-
lintian (2.5.81ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining change:
- tests/binaries-general: Skip the binary-compiled-with-profiling-enabled
test since it fails during Ubuntu's armhf autopkgtest
-- Jeremy Bicha <email address hidden> Sat, 07 Apr 2018 20:29:05 -0400
-
lintian (2.5.81) unstable; urgency=medium
The "Policy 4.1.4" release.
* Summary of tag changes:
+ Added:
- debian-rules-contains-unnecessary-get-orig-source-target
- source-contains-empty-directory
+ Removed:
- debian-rules-missing-good-practice-target-dfsg
* checks/control-file.desc:
+ [CL] Correct location of "AutomaticDebugPackages" wiki page in the
description of the debian-control-has-obsolete-dbg-package tag.
Thanks to Antonio Ospite for the report. (Closes: #893480)
* checks/cruft.{desc,pm}:
+ [CL] Add a pedantic warning for upstream tarballs that contain empty
directories as these can cause problems with git-buildpackage.
Thanks to Balint Reczey for the idea! (Closes: #894368)
* checks/gir.{desc,pm}:
+ [CL] Apply a patch series from Simon McVittie to match the Gobject
Introspection policy and fixing a series of false-positives. Thanks!
(Closes: #881491)
* checks/java.{desc,pm}:
+ [CL] Apply patch from Bas Couwenberg to bump the maximum permissible
bytecode version number now that openjdk-9 is now the default-jdk.
(Closes: #894397)
+ [CL] Apply patch from Bas Couwenberg to update the description of
the unknown-java-class-version tag for openjdk-9. (Closes: #894397)
* checks/files.pm:
+ [CL] Add .ogg files to the list of non-license file extensions to
avoid a false-positive in extra-license-file. Thanks to Innocent De
Marchi for the report. (Closes: #894139)
+ [CL] Avoid false-positives in Mallard XML files; <link href="...">
tags are anchor element and not followed automatically. Thanks to
Simon McVittie for the report. (Closes: #894690)
* checks/rules.{desc,pm}:
+ [CL] Stop recommending that packages with repacked tarballs specify a
get-orig-source target; this was removed in Debian Policy 4.1.4 in
favour of uscan(1) and debian/watch.
+ [CL] Warn about packages that have apparently unnecessary
"get-orig-source" targets such as single-line calls to uscan(1).
Thanks to Mattia Rizzolo for the idea. (Closes: #895036)
* checks/scripts.pm:
+ [CL] Also include the offending/unknown shebang in the output of
missing (unversioned) interpreters.
* checks/source-copyright.desc:
+ [CL] Change the severity from pedantic ("P:") to info ("I:") for the
missing-explanation-for-repacked-upstream-tarball tag.
* checks/testsuite.{desc,pm}:
+ [CL] Apply patch from Georg Faerber to add missing "needs-reboot" to
the list of known autopkgtest restrictions. (Closes: #894817)
+ [CL] Apply patch from Georg Faerber to adjust the autopkgtest
URIs from Alioth to salsa.debian.org. (Closes: #894820)
* checks/udev.pm:
+ [CL] Apply patch from Thomas Dallmair to avoid false positives in the
udev-rule-missing-subsystem tag when SUBSYSTEM GOTO is not the last
"GOTO" statement. Thanks! (Closes: #894356)
* checks/upstream-metadata.pm:
+ [CL] Re-enable YAML parsing of upstream metadata which was disabled
in 2.5.51 (via #861958) to close CVE-2017-8829 as we can now use the
$LoadBlessed option of YAML::XS if we have version 0.69 or above
Thanks to Dylan Aïssi for the report. (Closes: #894747)
* commands/lintian.pm, checks/{fields,patch-systems,python}, ...:
+ [CL] Apply patch from Ville Skyttä correcting many spelling mistakes
in Lintian itself. Thanks! (Closes: #894834)
* data/standards-version/release-dates:
+ [CL] Add 4.1.4 as a known Standards-Version.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* lib/Lintian/Check.pm:
+ [CL] Avoid false positives in spelling detection by allowing "(s)"
suffixes instead of universally stripping all parenthesis. This
prevents, for example, "directory(s)" from triggering false-positive
whilst still warning about "directorys". Thanks to Patrick Matthäi
for the report. (Closes: #894077)
* lib/Lintian/Util.pm:
+ [NT] Fix a bug in do_fork that could cause lintian to fork bomb.
(See #890873)
-- Chris Lamb <email address hidden> Sat, 07 Apr 2018 08:17:26 +0000
-
lintian (2.5.75ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- tests/binaries-general: Don't expect the
binary-compiled-with-profiling-enabled tag with binutils 2.30.
lintian (2.5.75) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-rules-uses-unnecessary-dh-argument
- missing-explanation-for-repacked-upstream-tarball
- udevadm-called-without-guard
* checks/changelog-file.desc:
+ [CL] When checking latest-debian-changelog-entry-without-new-version
ignore any change of epoch. (Closes: #889991)
* checks/debhelper.{desc,pm}:
+ [CL] Warn when specifying --parallel to dh(1) in compat levels >= 10.
Thanks to Nicolas Braud-Santoni for the idea. (Closes: #890358)
+ [CL] Add a missing verb to the long description of the
dh-quilt-addon-but-quilt-source-format tag.
* checks/files.pm:
+ [CL] Tidy logic for detecting allowed rel="" values in <link/>
HTML tags.
+ [CL] Allow rel="canonical" in <link/> HTML tags; they are used by
search engines (etc.) and do not cause internet access.
(Closes: #762753)
* checks/init.desc:
+ [CL] Improve various parts of the long description for
init.d-script-should-always-start-service.
* checks/patch-systems.{desc,pm}:
+ [CL] Avoid false positives when checking for typos by ignoring files
or patch descriptions that contain the words "typo" or "spelling".
Thanks to Bas Couwenberg for the report. (Closes: #889964)
+ [CL] Check the first line of the description separately for spelling
errors to avoid false-positive duplicate checks across a patch
description's synopsis and its body. (Closes: #890100)
* checks/python.desc:
+ [CL] Underline that maintainers do not need to override the
new-package-should-not-package-python2-module tag but rather leave a
comment in debian/changelog.
* checks/scripts.{desc,pm}:
+ [CL] Check for maintainer scripts that call udevadm without a guard
as it can fail within a chroot. (Closes: #890298)
* checks/source-copyright.{desc,pm}:
+ [CL] Emit a pendatic warning for packages with repacked upstream
tarballs that lack a Files-Excluded or Comment header in
debian/copyright.
* collection/override-file:
+ [CL] Actually pick the first out of debian/source/lintian-overrides
and debian/source.lintian-overrides. Thanks to Thorsten Glaser for
the report. (Closes: #890361)
* commands/reporting-html-reports.html:
+ [NT] Minimize generated SVG files if scour is installed and
available in PATH.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
lintian (2.5.74) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- control-tarball-compression-format
- data-tarball-compression-format
- debian-rules-is-dh_make-template
- init.d-script-should-always-start-service
- jar-contains-source
- missing-systemd-service-for-init.d-script
- source-contains-prebuilt-wasm-binary
- spelling-error-in-patch-description
- systemd-service-file-refers-to-unusual-wantedby-target
+ Renamed:
- systemd-no-service-for-init-script ->
omitted-systemd-service-for-init.d-script
- systemd-no-service-for-init-rcS-script ->
missing-systemd-service-for-init.d-rcS-script
- override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES ->
override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS
* checks/changelog-file.desc:
+ [CL] Improve the long description of epoch-change-without-comment.
Based on suggestions by Raphael Hertzog and Ian Jackson - thanks!
(Closes: #889814)
* checks/cruft.desc:
+ [BR] Check for wasm files. (Closes: #889102)
+ [CL] Factor out call to _ships_examples to avoid excessive looping
over $sorted_index.
+ [CL] Do not emit package-does-not-install-examples if we don't have
any binary packages in our laboratory. (Closes: #889591)
+ [CL] Improve the description of package-does-not-install-examples to
give more debhelper advice.
+ [CL] Assume that if a source package generates a binary ending in
"-examples" then it does ship examples.
* checks/deb-format.{desc,pm}:
+ [CL] Add a classification tag for the .deb data tarball compression
format. (Closes: #738442)
+ [CL] Add a classification tag for the control tarball compression
format. (Closes: #889856)
* checks/fields.pm:
+ [CL] Avoid false positives when checking binary packages depending on
toolchain packages by ignoring packages starting with "dh-" or ending
with "-source". Thanks to Josh Triplett for the report.
(Closes: #889486)
* checks/files.pm:
+ [BR] Add context for privacy breach in order to improve debugging.
* checks/fields.desc:
+ [CL] Downgrade severity of build-depends-on-obsolete-package from
error to warning. (Closes: #889638)
* checks/java.{desc,pm}:
+ [CL] Only warn about bad-jar-name for "public" .jar files.
(Closes: #889628)
+ [CL] Check for .jar files that embed Foo.java alongside a Foo.class
file. (Closes: #762113)
* checks/init.d.{desc,pm}:
+ [CL] Warn about packages that use ENABLED="true" (etc.) in
/etc/default files.
* checks/patch-systems.{desc,pm}:
+ [CL] Avoid emitting "Can't use an undefined value as an ARRAY
reference" warnings when debian/patches is a file, not a directory.
(Closes: #889535)
+ [CL] Check spelling of patch headers. (Closes: #756130)
* checks/rules.{desc,pm}:
+ [CL] Fix a number of false-positives when checking the
"override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES" tag
(Closes: #889592)
+ [CL] Make a large number of changes suggested by Mattia Rizzolo to
the override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES tag,
renaming it to reference DEB_BUILD_OPTIONS throughout, add Debian
Policy 4.9.1 to the tag's Ref, lower "Certanty" to "wild-guess" and
mark the tag as experimental, updating the tests to match.
(Closes: #889746)
+ [CL] Check for debian/rules files that are dh_make templates.
(Closes: #679124)
* checks/scripts.desc:
+ [CL] Improve, elaborate and tidy the long description of the
maintainer-script-should-not-use-recursive-chown-or-chmod tag.
Heavily based on a patch by Daniel Kahn Gillmor - thanks!
(Closes: #889489)
* checks/source-copyright.pm:
+ [CL] Prevent false positives when checking for missing NOTICE.txt
files by looking inside .jar archives. (Closes: #889760)
* checks/systemd.{desc,pm}:
+ [CL] Warn about unit files that install to usual WantedBy= targets.
Thanks to Sam Morris for the initial patch. (Closes: #817170)
+ [CL] Rework the no service detection, improving the (rarely
overridden) tag names to better match what they detect as well as
adding a new "missing-systemd-service-for-init.d-script" pedantic tag
where we do not have an equivalent unit as this implies missing
bespoke security hardening support, etc. Thanks to Lucas Nussbaum for
his input. (Closes: #858588)
* checks/udev.pm:
+ [CL] Add simple GOTO parsing to avoid false positives when checking
for udev rules for SUBSYSTEM specifiers. (Closes: #869547, #889639)
* commands/reporting-{html-reports,lintian-harness}.pm:
+ [NT] Register packages that fail during archive wide processing.
* data/files/privacy-breaker-fragments:
+ [BR] Detect new fragments for Google CSE.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* lib/Lintian/Util.pm:
+ [NT] Give lower processing priority to packages that repeatedly
trigger errors during archive-wide processing.
* reporting/templates/index.tmpl:
+ [NT] Display summary of how many groups had errors during their
last processing.
* reporting/templates/{lintian.css,maintainer}.tmpl:
+ [NT] Use a distinct error status instead of "Outdated" for
packages with errors during their last processing.
lintian (2.5.73) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- bad-jar-name
- binary-package-depends-on-toolchain-package
- checksum-count-mismatch-in-changes-file
- co-maintained-package-with-no-vcs-headers
- description-mentions-planned-features
- files-excluded-without-copyright-format-1.0
- global-files-wildcard-not-first-paragraph-in-dep5-copyright
- maintainer-script-should-not-use-recursive-chown-or-chmod
- missing-explanation-for-contrib-or-non-free-package
- multi-arch-same-package-has-arch-specific-overrides
- override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES
- package-does-not-install-examples
- package-uses-deprecated-dpatch-patch-system
- package-uses-deprecated-source-override-location
- unusual-documentation-package-name
* checks/cruft.{desc,pm}:
+ [CL] When looking for the source of "build/foo/bar.min.js", also
check "src/foo/bar.js". (Closes: #832027)
+ [CL] Check for upstream tarballs that ship examples but none is
installed in any binary package. (Closes: #539326)
* checks/debian-source-dir.desc:
+ [CL] Upgrade severity of missing-debian-source-format from wishlist
("I") to normal ("W"). (Closes: #702671)
* checks/description.{desc.pm}:
+ [CL] Check for packages that mention planned/upcoming features in
their long description. (Closes: #782990)
+ [CL] Improve the description-synopsis-might-not-be-phrased-properly
tag also detect multiple sentences and improve the tag description.
(Closes: #778427)
* checks/changes-file.{desc.pm}:
+ [CL] Fix an issue where the bad-section-in-changes-file,
file-size-mismatch-in-changes-file and
checksum-mismatch-in-changes-file tags were not being checked if a
package contained an upstream signature.
+ [CL] Check for inconsistencies between "Files" and Checksums-*
sections in .changes files. (Closes: #658542)
* checks/cruft.{desc.pm}:
+ [CL] Add pedantic warning for packages using source.lintian-overrides
instead of debian/source/lintian-overrides.
* checks/fields.{desc,pm}:
+ [CL] Add a pedantic warning for co-maintained packages that are not
managed in a revision control system. (Closes: #884497)
+ [CL] Warn about Multi-Arch: same packages that ship
architecture-specific Lintian overrides. Thanks to Sebastian
Ramacher for the report. (Closes: #787469)
+ [CL] Check for packages that specify binary dependencies on toolchain
packages such as cdbs or debhelper. (Closes: #700953)
+ [CL] Emit a warning about documentation packages that end with -docs.
(Closes: #664520)
+ [CL] Ensure salsa.debian.org Vcs-Git and Vcs-Browser URIs are
canonical and do not redirect. (Closes: #888809)
* checks/files.pm:
+ [CL] Support scanning contents of (eg.) data/files/js-libraries.
* checks/java.{desc,pm}:
+ [CL] Check for .jar files that do not match the Debian Java policy.
(Closes: #791552)
* checks/patch-systems.{desc,pm}:
+ [CL] Emit a pedantic warning for packages that are using the dpatch
patch system. (Closes: #884500)
* checks/rules.pm:
+ [CL] Check for override_dh_auto_test targets that do not check
DEB_BUILD_OPTIONS for "nocheck". (Closes: #712394)
* checks/scripts.desc:
+ [CL] Update the maintainer-script-should-not-use-service tag to
include advice and Debian Policy reference. (Closes: #889154)
* checks/source-copyright.{desc,pm}:
+ [CL] Warn about packages that specify a Files-Excluded header without
a valid Format header as the former will be ignored by uscan(1).
Thanks to Gunnar Wolf for the initial patch. (Closes: #745743)
+ [CL] Warn when a "Files: *" DEP-5 paragraph exists but it is not the
first paragraph. Thank to Christoph Biedl for the report and idea.
(Closes: #879235)
+ [CL] Ask maintainers to add a comment header to debian/copyright if
their package is in contrib or non-free. (Closes: #773562)
* commands/reporting-html-reports.pm:
+ [NT] Add a limit to how many instances of a tag is deplayed on a tag
page as 151 000 instances of unstripped-static-library is hardly
human readable.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/common/dh_addons:
+ [CL] Move/create from data/debhelper/dh_addons as we plan to use
it elsewhere.
* data/debhelper/dh_commands:
+ [CL] Update requirement for dh_scour (again!) from python3-scour to
scour. (Closes: #889016)
* data/debhelper/dh_commands-manual:
+ [NT] Remove dh_systemd* entries. Debian stable have a recent
enough version of debhelper that this entry no longer matters.
* data/files/fnames:
+ [CL] Ensure package-contains-python-doctree-file also warns about
compressed .doctree files.
* data/files/js-libraries:
+ [CL] Avoid false-positives when detecting Twitter's bootstrap
library. (Closes: #888972)
* data/files/python-generic-modules:
+ [CL] Detect "backports" (and "backport") as overly generic Python
module names. (Closes: #888559)
* data/scripts/maintainer-script-bad-command:
+ [CL] Warn if the maintainer scripts include "chown -R" or "chmod -R"
to prevent hardlink attacks on kernels that do not have
fs.protected_hardlinks=1. (Closes: #889066)
* doc/lintian.xml:
+ [CL] Use the debian/source/lintian-overrides location in override
example.
* lib/Lintian/*:
+ [CL] Add support for passing .buildinfo files to Lintian.
(Closes: #853274)
* reporting/templates/tag.tmpl:
+ [NT] Update template to mention tag limit when not all instances
are shown.
-- Matthias Klose <email address hidden> Fri, 16 Feb 2018 11:38:42 +0700
-
lintian (2.5.72ubuntu2) bionic; urgency=medium
* tests/binaries-general: Don't expect the
binary-compiled-with-profiling-enabled tag with binutils 2.30.
-- Matthias Klose <email address hidden> Thu, 01 Feb 2018 12:42:10 +0100
-
lintian (2.5.72ubuntu1) bionic; urgency=medium
* tests/binaries-general: Don't expect the
binary-compiled-with-profiling-enabled tag with binutils 2.30.
-- Matthias Klose <email address hidden> Thu, 01 Feb 2018 12:42:10 +0100
-
lintian (2.5.72) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-rules-uses-deprecated-systemd-override
- debian-watch-does-not-check-gpg-signature
+ Removed:
- debian-watch-may-check-gpg-signature
* checks/binaries.pm:
+ [CL] Avoid a false positive for spelling-error-in-binary that was
causing a FTBFS on armhf. (Closes: #888074)
+ [CL] Drop a duplicate line in spelling-error-in-binary exceptions.
+ [CL] Move spelling-error-in-binary exceptions to a data file.
+ [CL] Support binutils 2.29.90.20180122 (vs. 2.29.1) when parsing ELF
files for errors as the newer version modified the readelf output.
This was causing a testsuite failure when checking the
apparently-corrupted-elf-binary tag. (Closes: #888456)
* checks/cruft.{desc,pm}:
+ [CL] Do not emit "license-problem-php-license" when the source comes
from pecl.php.net: "The last agreement with FTP Masters was that PHP
license is OK when the sources some from PECL repository."
(Closes: #810780)
+ [CL] Allow, for example, debian/missing-sources/foo.js directories to
represent the source for foo.js. This is useful when foo.js is the
result of concatenating multiple files. (Closes: #836771)
* checks/debhelper.{desc,pm}:
+ [CL] Warn about packages that use about dh_systemd_enable or
dh_systemd_start overrides whilst using debhelper compat level 11 as
they are no longer being called. (Closes: #887899)
+ [CL] Include the offending context and line when emitting the
brace-expansion-in-debhelper-config-file tag.
+ [CL] Avoid false positives and remove an existing (incorrect) test
for apparent brace expansions in config files that do not include a
comma. (Closes: #888304)
* checks/fields.pm:
+ [CL] Also check xfonts-foo for font-package-not-multi-arch-foreign.
* checks/files.desc:
+ [CL] Downgrade extra-license-file from "W" to "I". (Closes: #740118)
* checks/patch-systems.{desc,pm}:
+ [CL] Ignore files called "README" or "README.patches" when checking
packages for patch-file-present-but-not-mentioned-in-series.
(Closes: #888413)
+ [CL] Ignore commented-out patches in series files when checking the
patch-file-present-but-not-mentioned-in-series tag.
+ [CL] Check "$vendor.series" (not "series.$vendor") when checking for
the patch-file-present-but-not-mentioned-in-series tag.
* checks/source-copyright.desc:
+ [CL] Clarify that paragraph ordering matters in the description of
the unused-file-paragraph-in-dep5-copyright tag. (Closes: #762261)
* checks/watch-file.{desc,pm}:
+ [CL] Rename the debian-watch-may-check-gpg-signature tag to
debian-watch-does-not-check-gpg-signature to avoid confusion around
the "may check" implying that the package in question does such
checking and we disapprove of it. Thanks to Andreas Beckmann for the
suggestion. (Closes: #735040)
* data/fields/name_section_mappings:
+ [CL] Ensure xfonts-foo are recognised as part of the "x11" section to
match the definition on https://packages.debian.org/en/sid/.
(Closes: #878609)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* debian/control:
+ [CL] docbook-xml is required to build the documentation, so drop
"<!nocheck>" build restriction.
* debian/copyright:
+ [CL] Add missing initials for Gergely Nagy, Sylvestre Ledru and Steve
Langasek. (Closes: #831729)
* lib/Lintian/Check.pm:
+ [CL] Avoid false positives in the spelling-error-in-description
(etc.) tags where the repetition is part of an acronym expansion such
as "ORA (ORA Recursive Acronym)". (Closes: #883719)
-- Chris Lamb <email address hidden> Fri, 26 Jan 2018 05:17:01 +0000
-
lintian (2.5.71) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- patch-file-present-but-not-mentioned-in-series
* checks/files.pm:
+ [CL] Ignore Rust .rs files in extra-license-file. (Closes: #887715)
* checks/patch-systems.{desc,pm}:
+ [CL] Check for patch files under the debian/patches that are not
mentioned in any series file. Thanks to Paul Wise for the idea.
(Closes: #887817)
* checks/python.{desc,pm}:
+ [CL] Don't emit "python-package-missing-depends-on-python" for debug
packages
+ [CL] Include possibility that the file should not even be installed
in the description of python-package-missing-depends-on-python.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/rules/rules-should-not-use:
+ [CL] Add more context to xz-compression-level-too-high tag output.
* lib/Lintian/Collect/Package.pm:
+ [CL] Fix "Use of uninitialized value in string ne" warnings that
would have appeared as part of the src-orig-index handling in 2.5.66.
(Closes: #887428)
* t/tests/files-multiarch-foreign-files:
+ [CL] Only run on amd64. (Closes: #886163)
-- Chris Lamb <email address hidden> Sun, 21 Jan 2018 05:24:47 +0000
-
lintian (2.5.70) unstable; urgency=medium
* checks/python.pm:
+ [CL] Fix false positives in python-package-missing-depends-on-python
for Python 3 packages; we were not checking python3:any or
python3-minimal:any.
* data/spelling/corrections:
+ [PW] Add bumpded -> bumped correction.
-- Chris Lamb <email address hidden> Tue, 16 Jan 2018 06:44:46 +0000
-
lintian (2.5.69) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- insecure-copyright-format-uri
- package-contains-file-in-etc-skel
- package-contains-python-tests-in-global-namespace
- python-package-missing-depends-on-python
- xz-compression-level-too-high
* checks/cruft.pm:
+ [CL] Ignore TeX \section (etc.) titles when checking for GFDL
license. Thanks, Norbert Preining for the report. (Closes: #863384)
* checks/fields.{pm,desc}:
+ [CL] Downgrade severity of wrong-section-according-to-package-name
from "W:" to "I:". (Closes: #883772)
+ [CL] Thanks to Niels Thykier, update the description of the
orphaned-package-not-maintained-in-debian-infrastructure tag.
+ [CL] Include the offending uri in the output of the
vcs-deprecated-in-debian-infrastructure tag.
* checks/python.{pm,desc}:
+ [CL] Don't emit new-package-should-not-package-python2-module if
the maintainer justifies its inclusion in the changelog entry.
+ [CL] Improve the description and reasoning for the
new-package-should-not-package-python2-module tag.
+ [CL] Include the offending package name when warning about
new-package-should-not-package-python2-module.
+ [CL] Warn about packages that ship Python modules but are missing
dependencies on any Python interpreter. (Closes: #887083)
+ [CL] Remark that new-package-should-not-package-python2-module's
appearance on https://lintian.debian.org/ can be ignored.
(Closes: #887124)
* checks/rules.pm:
+ [CL] Allow rules-not-should-not-use data-based tags to capture
variables and include them in the emitted tag.
* checks/source-copyright.{desc,pm}:
+ [CL] Warn about insecure "Format:" URIs that reference debian.org.
Based on a patch by Nicolas Braud-Santoni. (Closes: #886930)
* checks/standards-version.pm:
+ [CL] Include the date the Standards-Version was actually released in
the output of the ancient-standards-version and the
out-of-date-standards-version tags.
* data/debhelper/*:
+ [ADB] Refresh.
* data/files/fnames:
+ [CL] Warn about packages that ship (eg.) test_foo.py files in the
global Python module namespace.
+ [CL] Emit an error if packages ship files in /etc/skel. Thanks to
Paul Wise for the suggestion. (Closes: #887120)
* data/files/fonts:
+ [ADB] Refresh.
* data/fields/name_section_mappings:
+ [CL] Ensure that NSS (Name Services Switch) modules are placed in the
"admin" section. Thanks to Mathieu Parent (sathieu) for the patch.
(Closes: #886961)
* data/rules/rules-should-not-use:
+ [CL] Include the assigned value in the Lintian output for the
debian-rules-should-not-use-DH_EXTRA_ADDONS tag.
+ [CL] Detect overly-compressed xz packages. (Closes: #829100)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
-- Chris Lamb <email address hidden> Tue, 16 Jan 2018 00:41:30 +0000
-
lintian (2.5.68) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- dh-quilt-addon-but-quilt-source-format
- orphaned-package-not-maintained-in-debian-infrastructure
- package-contains-python-hypothesis-example
- should-specify-rules-requires-root
- vcs-deprecated-in-debian-infrastructure
* checks/changelog-file.pm:
+ [FL] Fix version parsing for hyphen in upstream versions.
* checks/cruft.pm:
+ [CL] Avoid a false-positive reported by Theppitak Karoonboonyanan
when matching autotools-pkg-config-macro-not-cross-compilation-safe
by skipping comment lines. (Closes: #886297)
+ [FL] Fix version parsing for native packages.
* checks/control-file.{desc.pm}:
+ [CL] Check for packages that should specify Rules-Require-Root.
(Closes: #886479)
* checks/debconf.pm:
+ [CL] Don't warn about unknown template type "entropy" when a package
depends on cdebconf. (Closes: #677870)
* checks/debhelper.{desc,pm}:
+ [CL] Add a check for packages that specify "dh --with quilt" but use
the "3.0 (quilt)" source format. Thanks to Mattia Rizzolo for the
idea. (Closes: #886566)
* checks/fields.pm:
+ [CL] Warn about orphaned packages that are not maintained in the
Debian infrastucture. (Closes: #886057)
+ [CL] Emit pedantic warnings for packages that refer to a non-Git
version control systems hosted in the Debian infrastructure for the
upcoming salsa.debian.org migration. (Closes: #885974)
+ [CL] Include the offending "Bugs" field value in the output of the
bugs-field-does-not-refer-to-debian-infrastructure tag.
+ [CL] Ensure that bugs-field-does-not-refer-to-debian-infrastructure
can be overridden by not emitting them for -dbgsym packages. Thanks
to Thorsten Glaser for the report. (Closes: #886426)
* checks/huge-usr-share.pm:
+ [CL] Bump arch-dep-package-has-big-usr-share thresholds; they were
last set in 2004. (Closes: #648755)
* checks/pe.pm:
+ [CL] Apply a patch from Stephen Kitt to avoid false-positives when
checking PE32+ Windows Portable Executable files, additionally
dropping the now-unnecessary magic number parsing. (Closes: #886555)
* checks/python.{pm,desc}:
+ [CL] Don't warn about django-package-does-not-depend-on-django for
-doc packages, etc.
+ [CL] Lower the severity of the
"dependency-on-python-version-marked-for-end-of-life" tag from normal
("W:") to wishlist ("I:") as it is not necessarily actionable by the
maintainer. This reverts bug #883581. (Closes: #886259)
+ [CL] When checking for a Python 3 variant of a Python 2.x package
also consider any package that declares a binary dependency on the
${python3:Depends} substvar to catch packages that have been renamed.
Thanks to Scott Kitterman for the report. (Closes: #886303)
* checks/rules.pm:
+ [CL] Also allow $(overridden_command) when checking for the
override_dh_fixperms-does-not-call-dh_fixperms etc. tags.
* checks/scripts.desc:
+ [CL] Also mention Recommends and Suggests in the opening paragraph of
python-script-but-no-python-dep. (Closes: #687141)
* checks/shared-libs.pm:
+ [CL] Skip Objective-C libraries for the no-symbols-control-file tag
as instance/class methods do not appear in the symbol table. Thanks
to Yavor Doganov for the report and help. (Closes: #749202)
* checks/source-copyright.desc:
+ [CL] Avoid false positives for missing-notice-file-for-apache-license
by also looking for files with a .txt extension in binary packages.
Thanks to Ferenc Wágner for the report. (Closes: #886343)
* checks/standards-version.desc:
+ [CL] Downgrade severity of out-of-date-standards-version from normal
("W:") to wishlist ("I:"). (Closes: #886210)
* checks/watch-file.pm:
+ [CL] Apply patch from Carlos Maddela <email address hidden> to prevent
false-positives when options contain escaped quotation marks.
(Closes: #886574)
* collection/src-orig-index:
+ [CL] Return the replaced string after injecting any tarball prefix
(ie. "foo/bar\n"), not Perl's result of the replacement (ie. "1").
(Closes: #886586)
* data/common/dbg-pkg:
+ [CL] Identify both python-foo-dbg and python3-foo-dbg as known debug
packages to avoid a false-positive for the former when checking for
debian-control-has-obsolete-dbg-package. (Closes: #886271)
* data/files/fnames:
+ [CL] Warn about packages that ship (non-reproducible) Python
Hypothesis examples. (Closes: #886101)
+ [CL] Only test for packages shipping gschemas.compiled files in
usr/share/glib-*/schemas as it is valid for packages to generate
schemas at build time. Thanks to Jonathan Carter (highvoltage) for
the followup. (Closes: #884142)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/standards-version/ancient-date:
+ [CL] Change the policy of "ancient-standards-version" to "a release
of Policy from the previous stable release cycle" and update the
value to match. (Closes: #886219)
* reporting/templates/maintainer.tmpl:
+ [CL] Make the previously-hidden package anchor links visible so that
one can right-click and copy the URL instead of constructing it
manually.
* t/tests/files-multiarch-foreign-files:
+ [CL] Ensure that we install to a multiarch directory on all
architectures to prevent a FTBFS on, for example, i386.
(Closes: #886163)
-- Chris Lamb <email address hidden> Tue, 09 Jan 2018 14:33:30 +0000
-
lintian (2.5.67) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-rules-should-not-use-DH_EXTRA_ADDONS
- debian-watch-could-verify-download
- invalid-date-in-debian-changelog
- override_dh_fixperms-does-not-call-dh_fixperms
* checks/apache2.{desc,pm}:
+ [CL] Include the offending filename and line number in the output of
apache2-deprecated-auth-config and apache2-unparsable-dependency.
+ [CL] Avoid false positives in apache2-deprecated-auth-config where
the offending lines are wrapped in suitable "IfModule" or "IfVersion"
directives. (Closes: #788991, #710656)
* checks/changelog-file.{desc,pm}:
+ [CL] Warn about changelog entries that have incorrectly formatted
dates. (Closes: #793406)
* checks/files.pm:
+ [CL] Split out python-module-has-overly-generic-name regular
expression into a data file.
+ [CL] Don't warn about extra license files installed via Sphinx.
Thanks, Stuart Prescott! (Closes: #885968)
* checks/python.pm:
+ [CL] Prevent false positives when checking for Python {2,3} packages
that depend on Python {3,2} packages when the package being depended
on ends with -doc. We were previously only catching the case for
dependencies *from* packages with such names. (Closes: #885693)
+ [CL] Also ignore -doc, -docs, -dev, -common and -tools packages for
intra-Python variant dependency checking, python-but-no-python3, etc.
+ [CL] Drop parens in depends-on-package-from-other-python-variant
output.
+ [CL] Refactor django-package-does-not-depend-on-django check to
correctly check Django packages called python2-django-foo.
* checks/rules.{desc.pm}:
+ [CL] Suggest using /usr/share/dpkg/architecture.mk as a solution to
debian-rules-sets-dpkg-architecture-variable rather than simply
replacing assignments with ?=. Thanks to Helmut Grohne for the
suggestion.
+ [CL] Include the line number when warning about instances of
override_dh_clean targets that are missing calls to dh_clean.
+ [CL] Apply patch from Paul Tagliamonte to check for files
that use DH_EXTRA_ADDONS. Thanks! (Closes: #885790)
+ [CL] Update $PYTHON3X_DEPEND to prevent false positives in
missing-python-build-dependency. (Closes: #750537)
+ [CL] Refactor check for override_dh_clean-does-not-call-dh_clean
tag into a loop.
+ [CL] Check for override_dh_fixperms targets that are missing calls
to dh_fixperms. (Closes: #885910)
* checks/scripts.pm:
+ [CL] Include the offending/unknown shebang in the output of various
interpreter-related tags. (Closes: #673734)
* checks/source-copyright.desc:
+ [CL] Also mention that we check for NOTICE.gz files when looking for
Apache 2.0 packages that do not distribute their accompanying NOTICE
file.
* checks/watch-file.{desc,pm}:
+ [CL] Apply patch from Felix Lechner <email address hidden> to
check for packages where an upstream signature exists but is not
being used. (Closes: #885621)
* data/fields/name_section_mappings:
+ [CL] Ensure that PAM modules are placed in the "admin" section,
additionally preventing a false positive for libpam-krb5 which was
being caught by a "libfoo1" => "libs" entry. (Closes: #885899)
* data/files/python-generic-modules:
+ [CL] Add "examples".
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/standards-version/release-dates:
+ [CL] Correct date(1) invocation example in comment.
+ [CL] Add 4.1.3 as a known standards version.
* debian/control:
+ [CL] Declare compliance with Debian Policy 4.1.3.
+ [CL] Mention Debian Policy 4.1.3 in long package description.
-- Chris Lamb <email address hidden> Mon, 01 Jan 2018 14:58:24 +0000
-
lintian (2.5.66) unstable; urgency=medium
Merry Christmas!
* Summary of tag changes:
+ Added:
- autotools-pkg-config-macro-not-cross-compilation-safe
- bugs-field-does-not-refer-to-debian-infrastructure
- mismatched-python-substvar
- missing-notice-file-for-apache-license
- override_dh_clean-does-not-call-dh_clean
- package-contains-python-doctree-file
- pkg-config-unavailable-for-cross-compilation
- portable-executable-missing-security-features
- python-package-depends-on-package-from-other-python-variant
- vcs-fields-use-more-than-one-vcs
* checks/*.desc:
+ [CL] Standardise on capital-L "Lintian" in package descriptions.
Thanks to Adam D. Barratt for the suggestion.
* checks/cruft.{pm,desc}:
+ [CL] Check for packages that invoke AC_PATH_PROG without considering
cross-compilation. Thanks to Helmut Grohne for the idea and
proof-of-concept implementation. (Closes: #884798)
* checks/fields.{pm,desc}:
+ [CL] Emit a wishlist warning for packages that mix-and-match more
than one version control system in Vcs-* headers. (Closes: #884503)
+ [CL] Warn when packages specify a "Bugs" field in debian/control that
does not refer to official Debian infrastructure as this can make
reportbug unable to report bugs. (Closes: #741071)
* checks/files.{pm,desc}:
+ [CL] Warn maintainers about packages that ship pkg-config files under
/usr/lib/pkgconfig as they are unavailable under cross-compilation.
Thanks to Helmut Grohne for the idea. (Closes: #885096)
+ [CL] Warn about packages that ship non-reproducible Python .doctree
files. (Closes: #885327)
+ [CL] Factor out simple filename checks into a Lintian::Data variable.
* checks/init.d.{pm,desc}:
+ [CL] Don't emit init.d-script-needs-depends-on-lsb-base if the
package ships a Systemd service file. (Closes: #864999)
* checks/lintian.desc:
+ [CL] Also note that unused-override can be triggered if Lintian
adds/modifies supplementary tag metadata.
* checks/obsolete-sites.pm:
+ [CL] Ignore commented-out lines to avoid false-positives where the
maintainer references the old location. (Closes: #806237)
* checks/pe.{pm,desc}:
+ [CL] Check for Microsoft Windows Portable Executable (PE) files that
are missing security hardening features. Thanks to Petter
Reinholdtsen for the report. (Closes: #837548)
* checks/python.{pm,desc}:
+ [CL] Warn about Python 2.x packages using ${python3:Depends} and
Python 3.x packages using ${python:Depends}. Thanks to Mattia
Rizzolo for the idea. (Closes: #884676)
+ [CL] Factor out definition of dependency fields.
+ [CL] Warn about Python 3 packages that depend on Python 2 packages
and vice versa. (Closes: #782277)
* checks/rules.{desc,pm}:
+ [CL] Check for override_dh_clean targets that are missing calls to
dh_clean. Thanks to Andreas Beckmann for the idea. (Closes: #884817)
* checks/standards-version.pm:
+ [CL] Avoid misleading tag descriptions when emitting valid
timewarp-standards-version warnings if the date parts are identical
(ie. "2017-11-30 < 2017-11-30"). Thanks to Andrea Bolognani
<email address hidden>> for the report. (Closes: #884785)
* checks/source-copyright.{desc,pm}:
+ [CL] Check for Apache 2.0 packages that do not distribute their
accompanying "NOTICE" files. (Closes: #885042)
+ [CL] Use the list of files in the orig tarball (rather than in the
regular index) to prevent false positives when checking for the
source-includes-file-in-files-excluded tag when a patch system
re-adds files that were removed. (Closes: #884848)
* collection/src-orig-index:
+ [CL] Correct references to generated filename.
+ [CL] Update bitrotted calls to Lintian::Command:spawn.
* data/debhelper/compat-level:
+ [MR] Bump the experimental debhelper compat level to 12.
(Closes: #884678)
+ [CL] Bump the recommended debehlper compat level to 11, emitting a
pedantic warning when using lower level. (Closes: #884699)
* data/debhelper/dh_commands:
+ [CL] dh_scour is now provided by python3-scour, not python-scour.
Thanks to Jeremy Bicha. (Closes: #885106)
* data/files/js-libraries:
+ [CL] Detect embedded jQuery libraries with version number in their
filenames (eg. jquery-1.10.2.min.js). (Closes: #833613)
+ [CL] Also emit embedded-javascript-library for Twitter Bootstrap and
"mustache".
* data/files/php-libraries:
+ [CL] Avoid a embedded-php-library false positive for streams.php.
(Closes: #637473)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* debian/compat:
+ [NT] Bump debhelper compat level to 11.
* debian/control:
+ [CL] Tag relevant build-dependencies with <!nocheck>.
+ [NT] Bump versioned Build-Dependency on debhelper to 11~.
* lib/Lintian/Collect/{Package,Source}.pm:
+ [CL] Don't require that src-orig-index.gz actually contains any files
rather than faking an entry.
* reporting/templates/maintainer.tmpl:
+ [CL] Correct invalid "else if" syntax with "elsif". Thanks to Uwe
Kleine-König for the report.
* t/tests/fields-malformed-vcs-fields-unrel:
+ [CL] Add a regression test for a potential false positive in the
"vcs-field-has-unexpected-spaces" tag. (Ref: #884870)
* t/tests/files-multiarch-foreign-files:
+ [CL] Don't hardcode architecture triplet to fix FTBFS on non-amd64
architectures. (Closes: #884683)
* t/scripts/implemented-tags.t:
+ [CL] Exclude some tests in this coverage check now that they are
specified in a data file rather than in the code itself.
-- Chris Lamb <email address hidden> Tue, 26 Dec 2017 14:59:29 +0000
-
lintian (2.5.65) unstable; urgency=medium
* t/tests/files-pkgconfig:
+ [CL] Update tests to reflect change in Multi-Arch foreign detection.
-- Chris Lamb <email address hidden> Mon, 18 Dec 2017 10:04:30 +0000
-
lintian (2.5.63) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- development-package-ships-elf-binary-in-path
- excessive-priority-for-library-package
- multiarch-foreign-cmake-file
- multiarch-foreign-pkgconfig
- multiarch-foreign-static-library
- package-contains-compiled-font-file
- package-contains-compiled-glib-schema
* checks/binaries.{pm,desc}:
+ [CL] Add an experimental check for development packages that ship
ELF binaries in $PATH. Host architecture binaries are generally not
executable so such files are useless for cross builds.
(Closes: #794295)
* checks/cruft.desc:
+ [CL] Add debian/changelog to the file-contains-trailing-whitespace
example to make it even easier to copy-paste.
* checks/fields.{pm,desc}:
+ [CL] Warn about library packages with excessive priority. Thanks to
Josh Triplett for the report. (Closes: #834290)
* checks/files.{pm,desc}:
+ [CL] Warn about Multi-Arch: foreign packages that ship CMake,
pkg-config or static libraries in public, architecture-dependent
search paths. Thanks to Helmut Grohne for the initial patch and
report. (Closes: #882684)
+ [CL] Raise the certainty of multiarch-foreign-shared-library from
"wild guess" to "possible" on the suggestion of Helmut Grohne.
+ [CL] Test for packages shipping "gschemas.compiled" files. Thanks
to Andreas Beckmann for the idea. (Closes: #884142)
+ [CL] Warn if a package ships compiled font files. Thank you to
Andreas Beckmann for the report. (Closes: #884165)
* checks/python.pm:
+ [CL] Also check for packages installing modules called "site" or
"docs" into the global namespace. (Closes: #769365)
* checks/scripts.desc:
+ [CL] Update description of python-script-but-no-python-dep to refer
to ${python3:Depends}. Thanks to Mattia Rizzolo. (Closes: #660718)
+ [CL] Prevent a false-positive in missing-dep-for-interpreter by
matching ABI-versioned virtual packages for Erlang. Thanks to
Jean Parpaillon for the report. (Closes: #810204)
* checks/source-copyright.desc:
+ [CL] Update description of source-includes-file-in-files-excluded
to clarify the potential problem and to reference the relevant
wishlist bug against git-buildpackage.
* checks/python.pm:
+ [CL] Clarify that new-package-should-not-package-python2-module
triggers when there is a single changelog entry as well as providing
general guidance where upstreams have not ported to Python 3 yet.
* commands/lintian.pm:
+ [CL] Correct parsing of "jobs=42" in lintianrc. If specified, it
would be coerced to a boolean resulting in a value of 1.
+ [CL] Allow the tag display limit to be configured via the
"--tag-display-limit" command-line argument or "tag-display-limit"
in lintianrc. (Closes: #813525)
+ [CL] Make -v imply --no-tag-display-limit. (Closes: #812756)
* data/files/privacy-breaker-fragments:
+ [CL] Don't match, for example, "FB.login()" when used as a
documentation example. (Closes: #884296)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* doc/lintianrc.example:
+ [CL] Add missing "jobs" entry.
* profiles/pureos/main.profile:
+ [CL] Add a profile for Purism's PureOS. (Closes: #884408)
* reporting/images/*.png:
+ [CL] Apply patch from Ville Skyttä that runs the .PNG files through
the "zopflipng" minimiser tool to save space. (Closes: #884559)
* reporting/templates/maintainer.tmpl:
+ [CL] Add links from each maintainer page (which does not include
pedantic tags, etc.) to the corresponding package on the full report,
Thanks to Paul Wise for the idea and report. (Closes: #884572)
* vendors/pureos/main/data/changes-file/known-dists:
+ [CL] Add data file for PureOS.
-- Chris Lamb <email address hidden> Sun, 17 Dec 2017 20:19:20 +0000
-
lintian (2.5.62) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- invalid-potfiles-in
* checks/changelog-file.pm:
+ [CL] Correct operator precedence in "epoch-change-without-comment"
to prevent a false positive when an epoch is present but is unchanged
between versions.
+ [CL] Improve output of epoch-change-without-comment to include the
actual version change.
* checks/python.desc:
+ [CL] Also match, for example, "python2.7:any" when checking the
"dependency-on-python-version-marked-for-end-of-life" tag, not just
"python2.7". (Closes: #883053)
+ [CL] Detect an invalid debian/po/POTFILES.in instead of bailing out.
(Closes: #883653)
* checks/scripts.desc:
+ [AB] command-with-path-in-maintainer-script: Add more references,
especially the reason why "if [ -x /usr/bin/<command> ]; …" is
indeed bad (#769845 and the mail referred to in there). Rewrite
recommendations, explain what conditions should be given if someone
intents to override this tag. (Closes: #807695)
* checks/source-copyright.pm:
+ [CL] Correct false positives in the
"source-includes-file-in-files-excluded" tag where a Files-Excluded
of "lib/*" would be triggered for "foolib/filename".
+ [CL] Correct another false positive in the
"source-includes-file-in-files-excluded" tag where we would warn when
the maintainer has removed upstream's debian/ directory and then we
would trigger it on the maintainer's replacement files.
+ [CL] List all files violating source-includes-file-in-files-excluded,
not just the first one we encounter per "Files-Excluded" entry.
+ [CL] Ignore .pc dirs for source-includes-file-in-files-excluded,
* data/spelling/corrections:
+ [AB] Remove "publically". It's a seldom, but valid English word
(c.f. https://en.wiktionary.org/wiki/publically) and causes false
positives in the OpenSSL license.
* t/scripts/spellintian.t:
+ [AB] Ensure that "publically" is not re-added as spelling correction
in the future again to avoid hundreds of false positives in the
OpenSSL license.
-- Chris Lamb <email address hidden> Thu, 07 Dec 2017 16:28:15 +0000
-
lintian (2.5.61) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- epoch-change-without-comment
- source-includes-file-in-files-excluded
- unnecessary-team-upload
* checks/changelog-file.{desc,pm}:
+ [CL] Warn about packages that modify the epoch and there's no comment
about the change. This was motivated by accidental bumping of the
epoch in my python-django 2:2.0-1 upload.
* checks/elpa.desc:
+ [CL] Correct reference to dh_elpa(1) manpage. Thanks to Paul Gevers
for the report. (Closes: #883356)
* checks/fields.pm:
+ [CL] Apply patch from Dylan Aïssi to add R CRAN & Bioconductor
repositories to the list of known insecure URIs. (Closes: #883121)
* checks/nmu.{desc,pm}:
+ [CL] Warn if a "Team upload" (ie. that string is present in the
changelog) but the uploader is among the Maintainer/Uploaders.
(Closes: #882954)
* checks/python.desc:
+ [CL] Raise the severity of the
"dependency-on-python-version-marked-for-end-of-life" and
"python-foo-but-no-python3-foo" Python 2.x deprecation tags to
regular warnings. (Closes: #883581)
* checks/source-copyright.{desc,pm}:
+ [CL] Warn when files specified in Files-Excluded exist in the source
tree. (Closes: #871454)
* data/spelling/corrections:
+ [PW] Add a number of corrections.
+ [CL] Remove "german|German" and "russian|Russian" entries - they are
covered by data/spelling/corrections-case. (Closes: #883041)
* data/standards-version/release-dates:
+ [AB] Add 4.1.2 as known standards version.
+ [AB] Suggest "date +%s -s …" instead of libtimedate-perl.
* debian/control:
+ [AB] Declare compliance with Debian Policy 4.1.2.
+ [AB] Mention Debian Policy 4.1.2 in long package description.
* t/runtests:
+ [AB] Use standards version 4.1.2 in tests.
* t/scripts/spellintian.t:
+ [AB] Add two checks for common mistakes in d…/spelling/corrections:
"iff" is a valid word (c.f. #865055) and case-only misspellings
belong into data/spelling/corrections-case.
-- Chris Lamb <email address hidden> Tue, 05 Dec 2017 14:41:02 +0000
-
lintian (2.5.60) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- homepage-field-uses-insecure-uri
- hyphen-file
- rules-does-not-require-root
- rules-requires-root-explicitly
* checks/control-file.{desc,pm}:
+ [AB] Add classification tags for R³.
+ [CL] Remove the "Experimental: yes" flag from the
debian-control-has-obsolete-dbg-package tag. (Closes: #882154)
+ [AB] Change reference for debian-control-has-obsolete-dbg-package
from https://wiki.debian.org/DebugPackage to
https://wiki.debian.org/AutomaticDebugPackages
* checks/cruft.desc:
+ [CL] Add suggested [[:space:]]-based sed call for
file-contains-trailing-whitespace. Thanks to Stuart Prescott.
(Closes: #881389)
+ [AB] Also mention Emacs' "M-x wh-cl" (whitespace-cleanup) for
file-contains-trailing-whitespace.
* checks/fields.desc:
+ [CL] Warn for Homepage files using well-known insecure URIs.
(Closes: #849514)
* checks/files.pm:
+ [NT] Add missing slash for usr/sbin that caused lintian to report
false-positive multiarch-foreign-shared-library when a package
only had executables in usr/sbin. Thanks to Helmut Grohne for
reporting the issue.
+ [CL] Warn on files called "-" (hyphen symbol). See #882638 for an
example.
* checks/version-substvars.desc:
+ [CL] Don't recommend "Source-Version" in tag descriptions.
* data/fields/*:
+ [CL] Revert patch from Guillem Jover to add a "golang" archive
section; it has not ben added to the archive yet.
* data/spelling/corrections:
+ [PW] Add several corrections.
* lib/Test/Lintian/Harness.pm, t/runtests, t/tests/README:
+ [AB] Add support for a "Test-Conflicts" field.
* t/tests/rules-including-deprecated-makefiles/desc:
+ [AB] Add "Test-Conflict: dh-buildinfo". Having dh-buildinfo
installed causes that test to fail.
* .gitignore:
+ [AB] Ignore /debian/.debhelper/ directory.
-- Chris Lamb <email address hidden> Sun, 26 Nov 2017 11:13:58 +0900
-
lintian (2.5.59) unstable; urgency=medium
* lib/Lintian/Check.pm:
+ [CL] Don't warn about duplicate words when separated by punctuation.
(Closes: #822504)
* data/fields/*:
+ [CL] Apply patch from Guillem Jover to add a "golang" archive
section. (Closes: #880701)
-- Chris Lamb <email address hidden> Thu, 09 Nov 2017 08:48:00 +0000
-
lintian (2.5.58) unstable; urgency=medium
* checks/cruft.pm:
+ [CL] Rewrite file-contains-trailing-whitespace tag to be a hash from
the filename to the regex we should match.
+ [CL] Allow trailing tabs in debian/rules files; they are a very
common idiom in Makefiles.
* checks/fields.desc:
+ [SL] Update of the documentation for the change introduced in 2.5.53:
Transitional packages should now be "oldlibs/optional" rather
than "oldlibs/extra".
* checks/python.pm:
+ [CL] Don't count python-django and python3-django as Django modules.
This avoids a warning where Django itsel triggers
"django-package-does-not-depend-on-django".
* data/fields/name_section_mappings:
+ [CL] Apply patch from Simon McVittie to prevent a misdetection of
libcanberra-gstreamer as a GNU Smalltalk library. (Closes: #880140)
* data/spelling/corrections:
+ [AB] Add more misspellings of the word "dependency".
* doc/lintian.xml:
+ [CL] Improve overrides docs using source-is-missing as an example.
(Closes: #838807)
* vendors/ubuntu/main/data/changes-file/known-dists:
+ [CL] Add bionic as a known Ubuntu distribution. Thanks Jeremy Bicha!
(Closes: #880115)
-- Chris Lamb <email address hidden> Fri, 03 Nov 2017 08:46:02 +0100
-
lintian (2.5.57) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-rules-should-not-set-CFLAGS-from-noopt
* checks/control-file.pm:
+ [CL] Avoid false positives in debian-control-has-empty-field when the
field is wrapped onto a new line. Thanks to Mattia Rizzolo for the
report. (Closes: #879977)
* checks/cruft.desc:
+ [CL] Add example on how to remove trailing whitespace with sed.
+ [CL] Drop README.source from files to check against the
file-contains-trailing-whitespace tag as it can include quotes
from upstream that would be ideally left intact.
* checks/debhelper.pm:
+ [NT] Remove code handling named compat levels.
* checks/files.desc:
+ [CL] Ignore embedded jQuery libraries for Doxygen. (Closes: #736360)
* checks/rules.desc:
+ [CL] Warn if packages set CFLAGS if the value of DEB_BUILD_OPTIONS
contains noopt. (Closes: #718640)
* commands/lintian.pm:
+ [NT] Have lintian resignal between various stages of the
processing. Previously, ill-timed signals would be caught and
"semi-ignored" with lintian happily continuing to process the
next package. (Closes: #878575)
* data/debhelper/named-compat-levels:
+ [NT] Removed; no longer used.
-- Chris Lamb <email address hidden> Sun, 29 Oct 2017 12:14:30 +0000
-
lintian (2.5.56) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- appstream-metadata-invalid
- debhelper-tools-from-autotools-dev-are-deprecated
- debian-control-has-empty-field
- debian-rules-sets-dpkg-architecture-variable
- empty-section-field
- file-contains-trailing-whitespace
- init.d-script-contains-skeleton-template-content
- latest-changelog-entry-without-new-date
* checks/appstream-metadata.{pm,desc}:
+ [CL] Don't error out when AppStream metadata is invalid and emit new
appstream-metadata-invalid tag instead. (Closes: #879661)
* checks/binaries.desc:
+ [CL] Apply patch from Adrian Bunk to mention the lack of the "-g"
flag as a common cause for the debug-file-with-no-debug-symbols tag.
(Closes: #878806)
+ [CL] Apply patch from Guillem Jover to strongly discourage the use
of the getconf(1) interface for LFS support. (Closes: #879935)
* checks/changes-file.desc:
+ [CL] Add a note to orig-tarball-missing-upstream-signature regarding
support in pristine-tar and git-buildpackage.
* checks/conffiles.pm, checks/{debconf,files,scripts}.desc:
+ [CL] Apply patch from Ville Skyttä <email address hidden> to fix a
number of spelling mistakes. (Closes: #878446)
+ [CL] Apply patch from Ville Skyttä <email address hidden> to update
a number of manual references. (Closes: #878517)
* checks/control-file.{pm,desc}:
+ [CL] Warn about empty fields in debian/control. (Closes: #744388)
* checks/cruft.{pm,desc}:
+ [CL] Warn about certain files under debian/* that contain trailing
whitespace characters. (Closes: #748405)
* checks/debconf.desc:
+ [CL] Apply patch from Ville Skyttä <email address hidden> to update
the debconf-spec refs. (Closes: #878449)
* checks/debhelper.{desc,pm}:
+ [NT] Add a check for packages using the debhelper tooling from the
autotools-dev package. These have been replaced by the changes
inside debhelper itself.
+ [NT] Avoid useless-autoreconf-build-depends for autotools-dev when
the autotools-dev tooling is used in debian/rules.
(Closes: #871711)
* checks/fields.pm:
+ [CL] Apply patch from Nicolas Boulenguez to accept and recommend the
new vcs-mtn mtn:// uri format. (Closes: #878798)
+ [CL] Emit new empty-section-field tag instead of uninitialized value
warnings on an empty "Section:" field. (Closes: #878515)
* checks/files.pm:
+ [CL] Lower the severity of package-installs-java-bytecode from
"error" to "warning". (Closes: #879862)
+ [CL] Do not trigger package-installs-java-bytecode if the path
contains "WEB-INF", "demo", "doc" etc. (Closes: #879860)
+ [CL] Verify files triggering package-installs-java-bytecode files
really are Java class files. (Closes: #879861)
* checks/init.d.pm:
+ [CL] Check for files that use content from the /etc/init.d/skeleton
template. Thanks to Christoph Biedl for the idea. (Closes: #879152)
* checks/md5sums.pm:
+ [CL] Allow empty md5sums files. (Closes: #781372)
* checks/rules.{pm,desc}:
+ [CL] Warn on packages unnecessararily setting dpkg-architecture(1)
variables. (Closes: #793554)
* checks/scripts.desc:
+ [CL] Check the "Recommends" field as well when testing scripts for
script-needs-depends-on-sensible-utils. (Closes: #879953)
* checks/source-changelog.{desc.pm}:
+ [CL] Move latest-debian-changelog-entry-without-new-date tag into a
new check of type "source". (Closes: #873612)
* checks/watch-file.pm:
+ [CL] Include the offending URI in debian-watch-uses-insecure-uri
output, not the line number.
+ [CL] Ignore the magic http://sf.net/ redirector URI for the
debian-watch-uses-insecure-uri tag. (Closes: #879206)
* data/common/source-fields:
+ [NT] Add "Rules-Requires-Root".
* data/fields/essential:
+ [CL] Apply patch from Helmut Grohne <email address hidden> to treat
e2fsprogs as non-essential. (Closes: #878518)
* data/fields/perl-provides:
+ [CL] Update for Perl 5.026001.
* data/scripts/interpreters:
+ [CL] Add cwl-runner to the list of interpreters. (Closes: #851126)
* data/spelling/corrections:
+ [CL] Revert addition of "none were" -> "none was" multiword spelling
correction as it is "acceptable beyond serious criticism".
(Closes: #878457)
* debian/control:
+ [NT] Set R³ to "no". Lintian builds fine without root and
Build-Depends on fakeroot for the tests that still require
fakeroot.
* doc/lintian.xml, checks/{fields,files,menu-format}.desc, etc.:
+ [CL] Apply patch from Ville Skyttä <email address hidden> to update
a large number of errors in links. (Closes: #878521)
* private/refresh-manual-refs:
+ [CL] Apply patch from Ville Skyttä <email address hidden> to update
the Debconf reference mapping. Many thanks! (Closes: #878449)
+ [CL] Apply a patch series from Ville Skyttä <email address hidden>
to a number of issues in the Menu, Perl, Python and Debian
Policy parsing.
* t/scripts/pod-synopsis.t:
+ [CL] Apply patch from Ville Skyttä <email address hidden> to skip all
POD synopsis tests if Test::Pod is not available. (Closes: #878522)
* t/tests/debconf-config-*, t/tests/legacy-maintainer-scripts:
+ [CL] Split out checks for debconf-config-not-executable into a
separate test protected by a Test-Requires now that dpkg >= 1.19.0
will bail out on that condition.
-- Chris Lamb <email address hidden> Fri, 27 Oct 2017 18:29:35 +0000
-
lintian (2.5.55ubuntu1) bionic; urgency=medium
* Cherry-pick the following commits from Debian git for dpkg 1.19 compat:
+ [CL] Split out checks for debconf-config-not-executable into a
separate test protected by a Test-Requires now that dpkg >= 1.19.0
will bail out on that condition.
-- Adam Conrad <email address hidden> Wed, 25 Oct 2017 23:13:38 -0600
-
lintian (2.5.55) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-watch-uses-insecure-uri
- django-package-does-not-depend-on-django
- example-script-uses-deprecated-nodejs-location
- priority-extra-is-replaced-by-priority-optional
- python-module-has-overly-generic-name
- systemd-service-file-wraps-init-script
+ Removed:
- copyright-year-in-future
* checks/copyright-file.pm:
+ [CL] Drop copyright-year-in-future after all; it's just too error
prone and time-consuming to maintain given the severity of the issues
it can find. (Closes: #877766)
* checks/cruft.pm:
+ [CL] Exempt debian/copyright from license-problem-non-free-RFC tag
to avoid false-positives on meta-references. (Closes: #877999)
* checks/debhelper.pm:
+ [AB] Also recognize dh-exec's "=>" arrow if surrounded by tabs.
(Closes: #877905)
* checks/fields.{desc,pm}:
+ [NT] Add an info tag for packages that use "Priority: extra". Thanks
to Mattia Rizzolo for the suggestion. (Closes: #870898)
* checks/files.pm:
+ [CL] Ignore privacy breach violations in comments. (Closes: #877421)
+ [CL] Check for Python modules with overly generic names such as
"tests" or "test". (Closes: #875964)
* checks/{files,manpages,menu-format}.{desc,pm}:
+ [NT] Stop considering usr/man, usr/X11R6/bin and usr/X11R6/man as
manpage directories / PATH directories to simplify some code paths.
Nothing ships manpages in these directories and lintian emits tags
to strongly discourage people from doing so.
* checks/init.d.pm:
+ [CL] Avoid warning for init.d-script-not-marked-as-conffile when
the init.d script does not exist; we will already be alerted via
the init.d-script-not-included-in-package error.
* checks/python.pm:
+ [CL] Move to "Type: source, binary" check type.
+ [CL] Also match packages named "python2-*" as relating to Python 2.x.
+ [CL] Warn about Django libraries that do not depend on Django itself.
(Closes: #877292)
+ [CL] Do not emit python-foo-but-no-python3-foo for -common packages.
* checks/scripts.desc:
+ [CL] Add missing example-script-uses-deprecated-nodejs-location tag.
(Closes: #877142)
+ [NT] Apply patch from Mattia Rizzolo to improve the tag description
for script-uses-deprecated-nodejs-location.
+ [CL] Actually check for a dependency on sensible-utils before
emitting script-needs-depends-on-sensible-utils. Thanks to Daniel
Reichelt for the detailed bug report. (Closes: #877439)
* checks/standards-version.desc:
+ [CL] Correct invalid link to upgrading-checklist. Thanks to Dann
Frazier for the report. (Closes: #878184)
* checks/systemd.{desc,pm}:
+ [CL] Warn if native systemd service files only wrap existing SysV/LSB
init scripts. (Closes: #870704)
* checks/watch-file.{pm,desc}:
+ [CL] Warn for debian/watch files using insecure URIs such as HTTP or
FTP, similar to vcs-field-uses-insecure-uri. (Closes: #849515)
* data/{common => fields}/priorities:
+ [NT] Rename file.
* data/fields/essential:
+ [MR] Remove 'mount' from the essential packages. Starting with
util-linux version 2.29.2-3 the Essential flag has been removed.
(Closes: #877511)
* data/fields/priorities:
+ [NT] Remove "extra".
* data/files/privacy-breaker-websites:
+ [CL] Replace (eg.) "You may use libjs-prototype package" with "You
may use the libjs-prototype package".
* commands/lintian.pm:
+ [NT] Simplify handling of uncaught exceptions.
* doc/lintian.xml:
+ [NT] Document that the XDG_DATA_HOME directory can be used for
user profiles and data files. This has been supported for quite
a while but the documentation incorrectly listed "$HOME/.lintian"
instead (which in fact did not work for this purpose).
(Closes: #701477)
* frontend/dplint:
+ [NT] Restore "$HOME/.lintian" as a directory that is used for
user profiles and data files. It was advertised as such in the
documentation but the code actually only used the XDG_DATA_HOME
path. Thanks to Daniel Kauffman for the report. (Closes: #875636)
+ [NT] Correct the order of restricted search paths (user directories
and /etc/lintian). It incorrectly used /etc/lintian before the
user directory.
* lib/Lintian/Util.pm:
+ [NT] Rename the "fail" subroutine to "internal_error" to better
reflect its purpose.
* t/tests/binaries-from-other-arch:
+ [NT] Make test architecture specific as it fails on certain
architectures. (Closes: #877147)
* t/tests/python-new-python2-package/*:
+ [CL] Correct Depends of python2.7 → python3 in Python 3 test
package.
* t/tests/python-python2-no-python3-unrel/debian/debian/control.in:
+ [CL] Add test for ignoring python-foo-doc packages.
+ [CL] Correct short descriptions of binary packages.
-- Chris Lamb <email address hidden> Thu, 12 Oct 2017 11:50:41 -0400
