Commit 7d8374b4 authored by Chris Lamb's avatar Chris Lamb 💬

Merge tag '2.17.0' into stretch-backports

Release lintian/2.17.0 into unstable.

Format: 1.8
Date: Tue, 06 Aug 2019 16:45:11 +0100
Source: lintian
Architecture: source
Version: 2.17.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Chris Lamb's avatarChris Lamb <lamby@debian.org>
Closes: 570998 931846 931889 931951 932128 932215 932411 933134 933383 933394
Changes:
 lintian (2.17.0) unstable; urgency=medium
 .
   * Summary of tag changes:
     + Added:
       - empty-debian-tests-control
     + Removed:
       - control-file-duplicate-field
       - control-file-syntax-error
       - debian-source-dir-unknown-source-format
       - debian-tests-control-is-not-a-regular-file
       - missing-runtime-tests-field
       - syntax-error-in-control-file
       - syntax-error-in-debian-tests-control
       - testsuite-control-missing-test-field
       - testsuite-control-not-file
       - testsuite-control-syntax-error
       - unknown-source-format
 .
   [ Chris Lamb ]
   * Don't emit command-in-sbin-has-manpage-in-incorrect-section for
     symlinks; they are invariably provided for legacy/compatibility
     reasons. (Closes: #931951)
   * Update regex matches against lines in debian/rules correctly identify
     debhelper calls starting with environment modification (eg.
     "LC_ALL=C.UTF-8"). (Closes: #932128)
   * Factor out mangling of fatal error messages in the frontend
     configuration and correct the exit code if the specified profile does
     not exist. (Closes: #932215)
   * Expand the long description of the duplicate-files check to suggest how
     to remove them. Thanks to Rebecca Palmer for the suggested text.
     (Closes: #932411)
   * Downgrade command-in-sbin-has-manpage-in-incorrect-section to pedantic
     severity for the time being. (Closes: #570998)
   * Downgrade the severity and certainty of the
     package-supports-alternative-init-but-no-init.d-script tag for the time
     being. (Closes: #931889)
   * Correct multiple "gobject-introspection" typos. Thanks to Simon
     McVittie (smcv) for the pointer. (Closes: #933394)
   * Ignore all initscripts provided by the initscripts binary package
     instead of whitelisting issues individually or requiring overrides;
     these will never be regular-style initscripts. (Closes: #933383)
 .
   [ Felix Lechner ]
   * Do not trigger repack requirement when the Debian revision includes the
     "repack" indicator. (Closes: #931846)
   * Drop Depends and Build-Depends on libparse-debianchangelog-perl.
     (Closes: #933134)
   * Quote the spelling corrections that consist of multiple words.
   * Use the null character as the line delimiter in collection/md5sums.
   * Show logs for tests with parse errors when unattended and show all
     parse errors in TAP.
   * Always show log when failing to build a test package.
   * Store tags is separate, small files under ./tags.
   * Remove MatchVars check from PerlCritic configuration.
   * In the test runner, add an option to accept all tag changes.
 .
   [ Paul Wise ]
   * Add several spelling corrections.
Checksums-Sha1:
 efc19efccd58bf81d8b9a2e377c3b2c343ad5ab8 3047 lintian_2.17.0.dsc
 ed82622067bb3ea76a5ee7833570a2ab7df113fe 1767188 lintian_2.17.0.tar.xz
 446b63a8f175ef4fb5a84c4556d89add228a49d2 17619 lintian_2.17.0_amd64.buildinfo
Checksums-Sha256:
 5ee4e373a40f594b1cdb813b41057548251188a63865abb2617dbc09ee87782c 3047 lintian_2.17.0.dsc
 89d1d2832c34d0b96e73f309eba7910c3f4a29abd58ca127074a678ea04160fa 1767188 lintian_2.17.0.tar.xz
 f8daeeb0e4720598e28ddacf33ed9101627b944cc24c70a0e952ed4b6d6436a7 17619 lintian_2.17.0_amd64.buildinfo
Files:
 5c5d6b38679c6e26ed0a5175dab7c352 3047 devel optional lintian_2.17.0.dsc
 ee20220ff0005cca32ad9ec3f4ae6094 1767188 devel optional lintian_2.17.0.tar.xz
 d7d2aba090934113abf691d26dcc8980 17619 devel optional lintian_2.17.0_amd64.buildinfo

* tag '2.17.0': (114 commits)
  Release lintian/2.17.0 into unstable.
  libfile-find-rule-perl is now apparently a runtime dependency.
  Proper fix for the null improperly addressed by commit d55f56ec.
  Revert "Fix use of uninitialized value in checks/files.pm."
  Mark the test 'changelog-file-become-native' is non-native in the changelog-file check.
  Use non-native skeleton in test changelog-file-experimental for check changelog-file.
  In the test runner, improve error output for tag-related and literal tests.
  In Test::Lintian::Output::Universal, return unique tag names.
  Update t/scripts/harness/check_result.t to newer test format.
  In test runner, add option to accept all tag changes.
  Adjust tags test for changed tag format.
  Adjust internal test for spellcheck for the changed tag format.
  In tags, quote spelling corrections that consist of multiple words.
  Ignore all initscripts provided by the initscripts binary package instead of whitelisting issues individually or requiring overrides; they will always not be regular-style initscripts. (Closes: #933383)
  Drop Depends: and Build-Depends: on libparse-debianchangelog-perl. (Closes: #933134)
  In checks/watch-file.pm, use new changelog parser.
  In checks/standards-version.pm, use new changelog parser.
  In checks/scripts.pm, use new changelog parser.
  In checks/python.pm, use new changelog parser.
  In checks/nmu.pm, use new changelog parser.
  ...
parents c29ec6f4 690ab058

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -8,10 +8,10 @@ severity = 1
# Work based on a whitelist
only = 1
# Our whitelist (ignores severity):
include = ExplicitReturnUndef GlobFunction NegativeIndices PrivateVars UselessInitialization MatchVars NumberSeparators NullStatements LongChainsOfMethodCalls UseStrict UseWarnings EndWithOne ConditionalUseStatements PackageMatchesPodName JoinedReadline UnreachableCode TrailingWhitespace InterpolationOfLiterals ImplicitNewlines CommaSeparatedStatements UnusedVariables UnusedCapture TwoArgOpen ProhibitHardTabs MismatchedOperators IndirectSyntax Modules:: BuiltinFunctions:: ClassHierarchies:: CommaSeparatedStatements QuotesAsQuotelikeOperatorDelimiters MixedBooleanOperators ProhibitBarewordFileHandles ConditionalUseStatements Modules::ProhibitAutomaticExportation ProhibitBarewordFileHandles ConditionalDeclarations Tidy
include = ExplicitReturnUndef GlobFunction NegativeIndices PrivateVars UselessInitialization NumberSeparators NullStatements LongChainsOfMethodCalls UseStrict UseWarnings EndWithOne ConditionalUseStatements PackageMatchesPodName JoinedReadline UnreachableCode TrailingWhitespace InterpolationOfLiterals ImplicitNewlines CommaSeparatedStatements UnusedVariables UnusedCapture TwoArgOpen ProhibitHardTabs MismatchedOperators IndirectSyntax Modules:: BuiltinFunctions:: ClassHierarchies:: CommaSeparatedStatements QuotesAsQuotelikeOperatorDelimiters MixedBooleanOperators ProhibitBarewordFileHandles ConditionalUseStatements Modules::ProhibitAutomaticExportation ProhibitBarewordFileHandles ConditionalDeclarations Tidy
#include = MixedBooleanOperators InteractiveTest UpperCaseHeredoc ReusedNames PackageVars ConditionalDeclarations SingleCharAlternation FixedStringMatches ConditionalUseStatements QuotedWordLists
exclude = RequireFilenameMatchesPackage RequireVersionVar ProhibitExcessMainComplexity ProhibitStringySplit ComplexMappings StringyEval Documentation::PodSpell BuiltinFunctions::ProhibitUselessTopic
exclude = RequireFilenameMatchesPackage RequireVersionVar ProhibitExcessMainComplexity ProhibitStringySplit ComplexMappings StringyEval Documentation::PodSpell BuiltinFunctions::ProhibitUselessTopic MatchVars
# If you want to try some other stuff, uncomment the following
# (exclude is an incomplete list of things we probably won't change)
......
......@@ -3,135 +3,3 @@ Author: Arno Töll <debian@toell.net>
Type: binary
Info: Checks various build mistakes in Apache2 reverse dependencies
Needs-Info: bin-pkg-control, scripts, unpacked
Tag: non-standard-apache2-module-package-name
Severity: normal
Certainty: certain
Info: The package appears to be an Apache2 HTTPD server module but it
does not follow the module naming scheme. Apache2 HTTPD modules should
be called <tt>libapache2-mod-name</tt> with <tt>mod-name</tt> being the
actual <tt>mod_name.so</tt> equivalent.
Tag: apache2-module-does-not-depend-on-apache2-api
Severity: serious
Certainty: certain
Info: The package is an Apache2 HTTPD server module but does not declare a
strong binary relation against the Apache2 server binary it links against. Modules
must depend on the <tt>apache2-api-YYYYMMNN</tt> package provided as a virtual
package by <tt>apache2-bin</tt>.
Tag: apache2-module-does-not-ship-load-file
Severity: serious
Certainty: certain
Info: The package is an Apache2 HTTPD server module but does not ship a
"<tt>.load</tt>" file or it was installed under an unexpected name. The load
files in "<tt>/etc/apache2/mods-available</tt>" are required to interact with
the server package to enable and disable the module and must match the module
name without "<tt>mod_</tt> prefix, e.g. <tt>mod_foo</tt> must ship a load file
named "<tt>foo.load</tt>".
Tag: apache2-reverse-dependency-ships-file-in-not-allowed-directory
Severity: serious
Certainty: certain
Info: The package installs a piece of Apache2 configuration to
<tt>/etc/apache2/{sites,mods,conf}-enabled</tt>. This is not allowed. Instead
the respective <tt>/etc/apache2/{sites,mods,conf}-available</tt> counterparts
must be used.
Tag: non-standard-apache2-configuration-name
Severity: normal
Certainty: certain
Info: The package appears to be a web application which is installing a
configuration file for the Apache2 HTTPD server. To avoid name clashes, any file
installed to <tt>/etc/apache2/{sites,conf}-available</tt> should match the binary package
name and must not start with <tt>local-</tt>.
Tag: apache2-reverse-dependency-calls-wrapper-script
Severity: normal
Certainty: certain
Info: The package is calling an Apache2 configuration wrapper script (e.g.
<tt>a2enmod</tt>, <tt>a2enconf</tt>, <tt>a2enconf</tt>, ...). Maintainer
scripts should not be calling these scripts directly. To achieve a uniform and
consolidated behavior these scripts should be invoked indirectly by using
apache2-maintscript-helper.
Tag: web-application-depends-on-apache2-data-package
Severity: normal
Certainty: certain
Info: The package appears to be a web application but declares a package
relation with <tt>apache2-bin</tt>, <tt>apache2-data</tt> or any of its
transitional packages. However, web applications are rarely bound to a specific
web server version. Thus, they should depend on <tt>apache2</tt> only instead.
If a web application is actually tied to a particular binary version of the web
server a dependency against the virtual <tt>apache2-api-YYYYMMDD</tt> package
is more appropriate.
Tag: web-application-should-not-depend-unconditionally-on-apache2
Severity: normal
Certainty: certain
Info: The package appears to be a web application but declares a dependency
against <tt>apache2</tt> without any alternative. Most web applications should
work with any decent web server, thus such a package should be satisfied if any
web server providing the virtual "<tt>httpd</tt>" package is installed. This
can be accomplished by declaring a package relation in the form "<tt>apache2 |
httpd</tt>".
Tag: apache2-reverse-dependency-calls-invoke-rc.d
Severity: normal
Certainty: certain
Info: The package is invoking apache2's init script in its maintainer script
albeit it shouldn't do so. Reverse dependencies installing apache2
configuration pieces should not restart the web server unconditionally in
maintainer scripts. Instead they should be using apache2-maintscript-helper
which correctly obeys local policies.
Tag: apache2-reverse-dependency-uses-obsolete-directory
Severity: normal
Certainty: certain
Info: The package is installing a file into the obsolete
<tt>/etc/apache2/conf.d/</tt> directory. This file is not read by the Apache2
2.4 web server anymore. Instead <tt>/etc/apache2/conf-available/</tt> should be
used.
Tag: apache2-configuration-files-need-conf-suffix
Severity: important
Certainty: certain
Info: The package is installing an Apache2 configuration but that file does not
end with a '<tt>.conf</tt>' suffix. Starting with Apache2 2.4 all configuration
files except module '<tt>.load</tt>' files need that suffix or are ignored otherwise.
Tag: apache2-unparsable-dependency
Severity: normal
Certainty: certain
Info: The package is declaring a module dependency within an Apache
configuration file which does not meet the requirements. Dependencies must be
declared without paths, leading "<tt>mod_</tt>" prefix and without file
extension.
Tag: apache2-unsupported-dependency
Severity: normal
Certainty: certain
Info: The package is declaring a module dependency within an Apache
configuration file which is not supported there. Dependencies are supported in
module '<tt>.load</tt>' files, and web application '<tt>.conf</tt>' files,
conflicts in '<tt>.load</tt> files only.
Tag: apache2-deprecated-auth-config
Severity: normal
Certainty: certain
Info: The package is using some of the deprecated authentication configuration
directives Order, Satisfy, Allow, Deny, &lt;Limit&gt; or &lt;LimitExcept&gt;
.
These do not integrate well with the new authorization scheme of Apache
2.4 and, in the case of &lt;Limit&gt; and &lt;LimitExcept&gt; have confusing
semantics. The configuration directives should be replaced with a suitable
combination of &lt;RequireAll&gt;, &lt;RequireAny&gt;, Require all, Require local,
Require ip, and Require method.
.
Alternatively, the offending lines can be wrapped between
&lt;IfModule !mod_authz_core.c&gt; ... &lt;/IfModule&gt; or
&lt;IfVersion &lt; 2.3&gt; ... &lt;/IfVersion&gt; directives.
......@@ -3,48 +3,3 @@ Author: Axel Beckert <abe@debian.org>
Type: binary
Needs-Info: unpacked
Info: application packaged like a library (imported from pkg-perl-tools)
Tag: libapp-perl-package-name
Severity: important
Certainty: possible
Info: This package contains a program in $PATH and is named
libapp-*-perl which usually implies that the upstream project on CPAN
is under the App:: hierarchy for applications. Instead of
libfoo-bar-perl it should be named foo-bar.
.
People tend to skip library-like named packages when looking for
applications in the package list and hence wouldn't notice this
package.
Ref: https://perl-team.pages.debian.net/policy.html#Package_Naming_Policy
Tag: library-package-name-for-application
Severity: normal
Certainty: wild-guess
Experimental: yes
Info: This package contains a program in $PATH but is named like a
library. E.g. instead of libfoo-bar-perl it should be named just
foo-bar.
.
People tend to skip library-like named packages when looking for
applications in the package list and hence wouldn't notice this
package. See the reference for some (not perl-specific) reasoning.
.
In case the program in $PATH is only a helper tool and the package is
primarily a library, please add a Lintian override for this tag.
Ref: https://perl-team.pages.debian.net/policy.html#Package_Naming_Policy
Tag: application-in-library-section
Severity: normal
Certainty: wild-guess
Experimental: yes
Info: This package contains a binary in $PATH but is in a section just
thought for libraries. It likely should be in another section like
e.g. utils, text, devel, misc, etc., but not in e.g. perl, ruby or
python.
.
People tend to skip these package sections when looking for
applications in the package list and hence wouldn't notice this
package.
.
In case the program in $PATH is only a helper tool and the package is
primarily a library, please add a Lintian override for this tag.
......@@ -3,45 +3,3 @@ Author: Petter Reinholdtsen <pere@hungry.com>
Type: binary
Needs-Info: unpacked
Info: This script checks the AppStream metadata files for problems.
Tag: appstream-metadata-in-legacy-location
Severity: minor
Certainty: certain
Ref: https://wiki.debian.org/AppStream/Guidelines
Info: AppStream metadata file was found in /usr/share/appdata/. The
AppStream XML files should be placed in /usr/share/metainfo/.
Tag: appstream-metadata-legacy-format
Severity: important
Certainty: certain
Ref: https://wiki.debian.org/AppStream/Guidelines,
https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#sect-Metadata-GenericComponent
Info: AppStream metadata with obsolete &lt;application&gt; root node found.
This indicate a legacy format. The metadata should follow the format
the new outlined on the freedesktop.org homepage.
.
It is possible to validate the format using 'appstreamcli validate'.
Tag: appstream-metadata-missing-modalias-provide
Severity: normal
Certainty: certain
Ref: https://wiki.debian.org/AppStream/Guidelines
Info: This package contain a udev rule for providing device access to
the console user (using the uaccess udev TAG) or to members of the
plugdev file group without announcing the hardware support using
AppStream.
Tag: appstream-metadata-malformed-modalias-provide
Severity: normal
Certainty: certain
Ref: https://wiki.debian.org/AppStream/Guidelines
Info: The modalias matching rule in the AppStream metadata file is
malformed. Hexadecimal numbers in vendor and product IDs must be
upper case.