--- Begin Message ---
Package: lintian
Version: 2.5.17
Severity: important
Tags: patch
Detect this infamous license. Important because it is even not distribuable.
>From 17ae672b0ebf78163ab97da70889beaa46ea06f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
Date: Sun, 29 Sep 2013 19:54:59 +0200
Subject: [PATCH] Detect nvidia non distribuable license
Nvidia use for opencv example a non free/non distribuable license.
Detect it using lintian.
---
checks/cruft.desc | 14 ++++++++++-
checks/cruft.pm | 27 +++++++++++++++++++---
.../cruft-nvidia-intellectual/debian/src/badcv.c | 12 ++++++++++
.../cruft-nvidia-intellectual/debian/src/badcv2.c | 10 ++++++++
.../debian/src/falsepositive/allmankind.c | 12 ++++++++++
t/tests/cruft-nvidia-intellectual/desc | 5 ++++
t/tests/cruft-nvidia-intellectual/tags | 2 ++
7 files changed, 78 insertions(+), 4 deletions(-)
create mode 100644 t/tests/cruft-nvidia-intellectual/debian/src/badcv.c
create mode 100644 t/tests/cruft-nvidia-intellectual/debian/src/badcv2.c
create mode 100644 t/tests/cruft-nvidia-intellectual/debian/src/falsepositive/allmankind.c
create mode 100644 t/tests/cruft-nvidia-intellectual/desc
create mode 100644 t/tests/cruft-nvidia-intellectual/tags
diff --git a/checks/cruft.desc b/checks/cruft.desc
index c0e4e32..9fd7277 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -326,7 +326,7 @@ Info: The Debian diff or native package contains a file ending in
Tag: diff-contains-substvars
Severity: normal
Certainty: certain
-Info: Lintian found a substvars file in the Debian diff for this source
+Info: Lintian found a substvars file in the Debian diff for this source
package. The debian/substvars (or debian/<tt>package</tt>.substvars) file
is usually generated and modified dynamically by debian/rules targets, in
which case it must be removed by the clean target.
@@ -514,6 +514,18 @@ Info: The given source file is licensed under GFDL, but without any
Ref: http://wiki.debian.org/qa.debian.org/gfdlinvariant,
http://www.debian.org/vote/2006/vote_001
+Tag: license-problem-nvidia-intellectual
+Severity: serious
+Certainty: possible
+Info: The given source file include part license under a
+ non-free and non-distribuable license from NVIDIA.
+ .
+ Please file a bug against the package and another bug against
+ snapshot.debian.org and ftp.debian.org asking to removal.
+ .
+ Should this be a false-positive, please report a bug
+ against lintian.
+
Tag: source-contains-unsafe-symlink
Severity: serious
Certainty: possible
diff --git a/checks/cruft.pm b/checks/cruft.pm
index cbb2919..02f96fe 100644
--- a/checks/cruft.pm
+++ b/checks/cruft.pm
@@ -437,9 +437,6 @@ sub find_cruft {
close($fd);
}
- # license issues do not apply to non-free
- next ENTRY
- if $info->is_non_free;
# license string in debian/changelog are probably just changes
next ENTRY
if $name eq 'debian/changelog';
@@ -479,6 +476,30 @@ sub find_cruft {
$block =~ s{ \\ \* \( [LR] \" }{\"}gxsm;
}
+ if ( index($block, 'intellectual') > -1
+ && index($block, 'property') > -1
+ && index($block, 'all') > -1) {
+
+ # nvdia opencv infamous license
+ # non distribuable
+ if (!exists $licenseproblemhash{'nvidia-intellectual'}) {
+ my $cleanedblock = _clean_block($block);
+ if (
+ $cleanedblock =~ m/retain \s+ all \s+ intellectual \s+
+ property \s+ and \s+ proprietary \s+ rights \s+ in \s+
+ and \s+ to \s+ this \s+ software \s+ and \s+
+ related \s+ documentation/xism
+ ) {
+ tag 'license-problem-nvidia-intellectual', $name;
+ $licenseproblemhash{'nvidia-intellectual'} = 1;
+ }
+ }
+ }
+
+ # some license issues do not apply to non-free
+ # because these file are distribuable
+ if($info->is_non_free) { continue ; }
+
if (
index($block, 'evil') > -1
&& $block =~ m/software \s++ shall \s++
diff --git a/t/tests/cruft-nvidia-intellectual/debian/src/badcv.c b/t/tests/cruft-nvidia-intellectual/debian/src/badcv.c
new file mode 100644
index 0000000..2014f17
--- /dev/null
+++ b/t/tests/cruft-nvidia-intellectual/debian/src/badcv.c
@@ -0,0 +1,12 @@
+/*
+ * Acme Corporation and its licensors retain all intellectual property and
+ * proprietary rights in and to this software and related documentation.
+ * Any use, reproduction, disclosure, or distribution of this software
+ * and related documentation without an express license agreement from
+ * Acme Corporation is strictly prohibited.
+ *
+ * Please refer to the applicable Acme end user license agreement (EULA)
+ * associated with this source code for terms and conditions that govern
+ * your use of this Acme software.
+ *
+ */
diff --git a/t/tests/cruft-nvidia-intellectual/debian/src/badcv2.c b/t/tests/cruft-nvidia-intellectual/debian/src/badcv2.c
new file mode 100644
index 0000000..cbabced
--- /dev/null
+++ b/t/tests/cruft-nvidia-intellectual/debian/src/badcv2.c
@@ -0,0 +1,10 @@
+/*
+ * Copyright 1993-2010 NVIDIA Corporation. All rights reserved.
+ *
+ * NVIDIA Corporation and its licensors retain all intellectual
+ * property and proprietary rights in and to this software and
+ * related documentation and any modifications thereto.
+ * Any use, reproduction, disclosure, or distribution of this
+ * software and related documentation without an express license
+ * agreement from NVIDIA Corporation is strictly prohibited.
+ */
diff --git a/t/tests/cruft-nvidia-intellectual/debian/src/falsepositive/allmankind.c b/t/tests/cruft-nvidia-intellectual/debian/src/falsepositive/allmankind.c
new file mode 100644
index 0000000..a2873ef
--- /dev/null
+++ b/t/tests/cruft-nvidia-intellectual/debian/src/falsepositive/allmankind.c
@@ -0,0 +1,12 @@
+/*
+ * The technologies, software, hardware, designs, drawings, scheumatics, board
+ * layouts and/or artwork, concepts, methodologies (including the use of all
+ * of these, and that which is derived from the use of all of these), all other
+ * intellectual properties contained herein, and all intellectual property
+ * rights have been and shall continue to be expressly for the benefit of all
+ * mankind, and are perpetually placed in the public domain, and may be used,
+ * copied, and/or modified by anyone, in any manner, for any legal purpose,
+ * without restriction.
+ *
+ * This module written by Stephen Underwood.
+ */
diff --git a/t/tests/cruft-nvidia-intellectual/desc b/t/tests/cruft-nvidia-intellectual/desc
new file mode 100644
index 0000000..18a4bc1
--- /dev/null
+++ b/t/tests/cruft-nvidia-intellectual/desc
@@ -0,0 +1,5 @@
+Testname: cruft-nvidia-intellectual
+Sequence: 6000
+Version: 1.0
+Description: Check for the Nvidia intellectual license
+Test-For: license-problem-nvidia-intellectual
diff --git a/t/tests/cruft-nvidia-intellectual/tags b/t/tests/cruft-nvidia-intellectual/tags
new file mode 100644
index 0000000..d982995
--- /dev/null
+++ b/t/tests/cruft-nvidia-intellectual/tags
@@ -0,0 +1,2 @@
+E: cruft-nvidia-intellectual source: license-problem-nvidia-intellectual src/badcv.c
+E: cruft-nvidia-intellectual source: license-problem-nvidia-intellectual src/badcv2.c
--
1.8.4.rc3
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.5.20
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 724930@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 15 Dec 2013 19:52:24 +0100
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.20
Distribution: unstable
Urgency: low
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description:
lintian - Debian package checker
Closes: 637580 643602 673029 711553 718427 720348 723886 724733 724866 724930 727665 727683 729226 730456 730714
Changes:
lintian (2.5.20) unstable; urgency=low
.
* Summary of tag changes:
+ Added:
- build-depends-on-an-obsolete-java-package
- debian-watch-file-pubkey-file-is-missing
- debian-watch-may-check-gpg-signature
- license-problem-nvidia-intellectual
- maintainer-script-should-not-hide-init-failure
- maintainer-script-should-not-modify-ld-so-conf
- maintainer-script-should-not-modify-netbase-managed-file
- maintainer-script-should-not-use-adduser-system-without-home
- maintainer-script-should-not-use-ancient-dpkg-epoch-check
- maintainer-script-should-not-use-ancient-dpkg-multi-conrep-check
- maintainer-script-should-not-use-deprecated-chown-usage
- maintainer-script-should-not-use-dpkg-status-directly
- maintainer-script-should-not-use-fc-cache
- maintainer-script-should-not-use-gconftool
- maintainer-script-should-not-use-install-sgmlcatalog
- maintainer-script-should-not-use-start-stop-daemon
- maintainer-script-should-not-use-update-alternatives-remove
- maintainer-script-should-not-use-update-alternatives-set
- package-install-into-obsolete-dir
- privacy-breach-generic
- privacy-breach-google-adsense
+ Removed:
- ancient-dpkg-epoch-check
- ancient-dpkg-multi-conrep-check
- deprecated-chown-usage
- fc-cache-used-in-maintainer-script
- gconftool-used-in-maintainer-script
- install-sgmlcatalog-deprecated
- maintainer-script-hides-init-failure
- maintainer-script-modifies-ld-so-conf
- maintainer-script-modifies-netbase-managed-file
- maintainer-script-uses-dpkg-status-directly
- start-stop-daemon-in-maintainer-script
- update-alternatives-remove-called-in-postrm
.
* checks/cruft.{desc,pm}:
+ [BR] Check files for under a non-distributable Nvidia
license. (Closes: #724930)
+ [BR] Abstract sliding window algorithm and use it for
license check. (Closes: #720348)
+ [BR] Filter (x?ht|x)ml comments for license check.
(Closes: #729226).
* checks/fields.pm:
+ [SL] Returns a warning when a package build-deps on java-compiler
instead of default-jdk. (Closes: #730714)
* checks/files.desc:
+ [BR] Improve description of pkg-config-multi-arch-wrong-dir
tag. Add debhelper > 9 on non multi-arched package as a likely
cause (Closes: #723886).
+ [BR] Add a generic check for obsolete path.
+ [BR] Detect privacy breaker html/css files (Closes: #637580)
particularly Google Adsense (Closes: #718427).
* checks/scripts.{desc,pm}:
+ [BR] Detect update-alternatives --set in maintainer scripts.
(Closes: #643602).
+ [BR] Use Lintian::Data for bad shell construction in maintainer
scripts.
+ [BR] Detect use of adduser --system without --home or with
--home inside /home. (Closes: #730456).
+ [BR] install-sgmlcatalog is deprecated for a long time. Warn
now in all use case. Rename the tag to
maintainer-script-should-not-use-install-sgmlcatalog
+ [BR] Rename gconftool-used-in-maintainer-script to
maintainer-script-should-not-use-gconftool. Add gconf\d package
to exception list.
+ [BR] Rename fc-cache-used-in-maintainer-script to
maintainer-script-should-not-use-fc-cache. Add fontconfig
package to exception list.
+ [BR] Rename (ancient-dpkg-.*) to maintainer-script-should-not-use-$1.
+ [BR] Rename (deprecated-chown-usage) to
maintainer-script-should-not-use-$1.
+ [BR] Rename maintainer-script-hides-init-failure to
maintainer-script-should-not-hide-init-failure.
+ [BR] Rename maintainer-script-modifies-ld-so-conf to
maintainer-script-should-not-modify-ld-so-conf.
+ [BR] Rename maintainer-script-modifies-netbase-managed-file to
maintainer-script-should-not-modify-netbase-managed-file.
+ [BR] Rename maintainer-script-uses-dpkg-status-directly to
maintainer-script-should-not-use-dpkg-status-directly.
+ [BR] Rename update-alternatives detection in maintainer script to
aintainer-script-should-not-use convention.
+ [BR] Rename start-stop-daemon-in-maintainer-script to
maintainer-script-should-not-use-start-stop-daemon
* checks/standards-version:
+ [BR] Use Lintian::Data for ancient date check.
* checks/watch.{desc,pm}:
+ [BR] Detect lack of uscan support for gpg signature.
(Closes: #711553).
.
* data/binary/embedded-libs:
+ [RG] Detect embedded copies of poppler/xpdf. (Closes: #724733)
* data/files/obsolete-paths:
+ [BR] Add this this file to generically check obsolete path.
+ [BR] Check obsolete /etc/dhcp3 path. (Closes: #673029)
* data/fields/obsolete-packages:
+ [NT] Apply patch from Eric Dorland to mark various versions
of automake as obsolete.
+ [SL] Tag openjdk-6-jdk, openjdk-6-jre and openjdk-6-jre-headless
as obsolete (See ##720911). (Closes: #730714)
* data/fields/virtual-packages:
+ [NT] Refresh against sid. Thanks to Nicholas Breen for the
reminder. (Closes: #724866)
* data/spelling/corrections:
+ [RG] Detect some typos of "establishment" and "contains".
+ [SL] Detect some typos of "suppress".
* data/standards-version/ancient-date:
+ [BR] Set ancient date to 14 Jan 2012.
* data/standards-version/release-dates:
+ [NT] Add release date for 3.9.5.
.
* debian/control:
+ [NT] Bump Standards-Versions to 3.9.5 - no changes required.
+ [BR] Add myself as uploader.
.
* lib/Lintian/Collect/Binary.pm:
+ [GN] Add support for multi-component RPATHs. (Closes: #727683)
* lib/Lintian/Collect/Package.pm:
+ [BR] Globally replace \\ by \ in _dequote_name(). This bug was
masked by old buggy tar (Closes: #727665).
.
* t/debs/deb-format-wrong-order/.*:
+ [BR] Recent dpkg detect this error and bail out. Do not run with
dpkg >= 1.17.2. See dpkg git commit
cb8ed03bbffe892165620ed1ddf753a6b0c1ee62
and 547dca4c3ff23df5dfa554f1943b371cd7056ee4.
.
* vendors/ubuntu/main/data/changes-file/known-dists:
+ [NT] Add "trusty". Thanks to Stéphane Graber for the
reminder.
Checksums-Sha1:
4bb52a152f59024c54763c024e11dc145141df27 2672 lintian_2.5.20.dsc
4209584266431faebf69430a61eb0755cbda9bf2 1276657 lintian_2.5.20.tar.gz
f1642acaafec5f121015705948c1ee3db9dadb7b 708436 lintian_2.5.20_all.deb
Checksums-Sha256:
d1bf763fc0a21e300de1ca662639ad7d4b97ccc94e6fb3f77068580d1551f135 2672 lintian_2.5.20.dsc
989bc1cb4e33a68e6021dae3c7566ac181f1ea00e4d44f90f7de7e2aa9920de8 1276657 lintian_2.5.20.tar.gz
33f9076273d5fe71b9dcc2f499a5b06a8a91b0bc2832d4e426c865a7c6a327c5 708436 lintian_2.5.20_all.deb
Files:
faf2cc1ead256b6580ea2df31fcf8b86 2672 devel optional lintian_2.5.20.dsc
ca279a4ef4fba9e25b0002f438f7bf55 1276657 devel optional lintian_2.5.20.tar.gz
35f7f8065d9e4dda4e289853776128ad 708436 devel optional lintian_2.5.20_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCAAGBQJSr2atAAoJEAVLu599gGRCTZIP/R2NiB3FGeA747eIV24kiD4K
IWBZ5CeV/mycba8rsBep1vB2TncBml22yx1ja5mbE3TL4cztt6DVRsptscASj15T
azNH02ZnMKSgwQcWmbpvB16HKcGrBqu0uasmtScMEeICQQdKZmYU+F60VF3EyCkR
9SzN+XNVXiFvKtdE5ZuPEREmkaeFVXOlGPQj2Qh3MESSJ0yDXhEGSL4wHfkf+zPZ
qkGKE77z6KfZyDvP/3uOHJQIWmKV560Drjgp04iLXtVae0tGMfpngRQshVGSU/Y1
qwtDBDMbArdFxjA25TZq6rmizoJ9tpjXaI0fQdIF2onTIr/i40oS+QMgiglKYgsm
/cYZopmEVxCeQwD6FCpkPE2j/TYTBBpbJE6J9R3RtAf9ohqrGTBvwtbmThFVs9Ko
BsBhpH9XsW21ZHuVl5D5z5esFpSU5B8bZpaQwSFJkdzM3TrOOVgC6dG5HuHsJS0Z
giNV7VZkqjv40VAB8yZFgwvMiqdlFg9oqfWWwN2fnUU4D10LUq2AqhTCkq4uX3xO
XLJ5WE0ejTfRSDtWQgSp2X+AWPBOox9dO2PRN01RfXnsqmyc9lawJoFR+Atezl72
yxfp2l5sAwcw/0aa912qhJtb1nvsEXtnSnC8u43K0rGlSfBqYzJuP9w5/HN1x1R8
nlxM0sfSIMtxTf2uSZTW
=Cepb
-----END PGP SIGNATURE-----
--- End Message ---