Bug#863384: lintian: check license-problem-gfdl-invariants is incorrect
tags 863384 + pending thanks Fixed in Git: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=41bb73396b9a203598295c8c290ff0b322119f0a Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Processed: Re: lintian: check license-problem-gfdl-invariants is incorrect
Processing commands for cont...@bugs.debian.org: > tags 863384 + pending Bug #863384 [lintian] lintian: check license-problem-gfdl-invariants is incorrect Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 863384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863384 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[lintian] 01/01: checks/cruft.pm: Ignore TeX \section (etc.) titles when checking for GFDL license. Thanks, Norbert Preining for the report. (Closes: #863384)
This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian. commit 41bb73396b9a203598295c8c290ff0b322119f0a Author: Chris Lamb Date: Fri Jan 12 11:03:12 2018 +0530 checks/cruft.pm: Ignore TeX \section (etc.) titles when checking for GFDL license. Thanks, Norbert Preining for the report. (Closes: #863384) --- checks/cruft.pm | 2 ++ debian/changelog | 3 +++ t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex | 6 ++ 3 files changed, 11 insertions(+) diff --git a/checks/cruft.pm b/checks/cruft.pm index f1790a3..cad619d 100644 --- a/checks/cruft.pm +++ b/checks/cruft.pm @@ -1406,6 +1406,8 @@ sub _clean_block { # Texinfo end tag (could be more clever but brute force is fast) $text =~ s/}/ /gxms; +# Tex section titles +$text =~ s/^\s*\\(sub)*section\*?\{\s*\S+/ /gxms; # single char at end # String, C-style comment/javadoc indent, # quotes for strings, pipe and backslash, tilde in some txt diff --git a/debian/changelog b/debian/changelog index 9ac4a5e..80a29cf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ lintian (2.5.69) UNRELEASED; urgency=medium XXX: generate tag summary + * checks/cruft.pm: ++ [CL] Ignore TeX \section (etc.) titles when checking for GFDL + license. Thanks, Norbert Preining for the report. (Closes: #863384) * checks/python.{pm,desc}: + [CL] Don't emit new-package-should-not-package-python2-module if the maintainer justifies its inclusion in the changelog entry. diff --git a/t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex b/t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex new file mode 100644 index 000..a0a6634 --- /dev/null +++ b/t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex @@ -0,0 +1,6 @@ +\section*{GNU Free Documentation License}\label{SEC:FDL} +\subsection*{GNU Free Documentation License}\label{SEC:FDL} + \subsubsection{GNU Free Documentation License}\label{SEC:FDL} + +This document is distributed under the term of the GNU Free Documentation +License. See, the attached file for copying conditions. -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
[lintian] branch master updated (57867b1 -> 41bb733)
This is an automated email from the git hooks/post-receive script. lamby pushed a change to branch master in repository lintian. from 57867b1 data/fields/name_section_mappings: Ensure that NSS (Name Services Switch) modules are placed in the "admin" section. Thanks to Mathieu Parent (sathieu) for the patch. (Closes: #886961) new 41bb733 checks/cruft.pm: Ignore TeX \section (etc.) titles when checking for GFDL license. Thanks, Norbert Preining for the report. (Closes: #863384) The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: checks/cruft.pm | 2 ++ debian/changelog | 3 +++ t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex | 6 ++ 3 files changed, 11 insertions(+) create mode 100644 t/tests/cruft-gfdl-invariants/debian/src/dvipdfmx.tex -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Processed: Re: lintian: version-substvar-for-external-package raised for dbgsym packages from same source
Processing commands for cont...@bugs.debian.org: > tags 859659 + wontfix Bug #859659 [lintian] lintian: version-substvar-for-external-package raised for dbgsym packages from same source Added tag(s) wontfix. > thanks Stopping processing here. Please contact me if you need assistance. -- 859659: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859659 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#859659: marked as done (lintian: version-substvar-for-external-package raised for dbgsym packages from same source)
Your message dated Fri, 12 Jan 2018 10:38:11 +0530 with message-id <1515733691.1515904.1232771064.4eef0...@webmail.messagingengine.com> and subject line Re: lintian: version-substvar-for-external-package raised for dbgsym packages from same source has caused the Debian Bug report #859659, regarding lintian: version-substvar-for-external-package raised for dbgsym packages from same source to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859659: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859659 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lintian Version: 2.5.50.1 Severity: normal Dear Maintainer, TL;DR: Lintian reports the version-substvar-for-external-package error when the "external package" in question is actually a dbgsym package generated by the same source package. I maintain a source package, dpdk [1], which builds a great many libraries. Consequently, in stretch, a lot of dbgsym packages are generated. As a shortcut, a colleague wanted to add an empty metapackage, libdpdk-dbgsym, which depends on all the generated -dbgsym packages. Unfortunately Lintian raises the (unoverridable) error mentioned above due to a line similar to this: Package: libfoo ... Package: libbar ... Package: foobar-dbg-meta Depends: libfoo-dbgsym (= ${binary:Version}), libbar-dbgsym (= ${binary:Version}) Given all the dbgsym packages have predictable names, and are created from packages listed in debian/control (ie: libfoo will be in d/control), could Lintian perhaps recognize this and avoid raising this error? Thank you! Kind regards, Luca Boccassi [1] https://tracker.debian.org/pkg/dpdk -- System Information: Debian Release: 9.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing-debug'), (500, 'testing'), (103, 'unstable'), (102, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.28-2 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii file 1:5.29-3 ii gettext 0.19.8.1-2 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.32 ii libarchive-zip-perl 1.59-1 ii libclass-accessor-perl0.34-1 ii libclone-perl 0.38-2+b1 ii libdpkg-perl 1.18.23 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl0.416-1+b1 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.24 [libdigest-sha-perl] 5.24.1-2 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.71-1 ii libyaml-libyaml-perl 0.63-2 ii man-db2.7.6.1-2 ii patchutils0.3.4-2 ii perl 5.24.1-2 ii t1utils 1.39-2 ii xz-utils 5.2.2-1.2+b1 Versions of packages lintian recommends: ii dpkg 1.18.23 ii libperlio-gzip-perl 0.19-1+b2 ii perl 5.24.1-2 ii perl-modules-5.24 [libautodie-perl] 5.24.1-2 Versions of packages lintian suggests: ii binutils-multiarch 2.28-2 ii dpkg-dev 1.18.23 ii libhtml-parser-perl3.72-3 ii libtext-template-perl 1.46-1 -- no debconf information --- End Message --- --- Begin Message --- tags 859659 + wontfix thanks Luca Boccassi wrote: > In our specific case at work, as you correctly guessed, we don't have a > separate archive (build and repository management system is Suse's OBS) > so it does work. Of course being an external use case from Debian I > can't ask for it to be supported, so please feel free to close the bug > if you wish. Will do - many thanks :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk ` End Message ---
Processed: Re: lintian: W-shlibs-symbol-not-found: false positive
Processing commands for cont...@bugs.debian.org: > tags 879722 + moreinfo Bug #879722 [lintian] lintian: W-shlibs-symbol-not-found: false positive Added tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 879722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#879722: lintian: W-shlibs-symbol-not-found: false positive
tags 879722 + moreinfo thanks Hi Shawn. > dpkg-shlibdeps: warning: symbol __aeabi_atexit@CXXABI_ARM_1.3.3 used by > debian/libkyotocabinet16v5/usr/lib/arm-linux-gnueabi/libkyotocabinet.so.16.13.0 > found in none of the libraries I'm not sure I understand your report, sorry. :) These are warnings from dpkg-shlibdeps, not in Lintian. Also, there is no such tag "shlibs-symbol-not-found" in Lintian, and nor has there ever been one similar! Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Processed: Re: lintian: please don't map implementation language to sections
Processing commands for cont...@bugs.debian.org: > tags 883772 + moreinfo Bug #883772 [lintian] lintian: please don't map implementation language to sections Added tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 883772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#883772: lintian: please don't map implementation language to sections
tags 883772 + moreinfo thanks Hey David! > the programming-language sections are a mess Whilst I don't necessarily disagree, I'm not sure what the next steps for Lintian are here. Putting it another way, I see you linked #802488 but until that gets some kind of resolution (or some change to Policy), what is there for us to do..? Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#886961: lib-nss* packages should go in the admin section too
tags 886961 + pending thanks Fixed in Git; thanks! https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=57867b19ae24d8684be47ebee3c4f76c923e3894 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Processed: Re: lib-nss* packages should go in the admin section too
Processing commands for cont...@bugs.debian.org: > tags 886961 + pending Bug #886961 [lintian] lib-nss* packages should go in the admin section too Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 886961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[lintian] 01/01: data/fields/name_section_mappings: Ensure that NSS (Name Services Switch) modules are placed in the "admin" section. Thanks to Mathieu Parent (sathieu) for the patch. (Closes: #886961
This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian. commit 57867b19ae24d8684be47ebee3c4f76c923e3894 Author: Chris Lamb Date: Fri Jan 12 07:53:37 2018 +0530 data/fields/name_section_mappings: Ensure that NSS (Name Services Switch) modules are placed in the "admin" section. Thanks to Mathieu Parent (sathieu) for the patch. (Closes: #886961) --- data/fields/name_section_mappings | 2 +- debian/changelog | 4 t/tests/fields-wrong-section/debian/debian/control.in | 12 t/tests/fields-wrong-section/tags | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/data/fields/name_section_mappings b/data/fields/name_section_mappings index 695523f..fba241b 100644 --- a/data/fields/name_section_mappings +++ b/data/fields/name_section_mappings @@ -34,7 +34,7 @@ lib.*-cil(?:-dev)?$ => cli-mono # data files ^gir\d+\.\d+-.*-\d+\.\d+$=> introspection ^(?:x?fonts|ttf)- => fonts -^libpam-=> admin +^lib(?:nss|pam)-=> admin ^(?:aspell|hunspell|myspell|mythes)-=> localization ^hyphen-[a-z]{2}(?:-[a-z]{2})?$ => localization ^dict-freedict- => localization diff --git a/debian/changelog b/debian/changelog index c81dca1..9ac4a5e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,10 @@ lintian (2.5.69) UNRELEASED; urgency=medium * data/files/fnames: + [CL] Warn about packages that ship (eg.) test_foo.py files in the global Python module namespace. + * data/fields/name_section_mappings: ++ [CL] Ensure that NSS (Name Services Switch) modules are placed in the + "admin" section. Thanks to Mathieu Parent (sathieu) for the patch. + (Closes: #886961) -- Chris Lamb Tue, 09 Jan 2018 20:55:21 +0530 diff --git a/t/tests/fields-wrong-section/debian/debian/control.in b/t/tests/fields-wrong-section/debian/debian/control.in index 77da84d..73bc853 100644 --- a/t/tests/fields-wrong-section/debian/debian/control.in +++ b/t/tests/fields-wrong-section/debian/debian/control.in @@ -206,6 +206,18 @@ Description: {$description} (gir1.2-pkg) things. It should not be installed like a regular package. It may be an empty package. +Package: libnss-{$source} +Architecture: all +Section: web +Depends: $\{shlibs:Depends\}, $\{misc:Depends\} +Description: {$description} (NSS module) + Test for NSS modules. + . + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + Package: libpam-{$source}1 Architecture: all Depends: $\{shlibs:Depends\}, $\{misc:Depends\} diff --git a/t/tests/fields-wrong-section/tags b/t/tests/fields-wrong-section/tags index 3dbb951..79c74d9 100644 --- a/t/tests/fields-wrong-section/tags +++ b/t/tests/fields-wrong-section/tags @@ -12,6 +12,7 @@ W: libfields-wrong-section-perl: wrong-section-according-to-package-name libfiel W: libfields-wrong-section-ruby1.8: wrong-section-according-to-package-name libfields-wrong-section-ruby1.8 => ruby W: libghc-fields-wrong-section: wrong-section-according-to-package-name libghc-fields-wrong-section => haskell W: libjs-fields-wrong-section: wrong-section-according-to-package-name libjs-fields-wrong-section => javascript +W: libnss-fields-wrong-section: wrong-section-according-to-package-name libnss-fields-wrong-section => admin W: libpam-fields-wrong-section1: wrong-section-according-to-package-name libpam-fields-wrong-section1 => admin W: libphp-fields-wrong-section: wrong-section-according-to-package-name libphp-fields-wrong-section => php W: python-fields-wrong-section: wrong-section-according-to-package-name python-fields-wrong-section => python -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
[lintian] branch master updated (d36a0f1 -> 57867b1)
This is an automated email from the git hooks/post-receive script. lamby pushed a change to branch master in repository lintian. from d36a0f1 checks/source-copyright: Warn about insecure "Format:" URIs that reference debian.org. Based on a patch by Nicolas Braud-Santoni. (Closes: #886930) new 57867b1 data/fields/name_section_mappings: Ensure that NSS (Name Services Switch) modules are placed in the "admin" section. Thanks to Mathieu Parent (sathieu) for the patch. (Closes: #886961) The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: data/fields/name_section_mappings | 2 +- debian/changelog | 4 t/tests/fields-wrong-section/debian/debian/control.in | 12 t/tests/fields-wrong-section/tags | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Bug#886961: lib-nss* packages should go in the admin section too
Package: lintian Version: 2.5.68 Severity: normal Hi, As a followup to #885899, please add this to data/fields/name_section_mappings: ^libnss-=> admin Regards Mathieu Parent
Bug#886930: lintian: Check that debian/copyright uses HTTPS in its format URI
tags 886930 + pending thanks Hi Nicolas, I just applied the following in Git based on your patch: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=d36a0f117659aa945fc004e1757bc65525b6f8e7 Many thanks :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Processed: Re: lintian: Check that debian/copyright uses HTTPS in its format URI
Processing commands for cont...@bugs.debian.org: > tags 886930 + pending Bug #886930 [lintian] lintian: Check that debian/copyright uses HTTPS in its format URI Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 886930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886930 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[lintian] branch master updated (4b235fa -> d36a0f1)
This is an automated email from the git hooks/post-receive script. lamby pushed a change to branch master in repository lintian. from 4b235fa doc/releases.md: Correct location of /srv/lintian.debian.org/etc/cron. new d36a0f1 checks/source-copyright: Warn about insecure "Format:" URIs that reference debian.org. Based on a patch by Nicolas Braud-Santoni. (Closes: #886930) The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: checks/source-copyright.desc | 11 +++ checks/source-copyright.pm| 9 - debian/changelog | 3 +++ debian/copyright | 2 +- t/templates/debs/skel/copyright | 2 +- t/templates/source/skel/copyright | 2 +- t/templates/tests/pedantic/debian/copyright | 2 +- t/templates/tests/skel/debian/copyright | 2 +- .../copyright-missing-apache2-license-pointer.copyright | 2 +- .../debian/debian/copyright-mentions-apache.copyright | 2 +- .../debian/debian/copyright-mentions-apache2.copyright| 2 +- .../debian/debian/copyright-mentions-apache3.copyright| 2 +- .../debian/debian/copyright-mentions-gfdl.copyright | 2 +- .../debian/debian/copyright-mentions-gpl.copyright| 2 +- .../debian/debian/copyright-mentions-lgpl.copyright | 2 +- .../debian/debian/copyright-mentions-lgpl2.copyright | 2 +- .../debian/debian/copyright-mentions-perl.copyright | 2 +- t/tests/obsolete-sites/debian/debian/copyright| 2 +- .../source-copyright-bad-short-name/debian/debian/copyright | 2 +- t/tests/source-copyright-dep5-general/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-empty-field/debian/debian/copyright | 2 +- .../debian/debian/copyright | 0 t/tests/source-copyright-insecure-uri/desc| 6 ++ t/tests/source-copyright-insecure-uri/tags| 1 + .../source-copyright-license-header/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-pipe-as-or/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-typo-field/debian/debian/copyright | 2 +- t/tests/source-copyright-undefined/debian/debian/copyright| 2 +- t/tests/source-copyright-unique/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/standards-version-timewarp/debian/debian/copyright| 2 +- 35 files changed, 54 insertions(+), 34 deletions(-) copy t/tests/{source-copyright-missing-notice-file-for-apache-license-unrel => source-copyright-insecure-uri}/debian/debian/copyright (100%) create mode 100644 t/tests/source-copyright-insecure-uri/desc create mode 100644 t/tests/source-copyright-insecure-uri/tags -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
[lintian] 01/01: checks/source-copyright: Warn about insecure "Format:" URIs that reference debian.org. Based on a patch by Nicolas Braud-Santoni. (Closes: #886930)
This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian. commit d36a0f117659aa945fc004e1757bc65525b6f8e7 Author: Chris Lamb Date: Thu Jan 11 20:19:09 2018 +0530 checks/source-copyright: Warn about insecure "Format:" URIs that reference debian.org. Based on a patch by Nicolas Braud-Santoni. (Closes: #886930) --- checks/source-copyright.desc | 11 +++ checks/source-copyright.pm| 9 - debian/changelog | 3 +++ debian/copyright | 2 +- t/templates/debs/skel/copyright | 2 +- t/templates/source/skel/copyright | 2 +- t/templates/tests/pedantic/debian/copyright | 2 +- t/templates/tests/skel/debian/copyright | 2 +- .../copyright-missing-apache2-license-pointer.copyright | 2 +- .../debian/debian/copyright-mentions-apache.copyright | 2 +- .../debian/debian/copyright-mentions-apache2.copyright| 2 +- .../debian/debian/copyright-mentions-apache3.copyright| 2 +- .../debian/debian/copyright-mentions-gfdl.copyright | 2 +- .../debian/debian/copyright-mentions-gpl.copyright| 2 +- .../debian/debian/copyright-mentions-lgpl.copyright | 2 +- .../debian/debian/copyright-mentions-lgpl2.copyright | 2 +- .../debian/debian/copyright-mentions-perl.copyright | 2 +- t/tests/obsolete-sites/debian/debian/copyright| 2 +- .../source-copyright-bad-short-name/debian/debian/copyright | 2 +- t/tests/source-copyright-dep5-general/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-empty-field/debian/debian/copyright | 2 +- .../debian/debian/copyright | 0 t/tests/source-copyright-insecure-uri/desc| 6 ++ t/tests/source-copyright-insecure-uri/tags| 1 + .../source-copyright-license-header/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-pipe-as-or/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/source-copyright-typo-field/debian/debian/copyright | 2 +- t/tests/source-copyright-undefined/debian/debian/copyright| 2 +- t/tests/source-copyright-unique/debian/debian/copyright | 2 +- .../debian/debian/copyright | 2 +- t/tests/standards-version-timewarp/debian/debian/copyright| 2 +- 35 files changed, 54 insertions(+), 34 deletions(-) diff --git a/checks/source-copyright.desc b/checks/source-copyright.desc index 718be30..65acc21 100644 --- a/checks/source-copyright.desc +++ b/checks/source-copyright.desc @@ -48,6 +48,17 @@ Info: Format URI of the machine-readable copyright file contains VERSIONED_FORMAT_URL or REVISION string. Please replace it with an actual URI or an actual revision number respectively. +Tag: insecure-copyright-format-uri +Severity: pedantic +Certainty: certain +Ref: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Info: Format URI of the machine-readable copyright file uses the plain HTTP + unencrypted transport protocol. Using HTTPS is prefered since policy 4.0.0. + . + Please use + https://www.debian.org/doc/packaging-manuals/copyright-format/version/ + as the format URI instead. + Tag: wiki-copyright-format-uri Severity: pedantic Certainty: possible diff --git a/checks/source-copyright.pm b/checks/source-copyright.pm index c04e82a..52ca8a8 100644 --- a/checks/source-copyright.pm +++ b/checks/source-copyright.pm @@ -86,11 +86,8 @@ sub run { return; } -# Note that we allow people to use "https://"; even the -# policy says it must be "http://";. It might be -# pedantically wrong, but it is not worth arguing over On -# the plus side, it gives security to people blindly -# copy-wasting the URLs using "https://";. +# The policy states, since 4.0.0, that people should use "https://"; for the +# format URI. This is checked later in check_dep5_copyright. # return undef is not dep5 and '' if unknown version sub _find_dep5_version { my ($original_uri) = @_; @@ -220,6 +217,8 @@ sub _check_dep5_copyright { tag 'unversioned-copyright-format-uri', $uri; }elsif (versions_compare $version, '<<', $dep5_last_normative_change) { tag 'out-of-date-copyright-format-uri', $uri; +}elsif ($uri =~ m,^http://www\.debian\.org/,) { +tag 'insecure-copyright-format-uri', $uri; } if (versions_compare $version, '<<', $dep5_last_overhaul) { diff --git a/debian/
Bug#886930: lintian: Check that debian/copyright uses HTTPS in its format URI
Package: lintian Version: 2.5.67 Severity: wishlist Tags: patch X-Debbugs-CC: j...@debian.org Dear lintian maintainers, Since policy 4.0.0, it is prefered to use HTTPS for the DEP5 copyright files' format URI; I added a check to this effect to lintian. I have not, however, added a test, as I am pretty unfamiliar with lintian internals (and Perl, for that matter). I did however test the change manually. Best, nicoo -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lintian depends on: ii binutils 2.29.1-12 ii bzip2 1.0.6-8.1 ii diffstat 1.61-1+b1 ii dpkg 1.19.0.4 ii file 1:5.32-1 ii gettext 0.19.8.1-4 ii intltool-debian 0.35.0+20060710.4 ii libapt-pkg-perl 0.1.33 ii libarchive-zip-perl 1.60-1 ii libclass-accessor-perl0.51-1 ii libclone-perl 0.39-1 ii libdpkg-perl 1.19.0.4 ii libemail-valid-perl 1.202-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.96-1 ii liblist-moreutils-perl0.416-1+b3 ii libparse-debianchangelog-perl 1.2.0-12 ii libperl5.26 [libdigest-sha-perl] 5.26.1-3 ii libtext-levenshtein-perl 0.13-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.72-2 ii libxml-simple-perl2.24-1 ii libyaml-libyaml-perl 0.63-2+b2 ii man-db2.7.6.1-4 ii patchutils0.3.4-2 ii perl 5.26.1-3 ii t1utils 1.41-2 ii xz-utils 5.2.2-1.3 Versions of packages lintian recommends: pn libperlio-gzip-perl Versions of packages lintian suggests: pn binutils-multiarch ii dpkg-dev 1.19.0.4 ii libhtml-parser-perl3.72-3+b2 ii libtext-template-perl 1.47-1 -- no debconf information From 471593b7df4a4a42bc0d935c714d16d664e830d9 Mon Sep 17 00:00:00 2001 From: Nicolas Braud-Santoni Date: Thu, 11 Jan 2018 13:30:10 +0100 Subject: [PATCH] checks/source-copyright: Warn on insecure format URIs --- checks/source-copyright.desc | 10 ++ checks/source-copyright.pm | 12 +++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/checks/source-copyright.desc b/checks/source-copyright.desc index 718be3030..7ce6fa019 100644 --- a/checks/source-copyright.desc +++ b/checks/source-copyright.desc @@ -48,6 +48,16 @@ Info: Format URI of the machine-readable copyright file contains VERSIONED_FORMAT_URL or REVISION string. Please replace it with an actual URI or an actual revision number respectively. +Tag: insecure-copyright-format-uri +Severity: pedantic +Certainty: possible +Ref: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Info: Format URI of the machine-readable copyright file uses plain HTTP + . + Using HTTPS is prefered since policy 4.0.0. Please use + https://www.debian.org/doc/packaging-manuals/copyright-format/version/ + as the format URI instead. + Tag: wiki-copyright-format-uri Severity: pedantic Certainty: possible diff --git a/checks/source-copyright.pm b/checks/source-copyright.pm index c04e82a5f..703f3d597 100644 --- a/checks/source-copyright.pm +++ b/checks/source-copyright.pm @@ -86,11 +86,9 @@ sub run { return; } -# Note that we allow people to use "https://"; even the -# policy says it must be "http://";. It might be -# pedantically wrong, but it is not worth arguing over On -# the plus side, it gives security to people blindly -# copy-wasting the URLs using "https://";. +# The policy states, since 4.0.0, that people should +# use "https://"; for the format URI. This is checked +# later in check_dep5_copyright. # return undef is not dep5 and '' if unknown version sub _find_dep5_version { my ($original_uri) = @_; @@ -213,6 +211,10 @@ sub _check_dep5_copyright { my $version = _find_dep5_version($uri); +if ($uri =~ m,^http:, ) { +tag 'insecure-copyright-format-uri', $uri +} + return if !defined($version); if ($version =~ m,wiki,) { tag 'wiki-copyright-format-uri', $uri; -- 2.15.1 signature.asc Description: PGP signature