#! /bin/sh /usr/share/dpatch/dpatch-run ## 500-backport-1.23.22-checks-binaries.dpatch by Eero Häkkinen ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Backported checks from lintian 1.23.22. @DPATCH@ diff -urNad lintian-1.23.8~/checks/binaries lintian-1.23.8/checks/binaries --- lintian-1.23.8~/checks/binaries 2004-07-07 20:17:54.000000000 +0000 +++ lintian-1.23.8/checks/binaries 2006-07-18 13:33:57.000000000 +0000 @@ -1,4 +1,4 @@ -# binaries -- lintian check script +# binaries -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz and Richard Braakman # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::binaries; use strict; @@ -38,6 +38,8 @@ my %NEEDED; my %CXXABI; my %OCAML; +my %SONAME; +my %KLIBC; # read architecture file if (open(IN,"fields/architecture")) { @@ -92,6 +94,9 @@ push @{$NEEDED{$file}}, $1; } elsif (m/^\s*RPATH\s*(\S+)/o) { $RPATH{$file} = $1; + } elsif (m/^\s*SONAME\s*(\S+)/o) { + $SONAME{$1} ||= []; + push @{$SONAME{$1}}, $file; } elsif (m/^\s*\d+\s+\.comment\s+/o) { $COMMENT{$file} = 1; } elsif (m/^\s*\d+\s+\.note\s+/o) { @@ -102,13 +107,57 @@ fail("file format not recognized for $1\nif you are checking non-i386 binaries, you'll need to install binutils-multiarch\n"); } elsif (m/^objdump: \.(.*?): Packed with UPX$/) { tag "binary-file-compressed-with-upx", "$1"; + } elsif (m/^objdump: \.(.*?): Invalid operation$/) { + tag "binary-with-bad-dynamic-table", "$file" unless $file =~ m%^\./usr/lib/debug/%; } elsif (m/CXXABI/) { $CXXABI{$file} = 1; + } elsif (m%Requesting program interpreter:\s+/lib/klibc-\S+\.so%) { + $KLIBC{$file} = 1; } } } close(IN); +# For the package naming check, filter out SONAMEs where all the files are +# at paths other than /lib, /usr/lib, or /usr/X11R6/lib. This avoids false +# positives with plugins like Apache modules, which may have their own +# SONAMEs but which don't matter for the purposes of this check. +sub lib_soname_path { + my (@paths) = @_; + foreach my $path (@paths) { + return 1 if $path =~ m%^(\.?/)?lib/[^/]+$%; + return 1 if $path =~ m%^(\.?/)?usr/lib/[^/]+$%; + return 1 if $path =~ m%^(\.?/)?usr/X11R6/lib/[^/]+$%; + } + return 0; +} +my @sonames = grep { lib_soname_path (@{$SONAME{$_}}) } keys %SONAME; +tag "several-sonames-in-same-package", "@sonames" if @sonames > 1; + +# try to identify transition strings +my $base_pkg = $pkg; +$base_pkg =~ s/c102\b//o; +$base_pkg =~ s/c2a?\b//o; +$base_pkg =~ s/\dg$//o; +$base_pkg =~ s/-udeb$//o; +$base_pkg =~ s/^lib64/lib/o; + +my $match_found = 0; +foreach my $expected_name (@sonames) { + $expected_name =~ s/([0-9])\.so\./$1-/; + $expected_name =~ s/\.so(\.|$)//o; + $expected_name =~ s/_/-/o; + + if ((lc($expected_name) eq $pkg) + || (lc($expected_name) eq $base_pkg)) { + $match_found = 1; + last; + } +} + +tag "package-name-doesnt-match-sonames", "@sonames" + if @sonames && !$match_found; + # process all files in package open(IN,"file-info") or fail("cannot find file-info for $type package $pkg"); while () { @@ -175,13 +224,14 @@ my %libc5_binary; my @needed; if (!exists($NEEDED{$file}) && !defined($NEEDED{$file})) { - if ($info =~ m/shared object/o) { + if ($info =~ m/shared object/o && $file !~ m#^\./usr/lib/debug/#) { tag "shared-lib-without-dependency-information", "$file"; } else { # Some exceptions: files in /boot, /usr/lib/debug/*, named *-static or # *.static, or *-static as package-name. - use File::Basename; - next if (dirname($file) eq './boot'); + next if ($file =~ m#^./boot/#); + # klibc binaries appear to be static. + next if ($KLIBC{$file}); # Location of debugging symbols: next if ($file =~ m#^./usr/lib/debug/#); next if ($file =~ /(\.|-)static$/);