-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 14 May 2018 22:59:09 +0200 Source: lintian Binary: lintian Architecture: source Version: 2.5.86~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org> Changed-By: Luca Falavigna <dktrkranz@debian.org> Description: lintian - Debian package checker Closes: 884499 889816 889991 892304 895573 895574 895656 895674 895818 895831 895841 896010 896079 896133 896671 896675 896840 897082 897157 897166 897213 897244 897248 897402 897424 897638 897639 897692 897915 898077 898136 898160 Changes: lintian (2.5.86~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . lintian (2.5.86) unstable; urgency=medium . * Summary of tag changes: + Added: - epoch-changed-but-upstream-version-did-not-go-backwards - latest-debian-changelog-entry-reuses-existing-version + Removed: - depends-on-mail-transport-agent-without-alternatives . * checks/changelog-file.{desc,pm}: + [CL] Emit an error when a package bumps the epoch but the upstream version did not go "backwards". Thanks to Raphael Hertzog for the idea. (Closes: #889816) + [CL] Correctly warn about packages that re-use a previous version number. Thanks to Raphael Hertzog for spotting this issue and the follow-ups. (Closes: #889991) * checks/fields.pm: + [CL] Move homepage-field-uses-insecure-uri regex into a separate data file now it is getting unwieldy. + [CL] Drop depends-on-mail-transport-agent-without-alternatives as it only consists of false-positives. Thanks to Paul Wise and Russ Allbery. (Closes: #898136) . * data/debhelper/dh_addons-manual: + [CL] Also permit python-scour to satisfy the requirement for the scour addon. (Closes: #898077) * data/fields/insecure-homepage-uris: + [CL] Add non-HTTPS gnu.org to the list of sites we should warn about for homepage-field-uses-insecure-uri. Thanks to Mattia Rizzolo for the report. (Closes: #898160) * data/spelling/corrections: + [PW] Add a number of corrections. . lintian (2.5.85) unstable; urgency=medium . * Summary of tag changes: + Added: - ancient-python-version-field - changed-by-invalid-for-derivative - old-python-version-field - package-does-not-use-debhelper-or-cdbs . * checks/{binaries,shared-libs.pm}: + [CL] Update shared object detection for file >= 5.33 as this version will identify shared objects as a "pie executable" or "shared object" depending on the file's executable bit. Thanks to Paul Gevers, Doug Freed, Christoph Biedl & Mattia Rizzolo. (Closes: #896840) * checks/changelog-file.pm: + [CL] Prevent false-positives in the non-consecutive-debian-revision and possible-new-upstream-release-without-new-version tags by skipping them if the source package was renamed. Thanks to Andreas Beckmann for the report. (Closes: #896675) + [CL] Include the offending version numbers in the output of the non-consecutive-debian-revision tag. * checks/cruft.pm: + [CL] Make the file-contains-trailing-whitespace tag also emit for whitespace at end of files. + [CL] Drop now-misleading comment regarding trailing whitespace filenames being relative. + [CL] Also allow /usr/share/doc/$pkg/examples to be a symlink when checking for packages that ship examples. Thanks to Rafael Laboissière for the report. (Closes: #897157) * checks/copyright-file.pm: + [CL] Disable the duplicate word "spelling" detection in copyright files to their extensive use of headings and other structures causing false positives. Thanks, Stuart Prescott. (Closes: #897402) * checks/debhelper.{pm,desc}: + [CL] Don't use $. out-of-context when reporting on dh --parallel. + [CL] Add a pedantic warning for packages that do not use debhelper or CDBS. (Closes: #884499) * checks/description.pm: + [CL] Rework the description-synopsis-might-not-be-phrased-properly tag to ensure we do not cause false-positives for literal "e.g.", "eg.", ellipsis ("..."), "etc.", splitting out the tests to make it clearer and to catch some other corner cases. Thanks to Andreas Beckmann for the detailed report. (Closes: #896671) + [CL] Include the synopsis itself for context, etc. when emitting the description-synopsis-might-not-be-phrased-properly tag. * checks/fields.pm: + [CL] Correct a default-mta-dependency-not-listed-first false- positive where we incorrect emitted the tag for, e.g. "Depends: a, default-mta | b". (Closes: #897166) + [CL] Fix orphaned-package-not-maintained-in-debian-infrastructure false positives for https://git.dgit.debian.org Vcs-* fields. Thanks to Thorsten Alteholz for the report. (Closes: #897915) * checks/menus.pm: + [CL] Also look in a package's dependencies for files listed in a doc-base control file. (Closes: #897244) * checks/patch-systems.pm: + [CL] Ignore templated ".in" files in debian/patches for the patch-file-present-but-not-mentioned-in-series tag. * checks/python.{desc,pm}: + [CL] Mark dependency-on-python-version-marked-for-end-of-life as "experimental" and with a "pedantic" severity, thus essentially hiding it from all Lintian users yet allowing us to continue to continue collect statistics and making it easier to re-introduce after the release of buster. (Closes: #897213) + [CL] Migrate the malformed-python-version and python-version-current-is-deprecated tags from fields.pm, refactor to use $info->source_field over $info->field, include the offending field name in the output, and also warn about the Python 3.x variant of this field. + [CL] Warn about ancient and old X-Python{,3}-Version fields. Thanks to Scott Kitterman. (Closes: #892304) * checks/watch-file.desc: + [CL] Update description of debian-watch-uses-insecure-uri to clarify what to do if there is currently no secure URI. Thanks to Andreas Tille for the report. (Closes: #897082) . * collection/src-orig-index: + [CL] Pass --full-date to tar(1) to ensure that we get a consistent output in the presence of spaces in other fields. (Closes: #897248) + [CL] Pass --utc to tar(1) to ensure reproducible date parsing. . * data/java/constants: + [CL] Apply patches from Bas Couwenberg to update the bytecode checks for OpenJDK 10 add bytecode number for OpenJDK 11. (Closes: #897424) * data/fields/perl-provides: + [CL] Update for Perl 5.026002. * data/files/python-generic-modules: + [CL] Add "scripts" and "script" to the list of overly generic Python module names. Thanks, Andreas Beckmann. (Closes: #897692) * data/spelling/corrections: + [CL] Add a "CBDS" → "CDBS" correction. + [CL] Add a "DSFG" → "DFSG" correction. + [PW] Add a number of corrections. . * doc/releases.md: + [CL] Clarify that we should add an extra bit of whitespace for annotated release tags. . * lib/Lintian/Check.pm: + [CL] Add support for derivative-specific "Changed-By" validation to enforce additional restrictions on the uploader. * lib/Lintian/Collect/Package.pm: + [CL] croak() a meaningful message we cannot parse an index data line. . * t/tests/*: + [CL] Apply patch from Adam Conrad adding "-Wl,--no-as-needed" to fix testsuite failures with Ubuntu's ld(1). (Closes: #897639) + [CL] Correct the "files-" (should be "fields-") prefix of the files-orphaned-package-not-maintained-in-debian-infrastructure test. . * vendors/ubuntu/main/data/changes-file/known-dists: + [CL] Apply patch from Adam Conrad to add cosmic as a known Ubuntu distribution. (Closes: #897638) . lintian (2.5.84) unstable; urgency=medium . * checks/binaries.pm: + [CL] Apply patch from Steve McIntyre to fix profiling detection on armhf which was causing test failures in Ubuntu on that architecture. (Closes: #895574) * checks/fields.pm: + [CL] Don't warn about binary-package-depends-on-toolchain-package for Conflicts/Breaks relations. Thanks to Guillem Jover for the report. (Closes: #896133) * checks/{files.desc,menu-format.*}, data/menu-format/known-desktop-keys: + [PW] Link to the latest version for all FreeDesktop standards * checks/python.desc: + [CL] Replace all instances of "specifies a dependency on Python 2.x which not be maintained past 2020" with a clarification that this refers to upstream's policy followed by a suggestion that it may be dropped after the release of Debian "buster". Thanks to Adrian Bunk for the suggestion. (Closes: #896079) * checks/source-copyright.pm: + [CL] Add the offending license name to the output of the "dep5-copyright-license-name-not-unique" tag. . * data/spelling/corrections: + [PW] Add a number of corrections. . * lib/Lintian/Collect/Package.pm: + [CL] Ensure directory names always end in a trailing "/" to prevent them being added multiple times to our index. This was resulting in false-positives for the source-contains-empty-directory tag. Thanks to James McCoy for the report. (Closes: #896010) + [CL] Correct "as_anchored_root_dir" -> "has_anchored_root_dir" typo introduced in e0c833b3 and disable "anchored roots", otherwise resolve_path breaks (eg. systemd-complex-service-file). . * profiles/pureos/main.profile: + [CL] Also disable the "changelog-should-mention-nmu" and "source-nmu-has-incorrect-version-number" tags. . lintian (2.5.83) unstable; urgency=medium . * Summary of tag changes: + Added: - debian-rules-should-not-use-sanitize-all-buildflag . * checks/fields.desc: + [ADB] Add missing URL in vcs-deprecated-in-debian-infrastructure's description, which was accidentally lost in lintian 2.5.80. * checks/version-substvars.desc: + [CL] Correct confusing not-binnmuable-any-depends-all tag description caused by blind replacement of ${Source-Version} to ${source:Version} in 4fd0fa4bc3. (Closes: #895656) + [CL] Correct classification of the maybe-not-arch-all-binnmuable tag by marking it as "experimental", downgrading the certainty to "wild guess" and re-adding a note recommending against making any changes at this point. Thanks, Jeremy Bicha! (Closes: #895674) . * data/binaries/spelling-exceptions: + [CL] Add "selectOn" to the list of spelling-error-in-binary exceptions; it exists in the source as part of a "void ToolBoxWidget::selectOn()" method signature, etc. (Closes: #895818) + [CL] Add "wIH" to the list of exceptions. (Closes: #895841) * data/rules/should-not-use: + [CL] Detect debian/rules files that specify the sanitize=+all build flag. (Closes: #895831) * data/spelling/corrections: + [CL] Add "toogle" → "toggle" correction. Thanks to Thorsten Glaser for the report. (Closes: #895573) + [PW] Add a number of corrections. Checksums-Sha1: 4681b2e9021fc097787b37ee35cc6967e47f6bfa 3539 lintian_2.5.86~bpo9+1.dsc c41dbb685415e2f1c3a6b76b55a7aedb4636a23e 1560048 lintian_2.5.86~bpo9+1.tar.xz b3553f759b818a54c880278eb834cefe6441a4e1 16845 lintian_2.5.86~bpo9+1_amd64.buildinfo Checksums-Sha256: 5775ae7a8743810681f0a85414d6cdf28d3a504d0096b80f9474db0e826cceb6 3539 lintian_2.5.86~bpo9+1.dsc d8d7ad372ecbfaa3d74fa7f201ddaa0ee147b149e864ffe241f29b8469f199df 1560048 lintian_2.5.86~bpo9+1.tar.xz fa6907ad557ed2e83d470a009012dd5f912770c577f7891e3a77e46781dea8e4 16845 lintian_2.5.86~bpo9+1_amd64.buildinfo Files: 2959bb1c840352a0e5526b3886b3ceb6 3539 devel optional lintian_2.5.86~bpo9+1.dsc 6d23d5d247e11b78498489a999b2d44f 1560048 devel optional lintian_2.5.86~bpo9+1.tar.xz 18df1083666cc64ac44e64d88d291976 16845 devel optional lintian_2.5.86~bpo9+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3cU+UTD9CCI/mJRWSQhq0+vi8x8FAlr5+0cACgkQSQhq0+vi 8x927A/9Ex5oX1muNSd34XlkjlBX9hTCfGWGCzP0MV/2ApifJf64hqEaC9/OCZwd p3E6DiTAxWC/3/Zhx/nQsxjwqh/OZvP3FxtnZymu0j6zQU4TLt5B0L5W2IpEoNw6 HOBRs5vxas0fHi5u83Cn5bsn5Fbg2p3GJjFLha7lH4EOX1RKAEAmQpGovExKQPEO vA2US4BfJbQ6xOm+RnHGkhBT3jsbMNLXpMBGjZKefP2AsHVcRpOgT5drHZPqA59G 3gZFKbVNZ+UTF4sWz3z85ab+TSMVPJTLqUxsYYU3Tv0LOb90uva+Nn+cuhfiD0Tx 3Z/uVXbltnUehZ0HW4s4jxnb098n7OMGwqqMSkUuP6qfVUOLLnmoDJs5KiErxJNU ZjPHwfkx9TdJoCK+bkBPMNDHV6Vv0rIBOnpexTpRSCYjAC7rn1dNFgM/1/qEgwcu EV7jOALlszNgonrYBP9pRDXxNrEfV7Gmt10HsMlvusUqbRrJ4uT7IMDI6yHataFX cxzIGDErdNDwrj41IHkLsZ1wY0SXIBRcxM3uJHhtACGjpJbhKRTY8YP2Ww4EdqTR NOuWM24x6RUcrKtvfDKHdYsV3dCy1eLD0Wrf2fU2BfCjTuZAhB/22zXD12M/PCeR wgAJsPG0ChNyCNgqzEv3V4e+5MYAqo0meWrf90pTEIc6HXEgYLY= =EYJH -----END PGP SIGNATURE-----