fedora-rpmdevtools check-rpaths-worker, 1.6, 1.7 fedora-rpmdevtools.spec, 1.76, 1.77
Ville Skytta (scop)
fedora-extras-commits at redhat.com
Sat Oct 15 19:48:13 UTC 2005
Author: scop
Update of /cvs/fedora/fedora-rpmdevtools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28691
Modified Files:
check-rpaths-worker fedora-rpmdevtools.spec
Log Message:
Detect when RPATH references the parent directory of an absolute path.
Index: check-rpaths-worker
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/check-rpaths-worker,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- check-rpaths-worker 3 Oct 2005 05:35:40 -0000 1.6
+++ check-rpaths-worker 15 Oct 2005 19:48:11 -0000 1.7
@@ -21,6 +21,15 @@
IFS=:
already_shown=0
+# effect of this expression is obviously:
+# * match paths beginning with:
+# - $SOMETHING/<something>/..
+# - /<something>/..
+# * but not paths beginning with
+# - $SOMETHING/..
+# - $SOMETHING/../../../.....
+BADNESS_EXPR_32='\(\(\$[^/]\+\)\?\(/.*\)\?/\(\([^.][^/]*\)\|\(\.[^./][^/]*\)\|\(\.\.[^/]\+\)\)\)/\.\.\(/.*\)\?$'
+
function showHint()
{
test "$already_shown" -eq 0 || return
@@ -46,7 +55,8 @@
* RPATHs; this is just a minor issue but usually unwanted
* 0x0010 ... the RPATH is empty; there is no reason for such RPATHs
* and they cause unneeded work while loading libraries
-*
+* 0x0020 ... an RPATH references '..' of an absolute path; this will break
+* the functionality when the path before '..' is a symlink
*
*
* Examples:
@@ -67,19 +77,21 @@
local cmp=$2
local msg=
local fail=
+ local code
test $[ $val & $cmp ] -ne 0 || return 0
+ code=$(printf '%04x' $cmp)
if test $[ $val & ~$QA_RPATHS ] -eq 0; then
- msg=WARNING
+ msg="WARNING"
else
showHint
- msg=ERROR
+ msg="ERROR "
fail=1
fi
shift 2
- echo "$msg: $@" >&2
+ echo "$msg $code: $@" >&2
test -z "$fail"
}
@@ -100,6 +112,8 @@
if test -z "$j"; then
badness=16
+ elif expr match "$j" "$BADNESS_EXPR_32" >/dev/null; then
+ badness=32
else
case "$j" in
(/lib/*|/usr/lib/*|/usr/X11R6/lib/*|/usr/local/lib/*)
@@ -135,7 +149,7 @@
msg "$badness" 4 "file '$base' contains an insecure rpath '$j' in [$rpath]" || fail=1
msg "$badness" 8 "file '$base' contains the \$ORIGIN rpath specifier at the wrong position in [$rpath]" || fail=1
msg "$badness" 16 "file '$base' contains an empty rpath in [$rpath]" || fail=1
-
+ msg "$badness" 32 "file '$base' contains an rpath referencing '..' of an absolute path [$rpath]" || fail=2
let ++pos
done
done
Index: fedora-rpmdevtools.spec
===================================================================
RCS file: /cvs/fedora/fedora-rpmdevtools/fedora-rpmdevtools.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- fedora-rpmdevtools.spec 7 Oct 2005 17:53:06 -0000 1.76
+++ fedora-rpmdevtools.spec 15 Oct 2005 19:48:11 -0000 1.77
@@ -126,6 +126,10 @@
%changelog
+* Sat Oct 15 2005 Ville Skyttä <ville.skytta at iki.fi>
+- check-rpaths-worker: detect when RPATH references the parent directory
+ of an absolute path (#169298, Enrico Scholz).
+
* Fri Oct 7 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.2-1
- check-buildroot: grep for buildroot as a fixed string, not a regexp.
- Update FSF's address in copyright notices.
More information about the fedora-extras-commits
mailing list