Merge remote-tracking branch 'origin/master' into insecure_audit

5 files changed, 119 insertions, 16 deletions

diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index fffe14b47..af1e4a71b 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -169,6 +169,33 @@ class FormulaAuditor
     @specs = %w[stable devel head].map { |s| formula.send(s) }.compact
   end
 
+  def url_status_code(url, range: false, user_agent: :default)
+    # The system Curl is too old and unreliable with HTTPS homepages on
+    # Yosemite and below.
+    return "200" unless DevelopmentTools.curl_handles_most_https_homepages?
+
+    extra_args = [
+      "--connect-timeout", "15",
+      "--output", "/dev/null",
+      "--write-out", "%{http_code}"
+    ]
+    extra_args << "--range" << "0-0" if range
+    extra_args << url
+
+    args = curl_args(
+      extra_args: extra_args,
+      show_output: true,
+      user_agent: user_agent
+    )
+    retries = 3
+    status_code = nil
+    retries.times do
+      status_code = Open3.popen3(*args) { |_, stdout, _, _| stdout.read }
+      break if status_code.start_with? "20"
+    end
+    status_code
+  end
+
   def audit_style
     return unless @style_offenses
     display_cop_names = ARGV.include?("--display-cop-names")
@@ -432,6 +459,14 @@ class FormulaAuditor
   end
 
   def audit_conflicts
+    if formula.conflicts.any? && formula.versioned_formula?
+      problem <<-EOS
+        Versioned formulae should not use `conflicts_with`.
+        Use `keg_only :versioned_formula` instead.
+      EOS
+      return
+    end
+
     formula.conflicts.each do |c|
       begin
         Formulary.factory(c.name)
@@ -454,6 +489,10 @@ class FormulaAuditor
 
       next unless @strict
 
+      if o.name == "universal" && !Formula["wine"].recursive_dependencies.map(&:name).include?(formula.name)
+        problem "macOS has been 64-bit only since 10.6 so universal options are deprecated."
+      end
+
       if o.name !~ /with(out)?-/ && o.name != "c++11" && o.name != "universal"
         problem "Options should begin with with/without. Migrate '--#{o.name}' with `deprecated_option`."
       end
@@ -466,7 +505,7 @@ class FormulaAuditor
 
     return unless @new_formula
     return if formula.deprecated_options.empty?
-    return if formula.name.include?("@")
+    return if formula.versioned_formula?
     problem "New formulae should not use `deprecated_option`."
   end
 
@@ -569,11 +608,10 @@ class FormulaAuditor
     end
 
     return unless @online
-    begin
-      nostdout { curl "--connect-timeout", "15", "-o", "/dev/null", homepage }
-    rescue ErrorDuringExecution
-      problem "The homepage is not reachable (curl exit code #{$?.exitstatus})"
-    end
+
+    status_code = url_status_code(homepage, user_agent: :browser)
+    return if status_code.start_with? "20"
+    problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})"
   end
 
   def audit_bottle_spec
@@ -652,11 +690,47 @@ class FormulaAuditor
       end
     end
 
+    unstable_whitelist = %w[
+      aalib 1.4rc5
+      automysqlbackup 3.0-rc6
+      aview 1.3.0rc1
+      distcc 3.2rc1
+      elm-format 0.5.2-alpha
+      ftgl 2.1.3-rc5
+      hidapi 0.8.0-rc1
+      libcaca 0.99b19
+      premake 4.4-beta5
+      pwnat 0.3-beta
+      pxz 4.999.9
+      recode 3.7-beta2
+      speexdsp 1.2rc3
+      sqoop 1.4.6
+      tcptraceroute 1.5beta7
+      testssl 2.8rc3
+      tiny-fugue 5.0b8
+      vbindiff 3.0_beta4
+    ].each_slice(2).to_a.map do |formula, version|
+      [formula, version.sub(/\d+$/, "")]
+    end
+
+    gnome_devel_whitelist = %w[
+      gtk-doc 1.25
+      libart 2.3.21
+      pygtkglext 1.1.0
+    ].each_slice(2).to_a.map do |formula, version|
+      [formula, version.split(".")[0..1].join(".")]
+    end
+
     stable = formula.stable
     case stable && stable.url
     when /[\d\._-](alpha|beta|rc\d)/
-      problem "Stable version URLs should not contain #{$1}"
+      matched = $1
+      version_prefix = stable.version.to_s.sub(/\d+$/, "")
+      return if unstable_whitelist.include?([formula.name, version_prefix])
+      problem "Stable version URLs should not contain #{matched}"
     when %r{download\.gnome\.org/sources}, %r{ftp\.gnome\.org/pub/GNOME/sources}i
+      version_prefix = stable.version.to_s.split(".")[0..1].join(".")
+      return if gnome_devel_whitelist.include?([formula.name, version_prefix])
       version = Version.parse(stable.url)
       if version >= Version.create("1.0")
         minor_version = version.to_s.split(".", 3)[1].to_i
@@ -789,6 +863,15 @@ class FormulaAuditor
       problem "Please set plist_options when using a formula-defined plist."
     end
 
+    if text =~ /depends_on\s+['"]openssl['"]/ && text =~ /depends_on\s+['"]libressl['"]/
+      problem "Formulae should not depend on both OpenSSL and LibreSSL (even optionally)."
+    end
+
+    if text =~ /virtualenv_(create|install_with_resources)/ &&
+       text =~ /resource\s+['"]setuptools['"]\s+do/
+      problem "Formulae using virtualenvs do not need a `setuptools` resource."
+    end
+
     return unless text.include?('require "language/go"') && !text.include?("go_resource")
     problem "require \"language/go\" is unnecessary unless using `go_resource`s"
   end
@@ -1018,6 +1101,8 @@ class FormulaAuditor
 
     return unless @strict
 
+    problem "`#{$1}` in formulae is deprecated" if line =~ /(env :(std|userpaths))/
+
     if line =~ /system ((["'])[^"' ]*(?:\s[^"' ]*)+\2)/
       bad_system = $1
       unless %w[| < > & ; *].any? { |c| bad_system.include? c }
diff --git a/Library/Homebrew/dev-cmd/bottle.rb b/Library/Homebrew/dev-cmd/bottle.rb
index 9618cf412..7367e5c37 100644
--- a/Library/Homebrew/dev-cmd/bottle.rb
+++ b/Library/Homebrew/dev-cmd/bottle.rb
@@ -435,6 +435,7 @@ module Homebrew
             else
               string = s.sub!(
                 /(
+                  (\ {2}\#[^\n]*\n)*                                             # comments
                   \ {2}(                                                         # two spaces at the beginning
                     (url|head)\ ['"][\S\ ]+['"]                                  # url or head with a string
                     (
@@ -442,7 +443,7 @@ module Homebrew
                       (\n^\ {3}[\S\ ]+$)*                                        # options can be in multiple lines
                     )?|
                     (homepage|desc|sha1|sha256|version|mirror)\ ['"][\S\ ]+['"]| # specs with a string
-                    rebuild\ \d+                                                 # rebuild with a number
+                    revision\ \d+                                                # revision with a number
                   )\n+                                                           # multiple empty lines
                  )+
                /mx, '\0' + output + "\n"
diff --git a/Library/Homebrew/dev-cmd/bump-formula-pr.rb b/Library/Homebrew/dev-cmd/bump-formula-pr.rb
index b1f851b8d..68bf32d0b 100644
--- a/Library/Homebrew/dev-cmd/bump-formula-pr.rb
+++ b/Library/Homebrew/dev-cmd/bump-formula-pr.rb
@@ -124,6 +124,8 @@ module Homebrew
       false
     elsif !hash_type
       odie "#{formula}: no tag/revision specified!"
+    elsif !new_url
+      odie "#{formula}: no url specified!"
     else
       rsrc_url = if requested_spec != :devel && new_url =~ /.*ftpmirror.gnu.*/
         new_mirror = new_url.sub "ftpmirror.gnu.org", "ftp.gnu.org/gnu"
@@ -156,7 +158,9 @@ module Homebrew
       replacement_pairs << [/^  revision \d+\n(\n(  head "))?/m, "\\2"]
     end
 
-    replacement_pairs << [/(^  mirror .*\n)?/, ""] if requested_spec == :stable
+    replacement_pairs += formula_spec.mirrors.map do |mirror|
+      [/ +mirror \"#{mirror}\"\n/m, ""]
+    end
 
     replacement_pairs += if new_url_hash
       [
diff --git a/Library/Homebrew/dev-cmd/create.rb b/Library/Homebrew/dev-cmd/create.rb
index f684f95f6..b4cda0fad 100644
--- a/Library/Homebrew/dev-cmd/create.rb
+++ b/Library/Homebrew/dev-cmd/create.rb
@@ -1,4 +1,4 @@
-#:  * `create` <URL> [`--autotools`|`--cmake`] [`--no-fetch`] [`--set-name` <name>] [`--set-version` <version>] [`--tap` <user>`/`<repo>]:
+#:  * `create` <URL> [`--autotools`|`--cmake`|`--meson`] [`--no-fetch`] [`--set-name` <name>] [`--set-version` <version>] [`--tap` <user>`/`<repo>]:
 #:    Generate a formula for the downloadable file at <URL> and open it in the editor.
 #:    Homebrew will attempt to automatically derive the formula name
 #:    and version, but if it fails, you'll have to make your own template. The `wget`
@@ -8,6 +8,7 @@
 #:
 #:    If `--autotools` is passed, create a basic template for an Autotools-style build.
 #:    If `--cmake` is passed, create a basic template for a CMake-style build.
+#:    If `--meson` is passed, create a basic template for a Meson-style build.
 #:
 #:    If `--no-fetch` is passed, Homebrew will not download <URL> to the cache and
 #:    will thus not add the SHA256 to the formula for you.
@@ -59,6 +60,8 @@ module Homebrew
       :cmake
     elsif ARGV.include? "--autotools"
       :autotools
+    elsif ARGV.include? "--meson"
+      :meson
     end
 
     if fc.name.nil? || fc.name.strip.empty?
@@ -139,12 +142,10 @@ class FormulaCreator
   def generate!
     raise "#{path} already exists" if path.exist?
 
-    if version.nil?
+    if version.nil? || version.null?
       opoo "Version cannot be determined from URL."
       puts "You'll need to add an explicit 'version' to the formula."
-    end
-
-    if fetch? && version
+    elsif fetch?
       r = Resource.new
       r.url(url)
       r.version(version)
@@ -156,7 +157,7 @@ class FormulaCreator
   end
 
   def template; <<-EOS.undent
-    # Documentation: https://github.com/Homebrew/brew/blob/master/docs/Formula-Cookbook.md
+    # Documentation: http://docs.brew.sh/Formula-Cookbook.html
     #                http://www.rubydoc.info/github/Homebrew/brew/master/Formula
     # PLEASE REMOVE ALL GENERATED COMMENTS BEFORE SUBMITTING YOUR PULL REQUEST!
 
@@ -175,10 +176,12 @@ class FormulaCreator
 
     <% if mode == :cmake %>
       depends_on "cmake" => :build
+    <% elsif mode == :meson %>
+      depends_on "meson" => :build
+      depends_on "ninja" => :build
     <% elsif mode.nil? %>
       # depends_on "cmake" => :build
     <% end %>
-      depends_on :x11 # if your formula requires any X11/XQuartz components
 
       def install
         # ENV.deparallelize  # if your formula fails when building in parallel
@@ -191,6 +194,13 @@ class FormulaCreator
                               "--disable-dependency-tracking",
                               "--disable-silent-rules",
                               "--prefix=\#{prefix}"
+    <% elsif mode == :meson %>
+        mkdir "build" do
+          system "meson", "--prefix=\#{prefix}", ".."
+          system "ninja"
+          system "ninja", "test"
+          system "ninja", "install"
+        end
     <% else %>
         # Remove unrecognized options if warned by configure
         system "./configure", "--disable-debug",
@@ -199,7 +209,9 @@ class FormulaCreator
                               "--prefix=\#{prefix}"
         # system "cmake", ".", *std_cmake_args
     <% end %>
+    <% if mode != :meson %>
         system "make", "install" # if this fails, try separate make/make install steps
+    <% end %>
       end
 
       test do
diff --git a/Library/Homebrew/dev-cmd/tests.rb b/Library/Homebrew/dev-cmd/tests.rb
index b4f3c2d40..05bdda8d2 100644
--- a/Library/Homebrew/dev-cmd/tests.rb
+++ b/Library/Homebrew/dev-cmd/tests.rb
@@ -34,6 +34,7 @@ module Homebrew
       %w[AUTHOR COMMITTER].each do |role|
         ENV["GIT_#{role}_NAME"] = "brew tests"
         ENV["GIT_#{role}_EMAIL"] = "brew-tests@localhost"
+        ENV["GIT_#{role}_DATE"]  = "Sun Jan 22 19:59:13 2017 +0000"
       end
 
       Homebrew.install_gem_setup_path! "bundler"