[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#493156: marked as done (Detect embedded copies of Mark Pilgrim's "feedparser.py")

Your message dated Sat, 09 Aug 2008 04:02:03 +0000
with message-id <E1KRfeV-0004rf-5r@ries.debian.org>
and subject line Bug#493156: fixed in lintian 1.24.3
has caused the Debian Bug report #493156,
regarding Detect embedded copies of Mark Pilgrim's "feedparser.py"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
493156: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493156
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: lintian
Version: 1.24.2
Severity: wishlist
Tags: patch

Lintian should emit a warning when a package installs an embedded copy of
Mark Pilgrim's Universal Feed Parser.

(Debian's copy--available in the python-feedparser package--contains a
growing number of patches to fix various issues and packages that embed a
copy from elsewhere are not picking these up.)

Patch (with testcases) attached.


Regards,

-- 
Chris Lamb, UK                                       chris@chris-lamb.co.uk
                                                            GPG: 0x634F9A20

From a96e0017cde39a9537e32a6571b2ee4a3dc4fd3e Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Thu, 31 Jul 2008 19:41:01 +0100
Subject: [PATCH] Emit a warning when a package embeds Mark Pilgrim's feedparser.py.

We check the contents of the file first to avoid some false positives,
particularly /usr/lib/python2.5/email/feedparser.py.
---
 checks/files                          |   12 ++++++++++++
 checks/files.desc                     |    7 +++++++
 testset/filenames/files/feedparser.py |   16 ++++++++++++++++
 testset/tags.filenames                |    3 +++
 4 files changed, 38 insertions(+), 0 deletions(-)
 create mode 100644 testset/filenames/files/feedparser.py

diff --git a/checks/files b/checks/files
index 64b6ce3..46f40c2 100644
--- a/checks/files
+++ b/checks/files
@@ -647,6 +647,18 @@ while (<IN>) {
 	    tag "embedded-javascript-library", "$file";
 	}
 
+	# ---------------- embedded Feedparser library
+	if ($file =~ m,/feedparser\.py$, and $pkg ne "python-feedparser") {
+	    open(FEEDPARSER, "unpacked/$file") or fail("cannot open feedparser.py file: $!");
+	    while (<FEEDPARSER>) {
+		if (m,Universal feed parser,) {
+		    tag "embedded-feedparser-library", "$file";
+		    last;
+		}
+	    }
+	    close(FEEDPARSER);
+	}
+
 	# ---------------- general: setuid/setgid files!
 	if ($perm =~ m/s/) {
 	    my ($setuid, $setgid) = ("","");
diff --git a/checks/files.desc b/checks/files.desc
index 519b0ed..326f29d 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -768,3 +768,10 @@ Info: This package contains an embedded copy of the JQuery, Prototype,
  own packages. Please depend on the appropriate package and symlink the
  library into the appropriate location.
 Ref: policy 4.13
+
+Tag: embedded-feedparser-library
+Type: warning
+Info: This package contains an embedded copy of Mark Pilgrim's Universal
+ Feed Parser. Please depend on the "python-feedparser" package and symlink
+ the library into the appropriate location.
+Ref: policy 4.13
diff --git a/testset/filenames/files/feedparser.py b/testset/filenames/files/feedparser.py
new file mode 100644
index 0000000..78f0866
--- /dev/null
+++ b/testset/filenames/files/feedparser.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+"""Universal feed parser
+
+Handles RSS 0.9x, RSS 1.0, RSS 2.0, CDF, Atom 0.3, and Atom 1.0 feeds
+
+Visit http://feedparser.org/ for the latest version
+Visit http://feedparser.org/docs/ for the latest documentation
+
+Required: Python 2.1 or later
+Recommended: Python 2.3 or later
+Recommended: CJKCodecs and iconv_codec <http://cjkpython.i18n.org/>
+"""
+
+__version__ = "4.1"# + "$Revision: 1.92 $"[11:15] + "-cvs"
+
+# (snip)
diff --git a/testset/tags.filenames b/testset/tags.filenames
index 88e5325..892bf19 100644
--- a/testset/tags.filenames
+++ b/testset/tags.filenames
@@ -61,6 +61,7 @@ W: filenames: binary-without-manpage usr/bin/X11/testxbin
 W: filenames: binary-without-manpage usr/bin/mh/read
 W: filenames: debian-news-file-not-compressed usr/share/doc/filenames/NEWS.Debian
 W: filenames: desktop-file-in-wrong-dir usr/share/gnome/apps/System/foo.desktop
+W: filenames: embedded-feedparser-library files/feedparser.py
 W: filenames: embedded-javascript-library usr/share/filenames/jquery.js
 W: filenames: embedded-javascript-library usr/share/filenames/jquery.lite.js
 W: filenames: embedded-javascript-library usr/share/filenames/jquery.min.js
@@ -84,6 +85,7 @@ W: filenames: file-in-unusual-dir files/.cvsignore
 W: filenames: file-in-unusual-dir files/Maelstrom Sounce.r121
 W: filenames: file-in-unusual-dir files/Maelstrom Sound
 W: filenames: file-in-unusual-dir files/Maelstrom Sound.mine
+W: filenames: file-in-unusual-dir files/feedparser.py
 W: filenames: file-in-unusual-dir files/svk-commitsEr9P.tmp
 W: filenames: file-in-unusual-dir files/svn-commit.tmp
 W: filenames: file-in-unusual-dir srv/foo/bar
@@ -121,6 +123,7 @@ W: filenames: package-contains-vcs-control-file usr/lib/perl5/foo/.hgtags
 W: filenames: package-installs-into-etc-gconf-schemas etc/gconf/schemas/test.schema
 W: filenames: package-installs-nonbinary-perl-in-usr-lib-perl5 usr/lib/perl5/foo/ancient.pm
 W: filenames: package-installs-nonbinary-perl-in-usr-lib-perl5 usr/lib/perl5/foo/bar.pm
+W: filenames: script-not-executable ./files/feedparser.py
 W: filenames: svk-commit-file-in-package files/svk-commitsEr9P.tmp
 W: filenames: svn-commit-file-in-package files/svn-commit.tmp
 W: filenames: symlink-is-self-recursive usr/lib/filenames/symlink10wrong ../../..
-- 
1.5.6.3

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: lintian
Source-Version: 1.24.3

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive:

lintian_1.24.3.dsc
  to pool/main/l/lintian/lintian_1.24.3.dsc
lintian_1.24.3.tar.gz
  to pool/main/l/lintian/lintian_1.24.3.tar.gz
lintian_1.24.3_all.deb
  to pool/main/l/lintian/lintian_1.24.3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 493156@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frank Lichtenheld <djpig@debian.org> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Aug 2008 00:35:13 -0300
Source: lintian
Binary: lintian
Architecture: source all
Version: 1.24.3
Distribution: unstable
Urgency: low
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Frank Lichtenheld <djpig@debian.org>
Description: 
 lintian    - Debian package checker
Closes: 376184 491135 491252 491296 491302 491365 491440 491578 491625 491685 492930 493156 493903 493920 493921
Changes: 
 lintian (1.24.3) unstable; urgency=low
 .
   The "greetings from Argentina" release.
 .
   * checks/binaries:
     + [ADB] Use Lintian::Collect throughout rather than reparsing file-info
       and objdump-info.
   * checks/changelog-file{,.desc}:
     + [ADB] Use Lintian::Collect instead of reading the fields/*, file-info
       and objdump-info files.
     + [ADB] Remove a misplaced word from the description of the tag
       "debian-changelog-file-contains-invalid-email-address".
   * checks/copyright-file{,.desc}:
     + [ADB] Drop the "copyright line too long" check.  Most of the issues
       it flags aren't easily fixable, particularly where the copyright file
       is (semi)automatically generated.  (Closes: #491302, #491365, #491685)
     + [ADB] Use Lintian::Collect for accessing control fields and reading the
       list of files in the package.
     + [ADB] Don't flag use of version 1 of the GPL, or licenses using phrases
       such as "compatible with the GPL" (for example, the W3C Software
       License) as missing a reference to common-licenses
     + [ADB] Replace references to the GPL in GFDL and LGPL related tags
       with the appropriate license.  Also remove a misplaced word.
   * checks/cruft:
     + [ADB] Use Lintian::Collect for accessing control fields
   * checks/debconf:
     + [ADB] Don't complain about unused debconf templates in udebs.
       (Closes: #491135)
     + [RA] Try to recognize at least some debconf template uses in Perl.
     + [ADB] Replace fields/* and scripts access with Lintian::Collect
     + [ADB] Don't flag the shared templates used for dictionaries-common
       co-ordination as unused.
     + [FL] Remove debconf-error-requires-versioned-depends since post-lenny
       a tag for the sake of sarge-backports clearly makes no sense anymore.
       (Closes: #493920)
   * checks/description:
     + [RA] Don't warn about a synopsis that ends in "etc."  Patch from
       Chris Lamb.  (Closes: #491252)
     + [ADB] Use Lintain::Collect to read the package's description.
   * checks/etcfiles:
     + [ADB] Walk Lintian::Collect->index instead of reading the "index" file.
   * checks/fields{,.desc}:
     + [RA] Warn about packages that depend exclusively on makedev.
       Thanks, Josh Triplett.  (Closes: #491625)
     + [ADB] Use Lintian::Collect::field() to determine the content of fields
       from control files rather than reading the fields/* files. This and
       similar changes to other scripts should improve performance as the
       Collect object caches the lookup result.
     + [ADB] Reformat a couple of tags' descriptions.
   * checks/files{,.desc}:
     + [ADB] Switch to using Lintian::Collect.
     + [ADB] Fix a couple of bugs in the parsing of the list of scripts
       contained within a package which led to scripts in /usr/share/doc
       being incorrectly tagged as executable-in-usr-share-doc.
     + [ADB] Update a couple of Policy references.  Thanks Jordà Polo.
     + [ADB] Warn when a package embeds a copy of the Universal Feed Parser.
       Patch from Chris Lamb.  (Closes: #493156)
     + [FL, ADB] Don't issue tag file-in-unusal-dir for files where we already
       issued one of the specific dir-or-file-in-* tags.  (Closes: #493921)
     + [ADB] Add a missing "have" to package-contains-ancient-file's
       description.
   * checks/huge-usr-share:
     + [ADB] Replace (the single) direct access to fields/* with ::field()
     + [ADB] Replace an outdated link to the Developer's Reference.
       Thanks Jordà Polo.
   * checks/infofiles{,.desc}:
     + [ADB] Use Lintian::Collect to retrieve information about the files
       being processed.
     + [ADB] Update the tag "install-info-not-called-with-quiet-option"'s
       Policy reference.  Thanks Jordà Polo.
   * checks/init.d.desc:
     + [ADB] Update a Policy reference.  Thanks Jordà Polo.
   * checks/lintian.desc:
     + [ADB] Add a Policy reference to bad-section-in-changes-file.  Thanks
       Jordà Polo.
   * checks/manpages{,.desc}:
     + [RA] Suppress warnings about inability to break a line that contains
       a URL.  URLs often can't be usefully broken.  Based on a patch by
       Damyan Ivanov.  (Closes: #491578)
     + [ADB] Update the Policy reference for manpage-has-wrong-extension.
     + [ADB] Use Lintian::Collect rather than parsing the "index" and
       "file-info" files.
     + [FL] In description for manpage-has-errors-from-man note how to
       reproduce this errors outside of lintian.  (Closes: #492930)
   * checks/menu-format{,.desc}:
     + [ADB] Use Lintian::Collect to parse the list of files in the package.
     + [ADB] Don't raise menu-command-not-in-package for 'sensible-browser'
       or 'sh'.  Thanks Raphael Geissert.
     + [RA] Warn about .kdelnk files and [KDE Desktop Entry] headings in
       desktop files.  Patch from Raphael Geissert.
   * checks/menus{,.desc}:
     + [ADB] Fix a typo; thanks Jordà Polo.
     + [ADB] Use the file list from Lintian::Collect.
   * checks/nmu{,.desc}:
     + [ADB] Use Lintian::Collect for maintainer / uploader information
     + [ADB] Add a DevRef reference to changelog-should-mention-nmu.  Thanks
       Jordà Polo.
   * checks/patch-systems:
     + [RA] Combine all patch-system-but-direct-changes-in-diff instances
       into a single message to reduce the noise from packages that rebuild
       all auto-generated files outside the patch system.  Thanks, Julien
       Cristau.  (Closes: #491296)
     + [ADB] Migrate fields/* reading to use ::Collect::field().
   * checks/po-debconf{,.desc}:
     + [ADB] Check that at least one complete translation exists.  Thanks Jordà
       Polo.
   * checks/rules:
     + [ADB] Use ::Collect for field access.
     + [FL] Do not complain about using dh in a unused binary-* target.
   * checks/scripts{,.desc}:
     + [RA] Warn about maintainer scripts that prepend a path to commands.
       Based on a patch by Raphael Geissert.  (Closes: #376184)
     + [ADB] Don't read fields/*, scripts, index or file-info directly as the
       contents have almost certainly been cached in Lintian::Collect already.
     + [ADB] Update a couple of Policy references.  Thanks Jordà Polo.
   * checks/shared-libs.{,desc}:
     + [ADB] Improve the description of no-symbols-control-file.
     + [ADB] Migrate to using ::Collect instead of parsing the index, file-info
       and objdump-info files directly.
     + [ADB] Disable ldconfig-symlink-before-shlib-in-deb as it can never be
       tested correctly using the information currently available to the
       scripts
   * checks/watch-file:
     + [FL] Do not issue debian-watch-file-should-mangle-version for
       empty watch files.
 .
   * data/doc-base/sections:
     + [ADB] Resynchronize with doc-base's section list (adding
       Programming/OCaml).  (Closes: #491440)
 .
   * debian/postrm:
     + [FL] Do not try to remove /var/spool/lintian if it doesn't exist
       (dpkg might already removed it at this point).
 .
   * doc/desc-files:
     + [ADB] Update the description of tags to include experimental and info
       tags.
   * doc/README:
     + [ADB] Add -E / --show-experimental, -T / --tags and --tags-from-file
       to the option list.
 .
   * frontend/lintian:
     + [FL, ADB] Add new --tags/-T option to limit the amount of checks
       run not by check names but by names of tags you're interested
       in.  Requested by Joerg Jaspert for ftpmaster.  (Closes: #493903)
     + [FL] Add --tags-from-file option to make it easier to specify
       a long list of tags.
 .
   * lib/Lintian/Collect/Binary.pm:
     + [ADB] When parsing objdump-info, indicate whether a shared object is
       an Ocaml executable.  Also add information on segments which various
       checks scripts use which hadn't made it here yet.
     + [ADB] Make index() return a hash rather than an array
     + [ADB] Add support for parsing the "scripts" index file
   * lib/Read_taginfo.pm:
     + [FL] Handle URLs in the Ref: field.
   * lib/Tags.pm:
     + [ADB] If --tags was used, don't issue tags that aren't in the provided
       list.
 .
   * man/lintian.1
     + [ADB] Update the list of check scripts, removing the no longer present
       deb-format and perl and adding the nmu script.
     + [FL] Document the new --tags/-T option.
     + [FL] Document the new --tags-from-file option.
 .
   * reporting/templates/index.tmpl:
     + [RA] Add a link to lintian.log.  Suggested by Stefano Zacchiroli.
 .
   * t/:
     + [FL] Begin work on a new testsuite.
 .
   * testset/fields:
     + [ADB] New testset from Tobias Quathamer (including some tags which
       previously weren't tested)
   * testset/tags.scripts{,.sed}:
     + [ADB] Munge .changes filenames so that the tests produce consistent
       output across architectures
Checksums-Sha1: 
 b8f6a2acca6ac078f5e641b4b3a965ed965906c0 1123 lintian_1.24.3.dsc
 41caf7e8d07bd78393dd5ecb7e34201f2089880b 486467 lintian_1.24.3.tar.gz
 6dc1b8ae29e0872fe5f5080465eee7c234fe9e81 361460 lintian_1.24.3_all.deb
Checksums-Sha256: 
 e7a323b903db95d2426517abb4219500f3fd45394e77cfca48687e19f1446099 1123 lintian_1.24.3.dsc
 8dad1d4dcc5500685a0a9e610a49ed2e07e91d400b51443cd07363a20e4b76c2 486467 lintian_1.24.3.tar.gz
 f22e5fc828980f1ad57f0658499686fe618788e0699d4494f884a47185d46aba 361460 lintian_1.24.3_all.deb
Files: 
 9821fe44ddf6d391ff0f341e300906b5 1123 devel optional lintian_1.24.3.dsc
 bbd146521dc381b5d771f313d7c1c6c2 486467 devel optional lintian_1.24.3.tar.gz
 6fc40f5e39a7baace4a2de08bb3347b5 361460 devel optional lintian_1.24.3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkidEvIACgkQQbn06FtxPfA8dgCgve4z1NiGag/DObk9JV5EibR6
ldwAn39FcHI+JvLuoKThloKSo7+K7j0g
=/Svk
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: