summaryrefslogtreecommitdiffstats
path: root/data/binaries
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--data/binaries/arch-64bit-equivs13
-rw-r--r--data/binaries/arch-regex58
-rw-r--r--data/binaries/embedded-libs113
-rw-r--r--data/binaries/hardened-functions88
-rw-r--r--data/binaries/lfs-symbols68
-rw-r--r--data/binaries/obsolete-crypt-functions13
-rw-r--r--data/binaries/spelling-exceptions14
7 files changed, 367 insertions, 0 deletions
diff --git a/data/binaries/arch-64bit-equivs b/data/binaries/arch-64bit-equivs
new file mode 100644
index 0000000..e349014
--- /dev/null
+++ b/data/binaries/arch-64bit-equivs
@@ -0,0 +1,13 @@
+# Manually maintained table mapping 32bit archs to the
+# name of their 64bit counter part.
+#
+# Please keep this sorted by "key" (i.e. 32bit arch)
+
+hppa => hppa64
+i386 => amd64
+kfreebsd-i386 => kfreebsd-amd64
+mips => mips64
+mipsel => mipsel64
+powerpc => ppc64
+s390 => s390x
+sparc => sparc64
diff --git a/data/binaries/arch-regex b/data/binaries/arch-regex
new file mode 100644
index 0000000..14d1f47
--- /dev/null
+++ b/data/binaries/arch-regex
@@ -0,0 +1,58 @@
+# Manually maintained table of architectures and their "file(1)"
+# signature. Table based on checks/emdebian's %archdetecttable, as
+# found in emdebian-tools.
+#
+# syntax:
+# key ~~regex
+#
+# Note spaces on the right hand side of ~~ are assumed to be a part
+# of the regex.
+#
+# Please keep this sorted based on the arch names.
+
+# Phony architectures used for some special cases, where Lintian just
+# requires the number of "bits" to be correct.
+#
+32 ~~^ELF 32-bit
+64 ~~^ELF 64-bit
+
+# Regular architectures
+
+# some of the negative assertions require an anchor in the rear
+
+alpha ~~^ELF 64-bit LSB .* Alpha
+amd64 ~~^ELF 64-bit LSB .* x86-64, .* (?:GNU/Linux|(?!GNU)).*$
+arm ~~^ELF 32-bit LSB .* ARM, version \d,
+arm64 ~~^ELF 64-bit LSB .* ARM aarch64,
+armeb ~~^ELF 32-bit MSB .* ARM
+armel ~~^ELF 32-bit LSB .* ARM, .* [(](?:SYSV|GNU/Linux)[)]
+armhf ~~^ELF 32-bit LSB .* ARM, .* [(](?:SYSV|GNU/Linux)[)]
+#avr32 ~~^ELF 32-bit MSB .* [(]SYSV[)]
+hppa ~~^ELF 32-bit MSB .* PA-RISC
+hppa64 ~~^ELF 64-bit MSB .* PA-RISC
+hurd-i386 ~~^ELF 32-bit LSB .* Intel 80386, .* (?:GNU/Hurd|(?!GNU)).*$
+i386 ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/Linux|(?!GNU)).*$
+ia64 ~~^ELF 64-bit LSB .* IA-64
+kfreebsd-amd64~~^ELF 64-bit LSB .* x86-64, .* (?:GNU/kFreeBSD|(?!GNU)).*$
+kfreebsd-i386 ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/kFreeBSD|(?!GNU)).*$
+loong64 ~~^ELF 64-bit LSB .* LoongArch
+lpia ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/Linux|(?!GNU)).*$
+m32r ~~^ELF 32-bit MSB .* M32R
+m68k ~~^ELF 32-bit MSB .* 680[02]0
+mips ~~^ELF 32-bit MSB .* MIPS
+mipsel ~~^ELF 32-bit LSB .* MIPS
+#mipsn32 ~~^ELF 32-bit LSB .* MIPS.* N32
+mips64 ~~^ELF 64-bit MSB .* MIPS
+mips64el ~~^ELF 64-bit LSB .* MIPS
+powerpc ~~^ELF 32-bit MSB .* PowerPC
+powerpcspe ~~^ELF 32-bit MSB .* PowerPC .* cisco 4500
+ppc64 ~~^ELF 64-bit MSB .* PowerPC
+ppc64el ~~^ELF 64-bit LSB .* PowerPC
+riscv64 ~~^ELF 64-bit LSB .* RISC-V
+s390 ~~^ELF 32-bit MSB .* S.390
+s390x ~~^ELF 64-bit MSB .* S.390
+sh4 ~~^ELF 32-bit LSB .* Renesas SH
+sparc ~~^ELF 32-bit MSB .* SPARC
+#sparcv9b ~~^ELF 32-bit MSB .* SPARC.* V8[+]
+sparc64 ~~^ELF 64-bit MSB .* SPARC
+x32 ~~^ELF 32-bit LSB .* x86-64
diff --git a/data/binaries/embedded-libs b/data/binaries/embedded-libs
new file mode 100644
index 0000000..1baf48a
--- /dev/null
+++ b/data/binaries/embedded-libs
@@ -0,0 +1,113 @@
+# Manually maintained table of embedded libraries.
+#
+# Basic syntax:
+# key || [options] || <regex>
+#
+# Where [options] is space separated list of:
+#
+# source=<src>
+# - If present, it declares that this library is built from the
+# source package <src>
+# - If both "source" and "source-regex" are omitted, then
+# Lintian will default to using "source" with a value equal
+# to the key.
+# - Cannot be used with "source-regex"
+#
+# source-regex=<srcregex>
+# - If present, it declares that this library is built from (or
+# expected in binaries built from) any source package whose
+# name matches <srcregex>.
+# - Cannot be used with "source"
+#
+# libname=<name>
+# - Declares the "name" of the library.
+# - If omitted, the key will be used.
+#
+# Note: Avoid unintended leading and trailing whitespace in <regex>
+# as Lintian will assume such whitespace is a part of the regex.
+# If possible, consider using \s or [ ] to mark intended trailing
+# whitespace.
+#
+# Please keep it sorted by key.
+#
+
+bzip2 || ||(?m)^This is a bug in bzip2
+curl || ||A libcurl function was given a bad argument
+expat || ||(?m)^requested feature requires XML_DTD support in Expat
+file || ||(?m)^could not find any (?:valid )?magic files
+freetype || ||HuaTianSongTi[?]
+ftgl || ||FTGlyphContainer
+gl2ps || ||\(C\) 1999-2009 C\. Geuzaine
+glee || ||Extension name exceeds 1023 characters\.
+glew || ||Missing GL version
+gmp || ||GNU MP: Cannot allocate memory
+heimdal || ||Heimdal (?:NTLMSSP|SPNEGO) Mechanism
+
+# not really an embedded lib but avoid duplication
+ieee-data || ||(?i)(?:standards(?:-oui\.ieee\.org|\.ieee\.org/develop/regauth/oui)/oui\.txt|DR\. B\. STRUCK)
+
+lcms || ||cmsCreateTransform: intent mismatch
+lcms2 || ||Unsupported number of channels for VCGT
+libavcodec ||source-regex=(?:libav|ffmpeg)||insufficient thread locking around avcodec_open/close\(\)\n
+libavdevice ||source-regex=(?:libav|ffmpeg)||Soundcard does not support 16 bit sample format\n
+libavfilter ||source-regex=(?:libav|ffmpeg)||Buffer video frames, and make them accessible to the filterchain\.
+libavformat ||source-regex=(?:libav|ffmpeg)||Format detected only with low score of %d, misdetection possible!\n
+libavutil ||source-regex=(?:libav|ffmpeg)||AVOption type %d of option %s not implemented yet\n
+libgd ||source-regex=libgd2? ||gd-(?:png|jpeg:) error:
+libgadu || ||Gadu-Gadu Client Build
+libgxps || ||Invalid XPS File: cannot open fixedrepresentation
+libidn || ||(?m)^(?:Punycode failed|ISCSIprep$)
+libidn2-0 || ||punycode conversion resulted in overflow
+libjpeg ||source-regex=libjpeg.* ||(?m)^Caution: quantization tables are too coarse for baseline JPEG
+libjsoncpp || ||A valid JSON document must be either an array or an object value\.
+liblivemedia || ||(?:Received incoming RTSP request:|LIVE555 Streaming Media v)
+libm ||source-regex=e?glibc ||neg\*\*non-integral: DOMAIN error
+libmms ||source-regex=(?:libmms|xine-lib)||failed to read new ASF header
+libmng || ||TERM misplaced during creation of MNG stream
+libmsn || ||The MSN server has terminated the connection with an unknown reason code\.
+libminiupnpc||source=miniupnpc||Miniupnpc Invalid Arguments
+libmikmod || ||APUN \(APlayer\) and UNI \(MikMod\)
+libmysqlclient ||source-regex=(?:mysql|mariadb)(?:-\d.*)? ||MySQL client ran out of memory
+libpcap || ||(?:pcap_activate: The "any" device isn\'t supported|corrupted frame on kernel ring mac offset)
+libpng ||source-regex=(?:libpng(?:1\.6)?)||(?m)^(?:Potential overflow in png_zalloc|gamma value does not match libpng estimate)
+libquicktime|| ||quicktime_make_streamable: out of memory
+libraw || ||Unsupported file format or not RAW file
+libpostproc ||source-regex=(?:libav|libpostproc|ffmpeg)||using npp filters 0x%X/0x%X\n
+libsass || ||unknown internal error; please contact the LibSass maintainers
+libssh2 || ||Invalid descriptor passed to libssh2_poll
+libssh || ||Error allocating memory for ssh_scp
+libswscale ||source-regex=(?:libav|ffmpeg)||Exactly one scaler algorithm must be chosen[,\n]
+
+# Trailing whitespace was present when the file was created (see commit: 77fd246)
+libtheora || ||Xiph.Org libtheora\s
+
+libupnp ||source-regex=libupnp\d?||(?m)(?:SSDP_LIB: New Request Handler:Error|^mserv start: Error in IPv4 listen)
+libxml2 || ||root and DTD name do not match
+libyaml || ||(?m)^did not find expected <stream-start>
+libytnef || ||Signature does not match\. Not TNEF\.
+libzstd || ||pathological dataset : literals are not compressible : samples are noisy or too regular
+ltdl ||source=libtool ||(?m)^library already shutdown
+mbedtls || ||(?m)^(?:ASN1 - Actual length differs from expected length|SSL - The connection indicated an EOF)
+mpfr ||source=mpfr4 ||MPFR: Can't allocate memory
+mpg123 || ||Warning: Encountered more data after announced end of track
+ncurses || ||Not enough memory to create terminal structure
+nspr || ||(?m)^Unable to create nspr log file
+nss || ||(?m)^My Encrytion Test Data
+openjpeg ||source-regex=openjpeg2?||(?:tcd_decode: incomplete bit?stream|Cannot handle box of less than 8 bytes)
+openssl ||source-regex=openssl(?:\d+(?:\.\d+)?)?||You need to read the OpenSSL FAQ
+pcre3 || ||this version of PCRE is not compiled with PCRE_UTF8 support
+poppler ||source-regex=(?:poppler|xpdf)||(?:May not be a PDF file \(continuing anyway\)|PDF file is damaged - attempting to reconstruct xref table\.\.\.)
+srtp || ||srtp: in stream 0x%x:
+sqlite ||source-regex=sqlite3? ||CREATE TABLE sqlite_master\(
+taglib || ||One of the size bytes in the id3v2 header was greater than the allowed 128
+t1lib || ||t1lib is copyright \(c\) Rainer Menzner
+tiff ||source-regex=tiff\d* ||No space for PixarLog state block
+tinyxml || ||(?m)^(?:Error when TiXmlDocument added to document|Error null \(0\) or unexpected EOF found in input stream\.)
+yajl || ||context_pop: Bottom of stack reached prematurely
+
+# We exclude version strings starting with "4 " since that's a mark of the
+# Pascal implementation, which is not what this tag is designed to detect.
+# (The "4" is actually the string length (52 characters) in the Pascal
+# counted string format.)
+zlib ||source-regex=(?:zlib|klibc|kfreebsd-kernel-di\w+) ||(?m)(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])
+
diff --git a/data/binaries/hardened-functions b/data/binaries/hardened-functions
new file mode 100644
index 0000000..4b48d0a
--- /dev/null
+++ b/data/binaries/hardened-functions
@@ -0,0 +1,88 @@
+# Set of C functions that have a hardened variant
+#
+# Known functions which are deliberately omitted
+# (due to false positives):
+#
+# memcpy
+# memset
+# memmove
+# wmemcpy
+# wmemmove
+# wmemset
+#
+# The list is manually updated, please keep it
+# sorted by name
+#
+
+asprintf
+confstr
+dprintf
+fdelt
+fgets
+fgets_unlocked
+fgetws
+fgetws_unlocked
+fprintf
+fread
+fread_unlocked
+fwprintf
+getcwd
+getdomainname
+getgroups
+gethostname
+getlogin_r
+gets
+getwd
+longjmp
+mbsnrtowcs
+mbsrtowcs
+mbstowcs
+mempcpy
+obstack_printf
+obstack_vprintf
+poll
+ppoll
+pread64
+pread
+printf
+ptsname_r
+read
+readlink
+readlinkat
+realpath
+recv
+recvfrom
+snprintf
+sprintf
+stpcpy
+stpncpy
+strcat
+strcpy
+strncat
+strncpy
+swprintf
+syslog
+ttyname_r
+vasprintf
+vdprintf
+vfprintf
+vfwprintf
+vprintf
+vsnprintf
+vsprintf
+vswprintf
+vsyslog
+vwprintf
+wcpcpy
+wcpncpy
+wcrtomb
+wcscat
+wcscpy
+wcsncat
+wcsncpy
+wcsnrtombs
+wcsrtombs
+wcstombs
+wctomb
+wmempcpy
+wprintf
diff --git a/data/binaries/lfs-symbols b/data/binaries/lfs-symbols
new file mode 100644
index 0000000..3f1aa1b
--- /dev/null
+++ b/data/binaries/lfs-symbols
@@ -0,0 +1,68 @@
+# Manually maintained list of non-lfs symbols
+#
+# List was found by grepping around in /usr/include on an i386 system
+# with build-essential installed
+#
+# Please keep this sorted by key.
+
+__fxstat
+__fxstatat
+__lxstat
+__xstat
+aio_cancel
+aio_error
+aio_fsync
+aio_read
+aio_return
+aio_suspend
+aio_write
+alphasort
+creat
+fallocate
+fgetpos
+fopen
+freopen
+fseeko
+fsetpos
+fstatfs
+fstatvfs
+ftello
+ftruncate
+fts_open
+fts_read
+fts_children
+fts_set
+fts_close
+ftw
+getdirentries
+getrlimit
+glob
+globfree
+lio_listio
+lockf
+lseek
+mkostemp
+mkostemps
+mkstemp
+mkstemps
+mmap
+nftw
+open
+openat
+posix_fadvise
+posix_fallocate
+pread
+preadv
+prlimit
+pwrite
+pwritev
+readdir
+readdir_r
+scandir
+sendfile
+setrlimit
+statfs
+statvfs
+tmpfile
+truncate
+versionsort
diff --git a/data/binaries/obsolete-crypt-functions b/data/binaries/obsolete-crypt-functions
new file mode 100644
index 0000000..6029f8a
--- /dev/null
+++ b/data/binaries/obsolete-crypt-functions
@@ -0,0 +1,13 @@
+# Set of C functions defined by libcrypt.so.1 that should no longer be
+# used at all, either because they imply use of the obsolete DES
+# encryption algorithm, or because they are alternative, less-portable
+# names for 'crypt'.
+#
+# The list is manually updated, please keep it sorted by name.
+
+encrypt || obsolete-des-encryption
+encrypt_r || obsolete-des-encryption
+setkey || obsolete-des-encryption
+setkey_r || obsolete-des-encryption
+
+fcrypt || obsolete-crypt-alias
diff --git a/data/binaries/spelling-exceptions b/data/binaries/spelling-exceptions
new file mode 100644
index 0000000..18bf33f
--- /dev/null
+++ b/data/binaries/spelling-exceptions
@@ -0,0 +1,14 @@
+# Set of exceptions that should be ignored for spelling-error-in-binary
+
+teH # From #711207
+tEH # From #782902
+tEh # From #782902, too
+ang # The Go stdlib html/ package contains "ang;"
+writeN # The Go stdlib text/tabwriter pkg contains "writeN"
+ot # The Go stdlib runtime/ package contains "ot"
+cymK # The Go runtime contains "cymK" (#888074)
+selectOn # "void ToolBoxWidget::selectOn()" in pencil2d (#895818)
+itialize # From #923725 (carla)
+wIH # From #895841 (osmo-trx)
+wiH
+iIF # binutils/armhf (#939637)