-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 02 Jul 2017 10:48:54 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.51~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Luca Falavigna <dktrkranz@ellesmera> Description: lintian - Debian package checker Closes: 540294 633850 645455 695345 698723 814521 815233 829649 848878 849470 849880 851215 852005 852084 852145 852369 852404 852407 852409 852410 852411 852413 852414 852416 852419 852421 852426 852891 854132 855243 856155 856312 856857 856954 856975 857194 857654 857655 857656 858117 858326 859412 859467 860419 860558 861509 861599 861958 863020 863386 Changes: lintian (2.5.51~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . lintian (2.5.51) unstable; urgency=medium . * Summary of tag changes: + Added: - debian-control-has-dbgsym-package - debian-control-has-obsolete-dbg-package - debian-rules-parses-dpkg-parsechangelog - desktop-entry-lacks-icon-entry - distribution-and-changes-mismatch - distribution-and-experimental-mismatch - gir-in-arch-all-package - gir-missing-typelib-dependency - gir-section-not-libdevel - multiarch-foreign-shared-library - r-data-without-readme-source - readme-source-is-dh_make-template - repeated-trigger-name - systemd-service-file-refers-to-obsolete-bindto - testsuite-autopkgtest-missing - typelib-in-arch-all-package - typelib-missing-gir-depends - typelib-not-in-multiarch-directory - typelib-package-name-does-not-match - typelib-section-not-introspection - unknown-trigger - unreleased-changes - uses-implicit-await-trigger + Removed: - ancient-autotools-helper-file - init.d-script-missing-dependency-on-remote_fs - maintainer-script-should-not-use-ancient-dpkg-epoch-check - maintainer-script-should-not-use-ancient-dpkg-multi-conrep-check - outdated-autotools-helper-file - package-would-benefit-from-build-arch-targets - suidregister-used-in-maintainer-script . * checks/binaries.{desc,pm}: + [NT] Apply patch from Adrian Bunk to bump severity of the hardening-no-pie to a W-tag and improve the tag description. (Closes: #856155) + [NT] Apply patches from Michael Stapelberg to improve handling of golang binaries. (Closes: #857654, #857655, #857656) * checks/changelog-file.pm: + [BR] Check also bug over 1000000 as improbable. Bug below 50004 are not archived and are thus improbable. * checks/changes-file.{desc,pm}: + [BR] Apply patch by Simon McVittie to detect unreleased package uploaded to unstable and mismatched .changes and Changes: distribution. (Closes: #540294). * checks/control.{desc,pm}: + [BR] Detect dbgsym package in control file. (Closes: #858117). + [BR] Warn about obsolete -dbg package. * checks/cruft.{desc,pm}: + [BR] Document long line tagged source-is-missing as a feature not a bug. (Closes: #849470). + [BR] Correct a typo in description of tag license-problem-convert-utf-code. + [BR] Avoid a false positive in gfdl file detection. + [NT] Drop tags about outdated autotools config.guess and config.sub files. These days debhelper automatically updates them when people use the dh-sequencer and the check is not geared for more thorough analysis. (Closes: #848878) + [CL] Check that README.source is not the dh_make template. (Closes: #633850) * checks/debian-readme.{desc,pm}: + [NT] Locate the README.Debian using the index rather than relying on a collection. * checks/fields.pm: + [BR] Enforce naming convention for debug package. (Closes: #645455). + [NT] Avoid proposing "/git/git/" as a part of the canonical URL for anonscm.debian.org. Thanks to Andreas Beckmann for spotting the bug. (Closes: #851215) + [NT] Apply patch from Dylan Aïssi to recommend "javascript" section for libjs packages. Previously, lintian would recommend "web". (Closes: #863386) * checks/files.pm: + [BR] Do not report duplicates for package-installs-apt-preferences and package-installs-apt-sources. (Closes: #814521). + [NT] Apply patch from Helmut Grohne to detect some possible invalid uses of "Multi-Arch: foreign". (Closes: #856975) + [NT] Improve the empty-binary-package tag by adding more common files that should be ignored. Thanks to Helmut Grohne for all the research behind it. (Closes: #856857) + [BR] Detect symlink pointing to builddir. (Closes: #860419) + [CL] Detect RData without README.source. (Closes: #815233) + [NT] Remove work around for segmentation faults in t1disasm from t1utils (<< 1.38-4~). Given Jessie is the minimum supported Debian version, we can now assume t1utils to be (>= 1.38-4). * checks/gir.{desc,pm}: + [NT] Add check for gir packages written by Simon McVittie. (Closes: #695345) * checks/init.d.{desc,pm}: + [NT] Remove check for init.d scripts accessing /usr without a $remote_fs dependency as /usr must now be mounted by the initramfs. (Closes: #829649) * checks/menu-format.{desc,pm}: + [NT] Update the reference to Desktop Entry Specification to point to version 1.1. + [NT] Apply patch from Laurent Bigonville to check desktop files for missing "Icon" field. (Closes: #854132) * checks/rules.{desc,pm}: + [NT] Drop "package-would-benefit-from-build-arch-targets". The dpkg-buildpackage refuses to build packages that trigger this tag. Also, the tag implies two other "W" tags so contributors are still notified of a potential problem. + [CL] Check for manual parsing of dpkg-parsechangelog output now that we have /usr/share/dpkg/pkg-info.mk. * checks/scripts.{desc,pm}: + [NT] Apply patch from Christopher Hoskin to except -doc packages from the "new-package-should-not-package-python2-module" tag. (Closes: #855243) + [NT] Remove references to tags about calling suidregister, dpkg --assert-working-epoch, and dpkg --assert-multi-conrep from maintainer scripts. * checks/systemd.{desc,pm}: + [NT] Apply patch from Michael Biebl to warn about deprecated "BindTo" option in systemd service files. (Closes: #857194) * checks/testsuite.{desc,pm}: + [NT] Apply patch from Lucas Kanashiro to add a tag for recommending packagers to create an autopkgtest for their package. (Closes: #859467) + [NT] Fix false-positive "missing-runtime-test-file" when the "Tests-Directory" field is set to a single dot. Thanks to Ian Jackson for reporting the issue. (Closes: #849880) * checks/triggers.{desc,pm}: + [NT] New check. (Closes: #698723) * checks/upstream-metadata.pm: + [JW, NT] Disable YAML parsing of upstream metadata file as the YAML parser executes code. (Closes: #861958, CVE-2017-8829) * checks/watch-file.pm: + [NT] Apply patch from Alexander Kulak to handle whitespace correctly in the options in v4 watch files. (Closes: #861599) . * coll/debian-readme{,desc}: + [NT] Remove. Merge what little functionality it offers into the debian-readme check. . * commands/{lintian => lintian.pm}: + [NT] Turn the lintian frontend into a dplint command module to avoid code duplication. * commands/reporting-*: + [NT] Rewrite the config file handling. The reporting framework now uses a YAML configuration file instead of a perl script. + [NT] Support processing packages from multiple archives and different suites in these archives. This enables lintian.d.o to also process dbgsym packages. (Closes: #856312) . * data/changes-file/known-dists: + [NT] Add buster and remove squeeze. * data/common/source-fields: + [NT] Add new "Testsuite-Restrictions" field. * data/files/privacy-breaker-websites: + [BR] Add digit.com as tracker. + [BR] Add static.ak.fbcdn.net as facebook. + [BR] Add forkme as logo. * data/files/standard-files: + [NT] Add more common files based on feedback from Helmut Grohne. * data/obsolete-sites/obsolete-sites: + [BR] Apply patch from Hideki Yamane in order to warn about fedorahosted. (Closes: #856954). + [NT] Apply patch from Hideki Yamane to warn about codeplex.com closing down. (Closes: #859412). * data/scripts/interpreters: + [NT] Add stap as a known interpreter. Thanks to gustavo panizzo for the suggestion. (Closes: #858326) * data/scripts/maintainer-script-bad-command: + [NT] Remove check for suidregister, dpkg --assert-working-epoch, and dpkg --assert-multi-conrep. None of these trigger any tags in the archive any longer and the (new) features have been available for 8+ years. * data/spelling/corrections: + [NT] Apply patches from Edward Betts to fix bugs in the correction word lists. (Closes: #852005, #852084) + [NT] Apply patch from Edward Betts to remove corrections for "targetted" and "targetting" as they are valid alternative spellings in AU. (Closes: #852145) + [EB] Add some more spelling corrections. (Closes: #852369, #852404, #852407, #852409, #852410, #852411, #852413, #852414, #852416, #852419, #852421, #852426) + [CL] Add "none were" -> "none was" multiword spelling correction. (Closes: 860558) * data/standards-version/release-dates: + [NT] Add 4.0.0 as a known standards version along with its release date. . * debian/control: + [NT] Add explicit (Build-)Depends on dpkg (>= 1.17.14) to make it explicit that we no longer support Wheezy or older. + [NT] Drop versioned dependencies that are there to assist to Wheezy. + [NT] Mention Debian Policy v4.0.0 in the description. + [NT] Bump Standards-Version to 4.0.0 - no changes required. * debian/copyright: + [EB] Add Edward Betts. . * frontend/dplint: + [NT] Ensure all include directories are absolute before passing them on to the actual command. + [NT] Work around a "Bizarre Copy" bug in perl that could trigger on errors. . * lib/Lintian/CheckScript.pm: + [NT] Remove fallback code for "old" style "pm"-less checks. * lib/Lintian/Util.pm: + [NT] Drop dpkg_deb_has_ctrl_tarfile. Lintian now assumes that dpkg 1.17.14 is available (provided by Debian jessie or later). . * reporting/{config => config.yaml}: + [NT] Rewrite the reporting config template into the new YAML format. * reporting/graphs/tags.gpi: + [NT] Tweak tags.gpi so it works with gnuplot 5. * reporting/templates/{index.tmpl,lintian.css.tmpl}: + [NT] Update to support multiple archives. . * t/*: + [NT] Drop "Test-Depends" from tests where the versions in Debian jessie will satisfy the dependency. + [NT] Update tests to fix FTBFS caused by dpkg-source now ignoring debian/files by default. (Closes: #863020) * t/runtests: + [NT] Re-sort test output after running the "post_test" sed script on the output. This prevent test failures caused by the order changing on different architectures prior to the sed script is run (assuming the sed script otherwise normalises the differences correctly). * t/tests/cruft-general-upstream/pre_upstream: + [EB] Fix failing tests by making the fake flash object more convincing. The most recent version of libmagic uses a more precise definition of the data within a flash file. (Closes: #852891) * t/tests/java-jars: + [NT] Provide a more convincing corrupt .zip file that also fools file 5.30. . * vendors/ubuntu/main/data/changes-file/known-dists: + [CW] Add zesty. + [NT] Apply patch from "Unit 193" to add "devel" as a known Ubuntu distribution. (Closes: #861509) + [NT] Add artful. Checksums-Sha1: ae362fc4b958291044e34762c5d4b5b4de0f30c1 2826 lintian_2.5.51~bpo9+1.dsc 07003edafaf751f73e80a5d1a10bdf55cb08f39b 1221720 lintian_2.5.51~bpo9+1.tar.xz 02fa0dd1678fad20bb3cc32fe6879c58a9d26f74 1052254 lintian_2.5.51~bpo9+1_all.deb 6bf83e92bd60fb7d3ff91e9c0289b70de3fd5c94 17665 lintian_2.5.51~bpo9+1_amd64.buildinfo Checksums-Sha256: 83c234118e8942f0232b3296e1f42df3def0693b6e6532be7ef17273384b8a92 2826 lintian_2.5.51~bpo9+1.dsc e447bb03693cbec07211f3acbdbcc401ec0243fb56700469bf326b8f44d11070 1221720 lintian_2.5.51~bpo9+1.tar.xz 050562b3c50bbe030845e347055181f70f1aa4148a61e4a232d721bd46643f61 1052254 lintian_2.5.51~bpo9+1_all.deb fec4c03d23c371e2cd15c1990f4323317b9e3998cb1e0c0811ff035431a63c01 17665 lintian_2.5.51~bpo9+1_amd64.buildinfo Files: 18ebcb8e38689842aac4c90b0187d564 2826 devel optional lintian_2.5.51~bpo9+1.dsc 0c1b9816b4c3cc93a770beee80788501 1221720 devel optional lintian_2.5.51~bpo9+1.tar.xz 75fac0affebd4042881b7a37b6673f40 1052254 devel optional lintian_2.5.51~bpo9+1_all.deb 53b3bc4c2b751c0e453a349224854c4f 17665 devel optional lintian_2.5.51~bpo9+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3cU+UTD9CCI/mJRWSQhq0+vi8x8FAllYtq4ACgkQSQhq0+vi 8x+gPg//bmZLFsEHXWnOn7er3AYYb/MmvXR78JhOe1eNiHY5PlRpvDNE7blERBbb aTQ/meyYoDSx/mmWn4DOlcZq3YxKXwN3Bm5q+8yfLiBoSuvft822Yb6gqed0uvOC Z8NHGqq19k9aIWir8myHdeaTQu0K5UB5FIRWhk5IlkHjUnbS3bMqiay1hpK0Xm1i ldIb+zrcVdTmhJtE/hBceY88FxlcuRZ8MNdvTWn4WKnDp8DJyen5zlKAHKs63NOA ed/x73q00nbYbvq3G/0lsi3ZGe7Tox5HXqzBE6DGXKfEm3vXn+cF2a2S9icOgwAp uTBR6WbCd3nf0s3wYMZ26j0m2FZl/xChrMRSTBlNBPLrKGMyxv2vd5wur/XnqNpw 3bYZbZnIgPOSfTEgVHG8sfzddlJQEYCcNo2cfoGhakE2d4F8Fs//LRY3xqnYHzDA zR3wSdL517m+CL4G6UMqCkwTeHsAQyQn7mQfUrgXDOehYCO4JNSy6bKBavFWAY8y k4XXWH6VTEZ95qOs+7JMdE6XcfNuZG5fuoAd2yy+dGVxjvkmxJD7XZoX6TMkFXt4 pEDZe3yXLCmZMm8JwQp4vqO6nEbeMPcscqF0hQXp3aBZFjV42GlZnMIQzDm5bSuj WVcfRzstbKF8iwyn1fp7O2huke/JA7xMw/5vD1IJ3L3OUKpYCfY= =BBWc -----END PGP SIGNATURE-----