Bug#601323: lintian: false positive possibly-insecure-handling-of-tmp-files-in-maintainer-script

2017-12-26 Thread Chris Lamb 
tags 601323 + pending
thanks

Fixed in Git:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7bf120e37d420942e1473ac1ef09ea1be7764827


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#601323: lintian: false positive possibly-insecure-handling-of-tmp-files-in-maintainer-script

2010-10-25 Thread Jari Aalto 
Package: lintian
Version: 2.4.3
Severity: minor


For package totd lintian reports:

W: totd: possibly-insecure-handling-of-tmp-files-in-maintainer-script 
postinst:18

Code in debian/postinst reads:

 1  #! /bin/sh
 2  # postinst script for totd
 3  #
 4  # see: dh_installdeb(1)
 5  
 6  set -e
 7  
 8  . /usr/share/debconf/confmodule
 9  db_version 2.0
10  
11  ETC_DEFAULT_TOTD=/etc/default/totd
12  
13  case $1 in
14  configure)
15  
16  db_get totd/use_ipv6  use_ipv6=$RET
17  
18  TEMPL=/tmp/totd.default.XXX
19  TEMPFILE=`mktemp $TEMPL`
20  sed -e s/^\(OPTION=\)\(.*\)//g; /^$/d \
21  $ETC_DEFAULT_TOTD  $TEMPFILE
...


SUGGESTION:

Perhaps the regexp could exempt names that contain uppercase 
letters.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lintian depends on:
ii  binutils   2.20.1-15 The GNU assembler, linker and bina
ii  diffstat   1.53-1produces graph of changes introduc
ii  dpkg-dev   1.15.8.5  Debian package development tools
ii  file   5.04-5Determines file type using magic
ii  gettext0.18.1.1-3GNU Internationalization utilities
ii  intltool-debian0.35.0+20060710.1 Help i18n of RFC822 compliant conf
ii  libapt-pkg-perl0.1.24+b1 Perl interface to libapt-pkg
ii  libclass-accessor-perl 0.34-1Perl module that automatically gen
ii  libipc-run-perl0.89-1Perl module for running processes
ii  libparse-debianchangel 1.1.1-2.1 parse Debian changelogs and output
ii  libtimedate-perl   1.2000-1  collection of modules to manipulat
ii  liburi-perl1.54-1module to manipulate and access UR
ii  locales2.11.2-6  Embedded GNU C Library: National L
ii  man-db 2.5.7-4   on-line manual pager
ii  perl [libdigest-sha-pe 5.10.1-15 Larry Wall's Practical Extraction 

lintian recommends no packages.

Versions of packages lintian suggests:
pn  binutils-multiarchnone (no description available)
ii  libtext-template-perl 1.45-1 Text::Template perl module
ii  man-db2.5.7-4on-line manual pager

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20101025081412.18904.39899.report...@vpn.cante.net