This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian.
commit 7bf120e37d420942e1473ac1ef09ea1be7764827 Author: Chris Lamb <la...@debian.org> Date: Tue Dec 26 14:41:25 2017 +0000 Prevent a false positive in the possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by detecting XXX-like mktemp(1) templates. (Closes: #601323) --- checks/scripts.pm | 1 + debian/changelog | 3 +++ t/tests/legacy-maintainer-scripts/debian/debian/postinst | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/checks/scripts.pm b/checks/scripts.pm index 6615242..57af865 100644 --- a/checks/scripts.pm +++ b/checks/scripts.pm @@ -713,6 +713,7 @@ sub run { and not m/\bmks?temp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/ + and not m/\bXXXXXX\b/ and not m/\$RANDOM/) { #<<< no perltidy - tag name too long tag 'possibly-insecure-handling-of-tmp-files-in-maintainer-script', diff --git a/debian/changelog b/debian/changelog index 7f00572..f398d28 100644 --- a/debian/changelog +++ b/debian/changelog @@ -169,6 +169,9 @@ lintian (2.5.63) unstable; urgency=medium + [CL] Prevent a false-positive in missing-dep-for-interpreter by matching ABI-versioned virtual packages for Erlang. Thanks to Jean Parpaillon for the report. (Closes: #810204) + + [CL] Prevent a false positive in the + possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by + detecting XXX-like mktemp(1) templates. (Closes: #601323) * checks/source-copyright.desc: + [CL] Update description of source-includes-file-in-files-excluded to clarify the potential problem and to reference the relevant diff --git a/t/tests/legacy-maintainer-scripts/debian/debian/postinst b/t/tests/legacy-maintainer-scripts/debian/debian/postinst index 4e18d68..e56ed3b 100644 --- a/t/tests/legacy-maintainer-scripts/debian/debian/postinst +++ b/t/tests/legacy-maintainer-scripts/debian/debian/postinst @@ -46,7 +46,7 @@ FOO=`mktemp /tmp/scripts.XXXXXX` rm "$FOO" FOO=`tempfile -n/tmp/scripts.tmp` mkdir /var/tmp/scripts - +FOO="/tmp/false.positive.XXXXXX" # invalid echo foo >>/tmp/scripts.tmp rm /tmp/scripts.tmp -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git