Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 30 May 2013 20:11:59 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.13~bpo70+1 Distribution: wheezy-backports Urgency: medium Maintainer: Debian Lintian Maintainers <[email protected]> Changed-By: Luca Falavigna <[email protected]> Description: lintian - Debian package checker Closes: 359059 591812 615516 623265 652380 652595 658474 659335 660655 668437 670092 670963 672273 673073 677874 677890 678639 678857 678896 680391 681061 681410 681769 681894 683224 683516 683737 685299 685497 686179 686352 687464 688320 688494 690014 690910 691489 692232 692548 692616 693013 693442 693589 693918 694328 695839 695866 695967 696230 696960 697164 697534 697693 697916 698234 698602 698610 698704 698720 699452 699628 699670 700110 700543 700882 701061 703490 703978 703985 703989 704446 705170 705175 705197 705441 705835 706166 706241 706242 706827 707400 707742 708178 708755 708881 708943 708957 709041 709121 709379 709415 709455 709615 709886 710086 Changes: lintian (2.5.13~bpo70+1) wheezy-backports; urgency=low . * Rebuild for wheezy-backports. . lintian (2.5.13) unstable; urgency=low . Upload to unstable. . * Summary of tag changes: + Added: - conffile-is-not-in-package - debconf-translation-using-general-list - dh_pysupport-is-obsolete - init.d-script-call-internal-API + Removed: - debhelper-maintscript-needs-versioned-build-depends - debhelper-script-needs-versioned-build-depends - missing-pre-dependency-on-multiarch-support . * checks/*: + [NT] Use Lintian::Path objects as arguments to unpacked and control where these objects are available. * checks/binaries: + [RA] Do not complain about kernel modules with no shared library dependency information. Patch from Guillem Jover. (Closes: #706242) + [NT] Demote the certainty of hardening-no-fortify-functions to "wild-guess". (Closes: #709415) * checks/changes: + [NT] Recognise "<dist>-backports-sloppy" as a valid distribution. Thanks to Romain Francoise for the report and the patch. (Closes: #705170) * checks/conffiles: + [NT] Strip whitespace from conffiles similar to how dpkg does it. + [NT] When emitting duplicate-conffile, avoid repeating other tags related to that conffile. The exception to this is relative-conffile where the original file might not have triggered that tag. + [NT] Test that all paths listed in the "conffiles" control file is actually in the package being tested. * checks/cruft{,.desc}: + [JW] Correct the name of the architecture listed in description of the tag outdated-autotools-helper-file. (Closes: #706166) + [NT] Flag all absolute symlinks in source packages as "unsafe". (Closes: #697164) + [NT] Fix false-positive source-contains-unsafe-symlink for symlinks ascending one or more levels without escaping the package root. Thanks to Michael Schutte for the report and the patch. (Closes: #707742) + [NT] Add a series of patches from Bastien Roucariès to reduce the number of false positives and negatives in the GDFL related checks. (Closes: #708957, #708881, #709379, #709886) * checks/debhelper{,.desc}: + [NT] Retire some tags that are no longer relevant in the Jessie development cycle. + [NT] Apply patch from Luca Falavigna to detect uses of the deprecated tool, dh_pysupport. (Closes: #709615) * checks/description: + [NT] Skip extended-description-is-probably-too-short for -dbg packages. Thanks to Paul Wise for the suggestion. (Closes: #705441) * checks/fields.desc: + [NT] Clarify that the "canonical URI" for Vcs fields is based on an announcement from the Alioth admins. Thanks to Torquil Sørensen for the report. (Closes: #705835) + [NT] Clarify in the tag description of some tags related to "Vcs-*" fields that the tags are based on a data list (and is not a result of a HTTP request while checking the package). * checks/files{,.desc}: + [JW,NT] Drop missing-pre-dependency-on-multiarch-support now that multiarch-support is in stable. (Closes: #709121) + [JW] Fix typo in a tag description. (Closes: #709455) + [NT] Change the "ancient-file" cut-off date to 1975 from 1984. Thanks to Ole Streicher and Ansgar Burchardt for the report. (Closes: #710086) * checks/group-checks.desc: + [NT] Add missing semi-colon in tag description. Thanks to Andrey Rahmatullin for the report. (Closes: #706827) * checks/init.d{,.desc}: + [NT] Add missing import of utility function that could cause Lintian to crash in some cases. + [NT] Add check for uses of /lib/init in maintainer scripts. Thanks to Josh Triplett for the report and to Bastien Roucariès for the patch. (Closes: #670092) * checks/menu-format: + [NT] Fix use of uninitialized variable when menu file uses a section of "/". (Closes: #708755) * checks/po-debconf{,.desc}: + [NT] Remove tests for commands that are provided by Lintian's dependencies. + [RA] Add new check for a Language-Team field in a translation pointing to the debian-i18n mailing list. Based on work by victory. (Closes: #705197) * checks/rules: + [NT] Remove check for "dpkg-dev (>= 1.16.1~)" build-dependency, since this is trivially satisfied in Wheezy and Jessie. . * collection/*-helper: + [NT] Move all collection helpers to helpers/coll. * collection/debfiles: + [NT] Replace makeshift "is_ancestor_of" check with the one from L::Util. * collection/java-info: + [NT] Update a regex to cope with file(1) now calling JAR files for "Java Jar file" rather than "Zip archive". (Closes: #707400) . * data/changes-file/known-dists: + [NT] Add jessie and remove lenny. * data/debhelper/dh_{addons,commands}-manual: + [NT] Remove entries/versions that are no longer relevant. * data/fields/perl-provides: + [NT] Refresh against sid. (Closes: #708178) * data/spelling/corrections: + [NT] Add correction for unnecessarily. Thanks to Guillem Jover for the suggestion. (Closes: #706241) . * debian/control: + [NT] Remove irrelevant (versioned) dependencies that are now trivially satisfied in stable. + [NT] Recommend libautodie-perl (>= 2.18) and libperlio-gzip-perl as these can greatly effect performance of Lintian. * debian/lintian.install: + [NT] Install "helpers" as /usr/share/lintian/helpers * debian/{postinst,prerm}: + [NT] Remove unused maintainer scripts now that stable's libc-bin provides a C.UTF-8. * debian/triggers: + [NT] Remove unused trigger now that stable's libc-bin provides a C.UTF-8. . * doc/tutorial/**/*.pod: + [NT] Fix a number of spelling mistakes in the POD. * doc/tutorial/Lintian/Tutorial/WritingChecks.pod: + [NT] Add a section about how to avoid some common ways of introducing security issues. . * frontend/lintian: + [NT] Ignore LINTIAN_ROOT/locale and /var/lib/lintian/locale. + [NT] Export LINTIAN_INCLUDE_DIRS and LINTIAN_HELPERS_DIR to subprocesses. These are ":"-separated lists of dirs used by Lintian. The first being a list of raw include dirs and the second being a list of helpers dirs in these include dirs. + [NT] Fix a bug where the exit code from lintian would sometimes be an undocumented value (>= 3). . * helpers/coll: + [NT] New directory containing some helpers that used to be in directly collection. . * lib/*: + [NT] Fix a number of spelling mistakes in the POD. * lib/Lintian/Collect/{Package,Binary}.pm: + [NT] Accept Lintian::Path objects to unpacked and control. * lib/Lintian/Collect/Source.pm: + [NT] Provide a "source" specific is_non_free method that reads the "Section"-field from d/control instead of the .dsc. This fixes false-positives "problematic licenses" for non-free packages. Thanks to Bastien Roucariès for the report. (Closes: #709041) * lib/Lintian/Path.pm: + [NT] Rename link_resolved to link_normalized. * lib/Lintian/Unpacker.pm: + [NT] On platform that support it, change the "name" of the process running the collection. This makes it easier to see what collections are currently being run (like in the versions prior to 2.5.12). For platforms, where it is not possible to change the name of a running process, the unpack jobs will simply be named "lintian" like its parent. * lib/Lintian/Util.pm: + [NT] Fix a race condition in touch_file. + [NT] Add sanity check in perm2oct for bad permission strings and throw errors when they are seen (instead of returning 0). + [NT] Require that the input file is present for read_dpkg_control and get_deb_control. + [NT] In copy_dir, pass --reflink=auto to cp. + [NT] Replace resolve_pkg_path with to normalize_pkg_path. The latter has slightly different return values in some cases. + [NT] Avoid the LOCPATH dance to find the path to an UTF-8 locale now that stable's libc-bin provides C.UTF-8 for us. + [NT] Add new function, locate_helper_tool, to find helper tools. . * private/refresh-perl-provides: + [NT] Apply patch from Niko Tyni to improve Lintian's data file about Perl modules provided by perl-base. . * profiles/debian/extra-apache2.profile: + [NT] Removed, merged into debian/main.profile. * profiles/debian/ftp-master-auto-reject.profile: + [NT] Include md5sums-mismatch and non-standard-toplevel-dir as an overridable tag. * profiles/debian/main.profile: + [NT] Include the apache2 check. Thanks to Arno Töll for the report. (Closes: #708943) . * reporting/harness: + [NT] Stop exporting ENV variables that lintian no longer cares about. . * vendors/ubuntu/main/data/changes-file/known-dists: + [NT] Add "saucy" as known Ubuntu distribution. Thanks to Iain Lane for the report. . lintian (2.5.12) experimental; urgency=medium . * Summary of tag changes: + Added: - ambiguous-paragraph-in-dep5-copyright - binary-file-built-without-LFS-support - debian-tests-control-is-not-a-regular-file - debian-tests-control-uses-national-encoding - debug-file-with-no-debug-symbols - desktop-entry-lacks-keywords-entry - dir-or-file-in-build-tree - dir-or-file-in-etc-opt - dir-or-file-in-home - file-name-is-not-valid-UTF-8 - font-adobe-copyrighted-fragment-no-credit - font-package-not-multi-arch-foreign - illegal-runtime-test-name - inconsistent-testsuite-field - license-problem-gfdl-invariants - license-problem-gfdl-invariants-empty - menu-icon-uses-relative-path - missing-runtime-test-file - missing-runtime-tests-field - package-contains-broken-symlink-wildcard - package-contains-unsafe-symlink - runtime-test-file-is-not-a-regular-file - source-contains-unsafe-symlink - unknown-runtime-tests-feature - unknown-runtime-tests-field - unknown-runtime-tests-restriction - unknown-testsuite - vcs-field-bitrotted - vcs-git-uses-invalid-user-uri - zip-parse-error + Removed: - unneeded-build-dep-on-quilt . * checks/*: + [NT] Avoid following unsafe symlinks. (CVE-2013-1429) * checks/binaries{,.desc}: + [NT] Accept libx32 as a bi-arch directory. + [NT] Correct reference policy reference. Thanks to Samuel Bronson for the correction. (Closes: #698234) + [NT] Detect debug ELF binaries with no debug symbols. Thanks to Nelson A. de Oliveira for the report. (Closes: #668437) + [NT] Check for binaries built without LFS. This can only be checked for 32bit binaries as 64bit binaries have LFS by definition. Thanks to Guillem Jover for the report and patches. (Closes: #670963) + [NT] Apply patch from Samuel Bronson to bump severity (but decrease certainty) of the "not linked against libc" tags. (Closes: #698720) * checks/copyright: + [NT] Apply patch from Evgeni Golov to avoid false positive tag when the MPL-2.0 license appears in the copyright file. (See #626454) * checks/cruft{,.desc}: + [NT] Do not emit the license-problem-json-evil tag for non-free packages. + [NT] Apply patch from Bastien Roucariès to catch GFDL licenses with invariants (etc.). (Closes: #695967) + [NT] Correct description of an autotools tag. Thanks to Alberto Garcia and Timo Juhani Lindfors for the report and patch. (Closes: #703490) + [NT] Check for unsafe symlinks (outside common testsuite paths). * checks/debconf: + [NT] Fix several path traversal issues that could leak information about the host system. (CVE-2013-1429) * checks/debhelper{,.desc}: + [JW] Assume the proper python helpers are called if a (Makefile) variable is used. (Closes: #659335) + [JW] Promote python-depends-but-no-python-helper and python3-depends-but-no-python3-helper to non-experimental. * checks/description: + [NT] Ignore "extended-description-is-probably-too-short" for metapackages. Thanks to Axel Beckert for the report. * checks/duplicate-files.desc: + [NT] Demote severity of "duplicate-files" tag to pedantic. * checks/fields{,.desc}: + [NT] Apply patch from Samuel Bronson to detect some broken or poor Vcs URLs. Also thanks to James McCoy for his report. (Closes: #652595) + [JW] Reduce severity of b-d-on-python-dev-with-no-arch-any to minor. + [NT] Skip "depends-on-packaging-dev" for metapackages. + [NT] Apply patch from Gregor Herrmann to catch metacpan homepage links with versions. (Closes: #700110) + [NT] Apply patch from Vasudev Kamath to detect fonts packages without a Multi-Arch foreign (or allowed) field. (Closes: #701061) * checks/files{,.desc}: + [NT] Apply patch from Bastien Roucariès to catch paths in (common) build dirs. (Closes: #678857) + [NT] Do not suggest the use of "virtual package" as a way to suppress empty-binary-package. Lintian will still accept it the phrase for now. + [NT] Accept libx32 as an bi-arch directory. + [NT] Ignore gzipped lintian overrides when checking whether a package is empty. + [NT] Fix typo of Pre-Depends, thanks to Raúl Benencia for spotting it. (Closes: #699452) + [NT] Add patch from Bastien Roucariès to check for another adobe font license issues. (Closes: #705175) + [NT] Test for use of file names that are contain invalid UTF-8 byte sequences. Thanks to Helmut Grohne for the suggestion. (Closes: #704446) * checks/init.d: + [NT] Fix regression where Lintian would not properly match init.d passed to update-rc.d. Thanks to Michael Meskes for reporting. (Closes: #698602) + [NT] Fix possible symlink traversal that could leak information about the host system. (CVE-2013-1429) * checks/java{,.desc}: + [NT] Report possibly broken jar files. * checks/md5sums: + [NT] Fix path traversal issue that could leak information about the host system. * checks/menu-format{,.desc}: + [NT] Apply patch from Bastien Roucariès to detect missing "Keywords" in desktop files. Thanks to Jeremy Bicha for the report. (Closes: #693918) + [NT] Apply patch from Matthias Klumpp to add missing "Science" category. (Closes: #697693) + [NT] Apply patch from Thomas Preud'homme to detect uses of relative icons in menu files. (Closes: #697916) + [NT] Document why only XPM are allowed in the tag description of menu-icon-not-in-xpm-format. (Closes: 591812) * checks/menus: + [NT] Fix path traversal issue that could leak information about the host system. (CVE-2013-1429) * checks/patch-systems{,.desc}: + [NT] Retire unneeded-build-dep-on-quilt, it is only a pedantic tag and apparently not too accurate. Thanks to Charles Plessy and Frank Kuester for the reports. (Closes: #615516, #681061) * checks/po-debconf: + [NT] Unconditionally set INTLTOOL_EXTRACT. * checks/rules: + [NT] Remove ant1.7 as alternative to ant as ant1.7 has been removed from Wheezy. * checks/scripts: + [NT] Treat scripts in /usr/src/ like they were documentation. * checks/shared-libs: + [NT] Special case gcc packages when looking for dev symlinks. gcc stores its dev symlinks in some special directories. + [NT] Fix path traversal issue that could leak information about the host system. (CVE-2013-1429) * checks/source-copyright{,.desc}: + [JW,NT] Add a separate tag for ambiguous DEP-5 paragraphs, where Lintian cannot reliably figure out what is intended. Thanks to Julian Taylor for the report. (Closes: #652380) + [NT] Add paragraph line number to the "field typo" tag. * checks/symlinks{,.desc}: + [NT] Warn about broken symlinks that contains a literal "*" in their target. This is usually a sign that a wildcard did not properly expand. Thanks to Bernd Zeimetz for the report. (Closes: #683737) + [NT] Demote certainty of package-contains-broken-symlink to wild-guess. + [NT] Check for unsafe symlinks in binary packages. * checks/testsuite{,.desc}: + [NT] New check written by Nicolas Boulenguez to catch some mistakes with the new autopkgtest tests. . * collection/*: + [NT] Avoid reading files outside the package root. (CVE-2013-1429) * collection/{changelog-file,debian-readme}: + [NT] Ignore files in usr/doc/<pkg>. + [NT] Skip collection if usr/share/doc/<pkg> is not contained within the package root. (CVE-2013-1429) * collection/hardening-info{,-helper,.desc}: + [NT] Whitelist "memset" and "memmove" as "always safe" functions. Thanks to Sebastian Ramacher for the suggestion and Roland Stigge for the report. (Closes: #685299) + [NT] Remove work around for #677530 * collection/index{,.desc}: + [NT] Fix missing trailing slash on dirnames and bump index version accordingly. Thanks to Nicolas Boulenguez for noticing. * collection/java-info: + [NT] Gracefully handle broken Jar files. Thanks to Paul Tagliamonte for the report. (Closes: #700543) * collection/strings: + [NT] Fix a regression in filtering out "debug" ELF binaries. . * data/binaries/arch-regex: + [NT] Recognise x32 as an ELF32 binary. * data/fields/obsolete-packages: + [NT] Apply patch from Guillem Jover to add fuse-utils as an obsolete package. (Closes: #697534) * data/files/locale-codes: + [NT] Refresh against sid data files. * data/menu-format/add-categories: + [NT] Apply patch from Matthias Klumpp to add missing subcategories. * data/output/manual-references: + [NT] Refresh with Policy 3.9.4. * data/scripts/interpreter: + [NT] Add cfagent as a known interpreter. Thanks to Andreas Mundt for the suggestion. (Closes: #699670) * data/scripts/versioned-interpreters: + [NT] Apply patch from Thijs Kinkhorst to add lua5.2 as a versioned alternative to lua. (Closes: #698704) * data/shared-libs/ldconfig-dirs: + [NT] Add libx32 and usr/libx32 used by some gcc x32 bi-arch packages. * data/spelling/corrections{,-case}: + [JW] Add correction for "privileges". (Closes: #700882) + [NT] Warn about incorrect case of "OpenStreetMap". Thanks to Paul Wise for the patch. . * debian/control: + [NT] Bump dependency on hardening-includes to avoid having to work around #677530. + [NT] Add XS-Testsuite for autopkgtest tests. + [NT] Add Build-Depends on libtest-perl-critic-perl. + [NT] Add (Build-)Depends on liblist-moreutils-perl and libfile-basedir-perl. + [NT] Add versioned (Build)-Depends on perl | libautodie-perl. * debian/lintian.install: + [NT] Install Test::Lintian in /usr/share/lintian/lib. * debian/rules: + [NT] Include the new Tutorial pods in the "api-doc" target. * debian/tests/{control,testsuite,testsuite-legacy}: + [NT] New file. . * doc/tutorial/Lintian/Tutorial{/WritingChecks}.pod: + [NT] Add POD tutorial on writing checks. . * frontend/lintian{,-info}: + [NT] Add --include-dir command line option. This can be used to load additional Lintian checks, profiles, libraries or data. (Closes: #359059) * frontend/lintian: + [NT] Remove "make-shift" lab-query support now that Lintian::Lab supports it. + [NT] Add new command line option "--[no-]user-dirs" to disable loading from $HOME/.lintian{rc,/} and /etc/lintian{rc,/}. + [NT] Error out early if a check cannot be loaded. + [NT] Make --suppress-tags{,--from-file} do something when used with --check-part and document that --tags causes the option to be ignored. + [NT] Accept the magic token "{VENDOR}" as a part of the value to --profile. + [NT] Add new command line option "--ignore-lintian-env" to make lintian ignore all environment variables starting with LINTIAN_. + [NT] Add a new command line option --no-display-experimental and --default-display-level. These options can be used to override some display options from the config file. (Closes: #703985) + [NT] Also search for the lintianrc file in XDG_CONFIG_{HOME,DIRS}. The default paths are now ~/.config/lintian/lintianrc and /etc/xdg/lintian/lintianrc. The previous lintianrc paths are still accepted. + [NT] Stop looking for lintianrc files in the LINTIAN_ROOT. + [NT] Stop exporting LINTIAN_LAB to processes run by lintian. + [NT] Use of --root (or setting LINTIAN_ROOT) will now imply the option --no-user-dirs by default. . * lib/*: + [NT] Use "parent" instead of the "base" pragma. * lib/Lintian/Collect.pm: + [NT] Add "is_non_free" method to easily check of a given package appears to be non-free. * lib/Lintian/Collect/Binary.pm: + [NT] Re-instate the "TEXTREL" marker. This fixes a regression where shared-libs compiled without pic was not reported. Thanks to Dmitry Shachnev for the assistance in debugging this. + [NT] Recognise packages in section "metapackages" as a metapackage. Thanks to Axel Beckert for the report. (Closes: #698610) * lib/Lintian/Collect/Package.pm: + [NT] Ensure the "root" entry of indices do not contain itself. (Closes: #695866) + [NT] Add warning to unpacked and debfiles when they are given a path with leading slash or dot-slash. + [NT] When a check requests access to a raw file (or dir) in the package, ensure that the resulting path does not "escape" the top level directory. This should preemptively guard against some (but not all) traversal attempts. * lib/Lintian/Path.pm: + [NT] Document that link_resolved is not sufficient to test the "safeness" of a symlink. * lib/Lintian/Command/Simple.pm: + [NT] Use constant time lookup access instead of linear scan with "hashref" wait. * lib/Lintian/Lab.pm: + [NT] Add lab_query method to handle lab-queries directly. + [NT] Fix bitrot of repair_lab and rename it to repair for consistency. * lib/Lintian/Lab{,/Manifest}.pm: + [NT] Add support for grouping of manifests. * lib/Lintian/Lab/Manifest.pm: + [NT] Fix an error in visit_all when sufficient keys for an exact look up was given. * lib/Lintian/Processable.pm: + [NT] Fix issue where packages loaded from the lab indices would sometimes get a wrong source-version. * lib/Lintian/Relation/Version.pm: + [NT] Add and export "versions_comparator" that can be used for sorting purposes. * lib/Lintian/Tag/Info.pm: + [NT] Use "&" in the manpage ref URLs to generate proper HTML. Thanks to Vasudev Kamath for reporting the issue. + [NT] Produce a more helpful error message when a tag has an invalid severity or certainty. (Closes: #703978) * lib/Lintian/Tags.pm: + [NT] Deal with parsing an ambiguous override a bit better. This solves false-positive malformed-override, where Lintian misparsed the tag name as a package name. (Closes: #699628) * lib/Lintian/Util.pm: + [NT] Reject partially signed Deb822 files. Most Deb822 files are not signed at all; but those that are should be completely covered by a signature. (Closes: #696230) + [ADB] Fix a typo in the matching of expected delimiters for some signed messages; thanks Samuel Bronson. + [NT] Add sub to check if a path is contained within a given dir. + [NT] Fix bug in resolve_pkg_path that made it resolve some links incorrectly. + [NT] Document that resolve_pkg_path is not sufficient to test the "safeness" of a symlink. . * man/lintian.pod.in: + [NT] Document that --pedantic is the same as "-L +=pedantic". (Closes: #703989) + [NT] Fix typo of the "override" variable in the config example. . * private/refresh-locale-codes: + [JW,NT] Ignore the "zxx" locale code, which means "No linguistic content". (Closes: #692548) . * reporting/config: + [JP] Remove unused $GRAPH_DIR configuration option. * reporting/graphs/{statistics,tags}.gpi: + [JP] Tweak graph size to allow longer labels, and force font family. * reporting/harness: + [NT] Add --to-stdout option to emit log information to stdout as well as the log files. + [NT] Always schedule packages in groups. Otherwise, binNMU'ed binaries would not be tested together with their source package (and architecture independent packages). + [NT] Schedule groups in chunks (default 512 per chunk). This makes the Lintian processes shorter and makes memory reclaimable sooner. (Closes: #695839) + [NT] Remove "make-shift" lab-query support now that Lintian::Lab supports it. * reporting/html_reports: + [NT] Update xrefs to include source version. + [NT] Generate a text file suitable for Apache's RewriteMap to map source packages to the full report for that source. Thanks to Joerg "Gannef" Jasper for the suggestion to use RewriteMap. (Closes: #696960) + [JP] Fix version labels glitches. + [JP] Use global $GRAPHS_RANGE_DAYS. + [JP] Pass graph variables to index and tag templates. * reporting/lintian.css: + [JP] Tweak graph alignment. * reporting/templates/{packages,maintainer,tag}.tmpl: + [NT] Properly handle multiple versions of the same source and add versioned anchors to them. * reporting/templates/{index,tag}.tmpl: + [JP] Include history graphs in HTML templates. * reporting/templates/tag.tmpl: + [NT] Fix "empty <ul>" tag when tag has no "extra" information. Thanks to Vasudev Kamath for reporting the issue. . lintian (2.5.11) experimental; urgency=low . * Summary of tag changes: + Added: - conffile-has-bad-file-type - debug-package-for-multi-arch-same-pkg-not-coinstallable - dm-upload-allowed-is-obsolete - field-name-typo-in-dep5-copyright - font-adobe-copyrighted-fragment - license-problem-json-evil - maintainer-script-has-unexpanded-debhelper-token - shlibs-uses-obsolete-relation - untranslatable-debconf-templates + Removed: - apparently-truncated-elf-binary - data.tar.xz-member-without-dpkg-pre-depends - debhelper-overrides-need-versioned-build-depends - no-source-field - preinst-uses-dpkg-maintscript-helper-without-predepends . * checks/*: + [NT] Remove assumption that lintian will chdir into the the lab before calling the check. + [NT] Be better at avoiding false-positive spelling errors for references to packages that also happen to be common spelling mistake. Thanks to Paul Tagliamonte for the report. (Closes: #687464) * checks/binaries{,.desc}: + [NT] Merge apparently-truncated-elf-binary into apparently-corrupted-elf-binary. + [NT] Remove some references to objdump in tag descriptions as Lintian uses readelf. + [JW,NT] Update the "extract SONAME" shell snippet to properly handle SONAMEs with uppercase letters. + [JW] Recognise any path with matching the GNU multi-arch triplet as a "Multi-arch: same"-safe directory. Thanks to Matthias Klose for the report. (Closes: #681410) * checks/changelog-file: + [NT] Emit "missing changelog" for packages that are missing their usr/share/doc/<pkg>/ dir and do not have a doc symlink. Thanks to Faheem Mitha for the report. (Closes: #683224) * checks/conffiles{,.desc}: + [NT] Remove leading slash on the filename when emitting file-in-etc-rc.d-marked-as-conffile. + [NT] Add check for "non-file" conffiles. Thanks to Guillem Jover for the report. (Closes: #690910) * checks/control-file.desc: + [NT] Bump obsolete-relation-form-in-source to serious as these forms are now "must not" instead of "should not". * checks/copyright.desc: + [NT] Bump debian-copyright-file-uses-obsolete-national-encoding to serious as copyright files must now be UTF-8 encoded. * checks/cruft{,.desc}: + [NT] Detect MS-DOS executables as windows binaries. + [NT] Bump the version of config.{guess,sub} needed for triggering the "outdated-autotools-helper-file" tag for arm64 support. Thanks to Paul Wise for the report and the investigative work. (Closes: #690014) + [RA,NT] Extend the description of the tags {outdated,ancient}- autotools-helper-file to mention that dh-autoreconf might be helpful tool. + [NT] Apply patch from Bastien Roucariès to detect file licensed under the "Good, not Evil"-JSON license. (Closes: #692616) * checks/deb-format{,.desc}: + [NT] Retire data.tar.xz tag. (Closes: #680391) * checks/debhelper{,.desc}: + [JW,NT] Consider missing versioned build-depends on debhelper for compat 8 (or less) a pedantic issue. (Closes: #681894) + [NT] Retire debhelper-overrides-need-versioned-build-depends. * checks/fields{,.desc}: + [NT] Retire no-source-field since Lintian cannot emit it any more due to dpkg-source refusing to extract such source packages. + [NT] Add tag for using the obsolete DMUA field. Thanks to Ansgar Burchardt for the report. (Closes: #688494) + [NT] Apply patches from Bernhard R. Link to check for unintentional whitespace and use of non-canonical URIs in Vcs-* fields. (Closes: #681769) + [NT] Fix false-positive caused by insignificant whitespace. Thanks to Dima Kogan for the report. (Closes: #693589) * checks/files: + [RG] Recognise smarty3 as smarty itself. + [NT] Consider "tasksel tasks" as a meta package. (Closes: #691489) + [NT] Add patch from Bastien Roucariès to check for adobe font license issues. (Closes: #694328) * checks/group-checks{,.desc}: + [NT] Detect debug packages not co-installable with itself, when it provides debug symbols for a Multi-Arch: same package. Thanks to Carsten Hey for the report. (Closes: #678896) * checks/infofiles: + [NT] Use L::Util's gzip decompressor rather than zcat. * checks/init.d{,.desc}: + [NT] Move file-in-etc-rc.d-marked-as-conffile to conffiles check. + [NT] Use L::Collect's conffile API instead of accessing the "conffiles" control file directly. * checks/java.desc: + [NT] Remove the "experimental" marker of the Java byte-code check. * checks/manpages{,.desc}: + [CW,NT] Manually do redirects and chdir rather than invoking a shell when calling man and lexgrog. + [CW,NT] Be stricter with missing roff preprocessors by setting MANROFFSEQ to the empty string when calling man. + [CW,NT] Pass -Tutf8 -Z to man to skip an unused part of the groff pipeline. (Closes: #677874) + [CW,NT] Use the L::Util gzip decompressor to open gzipped manpages. * checks/menu-format{,.desc}: + [NT] Move a table of categories to a data file. + [NT] Update description of menu-icon-missing. Lintian is now sometimes able to find the icon in dependencies (if they are built from the same source). Thanks to Ryan Kavanagh for the report and the suggested patch. (Closes: #683516) * checks/md5sums: + [NT] Use L::Collect's conffile API instead of accessing the "conffiles" control file directly. * checks/po-debconf{,.desc}: + [NT] Check for untranslatable templates that should be translatable. Thanks to David Prévot for the report and the patch. (Closes: #686179) * checks/scripts{,.desc}: + [NT] Retire check for dpkg-maintscript-helper in preinst. (Closes: #685497) + [NT] Fix false positive "executable-not-elf-or-script" when the file is an executable hardlink to a script. + [NT] Check maintainer scripts for unexpanded #DEBHELPER# tokens. Thanks to Cyril "KiBi" Brulebois for the suggestion. + [NT] Fix false-positive for removal of device files as /dev/shm is not a device. Thanks to Steve Langasek for the report and Roger Leigh for the extra info. (Closes: #693442) * checks/shared-libs{,.desc}: + [NT] Clarify the description of dev-pkg-without-shlib-symlink to mention that the dev symlink is always expected in /usr. + [NT] Add missing "+" in libtool regex. Thanks to Leo 'costela' Antunes for the report. + [RA,NT] Check for use of obsolete "<" and ">" in shlibs control files. (Closes: #660655) * checks/source-copyright{,.desc}: + [NT] Check for possible misspellings of known field names. (Closes: #678639) + [NT] Fix typo of paragraph. Thanks to Logan Rosen for spotting it. (Closes: #693013) * checks/version-substvars{,.desc}: + [JW,NT] Extend version-substvar-for-external-package to all relations. Previously it was only triggered for strong dependency relations. (Closes: #658474) . * collection/deb-format.desc: + [NT] Remove unneeded changelog-file from "Needs-Info". * collection/objdump-info{,-helper,.desc}: + [NT] Change the output format for the collection and bump the version of the collection accordingly. + [NT] Apply patch from Peter Pentchev to ensure set{u,g}id ELF binaries are properly processed, even when Lintian is run as root. (Closes: #686352) . * data/binaries/embedded-libs: + [RG] Check for embedded copies of jsoncpp. * data/fields/archive-sections: + [NT] Add new "tasks" section. * data/menu-format/add-categories: + [NT] New file. * data/output/ftp-master-{,non}fatal: + [NT] Removed, not used at run time. * data/scripts/interpreters: + [NT] Add nodejs and Rscript as a known interpreter. Thanks to Marcelo Jorge Vieira and Sébastien Boisvert for the report. (Closes: #623265, #692232) * data/spelling/corrections: + [NT,RG] Add more corrections. + [RG] Re-sort the corrections. . * debian/control: + [NT] Add (Build-)Depends on libtext-levenshtein-perl. + [NT] Use anonscm.d.o in the Vcs-* fields instead of git.d.o. * debian/lintian.install: + [NT] Install Lintian perl modules in /usr/share/perl5. * debian/rules: + [NT] Add target to generate HTML API doc. Currently this is only run manually. . * frontend/lintian: + [NT] Remove chdir calls for checks. + [NT] Retire depreciated command line and config options. + [NT] Refactor unpacking into Lintian::Unpacker. + [NT] Make parameter for --jobs optional. In its absence Lintian will not limit the number of parallel jobs. + [JW,NT] During the unpack phase, emit the name of the group currently being unpacked when --verbose is given. (Closes: #677890) + [JW] Fix typo of Parallelization. + [NT] Fix regression where --suppress-tags{,-from-file} was ignored if -C or -X was passed. Thanks to Thorsten Glaser for reporting it. (Closes: #688320) . * lib/Lintian/Collect{,/Source}.pm: + [NT] Add optional parameter to field (and X_field) methods that denotes the default value if a field is missing. This avoid some boiler plate for callers of the methods. * lib/Lintian/Collect/Binary.pm: + [NT] Bump API for objdump method. + [NT] Add API for checking if a file is considered a conffile. * lib/Lintian/Collect/Package.pm: + [NT] Strip leading slash off files extracted from tar. * lib/Lintian/Command.pm: + [NT] Work around a leak in IPC::Run (see #301774). * lib/Lintian/Internal/FrontendUtil.pm: + [NT] Always use Dpkg::Vendor to determine the default vendor. Previously dpkg-vendor would be preferred if available. * lib/Lintian/Lab/Entry.pm: + [NT] Use the L::Collect during creation instead of manually reading the dsc for source packages. * lib/Lintian/Profile.pm: + [NT] Add support for the new optional "Load-Checks" field in profiles. + [NT] Ensure that the "lintian" check is always loaded as these tags are not emitted by check modules. Also enable the tags from the check by default. * lib/Lintian/Tags.pm: + [NT] Be explicit about the reason when rejecting an override. Thanks to Yves-Alexis Perez for the report. (Closes: #673073) * lib/Lintian/Unpacker.pm: + [NT] New file. . * man/lintian.pod.in: + [NT] Remove documentation about removed options. . * reporting/graphs/{statistics,tags}.gpi: + [JP] New file. * reporting/html_reports: + [JP,NT] Generate graphs of the collected history data. (Closes: #672273) + [NT] Make the mirror name configurable. . * vendors/ubuntu/main/data/changes-file/known-dists: + [NT] Add "raring" as known Ubuntu distribution. Thanks to Dmitry Shachnev. (LP: #1068208) Checksums-Sha1: b714fecafa37364fddabffcbe910063937e09417 2556 lintian_2.5.13~bpo70+1.dsc f975cfc5a422d08df7ca184348f3e4610782418b 1242326 lintian_2.5.13~bpo70+1.tar.gz 9419493a186ee782a8f8103b29f4fbf058c366ee 770592 lintian_2.5.13~bpo70+1_all.deb Checksums-Sha256: aa6b8a3ea3444c8b2fb8ff531f642b687c9e76aa6d091e598de592c0c4607530 2556 lintian_2.5.13~bpo70+1.dsc 9f050b25104dd0808e867b9e12bc60fc2e076296f98b7d5c7a4bdf036626ec88 1242326 lintian_2.5.13~bpo70+1.tar.gz a00b35dc62e79318b3ec8dcfd3b0b5331bb4dc35c994af85fed3c6a7015ee05e 770592 lintian_2.5.13~bpo70+1_all.deb Files: 16a9d68bcd174b6fd9d37c6a91f2a928 2556 devel optional lintian_2.5.13~bpo70+1.dsc 43456edfa4b8920f003be87eee8515d6 1242326 devel optional lintian_2.5.13~bpo70+1.tar.gz 4fe2adb4dbb245d34d9af84d0fb4d8f5 770592 devel optional lintian_2.5.13~bpo70+1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRp6NHAAoJEEkIatPr4vMfwVAP/3PaUoA2zVz94XwnVXTehlvi pqkLD709s7WIk9fFnCxOAkyUtKJOwjdzO9FJctJLhbDr/7+joIc7fy8b0BnDyOoF TSVbeTHlrxG7n0BMiUSbhodnWk2td6iVS9Ri3JOd9wQZvYIdCm59LAQJUSzGYfah 4O57zP2Zof9NqOCQzdlaR22ijdnarsKOpjJ/LKQLa3qRyey2Z2uy7jLpjByKJfYX ppg9lJ9ey4cuLdw2ohNDrebGk6uoDP22aZMYVfBIKfIEql1unExMXlpQUWr9jDYS AqSlzWtl0jiasBecN1KeYwow/8WWAMEhOfj3pwPgHW8ksrgOyv7GesLDAWtAW8bJ TGmFTl3I0RBZ7PXvYKeVSnulVoIVMBBjnr4XYXntFjXeKADRMBKD9q0iG9ZJ3gqm XQt68rscOyrh/Px9pdU394O1SUlOVBwHPu2iRsAPeqoMbBuv78Tv7IZ2ZWWQ3ilp AGFMCeZQ1hq8hT8fjkSPtdBNEMUVAqqT3qwv0Ue5A0nw5gWQQehPpytFPAaX/nK0 SyO0g0rUKuoIWWCZ0FRECvkzDAy6pkOYVHm3wOja6MN3as/MNUKgqShYRHSut2S2 oPaWGs9bNdMXT20MHfQgt+xGvd0EzR13sUZ9dqin+1Jg27YPrJ8qiKumXD9RdNR/ Nq9Wt40Zn1RyHV5nWqzm =xVgh -----END PGP SIGNATURE----- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
