7 files changed, 367 insertions, 0 deletions
diff --git a/data/binaries/arch-64bit-equivs b/data/binaries/arch-64bit-equivs
new file mode 100644
index 0000000..e349014
--- /dev/null
+++ b/data/binaries/arch-64bit-equivs
@@ -0,0 +1,13 @@
+# Manually maintained table mapping 32bit archs to the 
+# name of their 64bit counter part.
+#
+# Please keep this sorted by "key" (i.e. 32bit arch)
+
+hppa          => hppa64
+i386          => amd64
+kfreebsd-i386 => kfreebsd-amd64
+mips          => mips64
+mipsel        => mipsel64
+powerpc       => ppc64
+s390          => s390x
+sparc         => sparc64
diff --git a/data/binaries/arch-regex b/data/binaries/arch-regex
new file mode 100644
index 0000000..14d1f47
--- /dev/null
+++ b/data/binaries/arch-regex
@@ -0,0 +1,58 @@
+# Manually maintained table of architectures and their "file(1)"
+# signature.  Table based on checks/emdebian's %archdetecttable, as
+# found in emdebian-tools.
+# 
+# syntax:
+#   key ~~regex
+#
+# Note spaces on the right hand side of ~~ are assumed to be a part
+# of the regex.
+#
+# Please keep this sorted based on the arch names.
+
+# Phony architectures used for some special cases, where Lintian just
+# requires the number of "bits" to be correct.
+# 
+32            ~~^ELF 32-bit
+64            ~~^ELF 64-bit
+
+# Regular architectures
+
+# some of the negative assertions require an anchor in the rear
+
+alpha         ~~^ELF 64-bit LSB .* Alpha
+amd64         ~~^ELF 64-bit LSB .* x86-64, .* (?:GNU/Linux|(?!GNU)).*$
+arm           ~~^ELF 32-bit LSB .* ARM, version \d,
+arm64         ~~^ELF 64-bit LSB .* ARM aarch64,
+armeb         ~~^ELF 32-bit MSB .* ARM
+armel         ~~^ELF 32-bit LSB .* ARM, .* [(](?:SYSV|GNU/Linux)[)]
+armhf         ~~^ELF 32-bit LSB .* ARM, .* [(](?:SYSV|GNU/Linux)[)]
+#avr32        ~~^ELF 32-bit MSB .* [(]SYSV[)]
+hppa          ~~^ELF 32-bit MSB .* PA-RISC
+hppa64        ~~^ELF 64-bit MSB .* PA-RISC
+hurd-i386     ~~^ELF 32-bit LSB .* Intel 80386, .* (?:GNU/Hurd|(?!GNU)).*$
+i386          ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/Linux|(?!GNU)).*$
+ia64          ~~^ELF 64-bit LSB .* IA-64
+kfreebsd-amd64~~^ELF 64-bit LSB .* x86-64, .* (?:GNU/kFreeBSD|(?!GNU)).*$
+kfreebsd-i386 ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/kFreeBSD|(?!GNU)).*$
+loong64       ~~^ELF 64-bit LSB .* LoongArch
+lpia          ~~^ELF 32-bit LSB .* 80386, .* (?:GNU/Linux|(?!GNU)).*$
+m32r          ~~^ELF 32-bit MSB .* M32R
+m68k          ~~^ELF 32-bit MSB .* 680[02]0
+mips          ~~^ELF 32-bit MSB .* MIPS
+mipsel        ~~^ELF 32-bit LSB .* MIPS
+#mipsn32      ~~^ELF 32-bit LSB .* MIPS.* N32
+mips64        ~~^ELF 64-bit MSB .* MIPS
+mips64el      ~~^ELF 64-bit LSB .* MIPS
+powerpc       ~~^ELF 32-bit MSB .* PowerPC
+powerpcspe    ~~^ELF 32-bit MSB .* PowerPC .* cisco 4500
+ppc64         ~~^ELF 64-bit MSB .* PowerPC
+ppc64el       ~~^ELF 64-bit LSB .* PowerPC
+riscv64       ~~^ELF 64-bit LSB .* RISC-V
+s390          ~~^ELF 32-bit MSB .* S.390
+s390x         ~~^ELF 64-bit MSB .* S.390
+sh4           ~~^ELF 32-bit LSB .* Renesas SH
+sparc         ~~^ELF 32-bit MSB .* SPARC
+#sparcv9b     ~~^ELF 32-bit MSB .* SPARC.* V8[+]
+sparc64       ~~^ELF 64-bit MSB .* SPARC
+x32           ~~^ELF 32-bit LSB .* x86-64
diff --git a/data/binaries/embedded-libs b/data/binaries/embedded-libs
new file mode 100644
index 0000000..1baf48a
--- /dev/null
+++ b/data/binaries/embedded-libs
@@ -0,0 +1,113 @@
+# Manually maintained table of embedded libraries.
+#
+# Basic syntax:
+#   key || [options] || <regex>
+#
+# Where [options] is space separated list of:
+#
+#  source=<src>
+#     - If present, it declares that this library is built from the
+#       source package <src>
+#     - If both "source" and "source-regex" are omitted, then
+#       Lintian will default to using "source" with a value equal
+#       to the key.
+#     - Cannot be used with "source-regex"
+#
+#  source-regex=<srcregex>
+#     - If present, it declares that this library is built from (or
+#       expected in binaries built from) any source package whose
+#       name matches <srcregex>.
+#     - Cannot be used with "source"
+#
+#  libname=<name>
+#     - Declares the "name" of the library.
+#     - If omitted, the key will be used.
+#
+# Note: Avoid unintended leading and trailing whitespace in <regex>
+# as Lintian will assume such whitespace is a part of the regex.
+# If possible, consider using \s or [ ] to mark intended trailing
+# whitespace.
+#
+# Please keep it sorted by key.
+#
+
+bzip2     || ||(?m)^This is a bug in bzip2
+curl      || ||A libcurl function was given a bad argument
+expat     || ||(?m)^requested feature requires XML_DTD support in Expat
+file      || ||(?m)^could not find any (?:valid )?magic files
+freetype  || ||HuaTianSongTi[?]
+ftgl      || ||FTGlyphContainer
+gl2ps     || ||\(C\) 1999-2009 C\. Geuzaine
+glee      || ||Extension name exceeds 1023 characters\.
+glew      || ||Missing GL version
+gmp       || ||GNU MP: Cannot allocate memory
+heimdal   || ||Heimdal (?:NTLMSSP|SPNEGO) Mechanism
+
+# not really an embedded lib but avoid duplication
+ieee-data || ||(?i)(?:standards(?:-oui\.ieee\.org|\.ieee\.org/develop/regauth/oui)/oui\.txt|DR\. B\. STRUCK)
+
+lcms      || ||cmsCreateTransform: intent mismatch
+lcms2     || ||Unsupported number of channels for VCGT
+libavcodec  ||source-regex=(?:libav|ffmpeg)||insufficient thread locking around avcodec_open/close\(\)\n
+libavdevice ||source-regex=(?:libav|ffmpeg)||Soundcard does not support 16 bit sample format\n
+libavfilter ||source-regex=(?:libav|ffmpeg)||Buffer video frames, and make them accessible to the filterchain\.
+libavformat ||source-regex=(?:libav|ffmpeg)||Format detected only with low score of %d, misdetection possible!\n
+libavutil   ||source-regex=(?:libav|ffmpeg)||AVOption type %d of option %s not implemented yet\n
+libgd     ||source-regex=libgd2? ||gd-(?:png|jpeg:) error:
+libgadu     || ||Gadu-Gadu Client Build
+libgxps     || ||Invalid XPS File: cannot open fixedrepresentation
+libidn      || ||(?m)^(?:Punycode failed|ISCSIprep$)
+libidn2-0   || ||punycode conversion resulted in overflow
+libjpeg   ||source-regex=libjpeg.* ||(?m)^Caution: quantization tables are too coarse for baseline JPEG
+libjsoncpp   || ||A valid JSON document must be either an array or an object value\.
+liblivemedia || ||(?:Received incoming RTSP request:|LIVE555 Streaming Media v)
+libm      ||source-regex=e?glibc ||neg\*\*non-integral: DOMAIN error
+libmms    ||source-regex=(?:libmms|xine-lib)||failed to read new ASF header
+libmng    || ||TERM misplaced during creation of MNG stream
+libmsn    || ||The MSN server has terminated the connection with an unknown reason code\.
+libminiupnpc||source=miniupnpc||Miniupnpc Invalid Arguments
+libmikmod || ||APUN \(APlayer\) and UNI \(MikMod\)
+libmysqlclient ||source-regex=(?:mysql|mariadb)(?:-\d.*)? ||MySQL client ran out of memory
+libpcap   || ||(?:pcap_activate: The "any" device isn\'t supported|corrupted frame on kernel ring mac offset)
+libpng    ||source-regex=(?:libpng(?:1\.6)?)||(?m)^(?:Potential overflow in png_zalloc|gamma value does not match libpng estimate)
+libquicktime|| ||quicktime_make_streamable: out of memory
+libraw    || ||Unsupported file format or not RAW file
+libpostproc ||source-regex=(?:libav|libpostproc|ffmpeg)||using npp filters 0x%X/0x%X\n
+libsass     || ||unknown internal error; please contact the LibSass maintainers
+libssh2     || ||Invalid descriptor passed to libssh2_poll
+libssh      || ||Error allocating memory for ssh_scp
+libswscale  ||source-regex=(?:libav|ffmpeg)||Exactly one scaler algorithm must be chosen[,\n]
+
+# Trailing whitespace was present when the file was created (see commit: 77fd246)
+libtheora || ||Xiph.Org libtheora\s
+
+libupnp   ||source-regex=libupnp\d?||(?m)(?:SSDP_LIB: New Request Handler:Error|^mserv start: Error in IPv4 listen)
+libxml2   || ||root and DTD name do not match
+libyaml   || ||(?m)^did not find expected <stream-start>
+libytnef  || ||Signature does not match\. Not TNEF\.
+libzstd   || ||pathological dataset : literals are not compressible : samples are noisy or too regular
+ltdl      ||source=libtool ||(?m)^library already shutdown
+mbedtls   || ||(?m)^(?:ASN1 - Actual length differs from expected length|SSL - The connection indicated an EOF)
+mpfr      ||source=mpfr4 ||MPFR: Can't allocate memory
+mpg123    || ||Warning: Encountered more data after announced end of track
+ncurses   || ||Not enough memory to create terminal structure
+nspr      || ||(?m)^Unable to create nspr log file
+nss       || ||(?m)^My Encrytion Test Data
+openjpeg  ||source-regex=openjpeg2?||(?:tcd_decode: incomplete bit?stream|Cannot handle box of less than 8 bytes)
+openssl   ||source-regex=openssl(?:\d+(?:\.\d+)?)?||You need to read the OpenSSL FAQ
+pcre3     || ||this version of PCRE is not compiled with PCRE_UTF8 support
+poppler   ||source-regex=(?:poppler|xpdf)||(?:May not be a PDF file \(continuing anyway\)|PDF file is damaged - attempting to reconstruct xref table\.\.\.)
+srtp      || ||srtp: in stream 0x%x:
+sqlite    ||source-regex=sqlite3? ||CREATE TABLE sqlite_master\(
+taglib    || ||One of the size bytes in the id3v2 header was greater than the allowed 128
+t1lib     || ||t1lib is copyright \(c\) Rainer Menzner
+tiff      ||source-regex=tiff\d* ||No space for PixarLog state block
+tinyxml   || ||(?m)^(?:Error when TiXmlDocument added to document|Error null \(0\) or unexpected EOF found in input stream\.)
+yajl      || ||context_pop: Bottom of stack reached prematurely
+
+# We exclude version strings starting with "4 " since that's a mark of the
+# Pascal implementation, which is not what this tag is designed to detect.
+# (The "4" is actually the string length (52 characters) in the Pascal
+# counted string format.)
+zlib      ||source-regex=(?:zlib|klibc|kfreebsd-kernel-di\w+) ||(?m)(?<!4 )(?:in|de)flate (?:\d[ \w.\-]{1,20}[\w.\-])
+
diff --git a/data/binaries/hardened-functions b/data/binaries/hardened-functions
new file mode 100644
index 0000000..4b48d0a
--- /dev/null
+++ b/data/binaries/hardened-functions
@@ -0,0 +1,88 @@
+# Set of C functions that have a hardened variant
+#
+# Known functions which are deliberately omitted
+# (due to false positives):
+#
+#    memcpy
+#    memset
+#    memmove
+#    wmemcpy
+#    wmemmove
+#    wmemset
+#
+# The list is manually updated, please keep it
+# sorted by name
+#
+
+asprintf
+confstr
+dprintf
+fdelt
+fgets
+fgets_unlocked
+fgetws
+fgetws_unlocked
+fprintf
+fread
+fread_unlocked
+fwprintf
+getcwd
+getdomainname
+getgroups
+gethostname
+getlogin_r
+gets
+getwd
+longjmp
+mbsnrtowcs
+mbsrtowcs
+mbstowcs
+mempcpy
+obstack_printf
+obstack_vprintf
+poll
+ppoll
+pread64
+pread
+printf
+ptsname_r
+read
+readlink
+readlinkat
+realpath
+recv
+recvfrom
+snprintf
+sprintf
+stpcpy
+stpncpy
+strcat
+strcpy
+strncat
+strncpy
+swprintf
+syslog
+ttyname_r
+vasprintf
+vdprintf
+vfprintf
+vfwprintf
+vprintf
+vsnprintf
+vsprintf
+vswprintf
+vsyslog
+vwprintf
+wcpcpy
+wcpncpy
+wcrtomb
+wcscat
+wcscpy
+wcsncat
+wcsncpy
+wcsnrtombs
+wcsrtombs
+wcstombs
+wctomb
+wmempcpy
+wprintf
diff --git a/data/binaries/lfs-symbols b/data/binaries/lfs-symbols
new file mode 100644
index 0000000..3f1aa1b
--- /dev/null
+++ b/data/binaries/lfs-symbols
@@ -0,0 +1,68 @@
+# Manually maintained list of non-lfs symbols
+#
+# List was found by grepping around in /usr/include on an i386 system
+# with build-essential installed
+#
+# Please keep this sorted by key.
+
+__fxstat
+__fxstatat
+__lxstat
+__xstat
+aio_cancel
+aio_error
+aio_fsync
+aio_read
+aio_return
+aio_suspend
+aio_write
+alphasort
+creat
+fallocate
+fgetpos
+fopen
+freopen
+fseeko
+fsetpos
+fstatfs
+fstatvfs
+ftello
+ftruncate
+fts_open
+fts_read
+fts_children
+fts_set
+fts_close
+ftw
+getdirentries
+getrlimit
+glob
+globfree
+lio_listio
+lockf
+lseek
+mkostemp
+mkostemps
+mkstemp
+mkstemps
+mmap
+nftw
+open
+openat
+posix_fadvise
+posix_fallocate
+pread
+preadv
+prlimit
+pwrite
+pwritev
+readdir
+readdir_r
+scandir
+sendfile
+setrlimit
+statfs
+statvfs
+tmpfile
+truncate
+versionsort
diff --git a/data/binaries/obsolete-crypt-functions b/data/binaries/obsolete-crypt-functions
new file mode 100644
index 0000000..6029f8a
--- /dev/null
+++ b/data/binaries/obsolete-crypt-functions
@@ -0,0 +1,13 @@
+# Set of C functions defined by libcrypt.so.1 that should no longer be
+# used at all, either because they imply use of the obsolete DES
+# encryption algorithm, or because they are alternative, less-portable
+# names for 'crypt'.
+#
+# The list is manually updated, please keep it sorted by name.
+
+encrypt    || obsolete-des-encryption
+encrypt_r  || obsolete-des-encryption
+setkey     || obsolete-des-encryption
+setkey_r   || obsolete-des-encryption
+
+fcrypt     || obsolete-crypt-alias
diff --git a/data/binaries/spelling-exceptions b/data/binaries/spelling-exceptions
new file mode 100644
index 0000000..18bf33f
--- /dev/null
+++ b/data/binaries/spelling-exceptions
@@ -0,0 +1,14 @@
+# Set of exceptions that should be ignored for spelling-error-in-binary
+
+teH	# From #711207
+tEH	# From #782902
+tEh	# From #782902, too
+ang	# The Go stdlib html/ package contains "ang;"
+writeN	# The Go stdlib text/tabwriter pkg contains "writeN"
+ot	# The Go stdlib runtime/ package contains "ot"
+cymK	# The Go runtime contains "cymK" (#888074)
+selectOn	# "void ToolBoxWidget::selectOn()" in pencil2d (#895818)
+itialize	# From #923725 (carla)
+wIH	# From #895841 (osmo-trx)
+wiH
+iIF	# binutils/armhf (#939637)