Changelog
lintian (2.5.75ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- tests/binaries-general: Don't expect the
binary-compiled-with-profiling-enabled tag with binutils 2.30.
lintian (2.5.75) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- debian-rules-uses-unnecessary-dh-argument
- missing-explanation-for-repacked-upstream-tarball
- udevadm-called-without-guard
* checks/changelog-file.desc:
+ [CL] When checking latest-debian-changelog-entry-without-new-version
ignore any change of epoch. (Closes: #889991)
* checks/debhelper.{desc,pm}:
+ [CL] Warn when specifying --parallel to dh(1) in compat levels >= 10.
Thanks to Nicolas Braud-Santoni for the idea. (Closes: #890358)
+ [CL] Add a missing verb to the long description of the
dh-quilt-addon-but-quilt-source-format tag.
* checks/files.pm:
+ [CL] Tidy logic for detecting allowed rel="" values in <link/>
HTML tags.
+ [CL] Allow rel="canonical" in <link/> HTML tags; they are used by
search engines (etc.) and do not cause internet access.
(Closes: #762753)
* checks/init.desc:
+ [CL] Improve various parts of the long description for
init.d-script-should-always-start-service.
* checks/patch-systems.{desc,pm}:
+ [CL] Avoid false positives when checking for typos by ignoring files
or patch descriptions that contain the words "typo" or "spelling".
Thanks to Bas Couwenberg for the report. (Closes: #889964)
+ [CL] Check the first line of the description separately for spelling
errors to avoid false-positive duplicate checks across a patch
description's synopsis and its body. (Closes: #890100)
* checks/python.desc:
+ [CL] Underline that maintainers do not need to override the
new-package-should-not-package-python2-module tag but rather leave a
comment in debian/changelog.
* checks/scripts.{desc,pm}:
+ [CL] Check for maintainer scripts that call udevadm without a guard
as it can fail within a chroot. (Closes: #890298)
* checks/source-copyright.{desc,pm}:
+ [CL] Emit a pendatic warning for packages with repacked upstream
tarballs that lack a Files-Excluded or Comment header in
debian/copyright.
* collection/override-file:
+ [CL] Actually pick the first out of debian/source/lintian-overrides
and debian/source.lintian-overrides. Thanks to Thorsten Glaser for
the report. (Closes: #890361)
* commands/reporting-html-reports.html:
+ [NT] Minimize generated SVG files if scour is installed and
available in PATH.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
lintian (2.5.74) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- control-tarball-compression-format
- data-tarball-compression-format
- debian-rules-is-dh_make-template
- init.d-script-should-always-start-service
- jar-contains-source
- missing-systemd-service-for-init.d-script
- source-contains-prebuilt-wasm-binary
- spelling-error-in-patch-description
- systemd-service-file-refers-to-unusual-wantedby-target
+ Renamed:
- systemd-no-service-for-init-script ->
omitted-systemd-service-for-init.d-script
- systemd-no-service-for-init-rcS-script ->
missing-systemd-service-for-init.d-rcS-script
- override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES ->
override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS
* checks/changelog-file.desc:
+ [CL] Improve the long description of epoch-change-without-comment.
Based on suggestions by Raphael Hertzog and Ian Jackson - thanks!
(Closes: #889814)
* checks/cruft.desc:
+ [BR] Check for wasm files. (Closes: #889102)
+ [CL] Factor out call to _ships_examples to avoid excessive looping
over $sorted_index.
+ [CL] Do not emit package-does-not-install-examples if we don't have
any binary packages in our laboratory. (Closes: #889591)
+ [CL] Improve the description of package-does-not-install-examples to
give more debhelper advice.
+ [CL] Assume that if a source package generates a binary ending in
"-examples" then it does ship examples.
* checks/deb-format.{desc,pm}:
+ [CL] Add a classification tag for the .deb data tarball compression
format. (Closes: #738442)
+ [CL] Add a classification tag for the control tarball compression
format. (Closes: #889856)
* checks/fields.pm:
+ [CL] Avoid false positives when checking binary packages depending on
toolchain packages by ignoring packages starting with "dh-" or ending
with "-source". Thanks to Josh Triplett for the report.
(Closes: #889486)
* checks/files.pm:
+ [BR] Add context for privacy breach in order to improve debugging.
* checks/fields.desc:
+ [CL] Downgrade severity of build-depends-on-obsolete-package from
error to warning. (Closes: #889638)
* checks/java.{desc,pm}:
+ [CL] Only warn about bad-jar-name for "public" .jar files.
(Closes: #889628)
+ [CL] Check for .jar files that embed Foo.java alongside a Foo.class
file. (Closes: #762113)
* checks/init.d.{desc,pm}:
+ [CL] Warn about packages that use ENABLED="true" (etc.) in
/etc/default files.
* checks/patch-systems.{desc,pm}:
+ [CL] Avoid emitting "Can't use an undefined value as an ARRAY
reference" warnings when debian/patches is a file, not a directory.
(Closes: #889535)
+ [CL] Check spelling of patch headers. (Closes: #756130)
* checks/rules.{desc,pm}:
+ [CL] Fix a number of false-positives when checking the
"override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES" tag
(Closes: #889592)
+ [CL] Make a large number of changes suggested by Mattia Rizzolo to
the override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES tag,
renaming it to reference DEB_BUILD_OPTIONS throughout, add Debian
Policy 4.9.1 to the tag's Ref, lower "Certanty" to "wild-guess" and
mark the tag as experimental, updating the tests to match.
(Closes: #889746)
+ [CL] Check for debian/rules files that are dh_make templates.
(Closes: #679124)
* checks/scripts.desc:
+ [CL] Improve, elaborate and tidy the long description of the
maintainer-script-should-not-use-recursive-chown-or-chmod tag.
Heavily based on a patch by Daniel Kahn Gillmor - thanks!
(Closes: #889489)
* checks/source-copyright.pm:
+ [CL] Prevent false positives when checking for missing NOTICE.txt
files by looking inside .jar archives. (Closes: #889760)
* checks/systemd.{desc,pm}:
+ [CL] Warn about unit files that install to usual WantedBy= targets.
Thanks to Sam Morris for the initial patch. (Closes: #817170)
+ [CL] Rework the no service detection, improving the (rarely
overridden) tag names to better match what they detect as well as
adding a new "missing-systemd-service-for-init.d-script" pedantic tag
where we do not have an equivalent unit as this implies missing
bespoke security hardening support, etc. Thanks to Lucas Nussbaum for
his input. (Closes: #858588)
* checks/udev.pm:
+ [CL] Add simple GOTO parsing to avoid false positives when checking
for udev rules for SUBSYSTEM specifiers. (Closes: #869547, #889639)
* commands/reporting-{html-reports,lintian-harness}.pm:
+ [NT] Register packages that fail during archive wide processing.
* data/files/privacy-breaker-fragments:
+ [BR] Detect new fragments for Google CSE.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* lib/Lintian/Util.pm:
+ [NT] Give lower processing priority to packages that repeatedly
trigger errors during archive-wide processing.
* reporting/templates/index.tmpl:
+ [NT] Display summary of how many groups had errors during their
last processing.
* reporting/templates/{lintian.css,maintainer}.tmpl:
+ [NT] Use a distinct error status instead of "Outdated" for
packages with errors during their last processing.
lintian (2.5.73) unstable; urgency=medium
* Summary of tag changes:
+ Added:
- bad-jar-name
- binary-package-depends-on-toolchain-package
- checksum-count-mismatch-in-changes-file
- co-maintained-package-with-no-vcs-headers
- description-mentions-planned-features
- files-excluded-without-copyright-format-1.0
- global-files-wildcard-not-first-paragraph-in-dep5-copyright
- maintainer-script-should-not-use-recursive-chown-or-chmod
- missing-explanation-for-contrib-or-non-free-package
- multi-arch-same-package-has-arch-specific-overrides
- override_dh_auto_test-does-not-check-DEB_BUILD_PROFILES
- package-does-not-install-examples
- package-uses-deprecated-dpatch-patch-system
- package-uses-deprecated-source-override-location
- unusual-documentation-package-name
* checks/cruft.{desc,pm}:
+ [CL] When looking for the source of "build/foo/bar.min.js", also
check "src/foo/bar.js". (Closes: #832027)
+ [CL] Check for upstream tarballs that ship examples but none is
installed in any binary package. (Closes: #539326)
* checks/debian-source-dir.desc:
+ [CL] Upgrade severity of missing-debian-source-format from wishlist
("I") to normal ("W"). (Closes: #702671)
* checks/description.{desc.pm}:
+ [CL] Check for packages that mention planned/upcoming features in
their long description. (Closes: #782990)
+ [CL] Improve the description-synopsis-might-not-be-phrased-properly
tag also detect multiple sentences and improve the tag description.
(Closes: #778427)
* checks/changes-file.{desc.pm}:
+ [CL] Fix an issue where the bad-section-in-changes-file,
file-size-mismatch-in-changes-file and
checksum-mismatch-in-changes-file tags were not being checked if a
package contained an upstream signature.
+ [CL] Check for inconsistencies between "Files" and Checksums-*
sections in .changes files. (Closes: #658542)
* checks/cruft.{desc.pm}:
+ [CL] Add pedantic warning for packages using source.lintian-overrides
instead of debian/source/lintian-overrides.
* checks/fields.{desc,pm}:
+ [CL] Add a pedantic warning for co-maintained packages that are not
managed in a revision control system. (Closes: #884497)
+ [CL] Warn about Multi-Arch: same packages that ship
architecture-specific Lintian overrides. Thanks to Sebastian
Ramacher for the report. (Closes: #787469)
+ [CL] Check for packages that specify binary dependencies on toolchain
packages such as cdbs or debhelper. (Closes: #700953)
+ [CL] Emit a warning about documentation packages that end with -docs.
(Closes: #664520)
+ [CL] Ensure salsa.debian.org Vcs-Git and Vcs-Browser URIs are
canonical and do not redirect. (Closes: #888809)
* checks/files.pm:
+ [CL] Support scanning contents of (eg.) data/files/js-libraries.
* checks/java.{desc,pm}:
+ [CL] Check for .jar files that do not match the Debian Java policy.
(Closes: #791552)
* checks/patch-systems.{desc,pm}:
+ [CL] Emit a pedantic warning for packages that are using the dpatch
patch system. (Closes: #884500)
* checks/rules.pm:
+ [CL] Check for override_dh_auto_test targets that do not check
DEB_BUILD_OPTIONS for "nocheck". (Closes: #712394)
* checks/scripts.desc:
+ [CL] Update the maintainer-script-should-not-use-service tag to
include advice and Debian Policy reference. (Closes: #889154)
* checks/source-copyright.{desc,pm}:
+ [CL] Warn about packages that specify a Files-Excluded header without
a valid Format header as the former will be ignored by uscan(1).
Thanks to Gunnar Wolf for the initial patch. (Closes: #745743)
+ [CL] Warn when a "Files: *" DEP-5 paragraph exists but it is not the
first paragraph. Thank to Christoph Biedl for the report and idea.
(Closes: #879235)
+ [CL] Ask maintainers to add a comment header to debian/copyright if
their package is in contrib or non-free. (Closes: #773562)
* commands/reporting-html-reports.pm:
+ [NT] Add a limit to how many instances of a tag is deplayed on a tag
page as 151 000 instances of unstripped-static-library is hardly
human readable.
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/common/dh_addons:
+ [CL] Move/create from data/debhelper/dh_addons as we plan to use
it elsewhere.
* data/debhelper/dh_commands:
+ [CL] Update requirement for dh_scour (again!) from python3-scour to
scour. (Closes: #889016)
* data/debhelper/dh_commands-manual:
+ [NT] Remove dh_systemd* entries. Debian stable have a recent
enough version of debhelper that this entry no longer matters.
* data/files/fnames:
+ [CL] Ensure package-contains-python-doctree-file also warns about
compressed .doctree files.
* data/files/js-libraries:
+ [CL] Avoid false-positives when detecting Twitter's bootstrap
library. (Closes: #888972)
* data/files/python-generic-modules:
+ [CL] Detect "backports" (and "backport") as overly generic Python
module names. (Closes: #888559)
* data/scripts/maintainer-script-bad-command:
+ [CL] Warn if the maintainer scripts include "chown -R" or "chmod -R"
to prevent hardlink attacks on kernels that do not have
fs.protected_hardlinks=1. (Closes: #889066)
* doc/lintian.xml:
+ [CL] Use the debian/source/lintian-overrides location in override
example.
* lib/Lintian/*:
+ [CL] Add support for passing .buildinfo files to Lintian.
(Closes: #853274)
* reporting/templates/tag.tmpl:
+ [NT] Update template to mention tag limit when not all instances
are shown.
-- Matthias Klose <email address hidden> Fri, 16 Feb 2018 11:38:42 +0700
