diff options
Diffstat (limited to 't/recipes/checks/binaries/obsolete')
10 files changed, 251 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values new file mode 100644 index 0000000..b7493a0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/fill-values @@ -0,0 +1,4 @@ +Skeleton: upload-native +Testname: binaries-obsolete-des +Description: Check detection of obsolete DES functions +Package-Architecture: any diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile new file mode 100644 index 0000000..99409d2 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/Makefile @@ -0,0 +1,52 @@ +# Makefile for the obsolete-des tests. + +# glibc 2.28 and greater try to prevent new programs from being linked +# against the obsolete functions we're testing for. This can be worked +# around, but we have to know the exact "symbol version" associated with +# the obsolete functions, which has to be dug out of libcrypt.so with nm. + +LIBCRYPT_FILE := $(shell $(CC) $(CFLAGS) $(LDFLAGS) -print-file-name=libcrypt.so) + +SYMVER := $(shell nm --dynamic --with-symbol-versions $(LIBCRYPT_FILE) | \ + grep ' setkey@' | cut -d@ -f2) + +# The output of the above nm | grep | cut pipeline will be the empty string +# if it is possible to link programs against 'setkey' without special magic, +# and a nonempty string if special magic is required. All five of the +# functions we are testing were introduced in the same release of glibc and +# disabled for new programs as a group in a single release of glibc, so it +# is only necessary to check how one of them is handled. +ifneq "$(SYMVER)" "" +SYMVER_DEFINE := -DSYMVER=\"$(SYMVER)\" +else +SYMVER_DEFINE := -USYMVER +endif + +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) +CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) $(SYMVER_DEFINE) +LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) + +PROGRAMS := uses-fcrypt uses-encrypt uses-encrypt_r uses-setkey uses-setkey_r +MANPAGES := $(PROGRAMS:=.1) + +all: $(PROGRAMS) $(MANPAGES) + +uses-%: uses-%.o + $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ -lcrypt + +%.1: dummy.pod + sed s/@NAME@/$(@F)/g < $< | \ + pod2man --name $(@F) --section 1 > $@ + +install: all + $(INSTALL) -d $(DESTDIR)/usr/bin + $(INSTALL) -d $(DESTDIR)/usr/share/man/man1 + $(INSTALL) -m 755 $(PROGRAMS) $(DESTDIR)/usr/bin + $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)/usr/share/man/man1 + +clean distclean: + -rm -f *.o $(PROGRAMS) $(MANPAGES) + +check test: + +.PRECIOUS: $(PROGRAMS:=.o) diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod new file mode 100644 index 0000000..224df4a --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/dummy.pod @@ -0,0 +1,11 @@ +=head1 NAME + +@NAME@ -- binary that does something + +=head1 SYNOPSIS + + @NAME@ [options] + +=head1 DESCRIPTION + +@NAME@ does something very useful. diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c new file mode 100644 index 0000000..b6ca062 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt.c @@ -0,0 +1,30 @@ +/* This program uses the obsolete function 'encrypt', which performs + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <unistd.h> +#include <string.h> +#include <stdio.h> + +/* The prototype of 'encrypt' may already have been removed from + unistd.h. */ +extern void encrypt(char block[64], int edflag); + +/* It may already not be possible to link new programs that use + 'encrypt' without special magic. */ +#ifdef SYMVER +__asm__ (".symver encrypt, encrypt@" SYMVER); +#endif + +int +main(void) +{ + char block[64]; + memset(block, 0, sizeof block); + encrypt(block, 0); + for (size_t i = 0; i < sizeof block; i++) { + putchar(block[i] ? '1' : '0'); + } + putchar('\n'); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c new file mode 100644 index 0000000..a382624 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-encrypt_r.c @@ -0,0 +1,33 @@ +/* This program uses the obsolete function 'encrypt_r', which performs + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <crypt.h> +#include <string.h> +#include <stdio.h> + +/* The prototype of 'encrypt_r' may already have been removed from + crypt.h. */ +extern void encrypt_r(char block[64], int edflag, struct crypt_data *data); + +/* It may already not be possible to link new programs that use + 'encrypt_r' without special magic. */ +#ifdef SYMVER +__asm__ (".symver encrypt_r, encrypt_r@" SYMVER); +#endif + +int +main(void) +{ + struct crypt_data data; + char block[64]; + + memset(&data, 0, sizeof data); + memset(block, 0, sizeof block); + encrypt_r(block, 0, &data); + for (size_t i = 0; i < sizeof block; i++) { + putchar(block[i] ? '1' : '0'); + } + putchar('\n'); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c new file mode 100644 index 0000000..d71a837 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-fcrypt.c @@ -0,0 +1,21 @@ +/* This program uses the obsolete function 'fcrypt', + which is an alias for 'crypt'. */ + +#include <crypt.h> +#include <stdio.h> + +/* The prototype may already have been removed from crypt.h. */ +extern char *fcrypt(const char *, const char *); + +/* It may already not be possible to link new programs that use + 'fcrypt' without special magic. */ +#ifdef SYMVER +__asm__ (".symver fcrypt, fcrypt@" SYMVER); +#endif + +int +main(void) +{ + puts(fcrypt("password", "Dn")); + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c new file mode 100644 index 0000000..bdf70b0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey.c @@ -0,0 +1,45 @@ +/* This program uses the obsolete function 'setkey', which sets a key for + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <stdlib.h> +#include <errno.h> +#include <stdio.h> + +/* The prototype of 'setkey' may already have been removed from + stdlib.h. */ +extern void setkey(const char *); + + +/* It may already not be possible to link new programs that use + 'setkey' without special magic. */ +#ifdef SYMVER +__asm__ (".symver setkey, setkey@" SYMVER); +#endif + +/* setkey uses a 1-bit-per-byte representation of a DES key. + Yes, really. */ +const char key[64] = { + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +}; + +int +main(void) +{ + /* The primary effects of calling 'setkey' are only visible by + calling 'encrypt', and we don't want to call 'encrypt' in this + program because we want to make sure Lintian detects programs + that call 'setkey' but not 'encrypt', even though that doesn't + make a whole lot of sense. So we just call it and then check + whether it changed errno, which is the documented way to check + whether it failed. */ + errno = 0; + setkey(key); + if (errno) { + perror("setkey"); + } + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c new file mode 100644 index 0000000..3ad3f35 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/build-spec/orig/uses-setkey_r.c @@ -0,0 +1,48 @@ +/* This program uses the obsolete function 'setkey_r', which sets a key for + DES encryption. */ + +#define _GNU_SOURCE 1 +#include <crypt.h> +#include <errno.h> +#include <stdio.h> +#include <string.h> + +/* The prototype of 'setkey_r' may already have been removed from + crypt.h. */ +extern void setkey_r(const char *, struct crypt_data *); + +/* It may already not be possible to link new programs that use + 'setkey_r' without special magic. */ +#ifdef SYMVER +__asm__ (".symver setkey_r, setkey_r@" SYMVER); +#endif + +/* setkey_r uses a 1-bit-per-byte representation of a DES key. + Yes, really. */ +const char key[64] = { + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, +}; + +int +main(void) +{ + struct crypt_data data; + memset(&data, 0, sizeof data); + + /* The primary effects of calling 'setkey_r' are only visible by + calling 'encrypt_r', and we don't want to call 'encrypt_r' in + this program because we want to make sure Lintian detects + programs that call 'setkey_r' but not 'encrypt_r', even though + that doesn't make a whole lot of sense. So we just call it and + then check whether it changed errno, which is the documented + way to check whether it failed. */ + errno = 0; + setkey_r(key, &data); + if (errno) { + perror("setkey_r"); + } + return 0; +} diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc new file mode 100644 index 0000000..0ceced0 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/desc @@ -0,0 +1,2 @@ +Testname: binaries-obsolete-des +Check: binaries/obsolete/crypt diff --git a/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints new file mode 100644 index 0000000..a49c520 --- /dev/null +++ b/t/recipes/checks/binaries/obsolete/crypt/binaries-obsolete-des/eval/hints @@ -0,0 +1,5 @@ +binaries-obsolete-des (binary): obsolete-des-encryption setkey_r [usr/bin/uses-setkey_r] +binaries-obsolete-des (binary): obsolete-des-encryption setkey [usr/bin/uses-setkey] +binaries-obsolete-des (binary): obsolete-des-encryption encrypt_r [usr/bin/uses-encrypt_r] +binaries-obsolete-des (binary): obsolete-des-encryption encrypt [usr/bin/uses-encrypt] +binaries-obsolete-des (binary): obsolete-crypt-alias fcrypt [usr/bin/uses-fcrypt] |