asterisk-20.9.3-alt1.src	specfile-useradd-n	warn	 -n in useradd is compat option and can be removed any time. Use -N instead.; 
asterisk-20.9.3-alt1.x86_64	arch-dep-package-has-big-usr-share	info	The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; 
asterisk-20.9.3-alt1.x86_64	init-lsb	warn	/etc/rc.d/init.d/asterisk: lsb init header missing.  See http://www.altlinux.org/Services_Policy for details.; 
asterisk-20.9.3-alt1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/asterisk/scripts/ast_loggrabber: $ grep -A5 -B5 /tmp/ /usr/share/asterisk/scripts/ast_loggrabber # Timestamp to use for output files df=${tarball_uniqueid:-$(${DATEFORMAT})} # Extract the Python timestamp conver script from the end of this # script and save it to /tmp/.ast_tsconvert.py ss=`egrep -n "^#@@@SCRIPTSTART@@@" $0 |cut -f1 -d:` tail -n +${ss} $0 >/tmp/.ast_tsconvert.py tmpdir=$(mktemp -d) if [ -z "$tmpdir" ] ; then echo "${prog}: Unable to create temporary directory." exit 1 -- destdir="$tmpdir/$tardir/$(dirname $lf)" destfile="$tmpdir/$tardir/$lf" mkdir -p "$destdir" 2>/dev/null || : if [ -n "$LOG_DATEFORMAT" ] ; then echo "Converting $lf" cat "$lf" | python /tmp/.ast_tsconvert.py --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}" else echo "Copying $lf" cp "$lf" "${destfile}" fi done echo "Creating /tmp/$tardir.tar.gz" tar -czvf /tmp/$tardir.tar.gz -C $tmpdir $tardir 2>/dev/null exit # Be careful editing the inline scripts. # They're space-indented. Found error in /usr/sbin/astversion: $ grep -A5 -B5 /tmp/ /usr/sbin/astversion # source directories to search SRC_DIRS=() main() { TMPFILE="/tmp/astversion.$$" sanity_check locate_files "$@" locate_libraries locate_modules -- scan_package_redhat() { PKGNAME="$1" if ! rpm -q $PKGNAME > /tmp/astversion-$PKGNAME-version then rm -f /tmp/astversion-$PKGNAME-version return 2 fi rpm -ql $PKGNAME > /tmp/astversion-$PKGNAME-files rpm -V $PKGNAME > /tmp/astversion-$PKGNAME-verify return 0 } scan_package_debian() { PKGNAME="$1" if ! dpkg -s $PKGNAME > $TMPFILE then rm -f /tmp/astversion-$PKGNAME-version return 2 fi # prefix the version with the package name to mimic rpm echo -n "$PKGNAME " > /tmp/astversion-$PKGNAME-version cat $TMPFILE | fgrep Version |cut -d ' ' -f2 >> /tmp/astversion-$PKGNAME-version dpkg -L $PKGNAME > /tmp/astversion-$PKGNAME-files dpkg -V $PKGNAME > /tmp/astversion-$PKGNAME-verify } package_has_file() { PKGNAME="$1" PKGFILE="$2" if [ ! -f /tmp/astversion-$PKGNAME-version ] then return 1 fi if [ ! -f /tmp/astversion-$PKGNAME-files ] then return 2 fi if ! fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-files >/dev/null then # package doesn't have that file return 3 fi if fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-verify >/dev/null then # file does not match package return 4 fi -- { # search each package and report files that match for PACKAGE in ${PACKAGES[@]} do scan_package_$DISTRO "$PACKAGE" PKGVERSION=$(cat /tmp/astversion-$PKGNAME-version) FOUND=() for FILE in ${FILES[@]} do if package_has_file "$PACKAGE" "$FILE" -- else echo "Matched ${#FOUND[@]} files to package $PKGVERSION" fi fi rm -f /tmp/astversion-$PKGNAME-version rm -f /tmp/astversion-$PKGNAME-files rm -f /tmp/astversion-$PKGNAME-verify done } search_source() {;