Accepted lintian 2.5.13~bpo70+1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 30 May 2013 20:11:59 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.13~bpo70+1
Distribution: wheezy-backports
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Luca Falavigna <dktrkranz@debian.org>
Description:
lintian - Debian package checker
Closes: 359059 591812 615516 623265 652380 652595 658474 659335 660655 668437 670092 670963 672273 673073 677874 677890 678639 678857 678896 680391 681061 681410 681769 681894 683224 683516 683737 685299 685497 686179 686352 687464 688320 688494 690014 690910 691489 692232 692548 692616 693013 693442 693589 693918 694328 695839 695866 695967 696230 696960 697164 697534 697693 697916 698234 698602 698610 698704 698720 699452 699628 699670 700110 700543 700882 701061 703490 703978 703985 703989 704446 705170 705175 705197 705441 705835 706166 706241 706242 706827 707400 707742 708178 708755 708881 708943 708957 709041 709121 709379 709415 709455 709615 709886 710086
Changes:
lintian (2.5.13~bpo70+1) wheezy-backports; urgency=low
.
* Rebuild for wheezy-backports.
.
lintian (2.5.13) unstable; urgency=low
.
Upload to unstable.
.
* Summary of tag changes:
+ Added:
- conffile-is-not-in-package
- debconf-translation-using-general-list
- dh_pysupport-is-obsolete
- init.d-script-call-internal-API
+ Removed:
- debhelper-maintscript-needs-versioned-build-depends
- debhelper-script-needs-versioned-build-depends
- missing-pre-dependency-on-multiarch-support
.
* checks/*:
+ [NT] Use Lintian::Path objects as arguments to unpacked
and control where these objects are available.
* checks/binaries:
+ [RA] Do not complain about kernel modules with no shared
library dependency information. Patch from Guillem Jover.
(Closes: #706242)
+ [NT] Demote the certainty of hardening-no-fortify-functions
to "wild-guess". (Closes: #709415)
* checks/changes:
+ [NT] Recognise "<dist>-backports-sloppy" as a valid
distribution. Thanks to Romain Francoise for the
report and the patch. (Closes: #705170)
* checks/conffiles:
+ [NT] Strip whitespace from conffiles similar to how dpkg
does it.
+ [NT] When emitting duplicate-conffile, avoid repeating
other tags related to that conffile. The exception to
this is relative-conffile where the original file might
not have triggered that tag.
+ [NT] Test that all paths listed in the "conffiles" control
file is actually in the package being tested.
* checks/cruft{,.desc}:
+ [JW] Correct the name of the architecture listed in
description of the tag outdated-autotools-helper-file.
(Closes: #706166)
+ [NT] Flag all absolute symlinks in source packages as
"unsafe". (Closes: #697164)
+ [NT] Fix false-positive source-contains-unsafe-symlink
for symlinks ascending one or more levels without escaping
the package root. Thanks to Michael Schutte for the
report and the patch. (Closes: #707742)
+ [NT] Add a series of patches from Bastien Roucariès to
reduce the number of false positives and negatives in the
GDFL related checks. (Closes: #708957, #708881, #709379,
#709886)
* checks/debhelper{,.desc}:
+ [NT] Retire some tags that are no longer relevant in the
Jessie development cycle.
+ [NT] Apply patch from Luca Falavigna to detect uses of the
deprecated tool, dh_pysupport. (Closes: #709615)
* checks/description:
+ [NT] Skip extended-description-is-probably-too-short
for -dbg packages. Thanks to Paul Wise for the suggestion.
(Closes: #705441)
* checks/fields.desc:
+ [NT] Clarify that the "canonical URI" for Vcs fields is
based on an announcement from the Alioth admins. Thanks
to Torquil Sørensen for the report. (Closes: #705835)
+ [NT] Clarify in the tag description of some tags related
to "Vcs-*" fields that the tags are based on a data list
(and is not a result of a HTTP request while checking the
package).
* checks/files{,.desc}:
+ [JW,NT] Drop missing-pre-dependency-on-multiarch-support
now that multiarch-support is in stable. (Closes: #709121)
+ [JW] Fix typo in a tag description. (Closes: #709455)
+ [NT] Change the "ancient-file" cut-off date to 1975 from
1984. Thanks to Ole Streicher and Ansgar Burchardt for the
report. (Closes: #710086)
* checks/group-checks.desc:
+ [NT] Add missing semi-colon in tag description. Thanks to
Andrey Rahmatullin for the report. (Closes: #706827)
* checks/init.d{,.desc}:
+ [NT] Add missing import of utility function that could cause
Lintian to crash in some cases.
+ [NT] Add check for uses of /lib/init in maintainer scripts.
Thanks to Josh Triplett for the report and to Bastien
Roucariès for the patch. (Closes: #670092)
* checks/menu-format:
+ [NT] Fix use of uninitialized variable when menu file uses a
section of "/". (Closes: #708755)
* checks/po-debconf{,.desc}:
+ [NT] Remove tests for commands that are provided by
Lintian's dependencies.
+ [RA] Add new check for a Language-Team field in a translation
pointing to the debian-i18n mailing list. Based on work by
victory. (Closes: #705197)
* checks/rules:
+ [NT] Remove check for "dpkg-dev (>= 1.16.1~)" build-dependency,
since this is trivially satisfied in Wheezy and Jessie.
.
* collection/*-helper:
+ [NT] Move all collection helpers to helpers/coll.
* collection/debfiles:
+ [NT] Replace makeshift "is_ancestor_of" check with the
one from L::Util.
* collection/java-info:
+ [NT] Update a regex to cope with file(1) now calling JAR files
for "Java Jar file" rather than "Zip archive".
(Closes: #707400)
.
* data/changes-file/known-dists:
+ [NT] Add jessie and remove lenny.
* data/debhelper/dh_{addons,commands}-manual:
+ [NT] Remove entries/versions that are no longer relevant.
* data/fields/perl-provides:
+ [NT] Refresh against sid. (Closes: #708178)
* data/spelling/corrections:
+ [NT] Add correction for unnecessarily. Thanks to Guillem
Jover for the suggestion. (Closes: #706241)
.
* debian/control:
+ [NT] Remove irrelevant (versioned) dependencies that are now
trivially satisfied in stable.
+ [NT] Recommend libautodie-perl (>= 2.18) and libperlio-gzip-perl
as these can greatly effect performance of Lintian.
* debian/lintian.install:
+ [NT] Install "helpers" as /usr/share/lintian/helpers
* debian/{postinst,prerm}:
+ [NT] Remove unused maintainer scripts now that stable's
libc-bin provides a C.UTF-8.
* debian/triggers:
+ [NT] Remove unused trigger now that stable's libc-bin
provides a C.UTF-8.
.
* doc/tutorial/**/*.pod:
+ [NT] Fix a number of spelling mistakes in the POD.
* doc/tutorial/Lintian/Tutorial/WritingChecks.pod:
+ [NT] Add a section about how to avoid some common ways
of introducing security issues.
.
* frontend/lintian:
+ [NT] Ignore LINTIAN_ROOT/locale and /var/lib/lintian/locale.
+ [NT] Export LINTIAN_INCLUDE_DIRS and LINTIAN_HELPERS_DIR to
subprocesses. These are ":"-separated lists of dirs used by
Lintian. The first being a list of raw include dirs and the
second being a list of helpers dirs in these include dirs.
+ [NT] Fix a bug where the exit code from lintian would
sometimes be an undocumented value (>= 3).
.
* helpers/coll:
+ [NT] New directory containing some helpers that used to be in
directly collection.
.
* lib/*:
+ [NT] Fix a number of spelling mistakes in the POD.
* lib/Lintian/Collect/{Package,Binary}.pm:
+ [NT] Accept Lintian::Path objects to unpacked and control.
* lib/Lintian/Collect/Source.pm:
+ [NT] Provide a "source" specific is_non_free method that reads
the "Section"-field from d/control instead of the .dsc. This
fixes false-positives "problematic licenses" for non-free
packages. Thanks to Bastien Roucariès for the report.
(Closes: #709041)
* lib/Lintian/Path.pm:
+ [NT] Rename link_resolved to link_normalized.
* lib/Lintian/Unpacker.pm:
+ [NT] On platform that support it, change the "name" of the
process running the collection. This makes it easier to
see what collections are currently being run (like in the
versions prior to 2.5.12). For platforms, where it is
not possible to change the name of a running process, the
unpack jobs will simply be named "lintian" like its parent.
* lib/Lintian/Util.pm:
+ [NT] Fix a race condition in touch_file.
+ [NT] Add sanity check in perm2oct for bad permission
strings and throw errors when they are seen (instead
of returning 0).
+ [NT] Require that the input file is present for
read_dpkg_control and get_deb_control.
+ [NT] In copy_dir, pass --reflink=auto to cp.
+ [NT] Replace resolve_pkg_path with to normalize_pkg_path.
The latter has slightly different return values in some
cases.
+ [NT] Avoid the LOCPATH dance to find the path to an UTF-8
locale now that stable's libc-bin provides C.UTF-8 for us.
+ [NT] Add new function, locate_helper_tool, to find helper
tools.
.
* private/refresh-perl-provides:
+ [NT] Apply patch from Niko Tyni to improve Lintian's
data file about Perl modules provided by perl-base.
.
* profiles/debian/extra-apache2.profile:
+ [NT] Removed, merged into debian/main.profile.
* profiles/debian/ftp-master-auto-reject.profile:
+ [NT] Include md5sums-mismatch and non-standard-toplevel-dir
as an overridable tag.
* profiles/debian/main.profile:
+ [NT] Include the apache2 check. Thanks to Arno Töll for
the report. (Closes: #708943)
.
* reporting/harness:
+ [NT] Stop exporting ENV variables that lintian no longer
cares about.
.
* vendors/ubuntu/main/data/changes-file/known-dists:
+ [NT] Add "saucy" as known Ubuntu distribution. Thanks to
Iain Lane for the report.
.
lintian (2.5.12) experimental; urgency=medium
.
* Summary of tag changes:
+ Added:
- ambiguous-paragraph-in-dep5-copyright
- binary-file-built-without-LFS-support
- debian-tests-control-is-not-a-regular-file
- debian-tests-control-uses-national-encoding
- debug-file-with-no-debug-symbols
- desktop-entry-lacks-keywords-entry
- dir-or-file-in-build-tree
- dir-or-file-in-etc-opt
- dir-or-file-in-home
- file-name-is-not-valid-UTF-8
- font-adobe-copyrighted-fragment-no-credit
- font-package-not-multi-arch-foreign
- illegal-runtime-test-name
- inconsistent-testsuite-field
- license-problem-gfdl-invariants
- license-problem-gfdl-invariants-empty
- menu-icon-uses-relative-path
- missing-runtime-test-file
- missing-runtime-tests-field
- package-contains-broken-symlink-wildcard
- package-contains-unsafe-symlink
- runtime-test-file-is-not-a-regular-file
- source-contains-unsafe-symlink
- unknown-runtime-tests-feature
- unknown-runtime-tests-field
- unknown-runtime-tests-restriction
- unknown-testsuite
- vcs-field-bitrotted
- vcs-git-uses-invalid-user-uri
- zip-parse-error
+ Removed:
- unneeded-build-dep-on-quilt
.
* checks/*:
+ [NT] Avoid following unsafe symlinks. (CVE-2013-1429)
* checks/binaries{,.desc}:
+ [NT] Accept libx32 as a bi-arch directory.
+ [NT] Correct reference policy reference. Thanks to
Samuel Bronson for the correction. (Closes: #698234)
+ [NT] Detect debug ELF binaries with no debug symbols.
Thanks to Nelson A. de Oliveira for the report.
(Closes: #668437)
+ [NT] Check for binaries built without LFS. This can
only be checked for 32bit binaries as 64bit binaries
have LFS by definition. Thanks to Guillem Jover for
the report and patches. (Closes: #670963)
+ [NT] Apply patch from Samuel Bronson to bump severity
(but decrease certainty) of the "not linked against
libc" tags. (Closes: #698720)
* checks/copyright:
+ [NT] Apply patch from Evgeni Golov to avoid false
positive tag when the MPL-2.0 license appears in the
copyright file. (See #626454)
* checks/cruft{,.desc}:
+ [NT] Do not emit the license-problem-json-evil tag for
non-free packages.
+ [NT] Apply patch from Bastien Roucariès to catch GFDL
licenses with invariants (etc.). (Closes: #695967)
+ [NT] Correct description of an autotools tag. Thanks
to Alberto Garcia and Timo Juhani Lindfors for the
report and patch. (Closes: #703490)
+ [NT] Check for unsafe symlinks (outside common testsuite
paths).
* checks/debconf:
+ [NT] Fix several path traversal issues that could leak
information about the host system. (CVE-2013-1429)
* checks/debhelper{,.desc}:
+ [JW] Assume the proper python helpers are called if a
(Makefile) variable is used. (Closes: #659335)
+ [JW] Promote python-depends-but-no-python-helper and
python3-depends-but-no-python3-helper to non-experimental.
* checks/description:
+ [NT] Ignore "extended-description-is-probably-too-short"
for metapackages. Thanks to Axel Beckert for the
report.
* checks/duplicate-files.desc:
+ [NT] Demote severity of "duplicate-files" tag to pedantic.
* checks/fields{,.desc}:
+ [NT] Apply patch from Samuel Bronson to detect some
broken or poor Vcs URLs. Also thanks to James McCoy for
his report. (Closes: #652595)
+ [JW] Reduce severity of b-d-on-python-dev-with-no-arch-any
to minor.
+ [NT] Skip "depends-on-packaging-dev" for metapackages.
+ [NT] Apply patch from Gregor Herrmann to catch metacpan
homepage links with versions. (Closes: #700110)
+ [NT] Apply patch from Vasudev Kamath to detect fonts
packages without a Multi-Arch foreign (or allowed) field.
(Closes: #701061)
* checks/files{,.desc}:
+ [NT] Apply patch from Bastien Roucariès to catch paths
in (common) build dirs. (Closes: #678857)
+ [NT] Do not suggest the use of "virtual package" as a way
to suppress empty-binary-package. Lintian will still
accept it the phrase for now.
+ [NT] Accept libx32 as an bi-arch directory.
+ [NT] Ignore gzipped lintian overrides when checking whether
a package is empty.
+ [NT] Fix typo of Pre-Depends, thanks to Raúl Benencia for
spotting it. (Closes: #699452)
+ [NT] Add patch from Bastien Roucariès to check for another
adobe font license issues. (Closes: #705175)
+ [NT] Test for use of file names that are contain invalid
UTF-8 byte sequences. Thanks to Helmut Grohne for the
suggestion. (Closes: #704446)
* checks/init.d:
+ [NT] Fix regression where Lintian would not properly match
init.d passed to update-rc.d. Thanks to Michael Meskes for
reporting. (Closes: #698602)
+ [NT] Fix possible symlink traversal that could leak
information about the host system. (CVE-2013-1429)
* checks/java{,.desc}:
+ [NT] Report possibly broken jar files.
* checks/md5sums:
+ [NT] Fix path traversal issue that could leak information
about the host system.
* checks/menu-format{,.desc}:
+ [NT] Apply patch from Bastien Roucariès to detect missing
"Keywords" in desktop files. Thanks to Jeremy Bicha for
the report. (Closes: #693918)
+ [NT] Apply patch from Matthias Klumpp to add missing
"Science" category. (Closes: #697693)
+ [NT] Apply patch from Thomas Preud'homme to detect uses of
relative icons in menu files. (Closes: #697916)
+ [NT] Document why only XPM are allowed in the tag description
of menu-icon-not-in-xpm-format. (Closes: 591812)
* checks/menus:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/patch-systems{,.desc}:
+ [NT] Retire unneeded-build-dep-on-quilt, it is only a pedantic
tag and apparently not too accurate. Thanks to Charles Plessy
and Frank Kuester for the reports. (Closes: #615516, #681061)
* checks/po-debconf:
+ [NT] Unconditionally set INTLTOOL_EXTRACT.
* checks/rules:
+ [NT] Remove ant1.7 as alternative to ant as ant1.7 has been
removed from Wheezy.
* checks/scripts:
+ [NT] Treat scripts in /usr/src/ like they were documentation.
* checks/shared-libs:
+ [NT] Special case gcc packages when looking for dev symlinks.
gcc stores its dev symlinks in some special directories.
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/source-copyright{,.desc}:
+ [JW,NT] Add a separate tag for ambiguous DEP-5 paragraphs,
where Lintian cannot reliably figure out what is intended.
Thanks to Julian Taylor for the report. (Closes: #652380)
+ [NT] Add paragraph line number to the "field typo" tag.
* checks/symlinks{,.desc}:
+ [NT] Warn about broken symlinks that contains a literal "*"
in their target. This is usually a sign that a wildcard did
not properly expand. Thanks to Bernd Zeimetz for the report.
(Closes: #683737)
+ [NT] Demote certainty of package-contains-broken-symlink to
wild-guess.
+ [NT] Check for unsafe symlinks in binary packages.
* checks/testsuite{,.desc}:
+ [NT] New check written by Nicolas Boulenguez to catch some
mistakes with the new autopkgtest tests.
.
* collection/*:
+ [NT] Avoid reading files outside the package root.
(CVE-2013-1429)
* collection/{changelog-file,debian-readme}:
+ [NT] Ignore files in usr/doc/<pkg>.
+ [NT] Skip collection if usr/share/doc/<pkg> is not contained
within the package root. (CVE-2013-1429)
* collection/hardening-info{,-helper,.desc}:
+ [NT] Whitelist "memset" and "memmove" as "always safe"
functions. Thanks to Sebastian Ramacher for the suggestion
and Roland Stigge for the report. (Closes: #685299)
+ [NT] Remove work around for #677530
* collection/index{,.desc}:
+ [NT] Fix missing trailing slash on dirnames and bump index
version accordingly. Thanks to Nicolas Boulenguez for
noticing.
* collection/java-info:
+ [NT] Gracefully handle broken Jar files. Thanks to Paul
Tagliamonte for the report. (Closes: #700543)
* collection/strings:
+ [NT] Fix a regression in filtering out "debug" ELF binaries.
.
* data/binaries/arch-regex:
+ [NT] Recognise x32 as an ELF32 binary.
* data/fields/obsolete-packages:
+ [NT] Apply patch from Guillem Jover to add fuse-utils as an
obsolete package. (Closes: #697534)
* data/files/locale-codes:
+ [NT] Refresh against sid data files.
* data/menu-format/add-categories:
+ [NT] Apply patch from Matthias Klumpp to add missing
subcategories.
* data/output/manual-references:
+ [NT] Refresh with Policy 3.9.4.
* data/scripts/interpreter:
+ [NT] Add cfagent as a known interpreter. Thanks to Andreas
Mundt for the suggestion. (Closes: #699670)
* data/scripts/versioned-interpreters:
+ [NT] Apply patch from Thijs Kinkhorst to add lua5.2 as a
versioned alternative to lua. (Closes: #698704)
* data/shared-libs/ldconfig-dirs:
+ [NT] Add libx32 and usr/libx32 used by some gcc x32 bi-arch
packages.
* data/spelling/corrections{,-case}:
+ [JW] Add correction for "privileges". (Closes: #700882)
+ [NT] Warn about incorrect case of "OpenStreetMap". Thanks
to Paul Wise for the patch.
.
* debian/control:
+ [NT] Bump dependency on hardening-includes to avoid having
to work around #677530.
+ [NT] Add XS-Testsuite for autopkgtest tests.
+ [NT] Add Build-Depends on libtest-perl-critic-perl.
+ [NT] Add (Build-)Depends on liblist-moreutils-perl and
libfile-basedir-perl.
+ [NT] Add versioned (Build)-Depends on perl | libautodie-perl.
* debian/lintian.install:
+ [NT] Install Test::Lintian in /usr/share/lintian/lib.
* debian/rules:
+ [NT] Include the new Tutorial pods in the "api-doc" target.
* debian/tests/{control,testsuite,testsuite-legacy}:
+ [NT] New file.
.
* doc/tutorial/Lintian/Tutorial{/WritingChecks}.pod:
+ [NT] Add POD tutorial on writing checks.
.
* frontend/lintian{,-info}:
+ [NT] Add --include-dir command line option. This can be used
to load additional Lintian checks, profiles, libraries or data.
(Closes: #359059)
* frontend/lintian:
+ [NT] Remove "make-shift" lab-query support now that
Lintian::Lab supports it.
+ [NT] Add new command line option "--[no-]user-dirs" to disable
loading from $HOME/.lintian{rc,/} and /etc/lintian{rc,/}.
+ [NT] Error out early if a check cannot be loaded.
+ [NT] Make --suppress-tags{,--from-file} do something when used
with --check-part and document that --tags causes the option
to be ignored.
+ [NT] Accept the magic token "{VENDOR}" as a part of the value
to --profile.
+ [NT] Add new command line option "--ignore-lintian-env" to make
lintian ignore all environment variables starting with LINTIAN_.
+ [NT] Add a new command line option --no-display-experimental
and --default-display-level. These options can be used to
override some display options from the config file.
(Closes: #703985)
+ [NT] Also search for the lintianrc file in XDG_CONFIG_{HOME,DIRS}.
The default paths are now ~/.config/lintian/lintianrc and
/etc/xdg/lintian/lintianrc. The previous lintianrc paths are
still accepted.
+ [NT] Stop looking for lintianrc files in the LINTIAN_ROOT.
+ [NT] Stop exporting LINTIAN_LAB to processes run by lintian.
+ [NT] Use of --root (or setting LINTIAN_ROOT) will now imply
the option --no-user-dirs by default.
.
* lib/*:
+ [NT] Use "parent" instead of the "base" pragma.
* lib/Lintian/Collect.pm:
+ [NT] Add "is_non_free" method to easily check of a given
package appears to be non-free.
* lib/Lintian/Collect/Binary.pm:
+ [NT] Re-instate the "TEXTREL" marker. This fixes a regression
where shared-libs compiled without pic was not reported.
Thanks to Dmitry Shachnev for the assistance in debugging this.
+ [NT] Recognise packages in section "metapackages" as a
metapackage. Thanks to Axel Beckert for the report.
(Closes: #698610)
* lib/Lintian/Collect/Package.pm:
+ [NT] Ensure the "root" entry of indices do not contain itself.
(Closes: #695866)
+ [NT] Add warning to unpacked and debfiles when they are given a
path with leading slash or dot-slash.
+ [NT] When a check requests access to a raw file (or dir) in the
package, ensure that the resulting path does not "escape" the
top level directory. This should preemptively guard against some
(but not all) traversal attempts.
* lib/Lintian/Path.pm:
+ [NT] Document that link_resolved is not sufficient to test the
"safeness" of a symlink.
* lib/Lintian/Command/Simple.pm:
+ [NT] Use constant time lookup access instead of linear scan with
"hashref" wait.
* lib/Lintian/Lab.pm:
+ [NT] Add lab_query method to handle lab-queries directly.
+ [NT] Fix bitrot of repair_lab and rename it to repair for
consistency.
* lib/Lintian/Lab{,/Manifest}.pm:
+ [NT] Add support for grouping of manifests.
* lib/Lintian/Lab/Manifest.pm:
+ [NT] Fix an error in visit_all when sufficient keys for an
exact look up was given.
* lib/Lintian/Processable.pm:
+ [NT] Fix issue where packages loaded from the lab indices would
sometimes get a wrong source-version.
* lib/Lintian/Relation/Version.pm:
+ [NT] Add and export "versions_comparator" that can be used for
sorting purposes.
* lib/Lintian/Tag/Info.pm:
+ [NT] Use "&" in the manpage ref URLs to generate proper HTML.
Thanks to Vasudev Kamath for reporting the issue.
+ [NT] Produce a more helpful error message when a tag has an
invalid severity or certainty. (Closes: #703978)
* lib/Lintian/Tags.pm:
+ [NT] Deal with parsing an ambiguous override a bit better. This
solves false-positive malformed-override, where Lintian misparsed
the tag name as a package name. (Closes: #699628)
* lib/Lintian/Util.pm:
+ [NT] Reject partially signed Deb822 files. Most Deb822 files
are not signed at all; but those that are should be completely
covered by a signature. (Closes: #696230)
+ [ADB] Fix a typo in the matching of expected delimiters for some
signed messages; thanks Samuel Bronson.
+ [NT] Add sub to check if a path is contained within a given dir.
+ [NT] Fix bug in resolve_pkg_path that made it resolve some links
incorrectly.
+ [NT] Document that resolve_pkg_path is not sufficient to test the
"safeness" of a symlink.
.
* man/lintian.pod.in:
+ [NT] Document that --pedantic is the same as "-L +=pedantic".
(Closes: #703989)
+ [NT] Fix typo of the "override" variable in the config example.
.
* private/refresh-locale-codes:
+ [JW,NT] Ignore the "zxx" locale code, which means "No
linguistic content". (Closes: #692548)
.
* reporting/config:
+ [JP] Remove unused $GRAPH_DIR configuration option.
* reporting/graphs/{statistics,tags}.gpi:
+ [JP] Tweak graph size to allow longer labels, and force font
family.
* reporting/harness:
+ [NT] Add --to-stdout option to emit log information to
stdout as well as the log files.
+ [NT] Always schedule packages in groups. Otherwise, binNMU'ed
binaries would not be tested together with their source
package (and architecture independent packages).
+ [NT] Schedule groups in chunks (default 512 per chunk).
This makes the Lintian processes shorter and makes memory
reclaimable sooner. (Closes: #695839)
+ [NT] Remove "make-shift" lab-query support now that
Lintian::Lab supports it.
* reporting/html_reports:
+ [NT] Update xrefs to include source version.
+ [NT] Generate a text file suitable for Apache's RewriteMap to
map source packages to the full report for that source.
Thanks to Joerg "Gannef" Jasper for the suggestion to use
RewriteMap. (Closes: #696960)
+ [JP] Fix version labels glitches.
+ [JP] Use global $GRAPHS_RANGE_DAYS.
+ [JP] Pass graph variables to index and tag templates.
* reporting/lintian.css:
+ [JP] Tweak graph alignment.
* reporting/templates/{packages,maintainer,tag}.tmpl:
+ [NT] Properly handle multiple versions of the same source and
add versioned anchors to them.
* reporting/templates/{index,tag}.tmpl:
+ [JP] Include history graphs in HTML templates.
* reporting/templates/tag.tmpl:
+ [NT] Fix "empty <ul>" tag when tag has no "extra" information.
Thanks to Vasudev Kamath for reporting the issue.
.
lintian (2.5.11) experimental; urgency=low
.
* Summary of tag changes:
+ Added:
- conffile-has-bad-file-type
- debug-package-for-multi-arch-same-pkg-not-coinstallable
- dm-upload-allowed-is-obsolete
- field-name-typo-in-dep5-copyright
- font-adobe-copyrighted-fragment
- license-problem-json-evil
- maintainer-script-has-unexpanded-debhelper-token
- shlibs-uses-obsolete-relation
- untranslatable-debconf-templates
+ Removed:
- apparently-truncated-elf-binary
- data.tar.xz-member-without-dpkg-pre-depends
- debhelper-overrides-need-versioned-build-depends
- no-source-field
- preinst-uses-dpkg-maintscript-helper-without-predepends
.
* checks/*:
+ [NT] Remove assumption that lintian will chdir into the
the lab before calling the check.
+ [NT] Be better at avoiding false-positive spelling errors
for references to packages that also happen to be common
spelling mistake. Thanks to Paul Tagliamonte for the
report. (Closes: #687464)
* checks/binaries{,.desc}:
+ [NT] Merge apparently-truncated-elf-binary into
apparently-corrupted-elf-binary.
+ [NT] Remove some references to objdump in tag descriptions
as Lintian uses readelf.
+ [JW,NT] Update the "extract SONAME" shell snippet to properly
handle SONAMEs with uppercase letters.
+ [JW] Recognise any path with matching the GNU multi-arch
triplet as a "Multi-arch: same"-safe directory. Thanks to
Matthias Klose for the report. (Closes: #681410)
* checks/changelog-file:
+ [NT] Emit "missing changelog" for packages that are missing
their usr/share/doc/<pkg>/ dir and do not have a doc symlink.
Thanks to Faheem Mitha for the report. (Closes: #683224)
* checks/conffiles{,.desc}:
+ [NT] Remove leading slash on the filename when emitting
file-in-etc-rc.d-marked-as-conffile.
+ [NT] Add check for "non-file" conffiles. Thanks to Guillem
Jover for the report. (Closes: #690910)
* checks/control-file.desc:
+ [NT] Bump obsolete-relation-form-in-source to serious as these
forms are now "must not" instead of "should not".
* checks/copyright.desc:
+ [NT] Bump debian-copyright-file-uses-obsolete-national-encoding
to serious as copyright files must now be UTF-8 encoded.
* checks/cruft{,.desc}:
+ [NT] Detect MS-DOS executables as windows binaries.
+ [NT] Bump the version of config.{guess,sub} needed for
triggering the "outdated-autotools-helper-file" tag for arm64
support. Thanks to Paul Wise for the report and the
investigative work. (Closes: #690014)
+ [RA,NT] Extend the description of the tags {outdated,ancient}-
autotools-helper-file to mention that dh-autoreconf might be
helpful tool.
+ [NT] Apply patch from Bastien Roucariès to detect file licensed
under the "Good, not Evil"-JSON license. (Closes: #692616)
* checks/deb-format{,.desc}:
+ [NT] Retire data.tar.xz tag. (Closes: #680391)
* checks/debhelper{,.desc}:
+ [JW,NT] Consider missing versioned build-depends on
debhelper for compat 8 (or less) a pedantic issue.
(Closes: #681894)
+ [NT] Retire debhelper-overrides-need-versioned-build-depends.
* checks/fields{,.desc}:
+ [NT] Retire no-source-field since Lintian cannot emit it any
more due to dpkg-source refusing to extract such source
packages.
+ [NT] Add tag for using the obsolete DMUA field. Thanks to
Ansgar Burchardt for the report. (Closes: #688494)
+ [NT] Apply patches from Bernhard R. Link to check for
unintentional whitespace and use of non-canonical URIs in
Vcs-* fields. (Closes: #681769)
+ [NT] Fix false-positive caused by insignificant whitespace.
Thanks to Dima Kogan for the report. (Closes: #693589)
* checks/files:
+ [RG] Recognise smarty3 as smarty itself.
+ [NT] Consider "tasksel tasks" as a meta package.
(Closes: #691489)
+ [NT] Add patch from Bastien Roucariès to check for adobe font
license issues. (Closes: #694328)
* checks/group-checks{,.desc}:
+ [NT] Detect debug packages not co-installable with itself,
when it provides debug symbols for a Multi-Arch: same package.
Thanks to Carsten Hey for the report. (Closes: #678896)
* checks/infofiles:
+ [NT] Use L::Util's gzip decompressor rather than zcat.
* checks/init.d{,.desc}:
+ [NT] Move file-in-etc-rc.d-marked-as-conffile to conffiles
check.
+ [NT] Use L::Collect's conffile API instead of accessing the
"conffiles" control file directly.
* checks/java.desc:
+ [NT] Remove the "experimental" marker of the Java byte-code
check.
* checks/manpages{,.desc}:
+ [CW,NT] Manually do redirects and chdir rather than
invoking a shell when calling man and lexgrog.
+ [CW,NT] Be stricter with missing roff preprocessors by
setting MANROFFSEQ to the empty string when calling man.
+ [CW,NT] Pass -Tutf8 -Z to man to skip an unused part of
the groff pipeline. (Closes: #677874)
+ [CW,NT] Use the L::Util gzip decompressor to open gzipped
manpages.
* checks/menu-format{,.desc}:
+ [NT] Move a table of categories to a data file.
+ [NT] Update description of menu-icon-missing. Lintian is now
sometimes able to find the icon in dependencies (if they are
built from the same source). Thanks to Ryan Kavanagh for the
report and the suggested patch. (Closes: #683516)
* checks/md5sums:
+ [NT] Use L::Collect's conffile API instead of accessing the
"conffiles" control file directly.
* checks/po-debconf{,.desc}:
+ [NT] Check for untranslatable templates that should be
translatable. Thanks to David Prévot for the report and the
patch. (Closes: #686179)
* checks/scripts{,.desc}:
+ [NT] Retire check for dpkg-maintscript-helper in preinst.
(Closes: #685497)
+ [NT] Fix false positive "executable-not-elf-or-script" when
the file is an executable hardlink to a script.
+ [NT] Check maintainer scripts for unexpanded #DEBHELPER# tokens.
Thanks to Cyril "KiBi" Brulebois for the suggestion.
+ [NT] Fix false-positive for removal of device files as /dev/shm
is not a device. Thanks to Steve Langasek for the report and
Roger Leigh for the extra info. (Closes: #693442)
* checks/shared-libs{,.desc}:
+ [NT] Clarify the description of dev-pkg-without-shlib-symlink
to mention that the dev symlink is always expected in /usr.
+ [NT] Add missing "+" in libtool regex. Thanks to Leo 'costela'
Antunes for the report.
+ [RA,NT] Check for use of obsolete "<" and ">" in shlibs control
files. (Closes: #660655)
* checks/source-copyright{,.desc}:
+ [NT] Check for possible misspellings of known field
names. (Closes: #678639)
+ [NT] Fix typo of paragraph. Thanks to Logan Rosen for spotting
it. (Closes: #693013)
* checks/version-substvars{,.desc}:
+ [JW,NT] Extend version-substvar-for-external-package to
all relations. Previously it was only triggered for
strong dependency relations. (Closes: #658474)
.
* collection/deb-format.desc:
+ [NT] Remove unneeded changelog-file from "Needs-Info".
* collection/objdump-info{,-helper,.desc}:
+ [NT] Change the output format for the collection and
bump the version of the collection accordingly.
+ [NT] Apply patch from Peter Pentchev to ensure set{u,g}id
ELF binaries are properly processed, even when Lintian is
run as root. (Closes: #686352)
.
* data/binaries/embedded-libs:
+ [RG] Check for embedded copies of jsoncpp.
* data/fields/archive-sections:
+ [NT] Add new "tasks" section.
* data/menu-format/add-categories:
+ [NT] New file.
* data/output/ftp-master-{,non}fatal:
+ [NT] Removed, not used at run time.
* data/scripts/interpreters:
+ [NT] Add nodejs and Rscript as a known interpreter.
Thanks to Marcelo Jorge Vieira and Sébastien Boisvert
for the report. (Closes: #623265, #692232)
* data/spelling/corrections:
+ [NT,RG] Add more corrections.
+ [RG] Re-sort the corrections.
.
* debian/control:
+ [NT] Add (Build-)Depends on libtext-levenshtein-perl.
+ [NT] Use anonscm.d.o in the Vcs-* fields instead of
git.d.o.
* debian/lintian.install:
+ [NT] Install Lintian perl modules in /usr/share/perl5.
* debian/rules:
+ [NT] Add target to generate HTML API doc. Currently
this is only run manually.
.
* frontend/lintian:
+ [NT] Remove chdir calls for checks.
+ [NT] Retire depreciated command line and config options.
+ [NT] Refactor unpacking into Lintian::Unpacker.
+ [NT] Make parameter for --jobs optional. In its absence
Lintian will not limit the number of parallel jobs.
+ [JW,NT] During the unpack phase, emit the name of the
group currently being unpacked when --verbose is given.
(Closes: #677890)
+ [JW] Fix typo of Parallelization.
+ [NT] Fix regression where --suppress-tags{,-from-file}
was ignored if -C or -X was passed. Thanks to Thorsten
Glaser for reporting it. (Closes: #688320)
.
* lib/Lintian/Collect{,/Source}.pm:
+ [NT] Add optional parameter to field (and X_field)
methods that denotes the default value if a field is
missing. This avoid some boiler plate for callers
of the methods.
* lib/Lintian/Collect/Binary.pm:
+ [NT] Bump API for objdump method.
+ [NT] Add API for checking if a file is considered a
conffile.
* lib/Lintian/Collect/Package.pm:
+ [NT] Strip leading slash off files extracted from tar.
* lib/Lintian/Command.pm:
+ [NT] Work around a leak in IPC::Run (see #301774).
* lib/Lintian/Internal/FrontendUtil.pm:
+ [NT] Always use Dpkg::Vendor to determine the default
vendor. Previously dpkg-vendor would be preferred if
available.
* lib/Lintian/Lab/Entry.pm:
+ [NT] Use the L::Collect during creation instead of
manually reading the dsc for source packages.
* lib/Lintian/Profile.pm:
+ [NT] Add support for the new optional "Load-Checks"
field in profiles.
+ [NT] Ensure that the "lintian" check is always loaded
as these tags are not emitted by check modules. Also
enable the tags from the check by default.
* lib/Lintian/Tags.pm:
+ [NT] Be explicit about the reason when rejecting an
override. Thanks to Yves-Alexis Perez for the report.
(Closes: #673073)
* lib/Lintian/Unpacker.pm:
+ [NT] New file.
.
* man/lintian.pod.in:
+ [NT] Remove documentation about removed options.
.
* reporting/graphs/{statistics,tags}.gpi:
+ [JP] New file.
* reporting/html_reports:
+ [JP,NT] Generate graphs of the collected history data.
(Closes: #672273)
+ [NT] Make the mirror name configurable.
.
* vendors/ubuntu/main/data/changes-file/known-dists:
+ [NT] Add "raring" as known Ubuntu distribution. Thanks to
Dmitry Shachnev. (LP: #1068208)
Checksums-Sha1:
b714fecafa37364fddabffcbe910063937e09417 2556 lintian_2.5.13~bpo70+1.dsc
f975cfc5a422d08df7ca184348f3e4610782418b 1242326 lintian_2.5.13~bpo70+1.tar.gz
9419493a186ee782a8f8103b29f4fbf058c366ee 770592 lintian_2.5.13~bpo70+1_all.deb
Checksums-Sha256:
aa6b8a3ea3444c8b2fb8ff531f642b687c9e76aa6d091e598de592c0c4607530 2556 lintian_2.5.13~bpo70+1.dsc
9f050b25104dd0808e867b9e12bc60fc2e076296f98b7d5c7a4bdf036626ec88 1242326 lintian_2.5.13~bpo70+1.tar.gz
a00b35dc62e79318b3ec8dcfd3b0b5331bb4dc35c994af85fed3c6a7015ee05e 770592 lintian_2.5.13~bpo70+1_all.deb
Files:
16a9d68bcd174b6fd9d37c6a91f2a928 2556 devel optional lintian_2.5.13~bpo70+1.dsc
43456edfa4b8920f003be87eee8515d6 1242326 devel optional lintian_2.5.13~bpo70+1.tar.gz
4fe2adb4dbb245d34d9af84d0fb4d8f5 770592 devel optional lintian_2.5.13~bpo70+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRp6NHAAoJEEkIatPr4vMfwVAP/3PaUoA2zVz94XwnVXTehlvi
pqkLD709s7WIk9fFnCxOAkyUtKJOwjdzO9FJctJLhbDr/7+joIc7fy8b0BnDyOoF
TSVbeTHlrxG7n0BMiUSbhodnWk2td6iVS9Ri3JOd9wQZvYIdCm59LAQJUSzGYfah
4O57zP2Zof9NqOCQzdlaR22ijdnarsKOpjJ/LKQLa3qRyey2Z2uy7jLpjByKJfYX
ppg9lJ9ey4cuLdw2ohNDrebGk6uoDP22aZMYVfBIKfIEql1unExMXlpQUWr9jDYS
AqSlzWtl0jiasBecN1KeYwow/8WWAMEhOfj3pwPgHW8ksrgOyv7GesLDAWtAW8bJ
TGmFTl3I0RBZ7PXvYKeVSnulVoIVMBBjnr4XYXntFjXeKADRMBKD9q0iG9ZJ3gqm
XQt68rscOyrh/Px9pdU394O1SUlOVBwHPu2iRsAPeqoMbBuv78Tv7IZ2ZWWQ3ilp
AGFMCeZQ1hq8hT8fjkSPtdBNEMUVAqqT3qwv0Ue5A0nw5gWQQehPpytFPAaX/nK0
SyO0g0rUKuoIWWCZ0FRECvkzDAy6pkOYVHm3wOja6MN3as/MNUKgqShYRHSut2S2
oPaWGs9bNdMXT20MHfQgt+xGvd0EzR13sUZ9dqin+1Jg27YPrJ8qiKumXD9RdNR/
Nq9Wt40Zn1RyHV5nWqzm
=xVgh
-----END PGP SIGNATURE-----
Reply to: