lintian (2.5.67) unstable; urgency=medium * Summary of tag changes: + Added: - debian-rules-should-not-use-DH_EXTRA_ADDONS - debian-watch-could-verify-download - invalid-date-in-debian-changelog - override_dh_fixperms-does-not-call-dh_fixperms * checks/apache2.{desc,pm}: + [CL] Include the offending filename and line number in the output of apache2-deprecated-auth-config and apache2-unparsable-dependency. + [CL] Avoid false positives in apache2-deprecated-auth-config where the offending lines are wrapped in suitable "IfModule" or "IfVersion" directives. (Closes: #788991, #710656) * checks/changelog-file.{desc,pm}: + [CL] Warn about changelog entries that have incorrectly formatted dates. (Closes: #793406) * checks/files.pm: + [CL] Split out python-module-has-overly-generic-name regular expression into a data file. + [CL] Don't warn about extra license files installed via Sphinx. Thanks, Stuart Prescott! (Closes: #885968) * checks/python.pm: + [CL] Prevent false positives when checking for Python {2,3} packages that depend on Python {3,2} packages when the package being depended on ends with -doc. We were previously only catching the case for dependencies *from* packages with such names. (Closes: #885693) + [CL] Also ignore -doc, -docs, -dev, -common and -tools packages for intra-Python variant dependency checking, python-but-no-python3, etc. + [CL] Drop parens in depends-on-package-from-other-python-variant output. + [CL] Refactor django-package-does-not-depend-on-django check to correctly check Django packages called python2-django-foo. * checks/rules.{desc.pm}: + [CL] Suggest using /usr/share/dpkg/architecture.mk as a solution to debian-rules-sets-dpkg-architecture-variable rather than simply replacing assignments with ?=. Thanks to Helmut Grohne for the suggestion. + [CL] Include the line number when warning about instances of override_dh_clean targets that are missing calls to dh_clean. + [CL] Apply patch from Paul Tagliamonte to check for files that use DH_EXTRA_ADDONS. Thanks! (Closes: #885790) + [CL] Update $PYTHON3X_DEPEND to prevent false positives in missing-python-build-dependency. (Closes: #750537) + [CL] Refactor check for override_dh_clean-does-not-call-dh_clean tag into a loop. + [CL] Check for override_dh_fixperms targets that are missing calls to dh_fixperms. (Closes: #885910) * checks/scripts.pm: + [CL] Include the offending/unknown shebang in the output of various interpreter-related tags. (Closes: #673734) * checks/source-copyright.desc: + [CL] Also mention that we check for NOTICE.gz files when looking for Apache 2.0 packages that do not distribute their accompanying NOTICE file. * checks/watch-file.{desc,pm}: + [CL] Apply patch from Felix Lechner to check for packages where an upstream signature exists but is not being used. (Closes: #885621) * data/fields/name_section_mappings: + [CL] Ensure that PAM modules are placed in the "admin" section, additionally preventing a false positive for libpam-krb5 which was being caught by a "libfoo1" => "libs" entry. (Closes: #885899) * data/files/python-generic-modules: + [CL] Add "examples". * data/spelling/corrections: + [PW] Add a number of corrections. * data/standards-version/release-dates: + [CL] Correct date(1) invocation example in comment. + [CL] Add 4.1.3 as a known standards version. * debian/control: + [CL] Declare compliance with Debian Policy 4.1.3. + [CL] Mention Debian Policy 4.1.3 in long package description. -- Chris Lamb Mon, 01 Jan 2018 14:58:24 +0000 lintian (2.5.66) unstable; urgency=medium Merry Christmas! * Summary of tag changes: + Added: - autotools-pkg-config-macro-not-cross-compilation-safe - bugs-field-does-not-refer-to-debian-infrastructure - mismatched-python-substvar - missing-notice-file-for-apache-license - override_dh_clean-does-not-call-dh_clean - package-contains-python-doctree-file - pkg-config-unavailable-for-cross-compilation - portable-executable-missing-security-features - python-package-depends-on-package-from-other-python-variant - vcs-fields-use-more-than-one-vcs * checks/*.desc: + [CL] Standardise on capital-L "Lintian" in tag descriptions. Thanks to Adam D. Barratt for the suggestion. * checks/cruft.{pm,desc}: + [CL] Check for packages that invoke AC_PATH_PROG without considering cross-compilation. Thanks to Helmut Grohne for the idea and proof-of-concept implementation. (Closes: #884798) * checks/fields.{pm,desc}: + [CL] Emit a wishlist warning for packages that mix-and-match more than one version control system in Vcs-* headers. (Closes: #884503) + [CL] Warn when packages specify a "Bugs" field in debian/control that does not refer to official Debian infrastructure as this can make reportbug unable to report bugs. (Closes: #741071) * checks/files.{pm,desc}: + [CL] Warn maintainers about packages that ship pkg-config files under /usr/lib/pkgconfig as they are unavailable under cross-compilation. Thanks to Helmut Grohne for the idea. (Closes: #885096) + [CL] Warn about packages that ship non-reproducible Python .doctree files. (Closes: #885327) + [CL] Factor out simple filename checks into a Lintian::Data variable. * checks/init.d.{pm,desc}: + [CL] Don't emit init.d-script-needs-depends-on-lsb-base if the package ships a Systemd service file. (Closes: #864999) * checks/lintian.desc: + [CL] Also note that unused-override can be triggered if Lintian adds/modifies supplementary tag metadata. * checks/obsolete-sites.pm: + [CL] Ignore commented-out lines to avoid false-positives where the maintainer references the old location. (Closes: #806237) * checks/pe.{pm,desc}: + [CL] Check for Microsoft Windows Portable Executable (PE) files that are missing security hardening features. Thanks to Petter Reinholdtsen for the report. (Closes: #837548) * checks/python.{pm,desc}: + [CL] Warn about Python 2.x packages using ${python3:Depends} and Python 3.x packages using ${python:Depends}. Thanks to Mattia Rizzolo for the idea. (Closes: #884676) + [CL] Factor out definition of dependency fields. + [CL] Warn about Python 3 packages that depend on Python 2 packages and vice versa. (Closes: #782277) * checks/rules.{desc,pm}: + [CL] Check for override_dh_clean targets that are missing calls to dh_clean. Thanks to Andreas Beckmann for the idea. (Closes: #884817) * checks/standards-version.pm: + [CL] Avoid misleading tag descriptions when emitting valid timewarp-standards-version warnings if the date parts are identical (ie. "2017-11-30 < 2017-11-30"). Thanks to Andrea Bolognani eof@kiyuko.org> for the report. (Closes: #884785) * checks/scripts.pm: + [CL] Prevent a false positive in the possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by detecting XXX-like mktemp(1) templates. (Closes: #601323) * checks/source-copyright.{desc,pm}: + [CL] Check for Apache 2.0 packages that do not distribute their accompanying "NOTICE" files. (Closes: #885042) + [CL] Use the list of files in the orig tarball (rather than in the regular index) to prevent false positives when checking for the source-includes-file-in-files-excluded tag when a patch system re-adds files that were removed. (Closes: #884848) * collection/src-orig-index: + [CL] Correct references to generated filename. + [CL] Update bitrotted calls to Lintian::Command:spawn. * data/debhelper/compat-level: + [MR] Bump the experimental debhelper compat level to 12. (Closes: #884678) + [CL] Bump the recommended debhelper compat level to 11, emitting a pedantic warning when using lower level. (Closes: #884699) * data/debhelper/dh_commands: + [CL] dh_scour is now provided by python3-scour, not python-scour. Thanks to Jeremy Bicha. (Closes: #885106) * data/files/js-libraries: + [CL] Detect embedded jQuery libraries with version number in their filenames (eg. jquery-1.10.2.min.js). (Closes: #833613) + [CL] Also emit embedded-javascript-library for Twitter Bootstrap and "mustache". * data/files/php-libraries: + [CL] Avoid a embedded-php-library false positive for streams.php. (Closes: #637473) * data/spelling/corrections: + [PW] Add a number of corrections. * debian/compat: + [NT] Bump debhelper compat level to 11. * debian/control: + [CL] Tag relevant build-dependencies with . + [NT] Bump versioned Build-Dependency on debhelper to 11~. * lib/Lintian/Collect/{Package,Source}.pm: + [CL] Don't require that src-orig-index.gz actually contains any files rather than faking an entry. * reporting/templates/maintainer.tmpl: + [CL] Correct invalid "else if" syntax with "elsif". Thanks to Uwe Kleine-König for the report. * t/tests/fields-malformed-vcs-fields-unrel: + [CL] Add a regression test for a potential false positive in the "vcs-field-has-unexpected-spaces" tag. (Ref: #884870) * t/tests/files-multiarch-foreign-files: + [CL] Don't hardcode architecture triplet to fix FTBFS on non-amd64 architectures. (Closes: #884683) * t/scripts/implemented-tags.t: + [CL] Exclude some tests in this coverage check now that they are specified in a data file rather than in the code itself. -- Chris Lamb Tue, 26 Dec 2017 14:59:29 +0000 lintian (2.5.65) unstable; urgency=medium * t/tests/files-pkgconfig: + [CL] Update tests to reflect change in Multi-Arch foreign detection. -- Chris Lamb Mon, 18 Dec 2017 10:04:30 +0000 lintian (2.5.64) unstable; urgency=medium * checks/files.pm: + [CL] Apply patch from Sven Joachim to prevent false-positives multiarch-foreign-static-library for non-multiarch packages. (Closes: #884655) * reporting/templates/maintainer.tmpl: + [CL] Don't link full report entries to themselves. (Closes: #884572) + [CL] Link to the package's short report entry from the "full" version if it isn't empty. -- Chris Lamb Mon, 18 Dec 2017 09:31:48 +0000 lintian (2.5.63) unstable; urgency=medium * Summary of tag changes: + Added: - development-package-ships-elf-binary-in-path - excessive-priority-for-library-package - multiarch-foreign-cmake-file - multiarch-foreign-pkgconfig - multiarch-foreign-static-library - package-contains-compiled-font-file - package-contains-compiled-glib-schema * checks/binaries.{pm,desc}: + [CL] Add an experimental check for development packages that ship ELF binaries in $PATH. Host architecture binaries are generally not executable so such files are useless for cross builds. (Closes: #794295) * checks/cruft.desc: + [CL] Add debian/changelog to the file-contains-trailing-whitespace example to make it even easier to copy-paste. * checks/fields.{pm,desc}: + [CL] Warn about library packages with excessive priority. Thanks to Josh Triplett for the report. (Closes: #834290) * checks/files.{pm,desc}: + [CL] Warn about Multi-Arch: foreign packages that ship CMake, pkg-config or static libraries in public, architecture-dependent search paths. Thanks to Helmut Grohne for the initial patch and report. (Closes: #882684) + [CL] Raise the certainty of multiarch-foreign-shared-library from "wild guess" to "possible" on the suggestion of Helmut Grohne. + [CL] Test for packages shipping "gschemas.compiled" files. Thanks to Andreas Beckmann for the idea. (Closes: #884142) + [CL] Warn if a package ships compiled font files. Thank you to Andreas Beckmann for the report. (Closes: #884165) * checks/python.pm: + [CL] Also check for packages installing modules called "site" or "docs" into the global namespace. (Closes: #769365) * checks/scripts.desc: + [CL] Update description of python-script-but-no-python-dep to refer to ${python3:Depends}. Thanks to Mattia Rizzolo. (Closes: #660718) + [CL] Prevent a false-positive in missing-dep-for-interpreter by matching ABI-versioned virtual packages for Erlang. Thanks to Jean Parpaillon for the report. (Closes: #810204) * checks/source-copyright.desc: + [CL] Update description of source-includes-file-in-files-excluded to clarify the potential problem and to reference the relevant wishlist bug against git-buildpackage. * checks/python.pm: + [CL] Clarify that new-package-should-not-package-python2-module triggers when there is a single changelog entry as well as providing general guidance where upstreams have not ported to Python 3 yet. * commands/lintian.pm: + [CL] Correct parsing of "jobs=42" in lintianrc. If specified, it would be coerced to a boolean resulting in a value of 1. + [CL] Allow the tag display limit to be configured via the "--tag-display-limit" command-line argument or "tag-display-limit" in lintianrc. (Closes: #813525) + [CL] Make -v imply --no-tag-display-limit. (Closes: #812756) * data/files/privacy-breaker-fragments: + [CL] Don't match, for example, "FB.login()" when used as a documentation example. (Closes: #884296) * data/spelling/corrections: + [PW] Add a number of corrections. * doc/lintianrc.example: + [CL] Add missing "jobs" entry. * profiles/pureos/main.profile: + [CL] Add a profile for Purism's PureOS. (Closes: #884408) * reporting/images/*.png: + [CL] Apply patch from Ville Skyttä that runs the .PNG files through the "zopflipng" minimiser tool to save space. (Closes: #884559) * reporting/templates/maintainer.tmpl: + [CL] Add links from each maintainer page (which does not include pedantic tags, etc.) to the corresponding package on the full report. Thanks to Paul Wise for the idea and report. (Closes: #884572) * vendors/pureos/main/data/changes-file/known-dists: + [CL] Add data file for PureOS. -- Chris Lamb Sun, 17 Dec 2017 20:19:20 +0000 lintian (2.5.62) unstable; urgency=medium * Summary of tag changes: + Added: - invalid-potfiles-in * checks/changelog-file.pm: + [CL] Correct operator precedence in "epoch-change-without-comment" to prevent a false positive when an epoch is present but is unchanged between versions. + [CL] Improve output of epoch-change-without-comment to include the actual version change. * checks/python.desc: + [CL] Also match, for example, "python2.7:any" when checking the "dependency-on-python-version-marked-for-end-of-life" tag, not just "python2.7". (Closes: #883053) + [CL] Detect an invalid debian/po/POTFILES.in instead of bailing out. (Closes: #883653) * checks/scripts.desc: + [AB] command-with-path-in-maintainer-script: Add more references, especially the reason why "if [ -x /usr/bin/ ]; …" is indeed bad (#769845 and the mail referred to in there). Rewrite recommendations, explain what conditions should be given if someone intents to override this tag. (Closes: #807695) * checks/source-copyright.pm: + [CL] Correct false positives in the "source-includes-file-in-files-excluded" tag where a Files-Excluded of "lib/*" would be triggered for "foolib/filename". + [CL] Correct another false positive in the "source-includes-file-in-files-excluded" tag where we would warn when the maintainer has removed upstream's debian/ directory and then we would trigger it on the maintainer's replacement files. + [CL] List all files violating source-includes-file-in-files-excluded, not just the first one we encounter per "Files-Excluded" entry. + [CL] Ignore .pc dirs for source-includes-file-in-files-excluded, * data/spelling/corrections: + [AB] Remove "publically". It's a seldom, but valid English word (c.f. https://en.wiktionary.org/wiki/publically) and causes false positives in the OpenSSL license. * t/scripts/spellintian.t: + [AB] Ensure that "publically" is not re-added as spelling correction in the future again to avoid hundreds of false positives in the OpenSSL license. -- Chris Lamb Thu, 07 Dec 2017 16:28:15 +0000 lintian (2.5.61) unstable; urgency=medium * Summary of tag changes: + Added: - epoch-change-without-comment - source-includes-file-in-files-excluded - unnecessary-team-upload * checks/changelog-file.{desc,pm}: + [CL] Warn about packages that modify the epoch and there's no comment about the change. This was motivated by the accidental bumping of the epoch in my python-django 2:2.0-1 upload. * checks/elpa.desc: + [CL] Correct reference to dh_elpa(1) manpage. Thanks to Paul Gevers for the report. (Closes: #883356) * checks/fields.pm: + [CL] Apply patch from Dylan Aïssi to add R CRAN & Bioconductor repositories to the list of known insecure URIs. (Closes: #883121) * checks/nmu.{desc,pm}: + [CL] Warn if a "Team upload" (ie. that string is present in the changelog) but the uploader is among the Maintainer/Uploaders. (Closes: #882954) * checks/python.desc: + [CL] Raise the severity of the "dependency-on-python-version-marked-for-end-of-life" and "python-foo-but-no-python3-foo" Python 2.x deprecation tags to regular warnings. (Closes: #883581) * checks/source-copyright.{desc,pm}: + [CL] Warn when files specified in Files-Excluded exist in the source tree. (Closes: #871454) * data/spelling/corrections: + [PW] Add a number of corrections. + [CL] Remove "german|German" and "russian|Russian" entries - they are covered by data/spelling/corrections-case. (Closes: #883041) * data/standards-version/release-dates: + [AB] Add 4.1.2 as known standards version. + [AB] Suggest "date +%s -s …" instead of libtimedate-perl. * debian/control: + [AB] Declare compliance with Debian Policy 4.1.2. + [AB] Mention Debian Policy 4.1.2 in long package description. * t/runtests: + [AB] Use standards version 4.1.2 in tests. * t/scripts/spellintian.t: + [AB] Add two checks for common mistakes in d…/spelling/corrections: "iff" is a valid word (c.f. #865055) and case-only misspellings belong into data/spelling/corrections-case. -- Chris Lamb Tue, 05 Dec 2017 14:41:02 +0000 lintian (2.5.60) unstable; urgency=medium * Summary of tag changes: + Added: - homepage-field-uses-insecure-uri - hyphen-file - rules-does-not-require-root - rules-requires-root-explicitly * checks/control-file.{desc,pm}: + [AB] Add classification tags for R³. + [CL] Remove the "Experimental: yes" flag from the debian-control-has-obsolete-dbg-package tag. (Closes: #882154) + [AB] Change reference for debian-control-has-obsolete-dbg-package from https://wiki.debian.org/DebugPackage to https://wiki.debian.org/AutomaticDebugPackages * checks/cruft.desc: + [CL] Add suggested [[:space:]]-based sed call for file-contains-trailing-whitespace. Thanks to Stuart Prescott. (Closes: #881389) + [AB] Also mention Emacs' "M-x wh-cl" (whitespace-cleanup) for file-contains-trailing-whitespace. * checks/fields.desc: + [CL] Warn for Homepage files using well-known insecure URIs. (Closes: #849514) * checks/files.pm: + [NT] Add missing slash for usr/sbin that caused lintian to report false-positive multiarch-foreign-shared-library when a package only had executables in usr/sbin. Thanks to Helmut Grohne for reporting the issue. + [CL] Warn on files called "-" (hyphen symbol). See #882638 for an example. * checks/version-substvars.desc: + [CL] Don't recommend "Source-Version" in tag descriptions. * data/fields/*: + [CL] Revert patch from Guillem Jover to add a "golang" archive section; it has not ben added to the archive yet. * data/spelling/corrections: + [PW] Add several corrections. * lib/Test/Lintian/Harness.pm, t/runtests, t/tests/README: + [AB] Add support for a "Test-Conflicts" field. * t/tests/rules-including-deprecated-makefiles/desc: + [AB] Add "Test-Conflict: dh-buildinfo". Having dh-buildinfo installed causes that test to fail. * .gitignore: + [AB] Ignore /debian/.debhelper/ directory. -- Chris Lamb Sun, 26 Nov 2017 11:13:58 +0900 lintian (2.5.59) unstable; urgency=medium * lib/Lintian/Check.pm: + [CL] Don't warn about duplicate words when separated by punctuation. (Closes: #822504) * data/fields/*: + [CL] Apply patch from Guillem Jover to add a "golang" archive section. (Closes: #880701) -- Chris Lamb Thu, 09 Nov 2017 08:48:00 +0000 lintian (2.5.58) unstable; urgency=medium * checks/cruft.pm: + [CL] Rewrite file-contains-trailing-whitespace tag to be a hash from the filename to the regex we should match. + [CL] Allow trailing tabs in debian/rules files; they are a very common idiom in Makefiles. * checks/fields.desc: + [SL] Update of the documentation for the change introduced in 2.5.53: Transitional packages should now be "oldlibs/optional" rather than "oldlibs/extra". * checks/python.pm: + [CL] Don't count python-django and python3-django as Django modules. This avoids a warning where Django itself triggers "django-package-does-not-depend-on-django". * data/fields/name_section_mappings: + [CL] Apply patch from Simon McVittie to prevent a misdetection of libcanberra-gstreamer as a GNU Smalltalk library. (Closes: #880140) * data/spelling/corrections: + [AB] Add more misspellings of the word "dependency". * doc/lintian.xml: + [CL] Improve overrides docs using source-is-missing as an example. (Closes: #838807) * vendors/ubuntu/main/data/changes-file/known-dists: + [CL] Add bionic as a known Ubuntu distribution. Thanks Jeremy Bicha! (Closes: #880115) -- Chris Lamb Fri, 03 Nov 2017 08:46:02 +0100 lintian (2.5.57) unstable; urgency=medium * Summary of tag changes: + Added: - debian-rules-should-not-set-CFLAGS-from-noopt * checks/control-file.pm: + [CL] Avoid false positives in debian-control-has-empty-field when the field is wrapped onto a new line. Thanks to Mattia Rizzolo for the report. (Closes: #879977) * checks/cruft.desc: + [CL] Add example on how to remove trailing whitespace with sed. + [CL] Drop README.source from files to check against the file-contains-trailing-whitespace tag as it can include quotes from upstream that would be ideally left intact. * checks/debhelper.pm: + [NT] Remove code handling named compat levels. * checks/files.desc: + [CL] Ignore embedded jQuery libraries for Doxygen. (Closes: #736360) * checks/rules.desc: + [CL] Warn if packages set CFLAGS if the value of DEB_BUILD_OPTIONS contains noopt. (Closes: #718640) * commands/lintian.pm: + [NT] Have lintian resignal between various stages of the processing. Previously, ill-timed signals would be caught and "semi-ignored" with lintian happily continuing to process the next package. (Closes: #878575) * data/debhelper/named-compat-levels: + [NT] Removed; no longer used. -- Chris Lamb Sun, 29 Oct 2017 12:14:30 +0000 lintian (2.5.56) unstable; urgency=medium * Summary of tag changes: + Added: - appstream-metadata-invalid - debhelper-tools-from-autotools-dev-are-deprecated - debian-control-has-empty-field - debian-rules-sets-dpkg-architecture-variable - empty-section-field - file-contains-trailing-whitespace - init.d-script-contains-skeleton-template-content - latest-changelog-entry-without-new-date * checks/appstream-metadata.{pm,desc}: + [CL] Don't error out when AppStream metadata is invalid and emit new appstream-metadata-invalid tag instead. (Closes: #879661) * checks/binaries.desc: + [CL] Apply patch from Adrian Bunk to mention the lack of the "-g" flag as a common cause for the debug-file-with-no-debug-symbols tag. (Closes: #878806) + [CL] Apply patch from Guillem Jover to strongly discourage the use of the getconf(1) interface for LFS support. (Closes: #879935) * checks/changes-file.desc: + [CL] Add a note to orig-tarball-missing-upstream-signature regarding support in pristine-tar and git-buildpackage. * checks/conffiles.pm, checks/{debconf,files,scripts}.desc: + [CL] Apply patch from Ville Skyttä to fix a number of spelling mistakes. (Closes: #878446) + [CL] Apply patch from Ville Skyttä to update a number of manual references. (Closes: #878517) * checks/control-file.{pm,desc}: + [CL] Warn about empty fields in debian/control. (Closes: #744388) * checks/cruft.{pm,desc}: + [CL] Warn about certain files under debian/* that contain trailing whitespace characters. (Closes: #748405) * checks/debconf.desc: + [CL] Apply patch from Ville Skyttä to update the debconf-spec refs. (Closes: #878449) * checks/debhelper.{desc,pm}: + [NT] Add a check for packages using the debhelper tooling from the autotools-dev package. These have been replaced by the changes inside debhelper itself. + [NT] Avoid useless-autoreconf-build-depends for autotools-dev when the autotools-dev tooling is used in debian/rules. (Closes: #871711) * checks/fields.pm: + [CL] Apply patch from Nicolas Boulenguez to accept and recommend the new vcs-mtn mtn:// uri format. (Closes: #878798) + [CL] Emit new empty-section-field tag instead of uninitialized value warnings on an empty "Section:" field. (Closes: #878515) * checks/files.pm: + [CL] Lower the severity of package-installs-java-bytecode from "error" to "warning". (Closes: #879862) + [CL] Do not trigger package-installs-java-bytecode if the path contains "WEB-INF", "demo", "doc" etc. (Closes: #879860) + [CL] Verify files triggering package-installs-java-bytecode files really are Java class files. (Closes: #879861) * checks/init.d.pm: + [CL] Check for files that use content from the /etc/init.d/skeleton template. Thanks to Christoph Biedl for the idea. (Closes: #879152) * checks/md5sums.pm: + [CL] Allow empty md5sums files. (Closes: #781372) * checks/rules.{pm,desc}: + [CL] Warn on packages unnecessararily setting dpkg-architecture(1) variables. (Closes: #793554) * checks/scripts.desc: + [CL] Check the "Recommends" field as well when testing scripts for script-needs-depends-on-sensible-utils. (Closes: #879953) * checks/source-changelog.{desc.pm}: + [CL] Move latest-debian-changelog-entry-without-new-date tag into a new check of type "source". (Closes: #873612) * checks/watch-file.pm: + [CL] Include the offending URI in debian-watch-uses-insecure-uri output, not the line number. + [CL] Ignore the magic http://sf.net/ redirector URI for the debian-watch-uses-insecure-uri tag. (Closes: #879206) * data/common/source-fields: + [NT] Add "Rules-Requires-Root". * data/fields/essential: + [CL] Apply patch from Helmut Grohne to treat e2fsprogs as non-essential. (Closes: #878518) * data/fields/perl-provides: + [CL] Update for Perl 5.026001. * data/scripts/interpreters: + [CL] Add cwl-runner to the list of interpreters. (Closes: #851126) * data/spelling/corrections: + [CL] Revert addition of "none were" -> "none was" multiword spelling correction as it is "acceptable beyond serious criticism". (Closes: #878457) * debian/control: + [NT] Set R³ to "no". Lintian builds fine without root and Build-Depends on fakeroot for the tests that still require fakeroot. * doc/lintian.xml, checks/{fields,files,menu-format}.desc, etc.: + [CL] Apply patch from Ville Skyttä to update a large number of errors in links. (Closes: #878521) * private/refresh-manual-refs: + [CL] Apply patch from Ville Skyttä to update the Debconf reference mapping. Many thanks! (Closes: #878449) + [CL] Apply a patch series from Ville Skyttä to a number of issues in the Menu, Perl, Python and Debian Policy parsing. * t/scripts/pod-synopsis.t: + [CL] Apply patch from Ville Skyttä to skip all POD synopsis tests if Test::Pod is not available. (Closes: #878522) * t/tests/debconf-config-*, t/tests/legacy-maintainer-scripts: + [CL] Split out checks for debconf-config-not-executable into a separate test protected by a Test-Depends now that dpkg >= 1.19.0 will bail out on that condition. -- Chris Lamb Fri, 27 Oct 2017 18:29:35 +0000 lintian (2.5.55) unstable; urgency=medium * Summary of tag changes: + Added: - debian-watch-uses-insecure-uri - django-package-does-not-depend-on-django - example-script-uses-deprecated-nodejs-location - priority-extra-is-replaced-by-priority-optional - python-module-has-overly-generic-name - systemd-service-file-wraps-init-script + Removed: - copyright-year-in-future * checks/copyright-file.pm: + [CL] Drop copyright-year-in-future after all; it's just too error prone and time-consuming to maintain given the severity of the issues it can find. (Closes: #877766) * checks/cruft.pm: + [CL] Exempt debian/copyright from license-problem-non-free-RFC tag to avoid false-positives on meta-references. (Closes: #877999) * checks/debhelper.pm: + [AB] Also recognize dh-exec's "=>" arrow if surrounded by tabs. (Closes: #877905) * checks/fields.{desc,pm}: + [NT] Add an info tag for packages that use "Priority: extra". Thanks to Mattia Rizzolo for the suggestion. (Closes: #870898) * checks/files.pm: + [CL] Ignore privacy breach violations in comments. (Closes: #877421) + [CL] Check for Python modules with overly generic names such as "tests" or "test". (Closes: #875964) * checks/{files,manpages,menu-format}.{desc,pm}: + [NT] Stop considering usr/man, usr/X11R6/bin and usr/X11R6/man as manpage directories / PATH directories to simplify some code paths. Nothing ships manpages in these directories and lintian emits tags to strongly discourage people from doing so. * checks/init.d.pm: + [CL] Avoid warning for init.d-script-not-marked-as-conffile when the init.d script does not exist; we will already be alerted via the init.d-script-not-included-in-package error. * checks/python.pm: + [CL] Move to "Type: source, binary" check type. + [CL] Also match packages named "python2-*" as relating to Python 2.x. + [CL] Warn about Django libraries that do not depend on Django itself. (Closes: #877292) + [CL] Do not emit python-foo-but-no-python3-foo for -common packages. * checks/scripts.desc: + [CL] Add missing example-script-uses-deprecated-nodejs-location tag. (Closes: #877142) + [NT] Apply patch from Mattia Rizzolo to improve the tag description for script-uses-deprecated-nodejs-location. + [CL] Actually check for a dependency on sensible-utils before emitting script-needs-depends-on-sensible-utils. Thanks to Daniel Reichelt for the detailed bug report. (Closes: #877439) * checks/standards-version.desc: + [CL] Correct invalid link to upgrading-checklist. Thanks to Dann Frazier for the report. (Closes: #878184) * checks/systemd.{desc,pm}: + [CL] Warn if native systemd service files only wrap existing SysV/LSB init scripts. (Closes: #870704) * checks/watch-file.{pm,desc}: + [CL] Warn for debian/watch files using insecure URIs such as HTTP or FTP, similar to vcs-field-uses-insecure-uri. (Closes: #849515) * data/{common => fields}/priorities: + [NT] Rename file. * data/fields/essential: + [MR] Remove 'mount' from the essential packages. Starting with util-linux version 2.29.2-3 the Essential flag has been removed. (Closes: #877511) * data/fields/priorities: + [NT] Remove "extra". * data/files/privacy-breaker-websites: + [CL] Replace (eg.) "You may use libjs-prototype package" with "You may use the libjs-prototype package". * commands/lintian.pm: + [NT] Simplify handling of uncaught exceptions. * doc/lintian.xml: + [NT] Document that the XDG_DATA_HOME directory can be used for user profiles and data files. This has been supported for quite a while but the documentation incorrectly listed "$HOME/.lintian" instead (which in fact did not work for this purpose). (Closes: #701477) * frontend/dplint: + [NT] Restore "$HOME/.lintian" as a directory that is used for user profiles and data files. It was advertised as such in the documentation but the code actually only used the XDG_DATA_HOME path. Thanks to Daniel Kauffman for the report. (Closes: #875636) + [NT] Correct the order of restricted search paths (user directories and /etc/lintian). It incorrectly used /etc/lintian before the user directory. * lib/Lintian/Util.pm: + [NT] Rename the "fail" subroutine to "internal_error" to better reflect its purpose. * t/tests/binaries-from-other-arch: + [NT] Make test architecture specific as it fails on certain architectures. (Closes: #877147) * t/tests/python-new-python2-package/*: + [CL] Correct Depends of python2.7 → python3 in Python 3 test package. * t/tests/python-python2-no-python3-unrel/debian/debian/control.in: + [CL] Add test for ignoring python-foo-doc packages. + [CL] Correct short descriptions of binary packages. -- Chris Lamb Thu, 12 Oct 2017 11:50:41 -0400 lintian (2.5.54) unstable; urgency=medium * checks/copyright-file.pm: + [CL] Prevent false positives in copyright-year-in-future when matching URLs. + [CL] Prevent false positives in copyright-year-in-future when matching the Tcl license (eg. postgresql-10). (Closes: #876360) * checks/debhelper.pm: + [CL] Ensure that "missing-build-dependency-for-dh_-command" is not emitted for dh-strip-nondeterminism at Debhelper compat levels >= 10. (Closes: #876443) * checks/files.desc: + [CL] Correct grammar and punctuation in description of node-package-install-in-nodejs-rootdir. * checks/changelog-file.pm: + [CL] Also ignore lines that (meta) reference "typo" when checking for "spelling-error-in-changelog". * data/standards-version/release-dates: + [CL] Add 4.1.1 as a known standards version. * debian/control: + [CL] Mention Debian Policy v4.1.1 in the description. * t/tests/binaries-from-other-arch/debian/debian/dumpobj: + [CL] Apply patch from Jakub Wilk to prevent test failures on armhf/arm64, etc. (Closes: #877147) * t/tests/fields-perl-provides/{desc,tags}: + [CL] Apply patch from Gianfranco Costamagna (locutusofborg) to fix failing test on 32-bit architectures and add a suitable Test-Against stanza to make this easier to catch in future. Thanks to Matthias Klose (doko) for the report. (Closes: #876343) -- Chris Lamb Fri, 29 Sep 2017 16:57:39 +0100 lintian (2.5.53) unstable; urgency=medium The "we are all Perl developers now" release. * Summary of tag changes: + Added: - alternatively-build-depends-on-python-sphinx-and-python3-sphinx - build-depends-on-python-sphinx-only - dependency-on-python-version-marked-for-end-of-life - maintainer-script-interpreter - missing-call-to-dpkg-maintscript-helper - node-package-install-in-nodejs-rootdir - override-file-in-wrong-package - package-installs-java-bytecode - python-foo-but-no-python3-foo - script-needs-depends-on-sensible-utils - script-uses-deprecated-nodejs-location - transitional-package-should-be-oldlibs-optional - unnecessary-testsuite-autopkgtest-header - vcs-browser-links-to-empty-view + Removed: - debug-package-should-be-priority-extra - missing-classpath - transitional-package-should-be-oldlibs-extra * checks/apache2.pm: + [CL] Fix an apache2-unparsable-dependency false positive by allowing periods (".") in dependency names. (Closes: #873701) * checks/binaries.pm: + [CL] Apply patches from Guillem Jover & Boud Roukema to improve the description of the binary-file-built-without-LFS-support tag. (Closes: #874078) * checks/changelog-file.desc: + [CL] Upgrade latest-debian-changelog-entry-without-new-date from a warning to an error. (Closes: #873490) * checks/changes.{pm,desc}: + [CL] Ignore DFSG-repacked packages when checking for upstream source tarball signatures as they will never match by definition. (Closes: #871957) + [CL] Downgrade severity of orig-tarball-missing-upstream-signature from "E:" to "W:" as many common tools do not make including the signatures easy enough right now. (Closes: #870722, #870069) + [CL] Expand the explanation of the orig-tarball-missing-upstream-signature tag to include the location of where dpkg-source will look. Thanks to Theodore Ts'o for the suggestion. * checks/copyright-file.pm: + [CL] Address a number of issues in copyright-year-in-future: - Prevent false positives in port numbers, email addresses, ISO standard numbers and matching specific and general street addresses. (Closes: #869788) - Match all violating years in a line, not just the first (eg. "2000-2107"). - Ignore meta copyright statements such as "Original Author". Thanks to Thorsten Alteholz for the bug report. (Closes: #873323) - Expand testsuite. * checks/cruft.{pm,desc}: + [CL] Downgrade severity of file-contains-fixme-placeholder tag from "important" (ie. "E:") to "wishlist" (ie. "I:"). Thanks to Gregor Herrmann for the suggestion. + [CL] Apply patch from Alex Muntada (alexm) to use "substr" instead of "substring" in mentions-deprecated-usr-lib-perl5-directory's description. (Closes: #871767) + [CL] Don't check copyright_hints file for FIXME placeholders. (Closes: #872843) + [CL] Don't match quoted "FIXME" variants as they are almost always deliberate. Thanks to Adrian Bunk for the report. (Closes: #870199) + [CL] Avoid false positives in missing source checks for "CSS Browser Selector". (Closes: #874381) * checks/debhelper.pm: + [CL] Prevent a false positive of missing-build-dependency-for-dh_-command that can be exposed by following the advice for the recently added useless-autoreconf-build-depends tag. (Closes: #869541) * checks/debian-readme.{pm,desc}: + [CL] Ensure readme-debian-contains-debmake-template also checks for templates "Automatically generated by debmake". * checks/description.{desc,pm}: + [CL] Clarify explanation of description-starts-with-leading-spaces tag. Thanks to Taylor Kline for the report and patch. (Closes: #849622) + [NT] Skip capitalization-error-in-description-synopsis for auto-generated packages (such as dbgsym packages). * checks/fields.{desc,pm}: + [CL] Ensure that python3-foo packages have "Section: python", not just python2-foo. (Closes: #870272) + [RG] Do no longer require debug packages to be priority extra. + [BR] Use Lintian::Data for name/section mapping + [CL] Check for packages including "?rev=0&sc=0" in Vcs-Browser. (Closes: #681713) + [NT] Transitional packages should now be "oldlibs/optional" rather than "oldlibs/extra". The related tag has been renamed accordingly. * checks/filename-length.pm: + [NT] Skip the check on auto-generated binary packages (such as dbgsym packages). * checks/files.{pm,desc}: + [BR] Avoid privacy-breach-generic false positives for legal.xml. + [BR] Detect install of node package under /usr/lib/nodejs/[^/]*$ + [CL] Check for packages shipping compiled Java class files. Thanks Carnë Draug . (Closes: #873211) + [BR] Privacy breach is no longer experimental. + [CL] Check for Lintian overrides installed in the wrong package. (Closes: #792198) * checks/init.d.desc: + [RG] Do not recommend a versioned dependency on lsb-base in init.d-script-needs-depends-on-lsb-base. (Closes: #847144) * checks/java.pm: + [CL] Additionally consider .cljc files as code to avoid false- positive codeless-jar warnings. (Closes: #870649) + [CL] Drop problematic missing-classpath check. (Closes: #857123) * checks/menu-format.desc: + [CL] Prevent false positives in desktop-entry-lacks-keywords-entry for "Link" and "Directory" .desktop files. (Closes: #873702) + [CL] Add reference to Policy 9.6 for the command-in-menu-file-and-desktop-file tag. (Closes: #871008) * checks/python.{pm,desc}: + [CL] Split out Python checks from "scripts" check to a new, source check of type "source". + [CL] Check for python-foo without corresponding python3-foo packages to assist in Python 2.x deprecation. (Closes: #870681) + [CL] Check for packages that Build-Depend on python-sphinx only. (Closes: #870730) + [CL] Check for packages that alternatively Build-Depend on the Python 2 and Python 3 versions of Sphinx. (Closes: #870758) + [CL] Check for binary packages that depend on Python 2.x. (Closes: #870822) * checks/scripts.pm: + [CL] Correct false positives in unconditional-use-of-dpkg-statoverride by detecting "if !" as a valid shell prefix. (Closes: #869587) + [CL] Check for missing calls to dpkg-maintscript-helper(1) in maintainer scripts. (Closes: #872042) + [CL] Check for packages using sensible-utils without declaring a dependency after its split from debianutils. (Closes: #872611) + [CL] Warn about scripts using "nodejs" as an interpreter now that nodejs provides /usr/bin/node. (Closes: #873096) + [BR] Add a statistic tag giving interpreter. * checks/testsuite.{desc,pm}: + [CL] Remove recommendations to add a "Testsuite: autopkgtest" field to debian/control as it is added when needed by dpkg-source(1) since dpkg 1.17.1. (Closes: #865531) + [CL] Warn if we see an unnecessary "Testsuite: autopkgtest" header in debian/control. + [NT] Recognise "autopkgtest-pkg-go" as a valid test suite. + [CL] Recognise "autopkgtest-pkg-elpa" as a valid test suite. (Closes: #873458) + [CL] Recognise "autopkgtest-pkg-octave" as a valid test suite. (Closes: #875985) + [CL] Update the description of unknown-testsuite to reflect that "autopkgtest" is not the only valid value; the referenced URL is out-of-date (filed as #876008). (Closes: #876003) * data/binaries/embedded-libs: + [RG] Detect embedded copies of heimdal, libgxps, libquicktime, libsass, libytnef, and taglib. + [RG] Use an additional string to detect embedded copies of openjpeg2. (Closes: #762956) * data/fields/name_section_mappings: + [BR] node- package section is javascript. + [CL] Apply patch from Guillem Jover to add more section mappings. (Closes: #874121) * data/fields/obsolete-packages: + [MR] Add dh-systemd. (Closes: #872076) * data/fields/perl-provides: + [CL] Refresh perl provides. * data/fields/virtual-packages: + [CL] Update data file from archive. This fixes a false positive for "bacula-director". (Closes: #835120) * data/files/obsolete-paths: + [CL] Add note to /etc/bash_completion.d entry regarding stricter filename requirements. (Closes: #814599) * data/files/privacy-breaker-websites: + [BR] Detect custom donation logos like apache. + [BR] Detect generic counter website. * data/scripts/interpreters: + [CL] Add node as a known interpreter. Thanks to Julien Puydt for the bug report. (Closes: #872699) * data/spelling/corrections: + [CL] Avoid false positives in spelling-error-in-{binary,manpage} for "CAs" which was annoying for cryptographic software. (Closes: #871791) * data/standards-version/release-dates: + [CL] Add 4.0.1 and 4.1.0 as known standards versions. (Closes: #875509) * debian/control: + [CL] Mention Debian Policy v4.1.0 in the description. + [CL] Add myself to Uploaders. + [CL] Drop unnecessary "Testsuite: autopkgtest"; this is implied from debian/tests/control existing. * commands/info.pm: + [CL] Add a --list-tags option to print all tags Lintian knows about. Thanks to Rajendra Gokhale for the suggestion. (Closes: #779675) * commands/lintian.pm: + [CL] Apply patch from Maia Everett to avoid British spelling when using en_US locale. (Closes: #868897) * lib/Lintian/Check.pm: + [CL] Stop emitting {maintainer,uploader}-address-causes-mail-loops for @packages.debian.org addresses. (Closes: #871575) * lib/Lintian/Collect/Binary.pm: + [NT] Introduce an "auto-generated" argument for "is_pkg_class". * lib/Lintian/Data.pm: + [CL] Modify Lintian::Data's "all" to always return keys in insertion order, dropping dependency on libtie-ixhash-perl. * helpers/coll/objdump-info-helper: + [CL] Apply patch from Steve Langasek to accommodate binutils 2.29 outputting symbols in a different format on ppc64el. (Closes: #869750) * t/tests/fields-perl-provides/tags: + [CL] Update expected output to match new Perl provides. * t/tests/files-privacybreach/*: + [CL] Add explicit test for packages including external fonts via the Google Font API. Thanks to Ian Jackson for the report. (Closes: #873434) + [CL] Add explicit test for packages including external fonts via the Typekit API via