[lintian] 01/01: c/fields: Catch more insecure Vcs protocols
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch master
in repository lintian.
commit 9de9005dfc6493b35fcac7bef598f0d3af39a7c9
Author: Niels Thykier <niels@thykier.net>
Date: Sat Apr 9 17:05:11 2016 +0000
c/fields: Catch more insecure Vcs protocols
Signed-off-by: Niels Thykier <niels@thykier.net>
---
checks/fields.desc | 4 +++-
checks/fields.pm | 3 ++-
debian/changelog | 5 ++++-
t/tests/control-file-general/debian/debian/control.in | 2 +-
t/tests/fields-uncanonical-vcs-fields/tags | 3 +++
t/tests/fields-vcs-fields/tags | 3 +++
6 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/checks/fields.desc b/checks/fields.desc
index 76ea33c..85ca944 100644
--- a/checks/fields.desc
+++ b/checks/fields.desc
@@ -1102,7 +1102,9 @@ Info: The Vcs-* field uses an unencrypted transport protocol for the
anonymous read-only access.
.
Note that you can often just exchange e.g. git:// with https:// for
- repositories.
+ repositories. Though, in some cases (bzr's "lp:" or CVS's pserver) it
+ might not be possible to use an alternative url and still have a
+ working (anonymous read-only) repository.
Tag: lib-recommends-documentation
Severity: normal
diff --git a/checks/fields.pm b/checks/fields.pm
index d527bc3..7269098 100644
--- a/checks/fields.pm
+++ b/checks/fields.pm
@@ -1281,7 +1281,8 @@ sub run {
if (any { $_ and /\s/} @parts) {
tag 'vcs-field-has-unexpected-spaces', "vcs-$vcs", $uri;
}
- if ($parts[0] =~ m%^(?:git|http)://%) {
+ if ( $parts[0] =~ m%^(?:git|(?:nosmart\+)?http|svn)://%
+ or $parts[0] =~ m%(?:pserver|lp):%) {
tag 'vcs-field-uses-insecure-uri', "vcs-$vcs", $uri;
}
}
diff --git a/debian/changelog b/debian/changelog
index e24a280..caf422b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,12 +5,15 @@ lintian (2.5.44) UNRELEASED; urgency=medium
* checks/description.{desc,pm}:
+ [NT] Drop duplicate word tag, which is now covered by the
spelling error check.
- * checks/fields.pm:
+ * checks/fields.{desc,pm}:
+ [NT] Add default-jdk-headless and openjdk-X-jdk-headless
to the set of known java providers.
+ [JW] Relax build profile dependency checks to allow versions with
trailing tilde. (Closes: #819509) Thanks to Felix Geyer for the bug
report.
+ + [NT] Expand the vcs-field-uses-insecure-uri check to check other
+ known insecure protocols (e.g. svn and pserver). Thanks to Paul
+ "(UTF-8) Snowman" Tagliamonte for the report. (Closes: #812962)
* checks/nmu.{desc,pm}:
+ [NT] Create a separate tag for extra whitespace around uploader name
in the changelog. Thanks to Ben Wiederhake for the suggestion.
diff --git a/t/tests/control-file-general/debian/debian/control.in b/t/tests/control-file-general/debian/debian/control.in
index 7395a3d..d1eef52 100644
--- a/t/tests/control-file-general/debian/debian/control.in
+++ b/t/tests/control-file-general/debian/debian/control.in
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 9),
sparc i386 amd64
]
Build-Depends-Indep: perl (> 5.8)
-XS-Vcs-Svn: svn://svn.example.com/{$source}/trunk
+XS-Vcs-Svn: https://svn.example.com/{$source}/trunk
#Vcs-Git: git://git.debian.org/collab-maint/<pkg>.git
#Vcs-Browser: http://git.debian.org/?p=collab-maint/<pkg>.git;a=summary
diff --git a/t/tests/fields-uncanonical-vcs-fields/tags b/t/tests/fields-uncanonical-vcs-fields/tags
index d6e6955..f9b9e8f 100644
--- a/t/tests/fields-uncanonical-vcs-fields/tags
+++ b/t/tests/fields-uncanonical-vcs-fields/tags
@@ -1,8 +1,11 @@
I: fields-uncanonical-vcs-fields source: vcs-field-not-canonical http://hg.debian.org/hg/foobar/pkg/foobar http://anonscm.debian.org/hg/foobar/pkg/foobar
I: fields-uncanonical-vcs-fields source: vcs-field-not-canonical nosmart+http://bzr.debian.org/bzr/collab-maint/foobar nosmart+http://anonscm.debian.org/bzr/collab-maint/foobar
I: fields-uncanonical-vcs-fields source: vcs-field-not-canonical svn://svn.debian.org/svn/foobar/trunk svn://anonscm.debian.org/foobar/trunk
+I: fields-uncanonical-vcs-fields source: vcs-field-uses-insecure-uri vcs-bzr nosmart+http://bzr.debian.org/bzr/collab-maint/foobar
+I: fields-uncanonical-vcs-fields source: vcs-field-uses-insecure-uri vcs-cvs :pserver:anonymous@cvs.alioth.debian.org:/cvsroot/foobar module
I: fields-uncanonical-vcs-fields source: vcs-field-uses-insecure-uri vcs-git git://git.debian.org/~djpig/foobar.git -b master
I: fields-uncanonical-vcs-fields source: vcs-field-uses-insecure-uri vcs-hg http://hg.debian.org/hg/foobar/pkg/foobar
+I: fields-uncanonical-vcs-fields source: vcs-field-uses-insecure-uri vcs-svn svn://svn.debian.org/svn/foobar/trunk
W: fields-uncanonical-vcs-fields source: vcs-field-bitrotted :pserver:anonymous@cvs.alioth.debian.org:/cvsroot/foobar :pserver:anonymous@anonscm.debian.org:/cvs/foobar
W: fields-uncanonical-vcs-fields source: vcs-field-bitrotted https://svn.debian.org/wsvn/foobar/trunk?foo=bar;op=log;something=else http://anonscm.debian.org/viewvc/foobar/trunk?foo=bar;something=else
W: fields-uncanonical-vcs-fields source: vcs-git-uses-invalid-user-uri git://git.debian.org/~djpig/foobar.git git://anonscm.debian.org/users/djpig/foobar.git
diff --git a/t/tests/fields-vcs-fields/tags b/t/tests/fields-vcs-fields/tags
index e69de29..692df5d 100644
--- a/t/tests/fields-vcs-fields/tags
+++ b/t/tests/fields-vcs-fields/tags
@@ -0,0 +1,3 @@
+I: fields-vcs-fields source: vcs-field-uses-insecure-uri vcs-bzr nosmart+http://anonscm.debian.org/bzr/collab-maint/foobar
+I: fields-vcs-fields source: vcs-field-uses-insecure-uri vcs-cvs :pserver:anonymous@anonscm.debian.org:/cvs/foobar module
+I: fields-vcs-fields source: vcs-field-uses-insecure-uri vcs-svn svn://anonscm.debian.org/foobar/trunk
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: