Bug#907667: lintian: should html escape output if --color=html is used

2018-08-30 Thread James Cowgill
Package: lintian
Version: 2.5.99
Severity: important
X-Debbugs-CC: ftpmas...@ftp-master.debian.org
X-Debbugs-CC: debian-ad...@lists.debian.org

Hi,

Lintian does not html escape tag information when --color=html is used.
I noticed this after browsing a few packages in the NEW queue which have
broken stylesheets. Current examples:
https://ftp-master.debian.org/new/displaycal_3.6.1.0-1.html
https://ftp-master.debian.org/new/json-editor.js_0.7.28+ds-1.html

When generating those pages, dak passes --color=html to lintian and does
not escape the output (because that would escape the span tags). In this
case some privacy-breach-generic tags contained  $ lintian --color=html libjs-json-editor_0.7.28+ds-1_all.deb
> W: libjs-json-editor: privacy-breach-generic 
> usr/share/doc/libjs-json-editor/examples/wysiwyg.html [ href="//cdn.jsdelivr.net/sceditor/1.4.3/jquery.sceditor.default.min.css">] 
> (//cdn.jsdelivr.net/sceditor/1.4.3/jquery.sceditor.default.min.css)
> W: libjs-json-editor: privacy-breach-generic 
> usr/share/doc/libjs-json-editor/examples/wysiwyg.html [ href="//cdn.jsdelivr.net/sceditor/1.4.3/themes/default.min.css">] 
> (//cdn.jsdelivr.net/sceditor/1.4.3/themes/default.min.css)
> W: libjs-json-editor: privacy-breach-generic 
> usr/share/doc/libjs-json-editor/examples/wysiwyg.html [

Bug#889016: lintian: Please update dh_commands for scour 0.36-2

2018-03-12 Thread James Cowgill
Hi,

On 12/03/18 00:42, Chris Lamb wrote:
> tags 889016 + pending
> thanks
> 
> Hi James,
> 
> Thanks for the reopening this. I've updated all the debhelper data. Can
> you check the scour changes over for sanity? We seem to have changed
> them a number of times in the past 6 months!
> 
> You can see the diff here:
> 
>   
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=115ce429ef09111ba8d04ebe23bbacb3a1de26c7

Thanks. I think the scour changes look correct now.

James



signature.asc
Description: OpenPGP digital signature


Bug#889016: lintian: Please update dh_commands for scour 0.36-2

2018-03-11 Thread James Cowgill
Control: reopen -1

Hi,

This bug was not correctly fixed in lintian 2.5.73. For example, mixxx
currently build depends on python3-scour (instead of scour), but lintian
produces no error for it:
https://lintian.debian.org/maintainer/pkg-multimedia-maintain...@lists.alioth.debian.org.html#mixxx

I think this is because dh_addons was not regenerated and still contains
the old python3-scour entry.

https://sources.debian.org/src/lintian/2.5.79/data/common/dh_addons/

Thanks,
James



signature.asc
Description: OpenPGP digital signature


Bug#808050: lintian: change embedded-library check for polarssl to mbedtls

2015-12-15 Thread James Cowgill
Package: lintian
Version: 2.5.38.1
Severity: normal
Tags: patch

Hi,

Around a year ago, the polarssl project was rebranded as "mbed TLS".
Due to this and due to some major API changes in the 2.0 release, I've
uploaded a new mbedtls package which is intended to replace polarssl.

Now that it's been accepted into unstable, can the embedded-library
check for polarssl be changed to mbedtls? The patch I've attached
should do it.

Thanks,
Jamesdiff --git a/data/binaries/embedded-libs b/data/binaries/embedded-libs
index c428a33..e584012 100644
--- a/data/binaries/embedded-libs
+++ b/data/binaries/embedded-libs
@@ -85,6 +85,7 @@ libupnp   ||source-regex=libupnp\d?||(?m)(?:SSDP_LIB: New Request Handler:Error|
 libxml2   ||root and DTD name do not match
 libyaml   ||(?m)^did not find expected 
 ltdl  ||source=libtool ||(?m)^library already shutdown
+mbedtls   ||(?m)^(?:ASN1 - Actual length differs from expected length|SSL - The connection indicated an EOF)
 mpfr  ||source=mpfr4 ||MPFR: Can't allocate memory
 mpg123||Warning: Encountered more data after announced end of track
 ncurses   ||Not enough memory to create terminal structure
@@ -94,7 +95,6 @@ openjpeg  ||tcd_decode: incomplete bistream
 openssl   ||You need to read the OpenSSL FAQ
 pcre3 ||this version of PCRE is not compiled with PCRE_UTF8 support
 poppler   ||source-regex=(?:poppler|xpdf)||(?:May not be a PDF file \(continuing anyway\)|PDF file is damaged - attempting to reconstruct xref table\.\.\.)
-polarssl  ||(?m)^(?:ASN1 - Actual length differs from expected length|SSL - The connection indicated an EOF)
 srtp  ||srtp: in stream 0x%x:
 sqlite||source-regex=sqlite3? ||CREATE TABLE sqlite_master\(
 t1lib ||t1lib is copyright \(c\) Rainer Menzner


signature.asc
Description: This is a digitally signed message part