106,7 @@ } tag "unknown-encoding-in-po-file", "debian/po/$file" unless length($charset); - system("msgfmt -o /dev/null debfiles/po/$file 2>/dev/null") == 0 + system_env("msgfmt -o /dev/null debfiles/po/$file 2>/dev/null") == 0 or tag "invalid-po-file", "debian/po/$file"; } Modified: trunk/collection/objdump-info =================================================================== --- trunk/collection/objdump-info 2006-04-01 06:01:57 UTC (rev 597) +++ trunk/collection/objdump-info 2006-04-01 06:46:55 UTC (rev 598) @@ -30,6 +30,7 @@ exit 2 fi +CDPATH= cd unpacked rm -f ../objdump-info Modified: trunk/debian/changelog =================================================================== --- trunk/debian/changelog 2006-04-01 06:01:57 UTC (rev 597) +++ trunk/debian/changelog 2006-04-01 06:46:55 UTC (rev 598) @@ -14,14 +14,28 @@ are now too many combinations to list completely. + [RA] Catch build dependencies on X metapackages, based on a patch by Josh Triplett. (Partially addresses #347169) + * checks/manpages: + + [RA] Use system_env instead of system and sanitize the environment + before running man -l out of caution and to avoid extraneous output + when CDPATH is set. Reported by Marc Haber. (Closes: #360217) + * checks/po-debconf: + + [RA] Use system_env instead of system out of caution and to avoid + extraneous output when CDPATH is set. * checks/scripts.desc: + [RA] Change the check for broken error handling with invoke-rc.d to maintainer-script-hides-init-failure to be more generic and explain what the test looks at. Add the script name and line number and fix a typo. Thanks, Marc Haber. (Closes: #360214, #360216) - -- Russ Allbery <[EMAIL PROTECTED]> Fri, 31 Mar 2006 22:00:45 -0800 + * collection/objdump-info: + + [RA] Unset CDPATH before running cd to avoid strange effects from + the user's environment. + * lib/Util.pm: + + [RA] Add system_env, like system but sanitizing the environment. + + -- Russ Allbery <[EMAIL PROTECTED]> Fri, 31 Mar 2006 22:40:32 -0800 + lintian (1.23.16) unstable; urgency=low The "What's this Russ guy up to?" release Modified: trunk/lib/Util.pm =================================================================== --- trunk/lib/Util.pm 2006-04-01 06:01:57 UTC (rev 597) +++ trunk/lib/Util.pm 2006-04-01 06:46:55 UTC (rev 598) @@ -31,7 +31,8 @@ slurp_entire_file get_file_md5 file_is_encoded_in_non_utf8 - fail); + fail + system_env); use FileHandle; use Pipeline; @@ -207,6 +208,23 @@ return 0; } +# Just like system, except cleanses the environment first to avoid any strange +# side effects due to the user's environment. +sub system_env { + my @whitelist = qw(PATH INTLTOOL_EXTRACT); + my %newenv = map { exists $ENV{$_} ? ($_ => $ENV{$_}) : () } @whitelist; + my $pid = fork; + if (not defined $pid) { + return -1; + } elsif ($pid == 0) { + %ENV = %newenv; + exec @_ or die("exec of $_[0] failed: $!\n"); + } else { + waitpid $pid, 0; + return $?; + } +} + # ------------------------ sub fail { -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]