-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 May 2015 08:11:27 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.31 Distribution: unstable Urgency: medium Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Niels Thykier <niels@thykier.net> Description: lintian - Debian package checker Closes: 732246 749103 751949 756128 764015 765344 766118 767107 768884 769036 769679 769845 770068 771054 771113 774729 775467 775760 776267 776480 776535 776954 778323 778556 778558 778820 780474 781235 781396 781397 782902 783327 784012 784277 784639 Changes: lintian (2.5.31) unstable; urgency=medium . * checks/binaries.pm: + [BR] Do not tag with library-in-debug-or-profile-should-not-be-stripped when file add "not stripped, too many notes" to its output. Thanks to Jakub Wilk. (Closes: #775760). + [AB] Ignore tEH and tEh for spelling-error-in-binary. (Closes: #782902; bug report and patch by Tomasz Buchert, thanks!) * checks/changelog-file.{desc,pm}: + [BR] Correct a typo on tag name and do not raise bad-intended-distribution if distribution is still set to UNRELEASED. (Closes: #765344). + [NT] Apply patches from Ben Finney to permit quotes around the distribution name in the "to unstable" entries. (Closes: #784012) * checks/control-file.{desc,pm}: + [BR] Apply patch from Johannes Schauer in order to detect obsolete XS-Testsuite header. (Closes: #770068). + [AB] New check for multiline architecture fields in debian/control. (Closes: #780474) + [NT] Apply patch from Guillem Jover to update the description of the xs-testsuite-header-in-debian-control tag. (Closes: #781397) * checks/copyright-file.pm: + [NT] Permit the use of "pkg:arch" dependencies when packages use symlinked doc-dirs. * checks/cruft.{desc,pm}: + [NT] Import "d/pycompat is deprecated" check from lintian4python. * checks/dbus.{desc,pm}: + [NT] Apply patch series from Simon McVittie to improve the dbus check. In particular, detect dbus policy files that exposes CVE-2014-8148 and CVE-2014-8156. (Closes: #776480) * checks/deb-format.{desc,pm}: + [BR] Support all format described in deb(5) but manually reject until dak is ready. * checks/debian-source-dir.pm: + [NT] Fix regression where "missing-debian-source-format" was not emitted if "debian/source" was missing. Thanks to Jean-Michel Nirgal Vourgère for finding this bug. (Closes: #781235) * checks/description.pm: + [NT] Allow debug packages without an extended description. * checks/fields.{desc,pm}: + [BR] Add reference to build-depends-on-metapackage (Closes: #767107). + [BR] Check source version (Closes: #749103). + [NT] Import check of "Python-version: current" being deprecated from lintian4python. + [AB] Remove "dev" from list of suffixes to trigger rc-version-greater-than-expected-version (Closes: #732246) + [AB] Recognize user@host:path.git URIs in Vcs-Git (Closes: #778323) * checks/files.{desc,pm}: + [BR] Rename compressed-objects.inv to file-should-not-be-compressed and use it for doxygen map.gz. (Closes: #751949). + [NT] Merge patch from Nicolas Boulenguez to remove some partially redundant code. (Closes: #784277) + [NT] Allow "-dbgsym" as an alternative name to "-dbg" for packages containing debug symbols. * checks/init.d.desc: + [BR] Add reference to #DEBHELPER# token for script-in-etc-init.d-not-registered-via-update-rc.d. (Closes: #775467). * checks/patch-systems.pm: + [NT] Avoid crashing on debian/patches being a file. (Closes: #778556) * checks/po-debconf.pm: + [NT] Avoid errors from intltool-update. (Closes: #778558) * checks/script.{desc,pm}: + [BR] Fix some false negatives for command-with-path-in-maintainer-script tag. (Closes: #769845). * checks/shared-libs.{desc,pm}: + [NT] Apply patch from Guillem Jover to recognise the "Ignore-Blacklist-Groups" meta field in symbols files. (Closes: #781396) * checks/source-copyright.{desc,pm}: + [BR] Fix a false positive for missing-license-paragraph-in-dep5-copyright tag. Emit a new spefic tag for references to the header paragraph as a license paragraph. (Closes: #766118). + [BR] Detect if license short name are unique. + [BR] Avoid false positive license-problem-undefined-license for - in short license. + [BR] Warn when using reference to header license. (related to bug #769818). * checks/symlinks.desc: + [AB] package-contains-broken-symlink: Mention in the tag description that only direct dependencies built from the same source package can be checked by lintian. (Closes: #776535) * checks/watch-file.{desc,pm}: + [NT] Check for watch files accessing PyPI over HTTP instead of HTTPS. This check has been imported from lintian4python (with a different tag name). + [AB] Check for watch files accessing unsupported PyPI URLs (Check written by James McCoy and Ben Finney; Closes: #776267) . * collection/strings: + [NT] Pass "-a" to strings to avoid possible security issues in strings. . * commands/reporting-{lintian-harness,sync-state}: + [NT] New files (internal commands for the reporting framework). . * data/binaries/arch-regex: + [NT] Add arm64 and ppc64el regex. + [NT] Correct armel and armhf regex to cope with statically linked binaries. (Closes: #768884) * data/binaries/embedded-libs: + [RG] Do not warn about libpng1.6 embedding libpng + [RG] Add a new string to detect embedders of libpng * data/changes-file/known-dists: + [ADB] Add "stretch". * data/cruft/rfc-whitelist: + [BR] Whitelist dual licensed vorbis rfc5215. * data/debhelper/dh_addons-manual: + [BR] Apply patch from Jean-Michel Nirgal Vourgère for detecting missing-build-dependency-for-dh-addon apache2. (Closes: #778820). * data/fields/binary-fields: + [AB] Add ghc-package (Source: /usr/share/cdbs/1/class/hlibrary.mk) + [AB] Add gstreamer-* fields as generated by dh_gstscancodecs + [AB] Add lua-versions as mandated by the Debian Lua Policy * data/fields/perl-provides: + [NT] Update perl-provides for perl 5.20.2. * data/files/js-libraries: + [AB] Use "tinymce" instead of "tinymec2?" (Closes: #783327) * data/files/obsolete-paths: + [BR] Add /etc/bash_completion.d (Closes: #776954). * data/files/privacy-breaker-websites: + [BR] Add specific test for privacy breach with modernizr.js (Closes: #769679). + [BR] Add /logos/ to privacy-breach-logo. + [BR] Add specific test for libjs-openlayer. + [BR] Detect twitter logo. + [BR] Detect libjs-jquery-flot. + [BR] Detect libjs-jquery-mobile. + [BR] Detect beta of libjs-query. + [BR] Detect libjs-prototype. * data/spelling/corrections: + [BR] Add portugese||Portuguese. (Closes: #764015). * data/spelling/corrections-multiword: + [BR] Add "allow one to" and "permit one to". (Closes: #756128). . * debian/control: + [NT] Recommend dpkg (>= 1.17.14) for the --ctrl-tarfile option in dpkg-deb. Lintian relies on it to support (u)deb files without a gzip compressed control.tar file. + [AB] Promote xz-utils from Suggests to Depends. (Closes: #774729) * debian/copyright: + [AB] Update copyright years. * debian/rules: + [NT] Add CLEAN_TEST_WORK_DIR to be able to control whether the test artifact directory should be cleaned during a call to "debian/rules clean" (defaulting to do the clean). . * doc/CREDITS: + [AB] Add contributors from 2014 and 2015. . * frontend/lintian: + [NT] Produce a better error message for lintian detects that a check has a dependency on an unknown collection. . * helpers/coll/objdump-info-helper: + [NT] Apply patch from Matt Kraai that adjusts the regex used for parsing readelf output. Thanks to Martin Pitt for reporting the issues. (Closes: #771054) . * lib/Lintian/Collect/Binary.pm: + [NT] Add "debug" class for "is_pkg_class". This uses the package name to guess if the package is expected to contain debug symbols. * lib/Lintian/Command.pm: + [NT] Use croak() rather than L::Util's fail() on errors. The issues are generally not "internal errors". * lib/Lintian/Internal/FrontendUtil.pm: + [NT] Work around a bug in autodie, where an fdopen of a file-descriptor always failed with "bad file descriptor". * lib/Lintian/Lab.pm: + [NT] Null fields extra metadata fields in the lab storage that are no longer used. These were previously used by the reporting framework. + [NT] Automatically correct lab metadata, when the lab discovers an entry does not exist. Any remains of the entry will be removed as well. Previously, the lab would just throw an error and require a manuel correction of the lab. * lib/Lintian/Reporting/ResourceManager.pm: + [NT] Only preserve the last extension of the installed resource. Previously it would keep all "extensions", including long parts of the original name if it happened to contain a period. * lib/Lintian/Util.pm: + [NT] Prefer dpkg-deb --ctrl-tarfile to "ar p" when dpkg is recent enough. + [NT] Stricten the permitted whitespace at the end of GPG marker lines. This is the same issue as CVE-2015-0840, except lintian never attempted to validate the signature. + [NT] Explicitly use YAML::XS for reading and writing YAML files. YAML::Any does not specify an interface for reliably read YAML files in UTF-8 encoding leading to "mojibake" in some cases. Thanks to Andreas Rönnquist for reporting the issue. (Closes: #784639) . * profiles/ubuntu/main.profile: + [BR] Exclude no-human-maintainers (Closes: #769036). . * reporting/config: + [NT] Include and briefly document new configuration options. * reporting/{harness,html_reports}: + [NT] Rewrite harness and remove the hard dependency on a functional permanent laboratory in the reporting framework. - The framework now relies on the "harness state cache" (a YAML file), which can be updated atomically. - The harness framework now avoids stat(2)ing all artefacts on the mirror just to check if they are unchanged. - The harness frontends use less memory and now releases most of it before calling html_reports. This should reduce the peak memory requirements considerably for the html_reports part of the run. * reporting/{html_reports,templates/*}: + [NT] Reorder the datastructures shared with templates for better data sharing. This reduces the memory consumption of html_reports by ~25% on lintian.d.o. * reporting/html_reports: + [NT] Templates are now always read and (their output) written in the UTF-8 encoding. + [NT] Stop reading $statistics_file from the config file. . * t: + [NT] Apply patch from Matt Kraai to fix test case on i386. (Closes: #771113) * t/scripts/pod-spelling.t: + [AB] Hardcode aspell as spelling command since Test::Spelling prefers spell over aspell if installed, too. This avoids having to add a "Build-Conflicts: spell". * t/tests/files-embedded/: + [AB] Add test case for #783327. Checksums-Sha1: aaad5872903c99de9d82d0561c6fa99f2d1f11cc 2731 lintian_2.5.31.dsc 033f82e4935a2bedeac59bc27d8a9efacb0a8297 1198088 lintian_2.5.31.tar.xz 0112ebee88749013364186760dccdb3db28eca59 808036 lintian_2.5.31_all.deb Checksums-Sha256: dec336ab952bfa89b3d426a00e69ecb6cda7d38734e22d9c35010c2f2e97d3b2 2731 lintian_2.5.31.dsc 10571e64ace6871df0916d98af0714416a8c23ebe295486321796b732aef0cd6 1198088 lintian_2.5.31.tar.xz 1cc6e5c0fe7f97e4878c20df77fb5bce67d76e775c5b6ca70d77a32062b0fe3d 808036 lintian_2.5.31_all.deb Files: cd54f618db2964ec76fd8394370236a5 2731 devel optional lintian_2.5.31.dsc fb3006cab2479c5d43fa3766fe4d8c09 1198088 devel optional lintian_2.5.31.tar.xz e6c44875005a9396f7a93f9a513d5a21 808036 devel optional lintian_2.5.31_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVVEAqAAoJEAVLu599gGRCcmIP/0TxxiXCRqd1jiSh1h4EoyzG rrSgASmlDkEqcZ52iB6Eu+0EPnmc+D5KGOBqsWX2kJDGuXECkY+X0NXJKgnKksqh Iu9kYma7ItG5VQcre4abA8lgBI4n9WKTj7yWMG/BqTKf8LOolPWJsGE15CP2KRsR iW0Qng/RAfsr54QHguDZeJpYV75Py20pvjEsut6o/MX2X1enRBfaPSb9lSNYQfX7 50Z8R/JbQVhR2H/15FNuCSnlY/lR5uXKJzXajOBfMdxfRgA+rm/Y/JEoOkdPEOKJ VcwgWgFA8NdLUbq4sHKNj55JWQI3XY2FSE9gwgjzwFp5721vqofqpgMguTCft5nG r/fE2qyL9T0d+4PAb02Aeht6HR+BTfKY9dfMao8jiJRhT44tJ3IRBsQbtoVyj/PQ bcBJmzZJoZRxJPN0EUEVElUputoEM3wcQZ0lclvwyRoqnzVxsUwSEbjJKeMOUHf9 c0luz7Oetat7QnHnbHT+++VX0J4dfgJXm+040NyMCaNDpTfmhkc86Sdm4lMO1Qbe P1BDVSgmkwwV1oRrklWepYdRtlmRsAXiaRRX3fGSL67xisIiC//btI/k6sinTrI/ TRT4YNKt2CVPYjywW0wqfr1IXpBrGOtnzdTo+uwknj1dMNU9QfmPKF5nA8Dndx2M xNLmLECamrWqrYO5ik9D =QNPq -----END PGP SIGNATURE-----
