-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 15 Apr 2018 13:59:28 +0200 Source: lintian Binary: lintian Architecture: source Version: 2.5.82~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Luca Falavigna <dktrkranz@debian.org> Description: lintian - Debian package checker Closes: 789802 796285 881491 886096 889016 891688 891794 891935 892143 892144 892197 892249 892255 892549 892550 892597 892905 892967 893480 894077 894139 894356 894368 894397 894690 894747 894817 894820 894834 895036 895128 895175 895284 895370 Changes: lintian (2.5.82~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . lintian (2.5.82) unstable; urgency=medium . * Summary of tag changes: + Added: - invalid-field-for-derivative - invalid-version-number-for-derivative . * checks/changes-file.{desc,pm}: + [CL] Add support for derivative-specific version validation to permit enforcement of additional restrictions on the version number such as being suffixed by "derivativeos1", etc. * checks/debhelper.pm: + [CL] Add a special case for the python3 addon as it needs a dependency on dh-python unless the -dev packages are used. Thanks to Julian Andres Klode for the report. (Closes: #895284) * checks/fields.{desc,pm}: + [CL] Add support for derivative-specific field parsing to allow enforcement of additional restrictions (eg. updating Vcs-Git, etc.) * checks/python.pm: + [CL] Apply patch from Pierre-Elliott Bécue to loosen the changelog parsing of the new-package-should-not-package-python2-module tag to allow (for example) "Python 2 variant" as well as "Python2 variant". Thanks! (Closes: #895128) . * commands/reporting-sync-state.pm: + [CL] Add support for blacklisting source packages in order to prevent some currently-problematic packages such as gcc-8-cross-ports preventing the update of https://lintian.debian.org/. (See #890873) * debian/*, commands/*, CONTRIBUTING.md, etc.: + [CL] Move canonical source repository from Alioth to salsa. * lib/Lintian/Collect/Package.pm: + [CL] Allow spaces within the ownership field of tar -tvf output whilst still allowing spaces in filenames. (Closes: #895175) . * data/scripts/maintainer-script-bad-command: + [CL] Also check for find(1) calls when checking for maintainer scripts that use a recursive chmod or chown. Thanks to Daniel Kahn Gillmor for the report. (Closes: #895370) * data/spelling/corrections: + [PW] Add a number of corrections. . * vendors/pureos/main/data/changes-file/derivative-versions: + [CL] Ensure that PureOS packages always end with (eg. pureosX). * vendors/pureos/main/data/fields/derivative-fields: + [CL] Add PureOS-specific field name validation, such as ensuring the Maintainer field is updated to the mailing list. . lintian (2.5.81) unstable; urgency=medium . The "Policy 4.1.4" release. . * Summary of tag changes: + Added: - debian-rules-contains-unnecessary-get-orig-source-target - source-contains-empty-directory + Removed: - debian-rules-missing-good-practice-target-dfsg . * checks/control-file.desc: + [CL] Correct location of "AutomaticDebugPackages" wiki page in the description of the debian-control-has-obsolete-dbg-package tag. Thanks to Antonio Ospite for the report. (Closes: #893480) * checks/cruft.{desc,pm}: + [CL] Add a pedantic warning for upstream tarballs that contain empty directories as these can cause problems with git-buildpackage. Thanks to Balint Reczey for the idea! (Closes: #894368) * checks/gir.{desc,pm}: + [CL] Apply a patch series from Simon McVittie to match the Gobject Introspection policy and fixing a series of false-positives. Thanks! (Closes: #881491) * checks/java.{desc,pm}: + [CL] Apply patch from Bas Couwenberg to bump the maximum permissible bytecode version number now that openjdk-9 is now the default-jdk. (Closes: #894397) + [CL] Apply patch from Bas Couwenberg to update the description of the unknown-java-class-version tag for openjdk-9. (Closes: #894397) * checks/files.pm: + [CL] Add .ogg files to the list of non-license file extensions to avoid a false-positive in extra-license-file. Thanks to Innocent De Marchi for the report. (Closes: #894139) + [CL] Avoid false-positives in Mallard XML files; <link href="..."> tags are anchor element and not followed automatically. Thanks to Simon McVittie for the report. (Closes: #894690) * checks/rules.{desc,pm}: + [CL] Stop recommending that packages with repacked tarballs specify a get-orig-source target; this was removed in Debian Policy 4.1.4 in favour of uscan(1) and debian/watch. + [CL] Warn about packages that have apparently unnecessary "get-orig-source" targets such as single-line calls to uscan(1). Thanks to Mattia Rizzolo for the idea. (Closes: #895036) * checks/scripts.pm: + [CL] Also include the offending/unknown shebang in the output of missing (unversioned) interpreters. * checks/source-copyright.desc: + [CL] Change the severity from pedantic ("P:") to info ("I:") for the missing-explanation-for-repacked-upstream-tarball tag. * checks/testsuite.{desc,pm}: + [CL] Apply patch from Georg Faerber to add missing "needs-reboot" to the list of known autopkgtest restrictions. (Closes: #894817) + [CL] Apply patch from Georg Faerber to adjust the autopkgtest URIs from Alioth to salsa.debian.org. (Closes: #894820) * checks/udev.pm: + [CL] Apply patch from Thomas Dallmair to avoid false positives in the udev-rule-missing-subsystem tag when SUBSYSTEM GOTO is not the last "GOTO" statement. Thanks! (Closes: #894356) * checks/upstream-metadata.pm: + [CL] Re-enable YAML parsing of upstream metadata which was disabled in 2.5.51 (via #861958) to close CVE-2017-8829 as we can now use the $LoadBlessed option of YAML::XS if we have version 0.69 or above Thanks to Dylan Aïssi for the report. (Closes: #894747) . * commands/lintian.pm, checks/{fields,patch-systems,python}, ...: + [CL] Apply patch from Ville Skyttä correcting many spelling mistakes in Lintian itself. Thanks! (Closes: #894834) . * data/standards-version/release-dates: + [CL] Add 4.1.4 as a known Standards-Version. * data/spelling/corrections: + [PW] Add a number of corrections. . * lib/Lintian/Check.pm: + [CL] Avoid false positives in spelling detection by allowing "(s)" suffixes instead of universally stripping all parenthesis. This prevents, for example, "directory(s)" from triggering false-positive whilst still warning about "directorys". Thanks to Patrick Matthäi for the report. (Closes: #894077) * lib/Lintian/Util.pm: + [NT] Fix a bug in do_fork that could cause lintian to fork bomb. (See #890873) . lintian (2.5.80) unstable; urgency=medium . * Summary of tag changes: + Added: - build-depends-on-build-essential-package-without-using-version + Removed: - apache2-module-depends-on-real-apache2-package - depends-on-build-essential-package-without-using-version . * checks/apache2.{desc,pm}: + [CL] Drop apache2-module-depends-on-real-apache2-package tag as there are separate tags for missing apache2-api-* dependencies. Thanks to Thijs Kinkhorst et al. (Closes: #796285) * checks/cruft.{desc,pm}: + [CL] Strip \par elements from files prior to license checks to avoid false-positives when checking .rtf files. Thanks to Adam Borowski for the report and testcase. (Closes: #892967) + [CL] Look under all of /usr/share/doc (not just /usr/share/doc/$pkg) when looking for installed examples and update tag description to match. Thanks to Ferenc Wágner for the report. (Closes: #892905) * checks/java.{desc,pm}: + [CL] Only emit source-contains-prebuilt-java-object reported for .jar files that contain classes. Thanks to Emmanuel Bourg for the report. (Closes: #789802) * checks/fields.{desc,pm}: + [CL] Upgrade vcs-deprecated-in-debian-infrastructure to "W:" from "P" due to Alioth becoming read-only from May 1st, as well as additionally checking Vcs-Browser fields hosted on Alioth and updating the tag description with more details. Thanks to Stuart Prescott for his input. (Closes: #886096) + [CL] Only check dependency fields in binary packages for mail-transport-agent-dependency-does-not-specify-default-mta etc. (Closes: #892550) * checks/rules.pm: + [CL] Don't emit unnecessary-source-date-epoch-assignment if the package has explicit Build-Depends on dpkg-dev (>= 1.18.8) or debhelper (>= 10.10). Thanks to Andreas Metzler for the report. (Closes: #892549) * checks/script.pm: + [BR] Fix FP with sensible-utils need to depends on sensible-utils. * checks/fields.{desc,pm}: + [CL] Clarify the meaning of the depends-on-build-essential-package-without-using-version tag by prefixing it with "build-". Thanks to Sven Joachim and Laurent Bigonville. (Closes: #892597) . * data/debhelper/*, data/common/dh_addons: + [CL] Refresh all debhelper data, correcting the entry for dh-scour. (Closes: #889016) * data/spelling/corrections: + [PW] Add a number of corrections. . lintian (2.5.79) unstable; urgency=medium . * Summary of tag changes: + Added: - default-mta-dependency-does-not-specify-mail-transport-agent - default-mta-dependency-not-listed-first - depends-on-mail-transport-agent-without-alternatives - mail-transport-agent-dependency-does-not-specify-default-mta . * checks/changelog-file.{desc,pm}: + [CL] Ignore entries that end with ":" to avoid false-positives in the debian-changelog-line-too-short. Thanks to Mattia Rizollo for the report. (Closes: #892197) + [CL] Update the description of improbable-bug-number-in-closes removing the specific number as it can get out of sync with the actual check. * checks/changes-file.pm: + [CL] Don't emit orig-tarball-missing-upstream-signature when the package provides a "foo.tar.asc" for a "foo.tar.gz". We previously only checked for a "foo.tar.gz.asc". Thanks to Uwe Kleine-König for the report. (Closes: #892255) * checks/cruft.pm: + [CL] Check all subdirectories under /usr/share/doc/foo to test whether we ship example files, not just /usr/share/doc/foo/examples/. * checks/fields.{desc,pm}: + [CL] Warn about packages that have either have dependency on default-mta but do not specify mail-transport-agent, have a mail-transport-agent dependency but do not specify default-mta and packages that do not specify default-mta first in their alternatives. Thanks to Paul Wise for the report. (Closes: #892143) + [CL] Warn about packages that have a relationship with a mail-transport-agent but do not specify default-mta and mail-transport-agent as alternatives. (Closes: #892144) * checks/obsolete-sites.pm: + [CL] Emit a warning if a package uses a deprecated FTP package download location. (Closes: #892249) . * data/fields/obsolete-packages: + [PW] Add exim and apache, replaced by exim4 and apache2 * data/spelling/corrections: + [PW] Add a number of corrections. . lintian (2.5.78) unstable; urgency=medium . * Summary of tag changes: + Added: - missing-vcs-browser-field . * checks/fields.{desc,pm}: + [CL] Warn about packages that are missing a Vcs-Browser header when we know that they have at least one Vcs-* header that has a browser-based interface. Thanks to Paul Wise for the report. (Closes: #891688) . * data/spelling/corrections: + [CL] Drop the rouge → rogue correction; it's an (admittedly) old-fashioned word for red cheek makeup as well as being a fairly-common French word. It was causing a false-positive in the spelling-error-in-binary tag for osmocom-analog. Thorsten Alteholz for the report. (Closes: #891794) + [CL] Drop the wil → will correction as Wil is "a rather common name in the Netherlands". Thanks to Paul Gevers for the report. (Closes: #891935) * data/spelling/corrections: + [PW] Add a number of corrections. Checksums-Sha1: c74e0c95dfcfd5b0b5034dbe8addd3bff0800424 3539 lintian_2.5.82~bpo9+1.dsc 700287f2ce444c51d61f452254e3a640a8381a3b 1552912 lintian_2.5.82~bpo9+1.tar.xz 69196c0f1f2ec8d084c4684afe6bec715a96a236 16844 lintian_2.5.82~bpo9+1_amd64.buildinfo Checksums-Sha256: 651e0f4e9314fb79c335f4c0a1a969b6f2dfa772be6855d8a7a46da956c937ec 3539 lintian_2.5.82~bpo9+1.dsc 83d3f3d77dfa1e5b2d135fac51075e95d0d3f49de5f4a374798a5787aa91a0e5 1552912 lintian_2.5.82~bpo9+1.tar.xz 4a5f919351a860e7a80f67cabafffefc6c843fb9d7e4abbfe424b577c92b8af0 16844 lintian_2.5.82~bpo9+1_amd64.buildinfo Files: 55d703fa22c3b038377e4d71f4478be1 3539 devel optional lintian_2.5.82~bpo9+1.dsc 550dcebc504ef33901f5fc48fdecc42a 1552912 devel optional lintian_2.5.82~bpo9+1.tar.xz 808e78fb2206904a928acde28c32b443 16844 devel optional lintian_2.5.82~bpo9+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3cU+UTD9CCI/mJRWSQhq0+vi8x8FAlrTQPIACgkQSQhq0+vi 8x84fA/9HbRyC6R1vYrPD2g8qztlyirLVRxZza9m0GRpo/Y9EbUdTgBJSPqfvRYJ G7X1y5FYRzQ1eHYbJDHX2eZlJtDWRRAfcLLv4VeAVNHR4dLwahzIGrXQ+rf+G4II Ug+AFUd9lNBXVmsRlJmaDP4h2TnIR3c/uPFJNpxUOf6u+gLP3kNmyL7wuEl853h9 /7enSufhVXh33vKnW8m+h8BHJfjcI0ovYM29cybMEzkcmWAtHY0eht+7MJwliJ0I zVGbxuRhLmsCXvIgertOBd2gw5lNhxi+e+ejLknDA1iI7AEByr5WUVirm5ZDBQLJ Au2aR+1MzPdhSfE6C23HSpX/iKJx9zJ85u4HiUd1hgaQUFbA2BVyV0YUajEHgxdR HjRnKPfce9tTcfC/q2sIcz2YjA4ZR0zWLF9L25O/Srbx9R9WDYd4U+zpkyD/zUpK +1etnIwkzMol39GC6bSVNvo0yptpBepW+aitseEKHhLFw/wUhJD5L5u85Ipez6vZ fHEeUHuB8kO/l6DQUGLHsLbkSiiWEEpih4IdVJSFhiFkje7t5K3Ph0TyVpMz+os3 FOkaQE1d5WAVGHT0nIjTpES9L/IsMRKuRGF/C3Yl/i+iXCisPZhTWLzCPdtry8Tk ms73wH2COKQuJeDb57Qz5R22uw9F9TrPbRN5Uhk9bKYIDkdamJ8= =CIAR -----END PGP SIGNATURE-----