-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 13:46:45 +0200 Source: lintian Binary: lintian Architecture: source all Version: 2.5.53~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Luca Falavigna <dktrkranz@debian.org> Description: lintian - Debian package checker Closes: 605999 652963 681713 762956 764486 779675 792198 792846 802721 807461 814599 825348 827941 828720 833585 833691 835120 841670 841832 843428 844191 846009 847144 849622 856137 857123 860801 865055 865531 865882 866322 867042 867673 868178 868897 869541 869587 869750 869788 870069 870199 870272 870649 870681 870722 870730 870758 870822 871008 871575 871767 871791 871957 872042 872076 872611 872843 873096 873211 873323 873434 873458 873490 873701 873702 874078 874121 874381 875509 875985 876003 Changes: lintian (2.5.53~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . lintian (2.5.53) unstable; urgency=medium . The "we are all Perl developers now" release. . * Summary of tag changes: + Added: - alternatively-build-depends-on-python-sphinx-and-python3-sphinx - build-depends-on-python-sphinx-only - dependency-on-python-version-marked-for-end-of-life - maintainer-script-interpreter - missing-call-to-dpkg-maintscript-helper - node-package-install-in-nodejs-rootdir - override-file-in-wrong-package - package-installs-java-bytecode - python-foo-but-no-python3-foo - script-needs-depends-on-sensible-utils - script-uses-deprecated-nodejs-location - transitional-package-should-be-oldlibs-optional - unnecessary-testsuite-autopkgtest-header - vcs-browser-links-to-empty-view + Removed: - debug-package-should-be-priority-extra - missing-classpath - transitional-package-should-be-oldlibs-extra . * checks/apache2.pm: + [CL] Fix an apache2-unparsable-dependency false positive by allowing periods (".") in dependency names. (Closes: #873701) * checks/binaries.pm: + [CL] Apply patches from Guillem Jover & Boud Roukema to improve the description of the binary-file-built-without-LFS-support tag. (Closes: #874078) * checks/changes.{pm,desc}: + [CL] Ignore DFSG-repacked packages when checking for upstream source tarball signatures as they will never match by definition. (Closes: #871957) + [CL] Downgrade severity of orig-tarball-missing-upstream-signature from "E:" to "W:" as many common tools do not make including the signatures easy enough right now. (Closes: #870722, #870069) + [CL] Expand the explanation of the orig-tarball-missing-upstream-signature tag to include the location of where dpkg-source will look. Thanks to Theodore Ts'o for the suggestion. * checks/copyright-file.pm: + [CL] Address a number of issues in copyright-year-in-future: - Prevent false positives in port numbers, email addresses, ISO standard numbers and matching specific and general street addresses. (Closes: #869788) - Match all violating years in a line, not just the first (eg. "2000-2107"). - Ignore meta copyright statements such as "Original Author". Thanks to Thorsten Alteholz for the bug report. (Closes: #873323) - Expand testsuite. * checks/cruft.{pm,desc}: + [CL] Downgrade severity of file-contains-fixme-placeholder tag from "important" (ie. "E:") to "wishlist" (ie. "I:"). Thanks to Gregor Herrmann for the suggestion. + [CL] Apply patch from Alex Muntada (alexm) to use "substr" instead of "substring" in mentions-deprecated-usr-lib-perl5-directory's description. (Closes: #871767) + [CL] Don't check copyright_hints file for FIXME placeholders. (Closes: #872843) + [CL] Don't match quoted "FIXME" variants as they are almost always deliberate. Thanks to Adrian Bunk for the report. (Closes: #870199) + [CL] Avoid false positives in missing source checks for "CSS Browser Selector". (Closes: #874381) * checks/debhelper.pm: + [CL] Prevent a false positive of missing-build-dependency-for-dh_-command that can be exposed by following the advice for the recently added useless-autoreconf-build-depends tag. (Closes: #869541) * checks/debian-readme.{pm,desc}: + [CL] Ensure readme-debian-contains-debmake-template also checks for templates "Automatically generated by debmake". * checks/description.{desc,pm}: + [CL] Clarify explanation of description-starts-with-leading-spaces tag. Thanks to Taylor Kline <taylor.kline@utexas.edu> for the report and patch. (Closes: #849622) + [NT] Skip capitalization-error-in-description-synopsis for auto-generated packages (such as dbgsym packages). * checks/fields.{desc,pm}: + [CL] Ensure that python3-foo packages have "Section: python", not just python2-foo. (Closes: #870272) + [RG] Do no longer require debug packages to be priority extra. + [BR] Use Lintian::Data for name/section mapping + [CL] Check for packages including "?rev=0&sc=0" in Vcs-Browser. (Closes: #681713) + [NT] Transitional packages should now be "oldlibs/optional" rather than "oldlibs/extra". The related tag has been renamed accordingly. * checks/filename-length.pm: + [NT] Skip the check on auto-generated binary packages (such as dbgsym packages). * checks/files.{pm,desc}: + [BR] Avoid privacy-breach-generic false positives for legal.xml. + [BR] Detect install of node package under /usr/lib/nodejs/[^/]*$ + [CL] Check for packages shipping compiled Java class files. Thanks Carnë Draug <carandraug+dev@gmail.com>. (Closes: #873211) + [BR] Privacy breach is no longer experimental. * checks/init.d.desc: + [RG] Do not recommend a versioned dependency on lsb-base in init.d-script-needs-depends-on-lsb-base. (Closes: #847144) * checks/java.pm: + [CL] Additionally consider .cljc files as code to avoid false- positive codeless-jar warnings. (Closes: #870649) + [CL] Drop problematic missing-classpath check. (Closes: #857123) * checks/menu-format.desc: + [CL] Prevent false positives in desktop-entry-lacks-keywords-entry for "Link" and "Directory" .desktop files. (Closes: #873702) * checks/python.{pm,desc}: + [CL] Split out Python checks from "scripts" check to a new, source check of type "source". + [CL] Check for python-foo without corresponding python3-foo packages to assist in Python 2.x deprecation. (Closes: #870681) + [CL] Check for packages that Build-Depend on python-sphinx only. (Closes: #870730) + [CL] Check for packages that alternatively Build-Depend on the Python 2 and Python 3 versions of Sphinx. (Closes: #870758) + [CL] Check for binary packages that depend on Python 2.x. (Closes: #870822) * checks/scripts.pm: + [CL] Correct false positives in unconditional-use-of-dpkg-statoverride by detecting "if !" as a valid shell prefix. (Closes: #869587) + [CL] Check for missing calls to dpkg-maintscript-helper(1) in maintainer scripts. (Closes: #872042) + [CL] Check for packages using sensible-utils without declaring a dependency after its split from debianutils. (Closes: #872611) + [CL] Warn about scripts using "nodejs" as an interpreter now that nodejs provides /usr/bin/node. (Closes: #873096) + [BR] Add a statistic tag giving interpreter. * checks/testsuite.{desc,pm}: + [CL] Remove recommendations to add a "Testsuite: autopkgtest" field to debian/control as it is added when needed by dpkg-source(1) since dpkg 1.17.1. (Closes: #865531) + [CL] Warn if we see an unnecessary "Testsuite: autopkgtest" header in debian/control. + [NT] Recognise "autopkgtest-pkg-go" as a valid test suite. + [CL] Recognise "autopkgtest-pkg-elpa" as a valid test suite. (Closes: #873458) + [CL] Recognise "autopkgtest-pkg-octave" as a valid test suite. (Closes: #875985) + [CL] Update the description of unknown-testsuite to reflect that "autopkgtest" is not the only valid value; the referenced URL is out-of-date (filed as #876008). (Closes: #876003) . * data/binaries/embedded-libs: + [RG] Detect embedded copies of heimdal, libgxps, libquicktime, libsass, libytnef, and taglib. + [RG] Use an additional string to detect embedded copies of openjpeg2. (Closes: #762956) * data/fields/name_section_mappings: + [BR] node- package section is javascript. + [CL] Apply patch from Guillem Jover to add more section mappings. (Closes: #874121) * data/fields/obsolete-packages: + [MR] Add dh-systemd. (Closes: #872076) * data/fields/perl-provides: + [CL] Refresh perl provides. * data/fields/virtual-packages: + [CL] Update data file from archive. This fixes a false positive for "bacula-director". (Closes: #835120) * data/files/obsolete-paths: + [CL] Add note to /etc/bash_completion.d entry regarding stricter filename requirements. (Closes: #814599) * data/files/privacy-breaker-websites: + [BR] Detect custom donation logos like apache. + [BR] Detect generic counter website. * data/standards-version/release-dates: + [CL] Add 4.0.1 and 4.1.0 as known standards versions. (Closes: #875509) . * debian/control: + [CL] Mention Debian Policy v4.1.0 in the description. + [CL] Add myself to Uploaders. + [CL] Drop unnecessary "Testsuite: autopkgtest"; this is implied from debian/tests/control existing. . * commands/info.pm: + [CL] Add a --list-tags option to print all tags Lintian knows about. Thanks to Rajendra Gokhale for the suggestion. (Closes: #779675) * commands/lintian.pm: + [CL] Apply patch from Maia Everett to avoid British spelling when using en_US locale. (Closes: #868897) . * lib/Lintian/Check.pm: + [CL] Stop emitting {maintainer,uploader}-address-causes-mail-loops for @packages.debian.org addresses. (Closes: #871575) * lib/Lintian/Collect/Binary.pm: + [NT] Introduce an "auto-generated" argument for "is_pkg_class". * lib/Lintian/Data.pm: + [CL] Modify Lintian::Data's "all" to always return keys in insertion order, dropping dependency on libtie-ixhash-perl. . * helpers/coll/objdump-info-helper: + [CL] Apply patch from Steve Langasek to accommodate binutils 2.29 outputting symbols in a different format on ppc64el. (Closes: #869750) . * t/tests/fields-perl-provides/tags: + [CL] Update expected output to match new Perl provides. * t/tests/files-privacybreach/*: + [CL] Add explicit test for packages including external fonts via the Google Font API. Thanks to Ian Jackson for the report. (Closes: #873434) + [CL] Add explicit test for packages including external fonts via the Typekit API via <script/> HTML tags. * t/tests/*/desc: + [CL] Add missing entries in "Test-For" fields to make development/testing workflow less error-prone. . * private/generate-tag-summary: + [CL] git-describe(1) will usually emit 7 hexadecimal digits as the abbreviated object name, However, as this can be user-dependent, pass --abbrev=0 to ensure it does not vary between systems. This also means we do not need to strip it ourselves. * private/refresh-*: + [CL] Use deb.debian.org as the default mirror. + [CL] Update locations of Contents-<arch> files; they are now namespaced by distribution (eg. "main"). . lintian (2.5.52) unstable; urgency=medium . * Summary of tag changes: + Added: - appstream-metadata-in-legacy-location - appstream-metadata-legacy-format - appstream-metadata-malformed-modalias-provide - appstream-metadata-missing-modalias-provide - copyright-contains-automatically-extracted-boilerplate - copyright-year-in-future - debian-rules-sets-DEB_BUILD_OPTIONS - elf-maintainer-script - emacsen-common-without-dh-elpa - file-contains-fixme-placeholder - gobject-instrospection-package-missing-depends-on-gir-depends - manpage-has-overly-generic-name - orig-tarball-missing-upstream-signature - package-installs-deprecated-upstart-configuration - udev-rule-missing-subsystem - udev-rule-missing-uaccess - udev-rule-unreadable - unconditional-use-of-dpkg-statoverride - useless-autoreconf-build-depends + Removed: - copyright-contains-dh-make-perl-boilerplate - package-depends-on-multiple-tkx-versions - restriction-formula-with-debhelper-without-debhelper-version - restriction-formula-without-versioned-dpkg-dev-dependency . * checks/appstream-metadata.{desc,pm}: + [NT] New check by Petter Reinholdtsen. * checks/changelog-file.desc: + [AB] Fix typo "%gt;" vs ">". + [CL] Expand the rationale for the latest-debian-changelog-entry-without-new-date tag to mention possible implications for SOURCE_DATE_EPOCH/reproducible builds. + [CL] Upgrade latest-debian-changelog-entry-without-new-date from a warning to an error. (Closes: #873490) * checks/control-file.pm: + [NT] Remove check for missing versioned build-depends for dpkg and debhlper when using Build-Profiles. The necessary versions are now in oldstable. + [CL] Add check for GObject Introspection packages that are missing binary dependencies on ${gir:Depends}. (Closes: #860801) * checks/changes-file.{desc,pm}: + [CL] Check for the presence of an .asc signature if an upstream signing key is present. (Closes: #833585) * checks/copyright-file.{desc,pm}: + [CL] Rename copyright-contains-dh-make-perl-boilerplate to copyright-contains-automatically-extracted-boilerplate as it can be generated by other tools such as dh-make-elpa. Thanks to Sean Whitton for the report. (Closes: #841832) + [CL] Check for years that are later than the last entry added to debian/changelog. (Closes: #807461) * checks/cruft.{desc,pm}: + [CL] Clarify language of source-contains-prebuilt-ms-help-file description; there exists free software to generate .chm files. + [CL] Don't emit source-contains-prebuilt-ms-help-file for files generated by Halibut. (Closes: #867673) + [CL] Move r-data-without-readme-source to check the source package, no the binary; the expected README.source files are not installed in binary packages. (Closes: #866322) + [CL] Apply patch from Dylan Aïssi to also check for .RData files (not just .Rdata) files in r-data-without-readme-source. (Closes: #868178) + [CL] Check for "FIXME" and similar placeholders in various files under debian/. (Closes: #846009) * checks/debhelper.{desc,pm}: + [CL] Check for useless build-dependencies on dh-autoreconf or autotools-dev under compat levels 10 or higher. (Closes: #844191) * checks/elpa.{desc,pm}: + [NT] Apply patch from Sean Whitton to add elpa related checks. (Closes: #867042) * checks/fields.{desc,pm}: + [NT] Remove check for missing versioned build-depends for dpkg and debhlper when using Build-Profiles. The necessary versions are now in oldstable. + [NT] Drop check for depending on multiple versions of tkx as tkx does not seem to be in Debian any longer. * checks/files.pm: + [CL] Add .yml to the list of file extensions to avoid false positives when emitting extra-license-file, with testcase. Thanks to Rene Engelhard for the report. (Closes: #856137) + [CL] Check for packages containing upstart configuration under /etc/init. Thanks to Paul Wise for the report. (Closes: #825348) + [CL] Check for Lintian overrides installed in the wrong package. (Closes: #792198) * checks/init.d.desc: + [CL] Add an example snippet to explain how to prevent emission of init.d-script-sourcing-without-test. * checks/manpages.{desc,pm}: + [CL] Check for overly-generic filenames such as README.3pm.gz. (Closes: #792846) * checks/menu-format.desc: + [ADB] Fix formatting of desktop-entry-lacks-icon-entry + [CL] Add reference to Policy 9.6 for the command-in-menu-file-and-desktop-file tag. (Closes: #871008) * checks/scripts.desc: + [CL] Upgrade new-package-should-not-package-python2-module from I: to W:. See #829744 for more info. + [CL] Clarify wording in new-package-should-not-package-python2-module to make the justification clearer. + [CL] Check for calls to dpkg-statoverride --add without a corresponding --list. (Closes: #652963) + [CL] Add missing "contains" verb to the description of the debhelper-autoscript-in-maintainer-scripts tag. + [CL] Emit new "elf-maintainer-script" classification tag if debian/postinst (etc.) is an ELF binary. * checks/rules.desc: + [CL] Clarify wording in debian-rules-parses-dpkg-parsechangelog to make the justification clearer. (Closes: #865882) + [CL] Check for files setting DEB_BUILD_OPTIONS instead of DH_BUILD_MAINT_OPTIONS. (Closes: #833691) * checks/udev.{desc,pm}: + [NT] New check by Petter Reinholdtsen. * checks/watch-file.pm: + [CL] Factor out hard-coded list of possible upstream key locations to the "common/signing-key-filenames" Lintian::Data resource. + [CL] Add "repack" (along with "dfsg" etc.) to identify a repacked upstream tarball. (Closes: #871957) . * collection/scripts: + [CL] Check that non-ELF maintainer scripts start with #!. (Closes: #843428) . * commands/lintian.pm: + [NT] Attempt to clean up on SIGTERM (like with SIGINT). + [CL] Allow the use of suppress-tags=<tag>[,<tag>[,<tag>]] in lintianrc. (Closes: #764486) * commands/reporting-html-reports: + [NT] Enable re-use of the memory for the maintainer mapping once the log file as been parsed. + [CL] Consistently use the same "Debian style" RFC 822 date format for both "Mirror timestamp" and "Last updated" on the index page. (Closes: #828720) * commands/reporting-sync-state: + [NT] Re-encode checksums into base64 encoded strings (from hex). This reduces size per checksum by about ~30% (disk and memory). This reduction is also applicable to other reporting tools that loads the harness cache. . * data/cruft/non-free-files: + [CL] Match more Lena Söderberg images. Thanks to Lumin <cdluminate@gmail.com> and Dylan Aïssi <bob.dybian@gmail.com>. (Closes: #827941) * data/fields/build-profiles: + [NT] Add patch from Mattia Rizzolo to update the list of known build profiles, adding «nolua» and «noruby». * data/spelling/corrections: + [AB] Remove "iff". It's a valid English word. (Closes: #865055) + [CL] Avoid false positives in spelling-error-in-{binary,manpage} for "CAs" which was annoying for cryptographic software. (Closes: #871791) . * debian/control: + [NT] Add (Build-)Depends on libxml-simple-perl for the new appstream-metadata check. + [NT] Apply patch from Sean Whitton to add a Build-Depends on dh-elpa for a test. + [NT] Prefer default-jdk-headless to default-jdk when available. * debian/rules: + [JW, NT] Post process HTML docmentation to set the charset to UTF-8, which fixes mojibake in the Debian Policy Manual links. Thanks to Paul Hardy for finding a solution to the problem. (Closes: #802721) + [NT] Override dh_autoreconf tools as they are not used (but need to scan over all files in the source package). . * lib/Lintian/Collect/Source.pm: + [CL] Improve support for "3.0 (git)" packages. They are still marked as unsupported-source-format as they are not accepted by the Debian archive. (Closes: #605999) * lib/Lintian/Util.pm: + [NT] Fix uninitialized warning if a fork call fails. . * profiles/debian/main.profile: + [NT] Enable appstream-metadata + udev check by default. (Closes: #841670) . * t/tests/spelling-general/debian/debian/copyright: + [CL] Add regression test for #844166. Checksums-Sha1: b521fbea37f749026abfb4ead71d782916059789 2926 lintian_2.5.53~bpo9+1.dsc 27fa74c50cf63d0b95120dec9808b79882797f6d 1237268 lintian_2.5.53~bpo9+1.tar.xz 2529fd884b5fa88d7974f9835d5e0d7b44a26a97 1065570 lintian_2.5.53~bpo9+1_all.deb 0d10271dafc2b80c49d8e7fbf4510e960afc6713 16301 lintian_2.5.53~bpo9+1_amd64.buildinfo Checksums-Sha256: 7cc94ee05e797a36e83ce56dbdc4035350aa39e29532f24cd91b27007922c230 2926 lintian_2.5.53~bpo9+1.dsc b6fcb6da4a77664510c74aa5659154b696a041ef2a357583f3a3aea17195bf5f 1237268 lintian_2.5.53~bpo9+1.tar.xz 6849e2d6d92f4fe03534a91eec140168a29ee7ee04be20438bb4940333a54d95 1065570 lintian_2.5.53~bpo9+1_all.deb 518fe2b9ffc0d4732595653836f861e4450879982570950c8e92ee9378186c11 16301 lintian_2.5.53~bpo9+1_amd64.buildinfo Files: 96718c77fa734b6aed46facdfd7741f9 2926 devel optional lintian_2.5.53~bpo9+1.dsc 681ba52d57d1790eb3b61573738400fb 1237268 devel optional lintian_2.5.53~bpo9+1.tar.xz bad33deb5c683b0c2ce9dd5bd736a862 1065570 devel optional lintian_2.5.53~bpo9+1_all.deb b38e3fb79698dc630d2babcb5d759fa2 16301 devel optional lintian_2.5.53~bpo9+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3cU+UTD9CCI/mJRWSQhq0+vi8x8FAlnGTNoACgkQSQhq0+vi 8x9MZQ//Z9aKu8KZAqEBSFlXivamaSwwOvn0fLZg8fBu2ErY0GW6p1szEMVZHcmy YtqCzfibx9iRD4UmCGOxSsxU1zQG47sfqf2NSmAbX4pk4UFjlem9rfhenhGV4DjY Q93GUOaMCd4QaoYuZhLnkzQFaMrelY1dXsLAxaaWdaRykxqIdJ8uzt39/QLr13bU 5+XyWdXMc0aaX/kFM95Dwk4BZuX0BA7NWG1V2f3BFKXTEPQGYvUKWijnLKYxqNWz KfMmfE6R9v7z4gzL2Wy2wA6z+vcWPFjkhFuyFPF8OqAVl7HhznWt6wMddKOB401J a7qPszsVXcMAPvVo68us3QmylXDmbev+MjbHaslHYeAFrRxnER+TIdYOeqpQl0Cr ffr4rb6RZN8YiFd906uUvAEBXFJAD70Kh76EN6IqtC5qsIc5JTJa87xlvkKZ30ii aQfencIrcyP9ptGZyQjFU905uAipswjfMzcirWEAHiyo3cn1f7njbQLb5DzU4jsC ls7VDRA8aRm0/+4/dj0yfzk9g5Gl0jS/HdWrNwyOdBVZ94nVXesO7pMjsxLaksg6 kgin835SSHNm0d+ZqWpefkGklsHSefVK2fnxx5cUAw3yo+zQGOySqoXyiE/YnABl wgYO7o1ahIJv0XveqbRBzhwk7KFTslWsmIQ+PCdm+Vgwk0zbzts= =5jAn -----END PGP SIGNATURE-----