Bug#994577: lintian: node-* arch:all package should depends on nodejs:any and b-d on nodejs:native

[Bastien ROUCARIES]

Le sam. 18 sept. 2021 à 16:57, Mattia Rizzolo  a écrit :

> (this reply is not related to lintian directly)
>
> On Fri, Sep 17, 2021 at 09:34:43PM +, Bastien Roucariès wrote:
> > In order to improve cross build of nodejs ecosystem, node-* arch:all
> package
> > should depends on nodejs:any and b-d on nodejs:native
>
> IMHO, you should make your tooling produce this "nodejs:any" binary
> dependency, instead of having each package have it manually listed in
> d/control (see ${perl:Depends} as an example, since, it's actually the
> very same thing, producing perl:any dependencies).
>

Bug already opened. Thanks for thé idea

>
> > Maybe this test should be restricted to ma: foreign package
>
> It shouldn't be IMHO.
>
> --
> regards,
> Mattia Rizzolo
>
> GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
> More about me:  https://mapreri.org : :'  :
> Launchpad user: https://launchpad.net/~mapreri  `. `'`
> Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
>

Bug#994571: lintian: please warn javascript package including .node files "*/nodejs/.*\.node$' and ma:foreign

[Bastien ROUCARIES]

Le ven. 17 sept. 2021 à 21:20, Felix Lechner
 a écrit :
>
> Hi,
>
> On Fri, Sep 17, 2021 at 1:39 PM Bastien Roucariès
>  wrote:
> >
> > Package that include "/usr/(?:lib|share)/(?:[^/]+/)?/nodejs/.*\.node$' are
> > arch:any package (include node plugin) and thus should be arch:any
>
> Thank you for this suggestion!
>
> The files in question are shipped in installable packages that do not
> contain the Arch:any designation. (It appears in d/control in the
> sources.) The installable architecture in DEBIAN/control is either the
> actual port or 'all'. Furthermore, I believe the wildcarded directory
> level before 'nodejs' must be a known multi-arch triplet.

yes it is
> Is it okay
> if Lintian instead requires that the multi-arch component of the file
> paths found matches the target architecture of the installable package
> in which they were shipped?
Yes it is

> If that is acceptable, Lintian already has checks to constrain the
> installation paths for shared libraries, although they may need to be
> expanded. (And we have to watch out for -cross packages.) Do you have
> candidates for examination besides node-iconv (which I found locally)
> that should trigger the condition?

I am fixing node-expat-expat that ship under /usr/lib/


> > Moreover in this case ma:foreign is a error (they are plugins)
>
> That will be addressed at the same time, although I am not yet sure how.

Thanks

> Kind regards
> Felix Lechner

Bug#765503: lintian: Downgrade most of privacy-breach* tags from severity: error to pedantic

[Bastien ROUCARIES]

Le ven. 10 sept. 2021 à 11:06, Felix Lechner
 a écrit :
>
> Hi,
>
> > The severity chosen for these tags/checks is not justified by any of our
> > policies, neither the Debian policy, not the best packaging practises nor
> > any legal reason!
> >
> > There is no technical nor social justification for this severity.
> >
> > making our package compliant to this new privacy-policy doesn't add
> > any value to our users.
>
> I believe Debian users have a reasonable expectation to read static
> files on their own storage media without being monitored. That
> objection is based on my own everyday experience in working to improve
> Debian, the Golden rule [2] and item #4 of Debian's social contract
> ("Our priorities are our users"). [2]
>
> The legal landscape is also changing. At least Europe and California
> have seen shifts toward greater privacy protections for consumers
> since the bug was filed.
>
> [1] https://en.wikipedia.org/wiki/Golden_Rule
> [2] https://www.debian.org/social_contract
>
> > I simply morally disagree with removing donation requests from authors
>
> It is not the solicitation but the unexpected loading of network
> resources that violates privacy expectations. Many micro-donation
> services offer resources like images or active HTML components to
> evoke feelings of familiarity or goodwill. That allows them to see who
> is using which software, and who chooses not to donate. While such
> gamesmanship may be common while browsing online (there are tools to
> fight it [3][4]) it is unexpected when browsing static files located
> on one's own storage media.
>
> Another, more generalized solution could be to modify all browsers
> shipped in Debian so they do not load online resources without
> confirmation. Unfortunately, that separates the solution from the
> problems. It is more reliable to address the privacy breaches where
> they occur, i.e. in the affected files.
>
> There is no issue with authors requesting donations (or even with
> Debian promoting such requests, for example in package metadata). The
> moral charge that Lintian's privacy expectations starve authors is not
> reasonable. The request just has to be made without unexpectedly
> loading online resources.
>
> [3] https://privacybadger.org/
> [4] https://noscript.net/
>
> > I find it unacceptable that the burden to make packages "privacy"-
> > compliant to some users is put on the shoulders of myself and fellow DDs.
>
> Lintian already reduces the workload by locating the issues for
> maintainers. (We hope that most of our tags do that.) As for the
> actual burden, the task of creating patches that drop lines from
> upstream files is well within the capabilities of any DD with upload
> privileges. The burden is not unreasonable.
>
> I will likely close this bug without action.
>
> Please reply to Bug#743694 if your response concerns Lintian's
> treatment of privacy breaches. Thanks!
>
> Kind regards
> Felix Lechner
Note that I am working on a dh_fixhtml helper to automate the cleaning
of privacy breach.

Bastien

Bug#993662: lintian: Please warn for source file that have This file was autogenerated or DO NOT EDIT BY HAND

[Bastien ROUCARIES]

control: tag -1 + patch

Le sam. 4 sept. 2021 à 15:27, Chris Lamb  a écrit :
>
> tags 993662 - patch
> thanks
>
> Hi Bastien,
>
> > Doing some code review on mozilla I found this interesting file
> > https://sources.debian.org/src/firefox-
> > esr/78.13.0esr-1/js/src/frontend/BinASTEnum.h/?hl=1#L1
> >
> > // This file was autogenerated by binjs_generate_spidermonkey,
> > // please DO NOT EDIT BY HAND.
>
> Interesting idea. But files with contents such as these aren't a
> problem in themselves. A problem only arises, at least from an
> ftpmaster point of view, when there isn't the corresponding, say,
> binjs_generate_spidermonkey script. (Imagine a long debate about
> "corresponding source code" here; better held elsewhere.)
>
> So, unless I'm missing something, I don't think this is something
> Lintian should warn about, at any severity level.
like other autogenerated a pedantic tag will help here
see for instance here
https://lintian.debian.org/tags/source-contains-prebuilt-javascript-object
or even like
https://lintian.debian.org/tags/very-long-line-length-in-source-file


I agree with your diagnostic, but in fact:
1. best packaging practice is to convince upstream to remove this file
and rebuild from source
2. good packaging pratice is to repack with a +ds suffix, in order to
be robust and rebuild all the time
3. a lintian tag will be a strong remainder to check manually this
file, repack or even add a lintian override thus a documentation why
it is not important for DFSG.

I really prefer to have a tag, ftpmaster is a bottlenet more than
maintainer time, so every little bit piece of documentation and help
is I think welcome here.

A pedantic time is just the right level for this kind of stuff...





>
> > Tags: patch
>
> (I assume this was a mistake, rather than you missing an attachment?
> Feel free to revert if necessary.)
Here
https://salsa.debian.org/lintian/lintian/-/merge_requests/366
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org  chris-lamb.co.uk
>`-

Bug#904852: lintian: package-contains-documentation-outside-usr-share-doc far too overzealous

[Bastien ROUCARIES]

On Sun, Jul 29, 2018 at 1:44 AM, Axel Beckert  wrote:
> Package: lintian
> Version: 2.5.94
> Severity: normal
>
> Hi,
>
> the phrase "Please move this files to /usr/share/doc/ or remove it."
> sounds very final, but completely ignores that there are quite a lot of
> files (often named README or so) documenting the purpose or contents of
> the directory they're in.
>
> Examples:


/etc should be already filtered, this is a plain bug

the other one will do something

Bastien
> ---
> $ cat /usr/lib/xymon/client/local/README
> This directory - the client/local/ directory - can be used to
> install Xymon client add-on scripts. The Xymon client will run
> all files in this directory that are executable, and include the
> output from each script in a separate section in the Xymon client
> message which is sent to the Xymon server.
>
> This output will have to be processed on the Xymon server; there
> is no default processing done by Xymon on the output from these
> scripts. They are merely added to the client data.
>
> If you want to install an add-on script that direcly generates a
> status column in Xymon, this should go in the client/ext/ directory
> instead.
> ---
> $ cat /etc/sudoers.d/README
> #
> # As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
> # installation of the package now includes the directive:
> #
> #   #includedir /etc/sudoers.d
> #
> # This will cause sudo to read and parse any files in the /etc/sudoers.d
> # directory that do not end in '~' or contain a '.' character.
> #
> # Note that there must be at least one file in the sudoers.d directory (this
> # one will do), and all files in this directory should be mode 0440.
> #
> # Note also, that because sudoers contents can vary widely, no attempt is
> # made to add this directive to existing sudoers files on upgrade.  Feel free
> # to add the above directive to the end of your /etc/sudoers file to enable
> # this functionality for existing installations if you wish!
> #
> # Finally, please note that using the visudo command is the recommended way
> # to update sudoers content, since it protects against many failure modes.
> # See the man page for visudo for more information.
> ---
> $ cat /usr/share/rlwrap/filters/README
> The filters in this directory have been written to test rlwrap,
> not to be practical.
> ---
>
> If you do a "find /etc /var /usr -name README -not -path
> '/usr/share/doc/*'" you'll find tons more of such cases, but also cases
> like these, where it definitely doesn't make sense to rename (!) all
> these files and put them elsewhere (didn't check if lintian complains
> about them, but according to the tag description it probably will):
>
> /usr/share/themes/Agualemon/xfwm4/README
> /usr/share/themes/BlackMATE/README
> /usr/share/themes/Moheli/xfwm4/README
> /usr/share/themes/Daloa/xfwm4/README
> /usr/share/themes/Default-4.2/xfwm4/README
> /usr/share/themes/Xfce/xfwm4/README
> /usr/share/themes/Perl/xfwm4/README
> /usr/share/themes/Tgc-large/xfwm4/README
> /usr/share/themes/Curve/xfwm4/README
> /usr/share/themes/Eazel-blue/xfwm4/README
> /usr/share/themes/ukui-theme-jun/gtk-2.0/widgets/README
> /usr/share/themes/Wallis/xfwm4/README
> /usr/share/themes/TraditionalOk/xfwm4/README
> /usr/share/themes/Defcon-IV/xfwm4/README
> /usr/share/themes/TUX/xfwm4/README
> /usr/share/themes/Tabs/xfwm4/README
> /usr/share/themes/Redmond/xfwm4/README
> /usr/share/themes/Kokodi/xfwm4/README
> /usr/share/themes/Retro/xfwm4/README
> /usr/share/themes/Alternate/xfwm4/README
> /usr/share/themes/Default/xfwm4/README
> /usr/share/themes/Gnububble/xfwm4/README
> /usr/share/themes/MurrinaBlue/xfwm4/README
> /usr/share/themes/Exocet/xfwm4/README
> /usr/share/themes/Platinum/xfwm4/README
> /usr/share/themes/Tubular/xfwm4/README
> /usr/share/themes/R9X/xfwm4/README
> /usr/share/themes/CortlandChicken/README
> /usr/share/themes/Microcurve/xfwm4/README
> /usr/share/themes/Symphony/xfwm4/README
> /usr/share/themes/Prune/xfwm4/README
> /usr/share/themes/RedmondXP/xfwm4/README
> /usr/share/themes/Wildbush/xfwm4/README
> /usr/share/themes/MurrinaAzul/xfwm4/README
> /usr/share/themes/Biz/xfwm4/README
> /usr/share/themes/Meenee/xfwm4/README
> /usr/share/themes/Slimline/xfwm4/README
> /usr/share/themes/BBS/xfwm4/README
> /usr/share/themes/Kde/xfwm4/README
> /usr/share/themes/Keramik/xfwm4/README
> /usr/share/themes/MurrinaBleu/xfwm4/README
> /usr/share/themes/Gtk/xfwm4/README
> /usr/share/themes/Coolclean/xfwm4/README
> /usr/share/themes/Default-4.0/xfwm4/README
> /usr/share/themes/Ops/xfwm4/README
> /usr/share/themes/Crux/xfwm4/README
> /usr/share/themes/Tgc/xfwm4/README
> /usr/share/themes/Elberg/xfwm4/README
> 

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

pushed Bug#901274

On Mon, Jun 11, 2018 at 9:59 AM, Chris Lamb  wrote:
> Bastien,
>
>> >> > Could you move the other changes to this branch too (or a "901274"
>> >> > branch/MR or something?)
>> >>
>> >> Did you prefer a reset or reset of master ?
>> >
>> > A reset or a reset?
>>
>> A reset or a revert...
>
> I have subsequently pushed other fixes so a [--hard] reset is not
> possible and would also require an ugly force push. At this point
> pleas please back out all of the commits in a single commit.
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Mon, Jun 11, 2018 at 1:05 AM, Chris Lamb  wrote:
>
>
> Hi Bastien ROUCARIES,
>
>> On Mon, Jun 11, 2018 at 12:07 AM, Chris Lamb  wrote:
>> > Hi Bastien,
>> >
>> >> > Unfortunately, I don't think these commits reach the level of quality
>> >> > that Debian Developers would expect from Lintian.
>> >>
>> >> Ok could you get a glimpse at README branch
>> >
>> > Could you move the other changes to this branch too (or a "901274"
>> > branch/MR or something?)  :)
>>
>> Did you prefer a reset or reset of master ?
>
> A reset or a reset?
A reset or a revert...
>
>> Bastien
>> >
>> >
>> > Best wishes,
>> >
>> > --
>> >   ,''`.
>> >  : :'  : Chris Lamb
>> >  `. `'`  la...@debian.org / chris-lamb.co.uk
>> >`-
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Mon, Jun 11, 2018 at 12:07 AM, Chris Lamb  wrote:
> Hi Bastien,
>
>> > Unfortunately, I don't think these commits reach the level of quality
>> > that Debian Developers would expect from Lintian.
>>
>> Ok could you get a glimpse at README branch
>
> Could you move the other changes to this branch too (or a "901274"
> branch/MR or something?)  :)

Did you prefer a reset or reset of master ?

Bastien
>
>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Sun, Jun 10, 2018 at 11:09 PM, Chris Lamb  wrote:
> Hi Bastien
>
>> Just see it. Will corects thanks
>
> May I kindly suggest doing this work on a branch?
>
> I am happy to review your grammar and spelling but I would very much
> like to keep the "master" branch releasable at any time.
>
> Unfortunately, I don't think these commits reach the level of quality
> that Debian Developers would expect from Lintian.

Ok could you get a glimpse at README branch

Bastien
>
>> Sorry for the delay I was removing a scratch on my screen with
>> toothpaste...
>
> Uhh.
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Sun, Jun 10, 2018 at 10:59 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> Will begin to wrok on this bug
>
> (I trust you are seeing my comments on salsa.)

Just see it. Will corects thanks

Sorry for the delay I was removing a scratch on my screen with toothpaste...

Bastien
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Sun, Jun 10, 2018 at 9:33 PM, Bastien ROUCARIES
 wrote:
> On Sun, Jun 10, 2018 at 9:31 PM, Chris Lamb  wrote:
>> Hi Bastien,
>>
>>> > (This seems like a candidate for data/files/fnames.)
>>>
>>> Will add the fonts name ASAP, thanks
>>
>> I don't understand this, sorry... My remark about data/files/fnames
>> refers to this entire bug report, not to the fonts specifically.
>
> Ok, I had understood that your remark apply only to last paragraph.
> Will begin to wrok on this bug


Last but not least, the woff.* and eot file are serious (at least
now). Tools to create does not yet exist (I am packaging it, Waiting
in NEWS node-microbuffer and node-svgpath, will need svg2ttf, ttf2woff
and ttf2eot)

Bastien
>
>>
>> Regards,
>>
>> --
>>   ,''`.
>>  : :'  : Chris Lamb
>>  `. `'`  la...@debian.org / chris-lamb.co.uk
>>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Sun, Jun 10, 2018 at 9:31 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> > (This seems like a candidate for data/files/fnames.)
>>
>> Will add the fonts name ASAP, thanks
>
> I don't understand this, sorry... My remark about data/files/fnames
> refers to this entire bug report, not to the fonts specifically.

Ok, I had understood that your remark apply only to last paragraph.
Will begin to wrok on this bug

>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#901274: [lintian] warn about *.md,.eslintrc, .npmignore, LICENSE, CHANGES, PATENTS, *.woff, *.ttf, *.woff.? under /usr/lib/node (may be /usr/lib ?)

[Bastien ROUCARIES]

On Sun, Jun 10, 2018 at 9:25 PM, Chris Lamb  wrote:
> Bastien,
>
>> Documentation file (*.md, LICENSE, CHANGES, PATENTS) do not belong to this 
>> dir
>>
>> .eslintrc are jslint config file and should not be installed
>>
>> .npmignore is used in order to publish file under npm so do not install
>>
>> *.woff, *.ttf, *.woff. are fonts so go to fonts package
>
> (This seems like a candidate for data/files/fnames.)

Will add the fonts name ASAP, thanks

Bug#898822: [RFC] Detect data embeded image in html like file

[Bastien ROUCARIES]

On Wed, May 16, 2018 at 4:00 PM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> On Wed, May 16, 2018 at 11:33 AM, Chris Lamb <la...@debian.org> wrote:
>> retitle 898822 Detect data encoded/embedded in HTML "Data" URI schemes
>> severity 898822 wishlist
>> tags 898822 + moreinfo
>> thanks
>>
>> Hi Bastien,
>>
>> [..]
>>
>> I think some concrete examples here would be useful in triaging/
>> prioritising this, as well as working out whether it is feasible or
>> sensible :)
> Code search with request
> (https://codesearch.debian.net/search?q=src%3D%22data%3A=1=1)
> give 75 packages affected:
> asciidoctor
> cacti
> chemical-structures
> chromium-browser
> ckeditor
> classified-ads
> diffoscope
> edbrowse
> firefox
> firefox-esr
> fontforge
> fossil
> gitinspector
> golang-github-microcosm-cc-bluemonday
> html5lib
> icingaweb2
> ikiwiki
> ipython
> jmol
> juli
> kmplayer
> kopano-webapp
> landslide
> libcgi-application-plugin-dbiprofile-perl
> libxml-atom-fromowl-perl
> libxml-atom-owl-perl
> lua-apr
> matplotlib
> mayavi2
> mediawiki
> nbconvert
> node-normalize.css
> notmuch
> oca-core
> openlp
> opennebula
> openscad
> pandoc
> php-doctrine-bundle
> php-getid3
> php-kdyby-events
> phpmyadmin
> python-cartopy
> python-darkslide
> python-mne
> python-pweave
> python-pydub
> python-pyqrcode
> python-qtconsole
> qtwebengine-opensource-src
> rails
> rapid-photo-downloader
> r-cran-knitr
> r-cran-repr
> r-cran-rmarkdown
> rdkit
> request-tracker4
> roundcube
> rss-bridge
> rubocop
> sagemath
> sass-spec
> simplesamlphp
> spip
> sympa
> thunderbird
> trac
> turbogears2-doc
> veusz
> virtuoso-opensource
> vistrails
> woo
> xhtml2pdf
> yt
> zotero-standalone-build
>
> Some are clearly abuse see:
> 1. 
> https://sources.debian.org/src/chemical-structures/2.2.dfsg.0-12/debian/patches/privacy.patch/?hl=10#L10
> (render package undistributable one of sourceforge logo)
> 2. 
> https://codesearch.debian.net/show?file=lua-apr_0.23.2.dfsg-4%2Fsrc%2Fbase64.c=33
> FTBFS not prefered modification source
> 3. 
> https://sources.debian.org/src/rubocop/0.52.1+dfsg-1/debian/patches/04-adjust-tests-due-to-rubocop-logo-removal-from-package.diff/?hl=25#L25
> (remove logo as file not as included base64 => RC undistributable)
> 4.https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/debian/patches/2003_avoid_privacy_breach.patch/?hl=59#L59
> Border line could use the same trick that I have done in
> libjs-normalize.css to generate with js the image (not prefered source
> of modification)
>
> I have not checked all the package.
>
> another risk is to carry forbidden image like porn of think like this
> is this stuff. I prefer lintian to signal pedantically in order to
> manually check acceptance.
>
> Better safe than sorry

This request is also interesting:
https://codesearch.debian.net/search?q=href%3D%22data%3A=1=1

>
> Bastien
>
>
>>
>> Best wishes,
>>
>> --
>>   ,''`.
>>  : :'  : Chris Lamb
>>  `. `'`  la...@debian.org / chris-lamb.co.uk
>>`-

Bug#898822: [RFC] Detect data embeded image in html like file

[Bastien ROUCARIES]

On Wed, May 16, 2018 at 11:33 AM, Chris Lamb  wrote:
> retitle 898822 Detect data encoded/embedded in HTML "Data" URI schemes
> severity 898822 wishlist
> tags 898822 + moreinfo
> thanks
>
> Hi Bastien,
>
> [..]
>
> I think some concrete examples here would be useful in triaging/
> prioritising this, as well as working out whether it is feasible or
> sensible :)
Code search with request
(https://codesearch.debian.net/search?q=src%3D%22data%3A=1=1)
give 75 packages affected:
asciidoctor
cacti
chemical-structures
chromium-browser
ckeditor
classified-ads
diffoscope
edbrowse
firefox
firefox-esr
fontforge
fossil
gitinspector
golang-github-microcosm-cc-bluemonday
html5lib
icingaweb2
ikiwiki
ipython
jmol
julia
kmplayer
kopano-webapp
landslide
libcgi-application-plugin-dbiprofile-perl
libxml-atom-fromowl-perl
libxml-atom-owl-perl
lua-apr
matplotlib
mayavi2
mediawiki
nbconvert
node-normalize.css
notmuch
oca-core
openlp
opennebula
openscad
pandoc
php-doctrine-bundle
php-getid3
php-kdyby-events
phpmyadmin
python-cartopy
python-darkslide
python-mne
python-pweave
python-pydub
python-pyqrcode
python-qtconsole
qtwebengine-opensource-src
rails
rapid-photo-downloader
r-cran-knitr
r-cran-repr
r-cran-rmarkdown
rdkit
request-tracker4
roundcube
rss-bridge
rubocop
sagemath
sass-spec
simplesamlphp
spip
sympa
thunderbird
trac
turbogears2-doc
veusz
virtuoso-opensource
vistrails
woo
xhtml2pdf
yt
zotero-standalone-build

Some are clearly abuse see:
1. 
https://sources.debian.org/src/chemical-structures/2.2.dfsg.0-12/debian/patches/privacy.patch/?hl=10#L10
(render package undistributable one of sourceforge logo)
2. 
https://codesearch.debian.net/show?file=lua-apr_0.23.2.dfsg-4%2Fsrc%2Fbase64.c=33
FTBFS not prefered modification source
3. 
https://sources.debian.org/src/rubocop/0.52.1+dfsg-1/debian/patches/04-adjust-tests-due-to-rubocop-logo-removal-from-package.diff/?hl=25#L25
(remove logo as file not as included base64 => RC undistributable)
4.https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/debian/patches/2003_avoid_privacy_breach.patch/?hl=59#L59
Border line could use the same trick that I have done in
libjs-normalize.css to generate with js the image (not prefered source
of modification)

I have not checked all the package.

another risk is to carry forbidden image like porn of think like this
is this stuff. I prefer lintian to signal pedantically in order to
manually check acceptance.

Better safe than sorry

Bastien


>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#898822: [RFC] Detect data embeded image in html like file

[Bastien ROUCARIES]

Package: lintian
Version: 2.5.86
Severity: minor


Hi,


This is maybe a hot topic, so ask for comment

A not so well know feature of html format is the DATA uri scheme that
allow to embded some stuff like image in html file (see
https://en.wikipedia.org/wiki/Data_URI_scheme).

I am sure that base64 encoded stuff like image are not considered as
prefered form of modification, and I believe that lintian should
detect in source file this kind of use, in order to help ftpmaster
work.


They are also security implication and I think it is good to detect
this kind of stuff.

It is easy to implement:
- first move to files.pm privacy-breach logic detection to common
library (this one I need help)
- detect the base64 encoding in privacy-breach logic
- warn pedantically in files.pm for base64 and error in cruft.pm

Any comments ?

Bastien

Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)

[Bastien ROUCARIES]

On Fri, May 11, 2018 at 5:27 PM, Chris Lamb  wrote:
> retitle 898431 please update version of file(1) on lindsay.debian.org to 
> detect .wasm files
> thanks
>
> Bastien,
>
>> source-contains-prebuilt-wasm-binary source tag is not emitted due to
>> too old file.
>
> To clarify anyone else who had difficult parsing this, "file" here
> refers to file(1)/src:file, not the to the prebuilt .wasm file itself.
>
> Niels, is this one for us or DSA?
>
>> wasm is a crap over a crap of nodejs communauty.
>
> Please try and keep these inflammatory and ultimately non-technical
> comments to a minimum. They can do nothing but demotivate the already-
> overworked Javascript team from trying to fix these issues at their
> core.

I am part of js team. It hurt us twice the last month. sorry for the
inflamatory language
>
>> Why js file even minified an human could with some hard work undestand
>> security implication.
>
> I think what you are trying to say here is that precompiled files are
> more difficult to evaulate and patch for security vulnerabilies. Is
> that correct?

Yes it is. wasm is compiled not precompiled. So you need to use binary
patch. No patch.

It is like patching .o object. and this o object will be injected in
your browser in a sandbox (hopefully)

So better to detect this earlier. I could not found how to detect
source-is-missing because source file could be
any language (like c) source file.

Bastien

>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)

[Bastien ROUCARIES]

Package: lintian
Version: 2.5.84
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
X-Debbugs-CC: ftpmas...@ftp-master.debian.org

Hi,

source-contains-prebuilt-wasm-binary source tag is not emitted due to
too old file.

wasm is a crap over a crap of nodejs communauty. It is compiled javascript.

Node often include it without source and this will end in the archive.

Why js file even minified an human could with some hard work undestand
security implication.

With wasm, it is near impossible to understand.

So it is important to be sure that wasm file are compiled from source
(thus security bug), and maybe
should raise an ftpmaster autoreject.

So could we try to get file on  lintian.debian.org to detect wasm ?

Bastien

Bug#874381: lintian: false-positive source-is-missing bug for css_browser_selector.js

[Bastien ROUCARIES]

On Thu, Sep 7, 2017 at 12:10 AM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> On Wed, Sep 6, 2017 at 11:15 PM, Julian Gilbey <j...@debian.org> wrote:
>> On Wed, Sep 06, 2017 at 10:12:05PM +0100, Chris Lamb wrote:
>>> Hi Julian,
>>>
>>> > I wonder whether the patch should check for css_browser_selector (the
>>> > function name) rather than 'css browser selector' (the title)?
>>>
>>> Great idea. I didn't actually spot this in the $block variable. Updated
>>> in:
>>>
>>>   
>>> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=8a3ec2888011b93e5f55c31bcf366bff5a8f
>>
>> Pleasure!
>>
>>Julian
>>
> Could we also found source using this non yet packaged js library and
> open RC bug ?
>
> I do not think security like this ...



https://codesearch.debian.net/search?q=css.browser.selector

Bug#874381: lintian: false-positive source-is-missing bug for css_browser_selector.js

[Bastien ROUCARIES]

On Wed, Sep 6, 2017 at 11:15 PM, Julian Gilbey  wrote:
> On Wed, Sep 06, 2017 at 10:12:05PM +0100, Chris Lamb wrote:
>> Hi Julian,
>>
>> > I wonder whether the patch should check for css_browser_selector (the
>> > function name) rather than 'css browser selector' (the title)?
>>
>> Great idea. I didn't actually spot this in the $block variable. Updated
>> in:
>>
>>   
>> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=8a3ec2888011b93e5f55c31bcf366bff5a8f
>
> Pleasure!
>
>Julian
>
Could we also found source using this non yet packaged js library and
open RC bug ?

I do not think security like this ...

Re: [lintian] 01/01: Modify Lintian::Data's "all" to always return keys in insertion order, dropping dependency on libtie-ixhash-perl.

[Bastien Roucaries]

Why? 

This package is since old stable and under news they are waiting 
libtie-hash-index-perl-waiting for full speed

Moreover it will slow down lintian::data for general case...

Bastien

Le 28 août 2017 18:58:02 GMT+02:00, Chris Lamb  a écrit 
:
>This is an automated email from the git hooks/post-receive script.
>
>lamby pushed a commit to branch master
>in repository lintian.
>
>commit 0ffea0eb355973d1be2fd788dd8e4aadeac81222
>Author: Chris Lamb 
>Date:   Mon Aug 28 16:09:24 2017 +0100
>
>Modify Lintian::Data's "all" to always return keys in insertion order,
>dropping dependency on libtie-ixhash-perl.
>---
> checks/fields.pm|  3 +--
> debian/changelog|  3 +++
> debian/control  |  2 --
>lib/Lintian/Data.pm | 50
>+-
> 4 files changed, 21 insertions(+), 37 deletions(-)
>
>diff --git a/checks/fields.pm b/checks/fields.pm
>index a9d145f..f625abc 100644
>--- a/checks/fields.pm
>+++ b/checks/fields.pm
>@@ -101,8 +101,7 @@ my $NAME_SECTION_MAPPINGS = Lintian::Data->new(
> qr/\s*=>\s*/,
> sub {
> return {'regex' =>  qr/$_[0]/x, 'section' => $_[1]};
>-},
>-Lintian::Data->get_orderedtype());
>+});
> 
> my %VCS_EXTRACT = (
> browser => sub { return @_;},
>diff --git a/debian/changelog b/debian/changelog
>index 7f23d43..c7a4759 100644
>--- a/debian/changelog
>+++ b/debian/changelog
>@@ -117,6 +117,9 @@ lintian (2.5.53) UNRELEASED; urgency=medium
>   * lib/Lintian/Check.pm:
>   + [CL] Stop emitting {maintainer,uploader}-address-causes-mail-loops
>   for @packages.debian.org addresses.  (Closes: #871575)
>+  * lib/Lintian/Data.pm:
>++ [CL] Modify Lintian::Data's "all" to always return keys in
>insertion
>+  order, dropping dependency on libtie-ixhash-perl.
> 
>   * helpers/coll/objdump-info-helper:
> + [CL] Apply patch from Steve Langasek to accomodate binutils 2.29
>diff --git a/debian/control b/debian/control
>index e2ee71e..31f5672 100644
>--- a/debian/control
>+++ b/debian/control
>@@ -52,7 +52,6 @@ Build-Depends: aspell,
>libtest-synopsis-perl,
>libtext-levenshtein-perl,
>libtext-template-perl,
>-   libtie-ixhash-perl,
>libtimedate-perl,
>liburi-perl,
>libyaml-libyaml-perl,
>@@ -98,7 +97,6 @@ Depends: binutils,
>  liblist-moreutils-perl,
>  libparse-debianchangelog-perl,
>  libtext-levenshtein-perl,
>- libtie-ixhash-perl,
>  libtimedate-perl,
>  liburi-perl,
>  libyaml-libyaml-perl,
>diff --git a/lib/Lintian/Data.pm b/lib/Lintian/Data.pm
>index 3275a78..a683172 100644
>--- a/lib/Lintian/Data.pm
>+++ b/lib/Lintian/Data.pm
>@@ -27,8 +27,6 @@ use POSIX qw(ENOENT);
> 
> use Lintian::Util qw(strip);
> 
>-use Tie::IxHash;
>-
> our $LAZY_LOAD = 1;
> 
> sub _checked_open {
>@@ -62,11 +60,6 @@ sub new {
> return $self;
> }
> 
>-sub get_orderedtype {
>-tie my %myhash, 'Tie::IxHash';
>-return \%myhash;
>-}
>-
> # _get_data fetches an already loaded dataset by type.  It is
> # mostly useful for determining whether it makes sense to make
> # sense to be "lazy".
>@@ -87,15 +80,14 @@ sub get_orderedtype {
> sub _load_data {
> my ($self, $data_spec) = @_;
> my $data_name = $data_spec->[0];
>-my $data_type = $data_spec->[3] // {};
> unless (exists($data{$data_name})) {
> my $vendors = $self->_get_vendor_names;
>-my $dataset = $data_type;
>+my ($dataset, $keyorder) = ({}, []);
>  my ($fd, $vno) = $self->_open_data_file($data_name, $vendors, 0);
>-$self->_parse_file($data_name, $fd, $dataset, $data_spec,
>-$vendors, $vno);
>+$self->_parse_file($data_name, $fd, $dataset, $keyorder,
>+$data_spec, $vendors, $vno);
> close($fd);
>-$data{$data_name} = $dataset;
>+$data{$data_name} = {dataset => $dataset, keyorder =>
>$keyorder};
> }
> return $self->{'data'} = $data{$data_name};
> }
>@@ -157,7 +149,8 @@ sub get_orderedtype {
> }
> 
> sub _parse_file {
>-my ($self, $data_name, $fd, $dataset, $data_spec, $vendors, $vno)=
>@_;
>+my ($self, $data_name, $fd, $dataset, $keyorder, $data_spec,
>$vendors,$vno)
>+  = @_;
> my (undef, $separator, $code) = @{$data_spec};
> my $filename = $data_name;
>$filename = $vendors->[$vno] . '/' . $data_name if $vno < scalar
>@$vendors;
>@@ -170,12 +163,13 @@ sub _parse_file {
> if ($op eq 'delete') {
> croak "Missing key after \@delete in $filename at line $."
>   unless defined $value && length $value;
>+@{$keyorder} = grep { $_ ne $value } @{$keyorder};
> delete $dataset->{$value};
> } elsif ($op eq 'include-parent') {
> my ($pfd, $pvo)
>= 

Bug#873434: lintian: Please check for @import ur(http://...) in /usr/share/doc

[Bastien Roucaries]

Le 27 août 2017 17:16:04 GMT+02:00, Ian Jackson 
 a écrit :
>Package: lintian
>Version: 2.5.50.3
>Severity: wishlist
>
>I have discovered various files in /usr/share/doc/*/html on my system
>which do things like this:
>  @import url(http://fonts.googleapis.com/css?family=Open+Sans);
>
>Eg,
>  /usr/share/doc/python-scipy-doc/html/_static/less/spc-bootstrap.less
>  /usr/share/doc/libfreetype6-dev/css/freetype2.css
>
>Please would you make lintian complain about @import url(), or about
>fonts.googleapis.com, or something.


Do you have piece of advices for replacing this kind of API ?

Thanks
>
>Thanks,
>Ian.
>
>-- System Information:
>Debian Release: 9.0
>  APT prefers stable-debug
>  APT policy: (500, 'stable-debug'), (500, 'stable')
>Architecture: amd64 (x86_64)
>Foreign Architectures: i386
>
>Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
>Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8),
>LANGUAGE=C.UTF-8 (charmap=UTF-8)
>Shell: /bin/sh linked to /bin/dash
>Init: sysvinit (via /sbin/init)
>
>Versions of packages lintian depends on:
>ii  binutils  2.28-5
>ii  bzip2 1.0.6-8.1
>ii  diffstat  1.61-1+b1
>ii  file  1:5.30-1
>ii  gettext   0.19.8.1-2
>ii  intltool-debian   0.35.0+20060710.4
>ii  libapt-pkg-perl   0.1.32
>ii  libarchive-zip-perl   1.59-1
>ii  libclass-accessor-perl0.34-1
>ii  libclone-perl 0.38-2+b1
>ii  libdigest-sha-perl5.96-1+b1
>ii  libdpkg-perl  1.18.24
>ii  libemail-valid-perl   1.202-1
>ii  libfile-basedir-perl  0.07-1
>ii  libipc-run-perl   0.94-1
>ii  liblist-moreutils-perl0.416-1+b1
>ii  libparse-debianchangelog-perl 1.2.0-12
>ii  libperl5.24 [libdigest-sha-perl]  5.24.1-2
>ii  libtext-levenshtein-perl  0.13-1
>ii  libtimedate-perl  2.3000-2
>ii  liburi-perl   1.71-1
>ii  libyaml-libyaml-perl  0.63-2
>ii  man-db2.7.6.1-2
>ii  patchutils0.3.4-2
>ii  perl  5.24.1-2
>ii  t1utils   1.39-2
>ii  xz-utils  5.2.2-1.2+b1
>
>Versions of packages lintian recommends:
>ii  dpkg 1.18.24
>ii  libperlio-gzip-perl  0.19-1+b2
>ii  perl 5.24.1-2
>ii  perl-modules-5.22 [libautodie-perl]  5.22.2-1
>ii  perl-modules-5.24 [libautodie-perl]  5.24.1-2
>
>Versions of packages lintian suggests:
>pn  binutils-multiarch 
>ii  dpkg-dev   1.18.24
>ii  libhtml-parser-perl3.72-3
>ii  libtext-template-perl  1.46-1
>
>-- no debconf information

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#873434: lintian: Please check for @import url(http://...) in /usr/share/doc

[Bastien ROUCARIES]

BTW acording to https://github.com/google/fonts we could self host and
create an offline version
https://github.com/majodev/google-webfonts-helper

Something for the fonts team ?

On Mon, Aug 28, 2017 at 3:24 PM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> If we could add a tag for this it is quite easy
> see
> data/files/privacy-breaker-websites
>
> (we could also add more js library in order to help ftpmaster)
>
> On Mon, Aug 28, 2017 at 3:18 PM, Chris Lamb <la...@debian.org> wrote:
>> Bastien,
>>
>>> Do we have alternative packaged for debian ?
>>
>> Given that most usage of Google Fonts is simply to provide "nicer"
>> versions of built-in fonts (and most CSS typically labels a set of
>> fallback font families) simply removing the offending import line
>> will only result in a slightly uglier font.
>>
>> Thus ensuring we have an alternative is not necessary in 99% of cases.
>>
>>> My perl capacity are too low but I will like to become dh_fixprivacy
>>
>> Happy hacking ;-)
>>
>>
>> Best wishes,
>>
>> --
>>   ,''`.
>>  : :'  : Chris Lamb
>>  `. `'`  la...@debian.org / chris-lamb.co.uk
>>`-

Bug#873434: lintian: Please check for @import url(http://...) in /usr/share/doc

[Bastien ROUCARIES]

If we could add a tag for this it is quite easy
see
data/files/privacy-breaker-websites

(we could also add more js library in order to help ftpmaster)

On Mon, Aug 28, 2017 at 3:18 PM, Chris Lamb  wrote:
> Bastien,
>
>> Do we have alternative packaged for debian ?
>
> Given that most usage of Google Fonts is simply to provide "nicer"
> versions of built-in fonts (and most CSS typically labels a set of
> fallback font families) simply removing the offending import line
> will only result in a slightly uglier font.
>
> Thus ensuring we have an alternative is not necessary in 99% of cases.
>
>> My perl capacity are too low but I will like to become dh_fixprivacy
>
> Happy hacking ;-)
>
>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#873434: lintian: Please check for @import url(http://...) in /usr/share/doc

[Bastien ROUCARIES]

Do we have alternative packaged for debian ?

BTW if you could get a glimpse at src:imagemagick I have a script that
could help for this kind of problems that use xlst...

My perl capacity are too low but I will like to become dh_fixprivacy

On Mon, Aug 28, 2017 at 10:59 AM, Chris Lamb  wrote:
> tags 873434 + pending
> retitle 873434 lintian: Please check for @import url(http://...) in 
> /usr/share/doc
> thanks
>
> Hi Ian,
>
> Thanks for the report. So, this is actually already being checked for
> but as it's an "experimental" tag you need to pass the --display-experimental
> flag. It will then appear as:
>
>   X: src: binary path/to/foo.html 
> (http://fonts.googleapis.com/css?family=open+sans)
>
> However, I've taken a moment to add an explicit regression test for
> Google Fonts:
>
>   
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=636a4cebc93f5321e482563ec0dd00a40fa01a0f
>
> .. as well as one for Typekit (same deal, different mechanism):
>
>   
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0d68e48e6424234f06cfb0873bc746e243577be3
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>

Re: [lintian] 01/02: Use Lintian::Data for section/name mapping

[Bastien Roucaries]

Le 26 août 2017 08:59:00 GMT+02:00, Niels Thykier  a écrit :
>Bastien Roucariès:
>> This is an automated email from the git hooks/post-receive script.
>> 
>> rouca pushed a commit to branch master
>> in repository lintian.
>> 
>> commit f71f3901fcc23db666d3de176526e91fd4f228a2
>> Author: Bastien ROUCARIÈS 
>> Date:   Fri Aug 25 22:22:39 2017 +0200
>> 
>> Use Lintian::Data for section/name mapping
>
>
>Hi,
>
>This change causes a regression that need to be fixed (or the commit
>reverted)

will fix: what do you prefer : fix regex or fix lintian data to keep ordoring ?

>The problem being that @NAME_SECTION_MAPPINGS is an /ordered/ list with
>a "first match and we are done"-rule.  When migrated to L::Data, this
>order is lost because L::Data does not have an order guarantee.
>
>Therefore, when multiple rules match (see [1] for an example), the
>previous code would give a well-defined result (first rule listed)
>whereas the new code gives a non-deterministic result.
>
>Thanks,
>~Niels
>
>[1]
>
>libfoo-ocaml-dev matches the following two rules
>
>[qr/^lib.*-(?:ocaml|camlp4)-dev$/ => 'ocaml'],
>[qr/^lib.*-dev$/  => 'libdevel'],
>
>> ---
>>  checks/fields.pm  | 34
>+-
>>  data/fields/name_section_mappings | 16 
>>  debian/changelog  |  1 +
>>  3 files changed, 30 insertions(+), 21 deletions(-)
>> 
>> diff --git a/checks/fields.pm b/checks/fields.pm
>> index cb91491..4ad96ad 100644
>> --- a/checks/fields.pm
>> +++ b/checks/fields.pm
>> @@ -96,23 +96,14 @@ our @known_java_pkg = map { qr/$_/ } (
>>  );
>>  
>>  # Mapping of package names to section names
>> -my @NAME_SECTION_MAPPINGS = (
>> -[qr/-docs?$/  => 'doc'],
>> -[qr/-dbg(?:sym)?$/=> 'debug'],
>> -[qr/^(?:python-)?zope/=> 'zope'],
>> -[qr/^python3?-/   => 'python'],
>> -[qr/^r-(?:cran|bioc|other)-/  => 'gnu-r'],
>> -[qr/^lib.*-perl$/ => 'perl'],
>> -[qr/^lib.*-cil(?:-dev)?$/ => 'cli-mono'],
>> -[qr/^lib.*-(?:java|gcj)$/ => 'java'],
>> -[qr/^(?:lib)php-/ => 'php'],
>> -[qr/^lib(?:hugs|ghc6?)-/  => 'haskell'],
>> -[qr/^lib.*-ruby(?:1\.\d)?$/   => 'ruby'],
>> -[qr/^lib.*-(?:ocaml|camlp4)-dev$/ => 'ocaml'],
>> -[qr/^lib.*-dev$/  => 'libdevel'],
>> -[qr/^gir\d+\.\d+-.*-\d+\.\d+$/=> 'introspection'],
>> -[qr/^libjs-/  => 'javascript'],
>> -);
>> +my $NAME_SECTION_MAPPINGS = Lintian::Data->new(
>> +'fields/name_section_mappings',
>> +qr/\s*=>\s*/,
>> +sub {
>> +my $regex = qr/$_[0]/x;
>> +$_[0] = $_[1];
>> +return $regex;
>> +});
>>  
>>  my %VCS_EXTRACT = (
>>  browser => sub { return @_;},
>> @@ -547,14 +538,15 @@ sub run {
>>  # Check package name <-> section.  oldlibs is a special
>case; let
>>  # anything go there.
>>  if ($parts[-1] ne 'oldlibs') {
>> -foreach my $map (@NAME_SECTION_MAPPINGS) {
>> -next unless ($pkg =~ $map->[0]);
>> +foreach my $section ($NAME_SECTION_MAPPINGS->all())
>{
>> +my $regex =
>$NAME_SECTION_MAPPINGS->value($section);
>> +next unless ($pkg =~ m{$regex});
>>  
>>  my $area = '';
>>  $area = "$parts[0]/" if (scalar @parts == 2);
>>  tag 'wrong-section-according-to-package-name',
>> -  "$pkg => ${area}$map->[1]"
>> -  unless $parts[-1] eq $map->[1];
>> +  "$pkg => ${area}$section"
>> +  unless $parts[-1] eq $section;
>>  last;
>>  }
>>  }
>> diff --git a/data/fields/name_section_mappings
>b/data/fields/name_section_mappings
>> new file mode 100644
>> index 000..ca9c1de
>> --- /dev/null
>> +++ b/data/fields/name_section_mappings
>> @@ -0,0 +1,16 @@
>> +# map between regex (x) of package => section
>> +-docs?$  => doc
>> +-dbg(?:sym)?$=> debug
>> +^(?:python-)?zope=> zope
>> +^python3?-   => python
>> +^r-(?:cran|bioc|other)-  => gnu-r
>> +^lib.*-perl$ => perl
>> +lib.*-cil(?:-dev)?$  => cli-mono
>> +^lib.*-(?:java|gcj)$ => java
>> +^(?:lib)php- => php
>> +^lib(?:hugs|ghc6?)-  => haskell
>> +^lib.*-ruby(?:1\.\d)?$   => ruby
>> +^lib.*-(?:ocaml|camlp4)-dev$ => ocaml
>> +^lib.*-dev$  => libdevel
>> +^gir\d+\.\d+-.*-\d+\.\d+$=> introspection
>> +^libjs-  => javascript
>> \ No newline at end of file
>> diff --git a/debian/changelog b/debian/changelog
>> index e7cbe8d..af300a8 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog

Bug#872611: lintian: Please warn on package using sensible-utils w/o relationship

[Bastien Roucaries]

Patch is for me incompletewe must use cruft... So partial fix

Le 21 août 2017 03:48:54 GMT+02:00, Chris Lamb  a écrit :
>tags 872611 + pending
>thanks
>
>Fixed in Git:
>
>https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=f8ff3e873d4f8fdc6eeda6bea9e522afc34cb7cc
>
>
>Regards,
>
>-- 
>  ,''`.
> : :'  : Chris Lamb
> `. `'`  la...@debian.org / chris-lamb.co.uk
>   `-

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#833585: lintian: Check presence of upstream signature if signing key available

[Bastien ROUCARIES]

On Mon, Aug 21, 2017 at 9:43 AM, Kurt Roeckx  wrote:
> On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
>>  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
>>
>> > Dear Niels,
>> >
>> >> You need the $group parameter (the 5th parameter to the run sub).
>> >
>> > 
>> >
>> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
>> > Thanks again!
>>
>> So, this adds a new Lintian "error". I am using gbp and I have no clue
>> on how to include this signature file. Integration with uscan is not
>> done either.
>
> There is a bug against uscan to do this, I understand that it's
> been commited just not uploaded yet.
>
>
> Kurt
>
Lack git-buildpackage, gitpkg, git dpm ...

Bug#872611: lintian: Please warn on package using sensible-utils w/o relationship

[Bastien ROUCARIES]

control: owner -1 ro...@debian.org


Will add a cruft check

Bastien lintian and sensible-util maint

On Sat, Aug 19, 2017 at 11:04 AM, Guillem Jover  wrote:
> Package: lintian
> Version: 2.5.52
> Severity: wishlist
> X-Debbugs-CC: Clint Adams 
>
> Hi!
>
> As part of the long transition to split sensible-utils out from
> debianutils, the remaining Depends from debianutils was removed
> recently in version 4.8.2.
>
> I asked Clint whether he could send a mail with the current callers
> so that they'd be aware of the change and they could fix it, but
> thinking about it, it seems more effective and easier to let lintian
> check this, as this should be a local and trivial (?) thing to check
> for.
>
> Any package that contains references to one of the sensible-utils
> binary in non-documentation pathnames/filenames, and does not have any
> kind of relationship (Pre-Depends/Depends/Recommends/Suggests) would
> get a warning.
>
> This way we do not need to care whether the program is using it
> conditionally or not. :)
>
> Thanks,
> Guillem
>

Re: [lintian] Membership audit and clean up - please follow up if you are still active

[Bastien Roucaries]

Le 6 août 2017 12:13:00 GMT+02:00, Niels Thykier  a écrit :
>Hi,
>
>I have gone through the member list on and removed members that were
>inactive according to Debian's MIA database.
>
>Kindly review and act on the following:
>
>* If you consider yourself retired from lintian, please let me know and
>   I will clean up your access.
> * If you have admin access or lintian-gid, please assert you are still
>   around and know how to use it if needed be.
>
>=> If you have "admin" or "lintian-gid" and I do not hear from you
>=> before 2017-09-01, I will assume you are not around to use it.
>
>Re: admin/lintian-gid: I am interested in having redundancy here so we
>are at least a few members that can do the tasks related to these
>privileges.
>  However, this only works if the people with said access are 1) still
>around to use it and 2) still knows how/when to use it.  Accordingly,
>this mail doubles as a check to see if we have a hidden bus-factor of 1
>on these things.
>
>
>Audit results so far
>
>These are the results for checking all the members in alioth against
>the
>MIA database.
>
>
>The following were listed as retired or MIA and is therefore removed:
>
> * jeroen (lintian-gid)
> * he (lintian-gid)
> * edward
> * jorda-guest
>
>This leaves the following (presumed) active members for now:
>
> * joy (lintian-gid)
> * djpig (lintian-gid)
> * broucaries-guest

ro...@debian.org now
> * abe
> * sylvestre
> * jwilk
> * pabs
> * lamby
> * cjwatson (admin, lintian-gid)
> * rra (admin, lintian-gid)
> * adsb (admin, lintian-gid)
> * geissert (admin)
> * nthykier (admin, lintian-gid)
>
>Legend:
> * "admin" has administrator access to the lintian project in alioth
>* "lintian-gid" has the lintian group on lindsay.d.o, which gives write
>   access/admin over the archive-wide reporting.
>
>
>From here
>=
>As we have retired members with lintian-gid, I will send a request to
>DSA to remove the gid from these members.  Once people has had time to
>respond to this and we have evaluated if the bus factor is adequate, I
>will open an RT ticket to get the lintian-gid updated.
>
>
>Thanks,
>~Niels

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Re: [lintian] 01/01: Check that non-ELF maintainer scripts start with #!. (Closes: #843428)

[Bastien ROUCARIES]

On Sat, Jul 22, 2017 at 10:39 AM, Chris Lamb  wrote:
> Hi Bastien.
>
> Thanks for the review!
>
>> I will have tagged with an info tag the ELF maint script
>
> Why? It's not a bug whenever its used AFAIK? Did you mean "C:" tag,
> similar to package-uses-debhelper?

Yes a c tag and I will also print the interpreter if it is a script...
Will give us some statistics archive wise

Bastien

>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Re: [lintian] 01/01: Check that non-ELF maintainer scripts start with #!. (Closes: #843428)

[Bastien ROUCARIES]

On Fri, Jul 21, 2017 at 7:52 PM, Chris Lamb  wrote:
> This is an automated email from the git hooks/post-receive script.
>
> lamby pushed a commit to branch master
> in repository lintian.
>
> commit 9da2a1aceb5a4281a2a627d95f5c9288bab85038
> Author: Chris Lamb 
> Date:   Thu Jul 20 22:58:44 2017 +0100
>
> Check that non-ELF maintainer scripts start with #!. (Closes: #843428)
> ---
>  collection/scripts  | 13 
> +++--
>  debian/changelog|  4 
>  .../debian/debian/phpmyfoo.postrm   |  4 
>  t/tests/apache2-webapplications-general/tags|  2 ++
>  t/tests/legacy-scripts/tags |  1 +
>  .../debian/debian/postinst  |  9 +
>  .../debian/debian/postrm|  7 +++
>  .../scripts-does-not-start-with-shebang/debian/debian/rules |  8 
>  t/tests/scripts-does-not-start-with-shebang/debian/true.c   |  5 +
>  t/tests/scripts-does-not-start-with-shebang/desc|  6 ++
>  t/tests/scripts-does-not-start-with-shebang/tags|  1 +
>  11 files changed, 58 insertions(+), 2 deletions(-)
>
> diff --git a/collection/scripts b/collection/scripts
> index 1fabc86..1c4260a 100755
> --- a/collection/scripts
> +++ b/collection/scripts
> @@ -69,8 +69,17 @@ sub collect {
>  open(my $ctrl_fd, '>', "$dir/control-scripts");
>  for my $path ($info->control_index('')->children) {
>  next unless $path->is_open_ok;
> -my $scriptpath = shebang_line($path);
> -next unless defined($scriptpath);
> +# Only collect maintainer scripts
> +next unless $path =~ m/^(?:(?:pre|post)(?:inst|rm)|config)$/;
> +
> +# Allow ELF binaries
> +my $magic;
> +my $fd = $path->open;
> +if (read($fd, $magic, 4)) {
> +next if $magic eq "\x7FELF";
> +}
> +close($fd);
> +my $scriptpath = shebang_line($path) // '';


I will have tagged with an info tag the ELF maint script


>
>  # Remove everything after the first space (i.e. any options)
>  $scriptpath =~ s/\s++ .++ \Z//xsm;
> diff --git a/debian/changelog b/debian/changelog
> index e549e03..9782aa6 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -82,6 +82,10 @@ lintian (2.5.52) UNRELEASED; urgency=medium
>  + [CL] Factor out hard-coded list of possible upstream key locations
>to the "common/signing-key-filenames" Lintian::Data resource.
>
> +  * collection/scripts:
> ++ [CL] Check that non-ELF maintainer scripts start with #!.
> +  (Closes: #843428)
> +
>* commands/lintian.pm:
>  + [NT] Attempt to clean up on SIGTERM (like with SIGINT).
>  + [CL] Allow the use of suppress-tags=[,[,]] in
> diff --git 
> a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm 
> b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> index 2fffaab..d0db12e 100644
> --- a/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> +++ b/t/tests/apache2-webapplications-general/debian/debian/phpmyfoo.postrm
> @@ -1,3 +1,7 @@
> +#!/bin/sh
> +
> +set -e
> +
>  if [ "$1" = 'configure' ] ; then
>  a2disconf -q phpmyfoo
>  fi
> diff --git a/t/tests/apache2-webapplications-general/tags 
> b/t/tests/apache2-webapplications-general/tags
> index 725895b..3f2bb1c 100644
> --- a/t/tests/apache2-webapplications-general/tags
> +++ b/t/tests/apache2-webapplications-general/tags
> @@ -12,7 +12,9 @@ W: phpmyfoo: apache2-deprecated-auth-config 
>  W: phpmyfoo: apache2-deprecated-auth-config 
>  W: phpmyfoo: apache2-deprecated-auth-config Order
>  W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postinst
> +W: phpmyfoo: apache2-reverse-dependency-calls-invoke-rc.d postrm
>  W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postinst 
> a2enconf
> +W: phpmyfoo: apache2-reverse-dependency-calls-wrapper-script postrm a2disconf
>  W: phpmyfoo: apache2-unparsable-dependency 
> etc/apache2/conf-available/phpmyfoo.conf bar2.conf
>  W: phpmyfoo: apache2-unsupported-dependency 
> etc/apache2/conf-available/phpmyfoo.conf Conflicts
>  W: phpmyfoo: web-application-depends-on-apache2-data-package apache2-bin
> diff --git a/t/tests/legacy-scripts/tags b/t/tests/legacy-scripts/tags
> index 913844d..2feeb5d 100644
> --- a/t/tests/legacy-scripts/tags
> +++ b/t/tests/legacy-scripts/tags
> @@ -21,6 +21,7 @@ E: scripts: php-script-but-no-php-cli-dep 
> usr/share/scripts/phpenvfoo
>  E: scripts: php-script-but-no-php-cli-dep usr/share/scripts/phpfoo
>  E: scripts: python-script-but-no-python-dep usr/bin/py2.Xfoo
>  E: scripts: python-script-but-no-python-dep usr/bin/pyfoo
> +E: scripts: script-without-interpreter control/prerm
>  E: scripts: shell-script-fails-syntax-check usr/bin/sh-broken
>  E: scripts: 

Bug#796562: lintian: Please identify lack of sanitation compiler/linker flags

[Bastien Roucaries]

Le 20 juillet 2017 08:02:41 GMT+02:00, intrigeri  a écrit 
:
>Control: retitle -1 Please identify lack of UBSAN compiler/linker flags
>
>Jakub Wilk:
>> Relevant thread on oss-security:
>> http://www.openwall.com/lists/oss-security/2016/02/17/9
>
>Right, I was aware of this additional info but failed to update this
>bug report accordingly. Sorry!
>
>tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth
>(Cc'ed) summed up in
>http://openwall.com/lists/oss-security/2017/07/11/1.
>
>So I'm retitling this bug report to make it about UBSAN only,
>i.e. compiling and linking programs with -fsanitize=undefined.
>Note that by default, UBSAN only displays an error message at runtime
>when a problem is detected, and then resumes execution.

So not safe  Display an error will change  behaviour...

>Seth: are you aware of ways to check if a given binary has UBSAN
>enabled? Or is this something we should add to blhc instead
>of Lintian?
>
>Jakub, does this make sense to you? Do you think this is enough to
>drop the moreinfo tag?
>
>Cheers,

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Sat, Jul 15, 2017 at 12:02 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> > Thanks for your review. Whilst I am aware of such algorithms, could you
>> > elaborate on what you mean in concrete terms here?
>>
>> see sub full_text_check function
>
> I see. That way I'm not sure we get the line number though? This is rather a
> nice usability feature IMHO.

No we do not get the line number, but in theory it is possible by
counting the number of \n each time we had a block

>
>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Fri, Jul 14, 2017 at 9:36 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> >   
>> > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c
>>
>> Did you consider to use the sliding windows algo ?
>
> Thanks for your review. Whilst I am aware of such algorithms, could you
> elaborate on what you mean in concrete terms here?

see sub full_text_check function

Instead of reading line per line you could read block by block.

The algortihm assemble the block by pair therefore avoiding boundary problems

Bastien

>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Tue, Jul 11, 2017 at 11:44 PM, Chris Lamb  wrote:
> tags 846009 + pending
> thanks
>
> Fixed in Git:
>
>   
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c

Did you consider to use the sliding windows algo ?

Bastien
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>

[lintian] branch master updated (292d58b -> 9203f73)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  292d58b   spelling: Add another correction
   new  cd5ad86   Add digit.com as tracker
   new  d7da29a   Add new tracker website
   new  9203f73   Add forkme as logo

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/files/privacy-breaker-websites | 6 +++---
 debian/changelog| 4 
 2 files changed, 7 insertions(+), 3 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 03/03: Add forkme as logo

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 9203f734e5ba6d2715f8d5d1eb2557e353959f2f
Author: Bastien ROUCARIÈS 
Date:   Mon Jun 12 23:56:58 2017 +0200

Add forkme as logo
---
 data/files/privacy-breaker-websites | 2 +-
 debian/changelog| 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/files/privacy-breaker-websites 
b/data/files/privacy-breaker-websites
index 233a3ed..58e1f7f 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -12,7 +12,7 @@ privacy-breach-google-cse
~~^(?:[^\./]+\.)?google\.[^\./]
 privacy-breach-google-plus   
~~(?:^(?:[^\./]+\.)?google\.[^\./]+\.?/js/plusone\.[^\./]+\Z|^plus\.google\.com/)
 privacy-breach-donation  
~~(?:(?:donate|paypal|support)\.(gif|jpe?g|png|svg)$|^(?:[^\./]+\.)?(?:flattr\.(?:com|net)|paypal(?:objects)?\.com|pledgie\.com|xoom\.com)/)
 privacy-breach-facebook  
~~^(?:[^\./]+\.)?(?:facebook\.com|static\.ak\.fbcdn\.net)(?:/|\Z)
-privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|logos?_[^/\.]*|logos?)\.(gif|ico|jpe?g|png|svg)$)
+privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|forkme_[^/\.]*|logos?_[^/\.]*|logos?)\.(gif|ico|jpe?g|png|svg)$)
 privacy-breach-piwik ~~/piwik\.php\?
 privacy-breach-statistics-website
~~^(?:(?:[^\./]+\.)?(?:count\.digitalpoint\.com|cruel-carlota\.pagodabox\.com|linkexchange\.com|nedstatbasic\.net|onestat\.com|sitemeter\.com|statcounter\.com|webstats\.motigo\.com|digit\.com)(?:/|\Z)|/count(?:er)?\.cgi\?[^/]*\Z)
 privacy-breach-w3c-valid-html
~~^(?:(?:[^\./]+\.)?w3.org/(?:icons/valid-|css-validator/images/)(?:[^/]+)?$|validator\.w3\.org(?:/|\Z))
diff --git a/debian/changelog b/debian/changelog
index c91e9b0..bfc8792 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -106,6 +106,7 @@ lintian (2.5.51) UNRELEASED; urgency=medium
   * data/files/privacy-breaker-websites:
 + [BR] Add digit.com as tracker.
 + [BR] Add static.ak.fbcdn.net as facebook.
++ [BR] Add forkme as logo.
   * data/files/standard-files:
 + [NT] Add more common files based on feedback from Helmut Grohne.
   * data/obsolete-sites/obsolete-sites:

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/03: Add digit.com as tracker

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit cd5ad86a97909a6ed3ab34ca607e6cb2e0f50876
Author: Bastien ROUCARIÈS 
Date:   Mon Jun 12 23:50:57 2017 +0200

Add digit.com as tracker
---
 data/files/privacy-breaker-websites | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/files/privacy-breaker-websites 
b/data/files/privacy-breaker-websites
index cd3db97..7466ec3 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -14,7 +14,7 @@ privacy-breach-donation  
~~(?:(?:donate|paypal|support)\
 privacy-breach-facebook  
~~^(?:[^\./]+\.)?facebook\.com(?:/|\Z)
 privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|logos?_[^/\.]*|logos?)\.(gif|ico|jpe?g|png|svg)$)
 privacy-breach-piwik ~~/piwik\.php\?
-privacy-breach-statistics-website
~~^(?:(?:[^\./]+\.)?(?:count\.digitalpoint\.com|cruel-carlota\.pagodabox\.com|linkexchange\.com|nedstatbasic\.net|onestat\.com|sitemeter\.com|statcounter\.com|webstats\.motigo\.com)(?:/|\Z)|/count(?:er)?\.cgi\?[^/]*\Z)
+privacy-breach-statistics-website
~~^(?:(?:[^\./]+\.)?(?:count\.digitalpoint\.com|cruel-carlota\.pagodabox\.com|linkexchange\.com|nedstatbasic\.net|onestat\.com|sitemeter\.com|statcounter\.com|webstats\.motigo\.com|digit\.com)(?:/|\Z)|/count(?:er)?\.cgi\?[^/]*\Z)
 privacy-breach-w3c-valid-html
~~^(?:(?:[^\./]+\.)?w3.org/(?:icons/valid-|css-validator/images/)(?:[^/]+)?$|validator\.w3\.org(?:/|\Z))
 # already packaged under debian (please alpha sort by package name
 privacy-breach-uses-embedded-file-bootstrap 
~~/bootstrap(?:-(?:\d\.?)+(b\d+)?)?(?:\.min)?\.(?:js|css)\Z 
~~ privacy-breach-uses-embedded-file ~~ You may 
use libjs-bootstrap package.

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 02/03: Add new tracker website

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit d7da29a8056e0576230435c8985e00f4ac280c23
Author: Bastien ROUCARIÈS 
Date:   Mon Jun 12 23:55:08 2017 +0200

Add new tracker website
---
 data/files/privacy-breaker-websites | 2 +-
 debian/changelog| 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/files/privacy-breaker-websites 
b/data/files/privacy-breaker-websites
index 7466ec3..233a3ed 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -11,7 +11,7 @@ privacy-breach-google-adsense  
~~^(?:[^\./]+\.)?(?:googlesyndica
 privacy-breach-google-cse
~~^(?:[^\./]+\.)?google\.[^\./]+\.?/(:?afsonline/show_afs_search\.js|cse/api/branding\.css|coop/cse/brand\?[^/]+)$
 privacy-breach-google-plus   
~~(?:^(?:[^\./]+\.)?google\.[^\./]+\.?/js/plusone\.[^\./]+\Z|^plus\.google\.com/)
 privacy-breach-donation  
~~(?:(?:donate|paypal|support)\.(gif|jpe?g|png|svg)$|^(?:[^\./]+\.)?(?:flattr\.(?:com|net)|paypal(?:objects)?\.com|pledgie\.com|xoom\.com)/)
-privacy-breach-facebook  
~~^(?:[^\./]+\.)?facebook\.com(?:/|\Z)
+privacy-breach-facebook  
~~^(?:[^\./]+\.)?(?:facebook\.com|static\.ak\.fbcdn\.net)(?:/|\Z)
 privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|logos?_[^/\.]*|logos?)\.(gif|ico|jpe?g|png|svg)$)
 privacy-breach-piwik ~~/piwik\.php\?
 privacy-breach-statistics-website
~~^(?:(?:[^\./]+\.)?(?:count\.digitalpoint\.com|cruel-carlota\.pagodabox\.com|linkexchange\.com|nedstatbasic\.net|onestat\.com|sitemeter\.com|statcounter\.com|webstats\.motigo\.com|digit\.com)(?:/|\Z)|/count(?:er)?\.cgi\?[^/]*\Z)
diff --git a/debian/changelog b/debian/changelog
index a52a059..c91e9b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -103,6 +103,9 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 
   * data/common/source-fields:
 + [NT] Add new "Testsuite-Restrictions" field.
+  * data/files/privacy-breaker-websites:
++ [BR] Add digit.com as tracker.
++ [BR] Add static.ak.fbcdn.net as facebook.
   * data/files/standard-files:
 + [NT] Add more common files based on feedback from Helmut Grohne.
   * data/obsolete-sites/obsolete-sites:

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (fe27e04 -> 1009401)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  fe27e04   Detect files pointing to builddir
   new  1009401   Detect link to tmp file

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/files.pm | 19 +--
 1 file changed, 17 insertions(+), 2 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#860419: lintian: Please detect symlinks to /build, /tmp, etc.

[Bastien Roucaries]

Control: owner -1 ro...@debian.org

Le 16 avril 2017 17:07:23 GMT+02:00, Chris West  
a écrit :
>Package: lintian
>Version: 2.5.50
>Priority: wishlist
>X-Debugs-CC: reproducible-b...@lists.alioth.debian.org
>
>There are packages which contain symlinks to places that exit only on
>the build machine. I am guessing that this will almost certainly be a
>bug.
>
>For example, sugar-memorize-activity's binary package contains a
>symlink
>(#860418) to the temporary directory in which the package was built, in
>/build.
>
>/build feels like it would always be wrong. I suspect /tmp, /home,
>/var/tmp, /dev/shm, and possibly other paths, would be wrong too.
>
>Please make Lintian check that absolute symlinks do not target any of
>these directories?
>
>Cheers.

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

[lintian] branch master updated (eec50bb -> ba079b2)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  eec50bb   White list well known debug package
   new  ba079b2   Warn about naming convention of debug package

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/fields.pm  |  5 +
 debian/changelog  |  2 ++
 t/tests/fields-debug-bad/debian/debian/control.in | 12 
 t/tests/fields-debug-bad/tags |  3 +++
 4 files changed, 22 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (e5401dc -> eec50bb)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  e5401dc   Warn about obsolete -dbg package
   new  eec50bb   White list well known debug package

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/control-file.pm | 23 +--
 data/common/dbg-pkg|  4 
 2 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 data/common/dbg-pkg

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: White list well known debug package

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit eec50bbe3f52fe7b7fca68bcb2113546837ef394
Author: Bastien ROUCARIÈS 
Date:   Sun Mar 26 17:18:15 2017 +0200

White list well known debug package

libc6-dbg and python\d+ need to be whitelisted

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/control-file.pm | 23 +--
 data/common/dbg-pkg|  4 
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/checks/control-file.pm b/checks/control-file.pm
index 264149b..ed89387 100644
--- a/checks/control-file.pm
+++ b/checks/control-file.pm
@@ -36,8 +36,15 @@ use Lintian::Util qw(file_is_encoded_in_non_utf8 
read_dpkg_control
 # rather than using ${shlibs:Depends}.
 my @LIBCS = qw(libc6 libc6.1 libc0.1 libc0.3);
 my $LIBCS = Lintian::Relation->new(join(' | ', @LIBCS));
+
 my $src_fields = Lintian::Data->new('common/source-fields');
 my $KNOWN_BUILD_PROFILES = Lintian::Data->new('fields/build-profiles');
+my $KNOWN_DBG_PACKAGE = Lintian::Data->new(
+'common/dbg-pkg',
+qr/\s*\~\~\s*/,
+sub {
+return qr/$_[0]/xms;
+});
 
 sub run {
 my ($pkg, undef, $info) = @_;
@@ -135,9 +142,8 @@ sub run {
 tag 'debian-control-has-dbgsym-package', $bin;
 }
 if ($bin =~ /[-]dbg$/) {
-# libc dbg is needed by valgrind and gcc
 tag 'debian-control-has-obsolete-dbg-package', $bin
-  unless $pkg =~ /^e?glibc$/;
+  unless dbg_pkg_is_known($bin);
 }
 }
 
@@ -402,6 +408,19 @@ sub run {
 return;
 }
 
+# check debug package
+sub dbg_pkg_is_known {
+my ($pkg) = @_;
+
+foreach my $dbg_regexp ($KNOWN_DBG_PACKAGE->all) {
+my $regex = $KNOWN_DBG_PACKAGE->value($dbg_regexp);
+if($pkg =~ m/$regex/xms) {
+return 1;
+}
+}
+return 0;
+}
+
 # Check the dependencies of a -dev package.  Any dependency on one of the
 # packages in @packages that looks like the underlying library needs to
 # have a version restriction that's at least as strict as the same upstream
diff --git a/data/common/dbg-pkg b/data/common/dbg-pkg
new file mode 100644
index 000..9c915f0
--- /dev/null
+++ b/data/common/dbg-pkg
@@ -0,0 +1,4 @@
+# gcc and valgring need glibc package
+^libc\d+-dbg$
+# python module build against python debug
+^python\d+-.*-dbg$

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (9ed0696 -> e5401dc)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  9ed0696   Detect -dbgsym file in control file
   new  e5401dc   Warn about obsolete -dbg package

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/control-file.desc  | 15 +++
 checks/control-file.pm|  5 +
 debian/changelog  |  1 +
 t/tests/control-file-general/debian/debian/control.in | 10 ++
 t/tests/control-file-general/desc |  2 ++
 t/tests/control-file-general/tags |  5 -
 t/tests/fields-debug-bad/tags |  1 +
 t/tests/fields-wrong-section/tags |  1 +
 t/tests/files-python-general/tags |  1 +
 t/tests/group-checks-multi-arch/tags  |  1 +
 t/tests/legacy-debug/tags |  4 
 t/tests/legacy-libbaz/tags|  1 +
 12 files changed, 46 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (412a226 -> 9ed0696)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  412a226   tags.gpi: Make it work under gnuplot 5
   new  9ed0696   Detect -dbgsym file in control file

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/control-file.desc  | 10 ++
 checks/control-file.pm|  3 +++
 debian/changelog  |  2 ++
 t/tests/control-file-general/debian/debian/control.in | 10 ++
 t/tests/control-file-general/tags |  4 +++-
 5 files changed, 28 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (8afa43f -> fc03bde)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  8afa43f   spelling: Add one more correction
   new  fc03bde   Check bug over 100

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/changelog-file.pm| 11 ++-
 data/changelog-file/bugs-number |  4 
 debian/changelog|  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 data/changelog-file/bugs-number

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Check bug over 1000000

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit fc03bde2a787f600c4ff67bba8109f812aefd51c
Author: Bastien ROUCARIÈS 
Date:   Sun Mar 26 14:41:07 2017 +0200

Check bug over 100
---
 checks/changelog-file.pm| 11 ++-
 data/changelog-file/bugs-number |  4 
 debian/changelog|  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/checks/changelog-file.pm b/checks/changelog-file.pm
index fd48cfe..26b5d7a 100644
--- a/checks/changelog-file.pm
+++ b/checks/changelog-file.pm
@@ -34,6 +34,11 @@ use Lintian::Relation::Version qw(versions_gt);
 use Lintian::Tags qw(tag);
 use Lintian::Util qw(file_is_encoded_in_non_utf8 strip);
 
+use Lintian::Data ();
+
+my $BUGS_NUMBER
+  = Lintian::Data->new('changelog-file/bugs-number', qr/\s*=\s*/o);
+
 my $SPELLING_ERROR_IN_NEWS
   = spelling_tag_emitter('spelling-error-in-news-debian');
 my $SPELLING_ERROR_CHANGELOG
@@ -391,8 +396,12 @@ sub run {
 }
 
 my $closes = $entry->Closes;
+# before bug 50004 bts removed bug instead of archiving
 for my $bug (@$closes) {
-tag 'improbable-bug-number-in-closes', $bug if ($bug < 2000);
+if (   $bug < $BUGS_NUMBER->value('min-bug')
+|| $bug > $BUGS_NUMBER->value('max-bug')) {
+tag 'improbable-bug-number-in-closes', $bug;
+}
 }
 
 # unstable, testing, and stable shouldn't be used in Debian
diff --git a/data/changelog-file/bugs-number b/data/changelog-file/bugs-number
new file mode 100644
index 000..45e3313
--- /dev/null
+++ b/data/changelog-file/bugs-number
@@ -0,0 +1,4 @@
+# before 50004 but were removed not archived
+min-bug = 50004
+# a bug number likely for in future
+max-bug = 100
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 09305c1..dfcf593 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 
   XXX: generate tag summary
 
+  * checks/changelog-file.pm:
++ [BR] Check also bug over 100 as improbable. Bug below
+  50004 are not archived and are thus improbable.
   * checks/changes-file.{desc,pm}:
 + [BR] Apply patch by Simon McVittie to detect unreleased package
   uploaded to unstable and  mismatched .changes and

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#858117: lintian: should check that -dbgsym packages are not listed in debian/control

[Bastien Roucaries]

control: tag -1 confirmed

Le 18 mars 2017 15:41:44 GMT+01:00, Andreas Beckmann  a écrit :
>Package: lintian
>Version: 2.5.50.1
>Severity: normal
>
>src:openhpi currently has its -dbgsym packages listed in
>debian/control,
>making them show up in the main archive.
>
>Lintian should blacklist (and reject) binary packages listed in
>debian/control that end in -dbgsym.


I will take it.



>
>
>Andreas

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#854209: Rewritting the license is not relicencing

[Bastien ROUCARIES]

On Thu, Mar 16, 2017 at 5:56 PM, Luke W Faraone <lfara...@debian.org> wrote:
> On Sun, 12 Mar 2017 21:28:30 +0100 Bastien ROUCARIES 
> <roucaries.bast...@gmail.com> wrote:
>> Mike Hommey ask me to remove a lintian warning about a unicode file.
>>
>> I appear that chrome chan
> ge the license text because unicode changed
>> the license of distribued files.
>>
>> But the relicense is not retroactive and unicde consorcium removed
>> before relicencing the offending file.
>
> Can you clarify which files specifically are in question?
>
> Just to make sure I understand, the order of operations was:


See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823100

> 1. Unicode distributed a project under a non-free license
Yes it was base/ConvertUTF.c andbase/ConvertUTF.h. But whole
project was non free in this epoc.

License was:

 This source code is provided as is by Unicode, Inc. No claims are made
   as to fitness for any particular purpose. No warranties of any kind are
   expressed or implied. The recipient agrees to determine applicability
   of information provided. If this file has been purchased on magnetic or
   optical media from Unicode, Inc., the sole remedy for any claim will be
   exchange of defective media within 90 days of receipt.
   .
   Limitations on Rights to Redistribute This Code
   .
   Unicode, Inc. hereby grants the right to freely use the information
   supplied in this file in the creation of products supporting the
   Unicode Standard, and to make copies of this file in any form for
   internal or external distribution as long as this notice remains
   attached.

At the very least, this license does not grant any permission
to modify the files (thus failing DFSG#3). Moreover, the license grant
seems to attempt to restrict use to "products supporting the Unicode
Standard" (thus failing DFSG#6).

> 2. Unicode removed some of those files from the project
Yes unicode removed this file


Unfortunately, upstream seems to have _dropped_ the code due to being
buggy and unmaintained since 2004, according to
http://unicode.org/forum/viewtopic.php?f=9=90 - summarized at
http://stackoverflow.com/questions/2685004/why-does-unicode-org-no-longer-offer-a-reference-utf-8-16-32-converter


> 3. Unicode changed the license of the project to be DFSG-free

Yes but only to file offered to be downloaded on unicode website (and
well after 2004):
If Unicode Inc has published new versions of the two files in
more recent times, the updated versions should be under the
current unicode.org public license, as explained in
http://www.unicode.org/copyright.html#Exhibit1

Therefore both files wer  not relicenced
>

>   -- Luke Faraone

[lintian] branch master updated (14b4c56 -> c894b01)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  14b4c56   spelling: Add one more correction
   new  c894b01   Avoid a false positive in gfdl file

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/cruft.pm  | 1 +
 debian/changelog | 6 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Avoid a false positive in gfdl file

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit c894b015dda0db3f69b7be7d96ce794cb62a7b3e
Author: Bastien ROUCARIÈS 
Date:   Mon Mar 13 11:28:35 2017 +0100

Avoid a false positive in gfdl file
---
 checks/cruft.pm  | 1 +
 debian/changelog | 6 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/checks/cruft.pm b/checks/cruft.pm
index 13fdabc..1c2a50e 100644
--- a/checks/cruft.pm
+++ b/checks/cruft.pm
@@ -1154,6 +1154,7 @@ sub _check_gfdl_license_problem {
the [ ] free [ ] software [ ] foundation[ ]?}{}xsmo;
 $gfdlsections =~ s{\(?[ ]? fsf [ ]?\)?[ ]?}{}xsmo;
 $gfdlsections =~ s{\A [ ]? [,\.;]? [ ]?}{}xsmo;
+$gfdlsections =~ s{[ ]? [,\.]? [ ]?\Z}{}xsmo;
 } while ($oldgfdlsections ne $gfdlsections);
 
 $contextbefore =~ s{
diff --git a/debian/changelog b/debian/changelog
index 0d203b1..09305c1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,11 +6,12 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 + [BR] Apply patch by Simon McVittie to detect unreleased package
   uploaded to unstable and  mismatched .changes and
   Changes: distribution.  (Closes: #540294).
-  * checks/cruft.desc:
+  * checks/cruft.{desc,pm}:
 + [BR] Document long line tagged source-is-missing as a feature
   not a bug.  (Closes: #849470).
 + [BR] Correct a typo in description of tag
   license-problem-convert-utf-code.
++ [BR] Avoid a false positive in gfdl file detection.
   * checks/files.pm:
 + [BR] Do not report duplicates for package-installs-apt-preferences
   and package-installs-apt-sources.  (Closes: #814521).
@@ -22,6 +23,9 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 
   * data/common/source-fields:
 + [NT] Add new "Testsuite-Restrictions" field.
+  * data/obsolete-sites/obsolete-sites:
++ [BR] Apply patch from Hideki Yamane in order to warn about
+  fedorahosted.  (Closes: #856954).
   * data/spelling/corrections:
 + [NT] Apply patches from Edward Betts to fix bugs in the correction
   word lists.  (Closes: #852005, #852084)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#854209: Rewritting the license is not relicencing

[Bastien ROUCARIES]

control: tags -1 + moreinfo

Hi,

Mike Hommey ask me to remove a lintian warning about a unicode file.

I appear that chrome change the license text because unicode changed
the license of distribued files.

But the relicense is not retroactive and unicde consorcium removed
before relicencing the offending file.


I believe thus this is still a license violation

Your faithfully

Bastien

[lintian] branch master updated (bdbdd77 -> 2604804)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  bdbdd77   spelling: Add one more correction
   new  2604804   Add check for fedorahosted.org

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/obsolete-sites.desc | 3 ++-
 data/obsolete-sites/obsolete-sites | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Add check for fedorahosted.org

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 26048040dcf8fee5eb9602cb2896a6346ad7ba17
Author: Hideki Yamane 
Date:   Mon Mar 6 23:56:26 2017 +0900

Add check for fedorahosted.org

fedorahosted was shutdown March 1st, 2017.
see https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/obsolete-sites.desc | 3 ++-
 data/obsolete-sites/obsolete-sites | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/checks/obsolete-sites.desc b/checks/obsolete-sites.desc
index b912e1a..9bc5db8 100644
--- a/checks/obsolete-sites.desc
+++ b/checks/obsolete-sites.desc
@@ -18,4 +18,5 @@ Info: One of the package's packaging files points to a 
website or code
  .
  Sites previously hosted on code.google.com were offered a migration
  to github.com, sites previously on gitorious.org were offered a
- migration to gitlab.com. You might want to look there first.
+ migration to gitlab.com, sites previously hosted on fedorahosted.org
+ were offered a migration to pagure.io. You might want to look there first.
diff --git a/data/obsolete-sites/obsolete-sites 
b/data/obsolete-sites/obsolete-sites
index 703f9ce..273d183 100644
--- a/data/obsolete-sites/obsolete-sites
+++ b/data/obsolete-sites/obsolete-sites
@@ -6,6 +6,7 @@
 berlios.de
 code.google.com
 codehaus.org
+fedorahosted.org
 freecode.com
 freshmeat.net
 gitorious.org

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (e473f59 -> ac92934)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  e473f59   Correct a typo in cruft.desc
   new  ac92934   Fix changelog line too long

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#786946: contradictory license term for icc profile on your web sit

[Bastien ROUCARIES]

Resent, one more year
>
> Dear phil
>
> Some file on your website seems to have contradictory license terms:
>
> On http://www.color.org/profiles2.xalter you said:
>
>> The copyright owner and terms of use of an ICC profile are normally 
>> identified in the Creator field in
>> the profile header and in the Copyright tag. Where ICC is the copyright 
>> owner, the following
>> license terms apply:
>
>> "This profile is made available by the International Color Consortium, and 
>> may be copied,
>>distributed, embedded, made, used, and sold without restriction. Altered 
>>versions of this profile
>>shall have the original identification and copyright information removed and 
>>shall not be
>>misrepresented as the original profile."
>
>>ICC recommends that other profile creators and copyright owners adopt a 
>>similar wording for
>>profiles that are intended to be freely distributed. See the Profile 
>>Registration page for more details.
>
> However on http://www.color.org/srgbprofiles.xalter you said:
>>To anyone who acknowledges that the file "sRGB_IEC61966-2-1_black scaled.icc" 
>>is provided "AS
>>IS" WITH NO EXPRESS OR IMPLIED WARRANTY, permission to use, copy and 
>>distribute these
>>file for any purpose is hereby granted without fee, provided that the file is 
>>not changed including the
>>ICC copyright notice tag, and that the name of ICC shall not be used in 
>>advertising or publicity
>>pertaining to distribution of the software without specific, written prior 
>>permission. ICC makes no
>>representations about the suitability of this software for any purpose.
>
> Could you document clearly what is the license term of individual file ?
>
> Bastien
>
> PS: in order to include only once the license term on your website you
> could use jquery
> like this
> 
>   
> 
> 
> $(function(){
>   $("#includedContent").load("b.html");
> });
> 
>   
>
>   
>  
>   
> 
>

[lintian] 01/01: Fix changelog line too long

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit ac929345af3b86ec4624e8633a39e991eb1bf505
Author: Bastien ROUCARIÈS 
Date:   Sun Jan 8 21:59:27 2017 +0100

Fix changelog line too long
---
 debian/changelog | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 2a4a4ae..de5eb79 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,7 +9,8 @@ lintian (2.5.51) UNRELEASED; urgency=medium
   * checks/cruft.desc:
 + [BR] Document long line tagged source-is-missing as a feature
   not a bug.  (Closes: #849470).
-+ [BR] Correct a typo in description of license-problem-convert-utf-code
++ [BR] Correct a typo in description of tag
+  license-problem-convert-utf-code.
   * checks/files.pm:
 + [BR] Do not report duplicates for package-installs-apt-preferences
   and package-installs-apt-sources.  (Closes: #814521).

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (034661c -> e473f59)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  034661c   Add changelog entry for previous patch
   new  e473f59   Correct a typo in cruft.desc

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/cruft.desc | 2 +-
 debian/changelog  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Correct a typo in cruft.desc

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit e473f59b3141103fd49175f397523117751bab37
Author: Bastien ROUCARIÈS 
Date:   Sun Jan 8 21:38:20 2017 +0100

Correct a typo in cruft.desc

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/cruft.desc | 2 +-
 debian/changelog  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/checks/cruft.desc b/checks/cruft.desc
index 9fa94b2..f63c7e6 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -755,7 +755,7 @@ Info: The following file source files include material 
under a
  .
  This license does not grant any permission
  to modify the files (thus failing DFSG#3). Moreover, the license grant
- to attempt to restrict use to "products supporting the Unicode
+ seems to attempt to restrict use to "products supporting the Unicode
  Standard" (thus failing DFSG#6).
  .
  In this case a solution is to use libicu and to remove this code
diff --git a/debian/changelog b/debian/changelog
index bae1fe5..2a4a4ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ lintian (2.5.51) UNRELEASED; urgency=medium
   * checks/cruft.desc:
 + [BR] Document long line tagged source-is-missing as a feature
   not a bug.  (Closes: #849470).
++ [BR] Correct a typo in description of license-problem-convert-utf-code
   * checks/files.pm:
 + [BR] Do not report duplicates for package-installs-apt-preferences
   and package-installs-apt-sources.  (Closes: #814521).

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (2bd1743 -> 034661c)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  2bd1743   Bug #540294: add checks for mismatched .changes and 
Changes: distribution
   new  034661c   Add changelog entry for previous patch

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 4 
 1 file changed, 4 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (ae6e4d8 -> 2bd1743)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  ae6e4d8   spelling: Add one more correction
   new  2bd1743   Bug #540294: add checks for mismatched .changes and 
Changes: distribution

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/changes-file.desc   | 33 ++
 checks/changes-file.pm | 27 ++
 ...in => changes-distribution-mismatch.changes.in} |  6 +++-
 t/changes/changes-distribution-mismatch.desc   |  6 
 t/changes/changes-distribution-mismatch.tags   |  1 +
 ...in => changes-experimental-mismatch.changes.in} |  6 ++--
 t/changes/changes-experimental-mismatch.desc   |  6 
 t/changes/changes-experimental-mismatch.tags   |  1 +
 ...al.changes.in => changes-unreleased.changes.in} |  6 ++--
 t/changes/changes-unreleased.desc  |  6 
 t/changes/changes-unreleased.tags  |  1 +
 11 files changed, 94 insertions(+), 5 deletions(-)
 copy t/changes/{changes-bad-ubuntu-distribution.changes.in => 
changes-distribution-mismatch.changes.in} (61%)
 create mode 100644 t/changes/changes-distribution-mismatch.desc
 create mode 100644 t/changes/changes-distribution-mismatch.tags
 copy t/changes/{changes-directory-traversal.changes.in => 
changes-experimental-mismatch.changes.in} (67%)
 create mode 100644 t/changes/changes-experimental-mismatch.desc
 create mode 100644 t/changes/changes-experimental-mismatch.tags
 copy t/changes/{changes-directory-traversal.changes.in => 
changes-unreleased.changes.in} (66%)
 create mode 100644 t/changes/changes-unreleased.desc
 create mode 100644 t/changes/changes-unreleased.tags

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Add changelog entry for previous patch

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 034661cbdb06b799600beae486dd1383c9cb4048
Author: Bastien ROUCARIÈS 
Date:   Sun Jan 8 17:04:42 2017 +0100

Add changelog entry for previous patch
---
 debian/changelog | 4 
 1 file changed, 4 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b07cd54..bae1fe5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 
   XXX: generate tag summary
 
+  * checks/changes-file.{desc,pm}:
++ [BR] Apply patch by Simon McVittie to detect unreleased package
+  uploaded to unstable and  mismatched .changes and
+  Changes: distribution.  (Closes: #540294).
   * checks/cruft.desc:
 + [BR] Document long line tagged source-is-missing as a feature
   not a bug.  (Closes: #849470).

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Bug #540294: add checks for mismatched .changes and Changes: distribution

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 2bd1743e91471bc77c45b0ca96393fcad9ee4996
Author: Simon McVittie 
Date:   Wed Jan 28 18:56:11 2015 +

Bug #540294: add checks for mismatched .changes and Changes: distribution

The tag is only emitted for known suites, in an attempt to avoid
interfering with non-Debian workflows.
---
 checks/changes-file.desc   | 33 ++
 checks/changes-file.pm | 27 ++
 t/changes/changes-distribution-mismatch.changes.in | 16 +++
 t/changes/changes-distribution-mismatch.desc   |  6 
 t/changes/changes-distribution-mismatch.tags   |  1 +
 t/changes/changes-experimental-mismatch.changes.in | 16 +++
 t/changes/changes-experimental-mismatch.desc   |  6 
 t/changes/changes-experimental-mismatch.tags   |  1 +
 t/changes/changes-unreleased.changes.in| 16 +++
 t/changes/changes-unreleased.desc  |  6 
 t/changes/changes-unreleased.tags  |  1 +
 11 files changed, 129 insertions(+)

diff --git a/checks/changes-file.desc b/checks/changes-file.desc
index 43c9ec4..4506ccc 100644
--- a/checks/changes-file.desc
+++ b/checks/changes-file.desc
@@ -146,3 +146,36 @@ Info: The version number doesn't comply with the standard 
backport version
  rules. It should end in ~bpoX+N, where X is the release version number of
  the target distribution.
 Ref: http://backports.debian.org/Contribute/
+
+Tag: distribution-and-changes-mismatch
+Severity: normal
+Certainty: possible
+Info: The Distribution in the .changes file indicates
+ that packages should be installed into one distribution (suite), but the
+ distribution in the Changes field copied from
+ debian/changelog indicates that a different distribution
+ was intended.
+ .
+ This is an easy mistake to make when invoking "sbuild ... foo.dsc".
+ Double-check the -d option if using sbuild in this way.
+Ref: #542747, #529281
+
+Tag: distribution-and-experimental-mismatch
+Severity: serious
+Certainty: certain
+Info: The Distribution in the .changes file indicates
+ that packages should be installed into a non-experimental distribution
+ (suite), but the distribution in the Changes field copied from
+ debian/changelog indicates that experimental was intended.
+ .
+ This is an easy mistake to make when invoking "sbuild ... foo.dsc".
+ Double-check the -d option if using sbuild in this way.
+Ref: #542747, #529281
+
+Tag: unreleased-changes
+Severity: important
+Certainty: certain
+Info: The distribution in the Changes field copied from
+ debian/changelog indicates that this package was not intended
+ to be released yet.
+Ref: #542747
diff --git a/checks/changes-file.pm b/checks/changes-file.pm
index 09a8340..4b56525 100644
--- a/checks/changes-file.pm
+++ b/checks/changes-file.pm
@@ -122,6 +122,32 @@ sub run {
 # bad distribution entry
 tag 'bad-distribution-in-changes-file', $distribution;
 }
+
+my $changes = $info->field('changes');
+if (defined $changes) {
+# take the first non-empty line
+$changes =~ s/^\s+//s;
+$changes =~ s/\n.*//s;
+
+if ($changes
+=~ m/^\s*(?:\w[-+0-9a-z.]*)\s*\([^\(\) 
\t]+\)\s*([-+0-9A-Za-z.]+)\s*;/
+  ) {
+my $changesdist = $1;
+if ($changesdist eq 'UNRELEASED') {
+tag 'unreleased-changes';
+} elsif ($changesdist ne $distribution
+&& $changesdist ne $dist) {
+if (   $changesdist eq 'experimental'
+&& $dist ne 'experimental') {
+tag 'distribution-and-experimental-mismatch',
+  $distribution;
+} elsif ($KNOWN_DISTS->known($dist)) {
+tag 'distribution-and-changes-mismatch',
+  $distribution, $changesdist;
+}
+}
+}
+}
 }
 }
 
@@ -129,6 +155,7 @@ sub run {
 tag 'multiple-distributions-in-changes-file',
   $info->field('distribution');
 }
+
 }
 
 # Urgency is only recommended by Policy.
diff --git a/t/changes/changes-distribution-mismatch.changes.in 
b/t/changes/changes-distribution-mismatch.changes.in
new file mode 100644
index 000..22dab07
--- /dev/null
+++ b/t/changes/changes-distribution-mismatch.changes.in
@@ -0,0 +1,16 @@
+Format: 1.8
+Date: {$date}
+Source: {$source}
+Binary: {$source}
+Architecture: source all
+Version: 

[lintian] branch master updated (100700e -> e708ad5)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  100700e   Document tagging source-is-missing long line as a feature
   new  e708ad5   Do not report duplicates for 
package-installs-apt-preferences

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/files.pm   | 4 ++--
 debian/changelog  | 3 +++
 t/tests/files-foo-in-bar/tags | 2 --
 3 files changed, 5 insertions(+), 4 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Do not report duplicates for package-installs-apt-preferences

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit e708ad536fd2b24a788d74dfb99ddfad8802148e
Author: Bastien ROUCARIÈS 
Date:   Fri Dec 30 17:47:03 2016 +0100

Do not report duplicates for package-installs-apt-preferences

closes: #814521

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/files.pm   | 4 ++--
 debian/changelog  | 3 +++
 t/tests/files-foo-in-bar/tags | 2 --
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/checks/files.pm b/checks/files.pm
index 50b6381..7f9e912 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -458,13 +458,13 @@ sub run {
 # /etc/apt
 if ($fname =~ m,^etc/apt/,) {
 # -/etc/apt/preferences
-if ($fname =~ m,^etc/apt/preferences(?:$|\.d/),) {
+if ($fname =~ m,^etc/apt/preferences(?:$|\.d/[^/]+),) {
 unless ($source_pkg eq 'apt') {
 tag 'package-installs-apt-preferences', $file;
 }
 }
 # -/etc/apt/sources
-if ($fname =~ m,^etc/apt/sources\.list(?:$|\.d/),) {
+if ($fname =~ m,^etc/apt/sources\.list(?:$|\.d/[^/]+),) {
 unless ($source_pkg eq 'apt') {
 tag 'package-installs-apt-sources', $file;
 }
diff --git a/debian/changelog b/debian/changelog
index 3108c1d..ee32882 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,9 @@ lintian (2.5.51) UNRELEASED; urgency=medium
   * checks/cruft.desc:
 + [BR] Document long line tagged source-is-missing as a feature
   not a bug.  (Closes: #849470).
+  * checks/files.pm:
++ [BR] Do not report duplicates for package-installs-apt-preferences
+  and package-installs-apt-sources.  (Closes: #814521).
 
  -- Bastien Roucariès   Fri, 30 Dec 2016 
17:14:54 +0100
 
diff --git a/t/tests/files-foo-in-bar/tags b/t/tests/files-foo-in-bar/tags
index 87b3bc4..9990fb6 100644
--- a/t/tests/files-foo-in-bar/tags
+++ b/t/tests/files-foo-in-bar/tags
@@ -48,9 +48,7 @@ E: files-foo-in-bar: 
package-contains-mime-file-outside-package-dir usr/share/mi
 E: files-foo-in-bar: package-contains-thumbnails-dir 
usr/share/doc/files-foo-in-bar/.thumbnails/
 E: files-foo-in-bar: package-contains-xvpics-dir 
usr/share/doc/files-foo-in-bar/.xvpics/
 E: files-foo-in-bar: package-installs-apt-preferences etc/apt/preferences
-E: files-foo-in-bar: package-installs-apt-preferences etc/apt/preferences.d/
 E: files-foo-in-bar: package-installs-apt-preferences etc/apt/preferences.d/bar
-E: files-foo-in-bar: package-installs-apt-sources etc/apt/sources.list.d/
 E: files-foo-in-bar: package-installs-apt-sources etc/apt/sources.list.d/bar
 E: files-foo-in-bar: package-installs-file-to-usr-x11r6 usr/X11R6/
 E: files-foo-in-bar: package-installs-file-to-usr-x11r6 usr/X11R6/bin/

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (212f004 -> 100700e)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  212f004   Open lintian 2.5.51 changelog
   new  100700e   Document tagging source-is-missing long line as a feature

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/cruft.desc | 4 
 debian/changelog  | 4 
 2 files changed, 8 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (7733b26 -> 212f004)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  7733b26   Fix case of previous typo commit
   new  212f004   Open lintian 2.5.51 changelog

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Document tagging source-is-missing long line as a feature

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 100700e590a5ffcb4756759f76b458eed637f401
Author: Bastien ROUCARIÈS 
Date:   Fri Dec 30 17:24:07 2016 +0100

Document tagging source-is-missing long line as a feature

Line too long choke perlre and moreover are not parsable for an human tag.

Document as a feature not a bug.

Close: #849470

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/cruft.desc | 4 
 debian/changelog  | 4 
 2 files changed, 8 insertions(+)

diff --git a/checks/cruft.desc b/checks/cruft.desc
index a9dbdf9..9fa94b2 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -835,6 +835,10 @@ Info: The source of the following file is missing. Lintian 
checked a few
  "debian/missing-sources" directory.
  .
  If this is a false-positive, please report a bug against Lintian.
+ .
+ Please note, that insane-line-length-in-source-file tagged files
+ are likely tagged source-is-missing. It is a feature not
+ a bug.
 
 Tag: source-contains-data-from-ieee-data-oui-db
 Severity: pedantic
diff --git a/debian/changelog b/debian/changelog
index 594fcc9..3108c1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ lintian (2.5.51) UNRELEASED; urgency=medium
 
   XXX: generate tag summary
 
+  * checks/cruft.desc:
++ [BR] Document long line tagged source-is-missing as a feature
+  not a bug.  (Closes: #849470).
+
  -- Bastien Roucariès   Fri, 30 Dec 2016 
17:14:54 +0100
 
 lintian (2.5.50) unstable; urgency=medium

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Open lintian 2.5.51 changelog

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 212f004784d46e27f9347a01fb2795fee0c75759
Author: Bastien ROUCARIÈS 
Date:   Fri Dec 30 17:15:40 2016 +0100

Open lintian 2.5.51 changelog

Signed-off-by: Bastien ROUCARIÈS 
---
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 443b780..594fcc9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lintian (2.5.51) UNRELEASED; urgency=medium
+
+  XXX: generate tag summary
+
+ -- Bastien Roucariès   Fri, 30 Dec 2016 
17:14:54 +0100
+
 lintian (2.5.50) unstable; urgency=medium
 
   * Summary of tag changes:

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#848825: lintian: Does not applies source-is-missing overrides unless path has wildcard

[Bastien ROUCARIES]

On Tue, Dec 20, 2016 at 12:26 AM, Jérémy Lal  wrote:
> Package: lintian
> Version: 2.5.49
> Severity: normal
>
> This doesn't override anything:
>
> source/lintian-overrides
> source-is-missing deps/v8/benchmarks/regexp.js
> source-is-missing doc/api_assets/sh_javascript.min.js
> source-is-missing test/fixtures/throws_error5.js
> source-is-missing test/fixtures/throws_error6.js
>
> and it lists those overrides as unused.
>
> This does work as intended:
> source/lintian-overrides
> source-is-missing deps/v8/benchmarks/regexp.js*
> source-is-missing doc/api_assets/sh_javascript.min.js*
> source-is-missing test/fixtures/throws_error5.js*
> source-is-missing test/fixtures/throws_error6.js*
>
> Cheers,
>
> Jérémy.
Could you check if they are some trailing whitespace in lintian output ?



>
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages lintian depends on:
> ii  binutils  2.27.51.20161212-1
> ii  bzip2 1.0.6-8
> ii  diffstat  1.61-1
> ii  file  1:5.29-2
> ii  gettext   0.19.8.1-1
> ii  intltool-debian   0.35.0+20060710.4
> ii  libapt-pkg-perl   0.1.30
> ii  libarchive-zip-perl   1.59-1
> ii  libclass-accessor-perl0.34-1
> ii  libclone-perl 0.38-2+b1
> ii  libdpkg-perl  1.18.17
> ii  libemail-valid-perl   1.202-1
> ii  libfile-basedir-perl  0.07-1
> ii  libipc-run-perl   0.94-1
> ii  liblist-moreutils-perl0.416-1+b1
> ii  libparse-debianchangelog-perl 1.2.0-12
> ii  libperl5.24 [libdigest-sha-perl]  5.24.1~rc4-1
> ii  libtext-levenshtein-perl  0.13-1
> ii  libtimedate-perl  2.3000-2
> ii  liburi-perl   1.71-1
> ii  libyaml-libyaml-perl  0.63-1+b1
> ii  man-db2.7.6.1-2
> ii  patchutils0.3.4-2
> ii  perl  5.24.1~rc4-1
> ii  t1utils   1.39-2
> ii  xz-utils  5.2.2-1.2
>
> Versions of packages lintian recommends:
> ii  dpkg 1.18.17
> ii  libautodie-perl  2.29-2
> ii  libperlio-gzip-perl  0.19-1+b2
> ii  perl 5.24.1~rc4-1
> ii  perl-modules-5.24 [libautodie-perl]  5.24.1~rc4-1
>
> Versions of packages lintian suggests:
> ii  binutils-multiarch 2.27.51.20161212-1
> ii  dpkg-dev   1.18.17
> ii  libhtml-parser-perl3.72-3
> ii  libtext-template-perl  1.46-1
>
> -- no debconf information
>

Bug#849043: privacy-breach-w3c-valid-html: incorrect lowercase "Icon" in path

[Bastien ROUCARIES]

On Thu, Dec 22, 2016 at 4:37 AM, Trent W. Buck  wrote:
> Package: lintian
> Version: 2.5.30+deb8u4
> Severity: minor
>
> While making a package I got this from lintian:
>
> E: foo: privacy-breach-w3c-valid-html usr/foo/foo.html 
> (http://www.w3.org/icons/valid-xhtml10.png)
>
> However the actual URL in the file has an uppercase I in Icons:
>
> http://www.w3.org/Icons/valid-xhtml10.png
>
> This misleading error confused me and I wasted half an hour trying to
> download the wrong URL (which 404s).
>
> Attached is a simple shell script which reproduces the problem.
>
> This file looks relevant, but I can't understand where the downcasing 
> actually happens:
>
> /usr/share/lintian/data/files/privacy-breaker-websites

We compare only lowercase string in order to be quicker. I think we
should document it
>
>
> If it is easy to do so,
> please avoid downcasing the path part of URLs in these lintian errors.

[lintian] branch master updated (d51bf2e -> 88d984e)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  d51bf2e   spelling: Add one more correction
   new  cde7228   Add v6 transition string for gcc v6 for so name matching
   new  76e9f0f   Improve test suite for soname
   new  88d984e   Improve sonames match test suite

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/binaries.pm |  2 +-
 .../binaries-doesnt-match-sonames/debian/Makefile  |  2 +-
 .../debian/debian/control.in   | 33 ++
 .../debian/debian/libany5gcc1v5.install|  1 +
 .../debian/debian/libany5gcc1v5.symbols|  2 ++
 .../debian/debian/libany6gcc1v6.install|  1 +
 .../debian/debian/libany6gcc1v6.symbols|  2 ++
 .../debian/debian/libanyq16-6.install  |  1 +
 .../debian/debian/libanyq16-6.symbols  |  2 ++
 .../debian/debian/mylibany.install |  1 +
 10 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.install
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.symbols
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.install
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.symbols
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.install
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.symbols
 create mode 100644 
t/tests/binaries-doesnt-match-sonames/debian/debian/mylibany.install

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/03: Add v6 transition string for gcc v6 for so name matching

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit cde722896f2fa83a898d413bab35194e59b89d38
Author: Bastien ROUCARIÈS 
Date:   Mon Nov 14 13:58:10 2016 +0100

Add v6 transition string for gcc v6 for so name matching

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/binaries.pm|  2 +-
 t/tests/binaries-doesnt-match-sonames/debian/Makefile |  2 +-
 .../binaries-doesnt-match-sonames/debian/debian/control.in| 11 +++
 .../debian/debian/libanygcc1v6.install|  1 +
 .../debian/debian/libanygcc1v6.symbols|  2 ++
 .../debian/debian/mylibany.install|  1 +
 6 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/checks/binaries.pm b/checks/binaries.pm
index 9123b1e..30c9095 100644
--- a/checks/binaries.pm
+++ b/checks/binaries.pm
@@ -253,7 +253,7 @@ sub run {
 $base_pkg =~ s/c2a?\b//o;
 $base_pkg =~ s/\dg$//o;
 $base_pkg =~ s/gf$//o;
-$base_pkg =~ s/v5$//o; # GCC-5 / libstdc++6 C11 ABI breakage
+$base_pkg =~ s/v[5-6]$//o; # GCC-5 / libstdc++6 C11 ABI breakage
 $base_pkg =~ s/-udeb$//o;
 $base_pkg =~ s/^lib64/lib/o;
 
diff --git a/t/tests/binaries-doesnt-match-sonames/debian/Makefile 
b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
index f1e3a5a..78d4852 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/Makefile
+++ b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
@@ -2,7 +2,7 @@ CC=gcc
 MYCFLAGS=-Wall -Winline -O2 -fPIC
 CFLAGS:=$(MYCFLAGS) $(CPPFLAGS) $(CFLAGS)
 
-SONAMES:= libany.so.1
+SONAMES:= libany.so.1 libanygcc.so.1v6
 LIBFILES:= $(patsubst %,%.0.1, $(SONAMES))
 
 all: $(LIBFILES)
diff --git a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
index d7d79c5..f12c14e 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
@@ -12,3 +12,14 @@ Description: {$description}
  This is a test package designed to exercise some feature or tag of
  Lintian.  It is part of the Lintian test suite and may do very odd
  things.  It should not be installed like a regular package.
+
+
+Package: libanygcc1v6
+Architecture: any
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} with gcc version
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.
+ .
+ It test if v6 string are correctly escaped
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install
new file mode 100644
index 000..6873a48
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install
@@ -0,0 +1 @@
+/usr/lib/libanygcc.*
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.symbols 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.symbols
new file mode 100644
index 000..f102bd2
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.symbols
@@ -0,0 +1,2 @@
+libanygcc.so.1v6 libanygcc1v6 #MINVER#
+ e@Base 1.0
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/mylibany.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/mylibany.install
new file mode 100644
index 000..5c86ce1
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/mylibany.install
@@ -0,0 +1 @@
+/usr/lib/libany.*
\ No newline at end of file

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 02/03: Improve test suite for soname

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 76e9f0fcda163da465f8d8cac7bb3741908f6d31
Author: Bastien ROUCARIÈS 
Date:   Mon Nov 14 14:09:40 2016 +0100

Improve test suite for soname

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/binaries-doesnt-match-sonames/debian/Makefile|  2 +-
 .../debian/debian/control.in | 16 +---
 .../debian/debian/libany5gcc1v5.install  |  1 +
 .../debian/debian/libany5gcc1v5.symbols  |  2 ++
 .../debian/debian/libany6gcc1v6.install  |  1 +
 .../debian/debian/libany6gcc1v6.symbols  |  2 ++
 .../debian/debian/libanygcc1v6.install   |  1 -
 .../debian/debian/libanygcc1v6.symbols   |  2 --
 8 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/t/tests/binaries-doesnt-match-sonames/debian/Makefile 
b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
index 78d4852..5e34afc 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/Makefile
+++ b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
@@ -2,7 +2,7 @@ CC=gcc
 MYCFLAGS=-Wall -Winline -O2 -fPIC
 CFLAGS:=$(MYCFLAGS) $(CPPFLAGS) $(CFLAGS)
 
-SONAMES:= libany.so.1 libanygcc.so.1v6
+SONAMES:= libany.so.1 libany6gcc.so.1v6 libany5gcc.so.1
 LIBFILES:= $(patsubst %,%.0.1, $(SONAMES))
 
 all: $(LIBFILES)
diff --git a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
index f12c14e..df7dfe2 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
@@ -14,12 +14,22 @@ Description: {$description}
  things.  It should not be installed like a regular package.
 
 
-Package: libanygcc1v6
+Package: libany6gcc1v6
 Architecture: any
 Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
-Description: {$description} with gcc version
+Description: {$description} with gcc 6 version
  This is a test package designed to exercise some feature or tag of
  Lintian.  It is part of the Lintian test suite and may do very odd
  things.  It should not be installed like a regular package.
  .
- It test if v6 string are correctly escaped
\ No newline at end of file
+ It test if v6 string are correctly escaped
+
+Package: libany5gcc1v5
+Architecture: any
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} with gcc 5 version
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.
+ .
+ It test if v5 string are correctly escaped
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.install
new file mode 100644
index 000..283bc61
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.install
@@ -0,0 +1 @@
+/usr/lib/libany5gcc.*
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.symbols 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.symbols
new file mode 100644
index 000..a394502
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany5gcc1v5.symbols
@@ -0,0 +1,2 @@
+libany5gcc.so.1 libany5gcc1v5 #MINVER#
+ e@Base 1.0
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.install
new file mode 100644
index 000..9485e87
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.install
@@ -0,0 +1 @@
+/usr/lib/libany6gcc.*
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.symbols 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.symbols
new file mode 100644
index 000..aee5f00
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libany6gcc1v6.symbols
@@ -0,0 +1,2 @@
+libany6gcc.so.1v6 libany6gcc1v6 #MINVER#
+ e@Base 1.0
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install
deleted file mode 100644
index 6873a48..000
--- a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.install
+++ /dev/null
@@ -1 +0,0 @@
-/usr/lib/libanygcc.*
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.symbols 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanygcc1v6.symbols
deleted file mode 100644
index f102bd2..000
--- 

[lintian] 03/03: Improve sonames match test suite

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 88d984e2320a0d894ff3812b51f9c4e21f3c1bf1
Author: Bastien ROUCARIÈS 
Date:   Mon Nov 14 14:19:08 2016 +0100

Improve sonames match test suite

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/binaries-doesnt-match-sonames/debian/Makefile  |  2 +-
 .../binaries-doesnt-match-sonames/debian/debian/control.in | 14 +-
 .../debian/debian/libanyq16-6.install  |  1 +
 .../debian/debian/libanyq16-6.symbols  |  2 ++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/t/tests/binaries-doesnt-match-sonames/debian/Makefile 
b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
index 5e34afc..21a67b5 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/Makefile
+++ b/t/tests/binaries-doesnt-match-sonames/debian/Makefile
@@ -2,7 +2,7 @@ CC=gcc
 MYCFLAGS=-Wall -Winline -O2 -fPIC
 CFLAGS:=$(MYCFLAGS) $(CPPFLAGS) $(CFLAGS)
 
-SONAMES:= libany.so.1 libany6gcc.so.1v6 libany5gcc.so.1
+SONAMES:= libany.so.1 libany6gcc.so.1v6 libany5gcc.so.1 libanyQ16.so.6
 LIBFILES:= $(patsubst %,%.0.1, $(SONAMES))
 
 all: $(LIBFILES)
diff --git a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
index df7dfe2..2a23d1d 100644
--- a/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/control.in
@@ -32,4 +32,16 @@ Description: {$description} with gcc 5 version
  Lintian.  It is part of the Lintian test suite and may do very odd
  things.  It should not be installed like a regular package.
  .
- It test if v5 string are correctly escaped
\ No newline at end of file
+ It test if v5 string are correctly escaped
+
+Package: libanyq16-6
+Architecture: any
+Depends: $\{shlibs:Depends\}, $\{misc:Depends\}
+Description: {$description} with Q16 version
+ This is a test package designed to exercise some feature or tag of
+ Lintian.  It is part of the Lintian test suite and may do very odd
+ things.  It should not be installed like a regular package.
+ .
+ It test if string are correctly escaped like for imagemagick.
+ .
+ library name is not libanyQ166
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.install 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.install
new file mode 100644
index 000..b4ecaea
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.install
@@ -0,0 +1 @@
+/usr/lib/libanyQ16*
\ No newline at end of file
diff --git 
a/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.symbols 
b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.symbols
new file mode 100644
index 000..0f32f79
--- /dev/null
+++ b/t/tests/binaries-doesnt-match-sonames/debian/debian/libanyq16-6.symbols
@@ -0,0 +1,2 @@
+libanyQ16.so.1v6 libanyQ16-6 #MINVER#
+ e@Base 1.0

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (d2d0f4b -> 25c87a5)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  d2d0f4b   Allow version with number of openssl source
   new  25c87a5   Fix hardening test suite

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 t/tests/binaries-hardening/debian/Makefile | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (ff9bfbd -> d2d0f4b)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  ff9bfbd   Fix testsuite for libbaz
   new  d2d0f4b   Allow version with number of openssl source

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/binaries/embedded-libs | 2 +-
 debian/changelog| 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Fix hardening test suite

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 25c87a578dd49f7f08cbefbe7a18c68a04c299f0
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 12:39:34 2016 +0100

Fix hardening test suite

Use a weak compiler and a default compiler in order to use newer dpkg method
to inject flags by spec file.

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/binaries-hardening/debian/Makefile | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/t/tests/binaries-hardening/debian/Makefile 
b/t/tests/binaries-hardening/debian/Makefile
index e0884fd..f1e06f8 100644
--- a/t/tests/binaries-hardening/debian/Makefile
+++ b/t/tests/binaries-hardening/debian/Makefile
@@ -1,13 +1,13 @@
 # turn off PIE in CC in case we have a PIEful toolchain:
-ifneq ($(findstring -no-pie,$(shell gcc -no-pie 2>&1)),)
-  CC := gcc
+ifneq ($(findstring -no-pie,$(shell ${CC} -no-pie 2>&1)),)
+  CCWEAK := ${CC}
 else
-  CC := gcc -fno-pie -no-pie
+  CCWEAK := ${CC} -fno-pie -no-pie
 endif
 
 all: weak.1 strong.1
# Build without dpkg-buildflags.
-   $(CC) -o weak -g \
+   $(CCWEAK) -o weak -g \
-fno-stack-protector \
-Wl,-z,norelro \
-U_FORTIFY_SOURCE \

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Allow version with number of openssl source

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit d2d0f4b2e7c21fa7372fddceaaaecf68cf7c04c0
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 12:23:13 2016 +0100

Allow version with number of openssl source

Closes: #843406
---
 data/binaries/embedded-libs | 2 +-
 debian/changelog| 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/binaries/embedded-libs b/data/binaries/embedded-libs
index 0c695ed..bc3a6d8 100644
--- a/data/binaries/embedded-libs
+++ b/data/binaries/embedded-libs
@@ -92,7 +92,7 @@ ncurses   ||Not enough memory to create terminal structure
 nspr  ||(?m)^Unable to create nspr log file
 nss   ||(?m)^My Encrytion Test Data
 openjpeg  ||tcd_decode: incomplete bit?stream
-openssl   ||You need to read the OpenSSL FAQ
+openssl   ||source-regex=openssl(?:\d+(?:\.\d+)?)?||You need to read the 
OpenSSL FAQ
 pcre3 ||this version of PCRE is not compiled with PCRE_UTF8 support
 poppler   ||source-regex=(?:poppler|xpdf)||(?:May not be a PDF file 
\(continuing anyway\)|PDF file is damaged - attempting to reconstruct xref 
table\.\.\.)
 srtp  ||srtp: in stream 0x%x:
diff --git a/debian/changelog b/debian/changelog
index 65b0cef..eeeaef0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ lintian (2.5.50) UNRELEASED; urgency=medium
   "Allow debhelper "--with" addons to be quoted".
   (Closes: #839822)
 
+  * data/binaries/embedded-libs:
++ [BR] Allow openssl1.0 as source package.  (Closes: #843406).
   * data/spelling/corrections:
 + [PW] Add more corrections.
   * data/files/privacy-breaker-websites:

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (4507bf7 -> ff9bfbd)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  4507bf7   Do not run testsuite with ${souce-Version} with newer dpkg
   new  083b1e1   Fix fail tests::version-substvars-general: Tag 
substvar-source-version-is-deprecated listed in Test-For but not found
   new  ff9bfbd   Fix testsuite for libbaz

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 t/tests/legacy-libbaz/debian/debian/control | 2 +-
 t/tests/legacy-libbaz/tags  | 3 ++-
 t/tests/version-substvars-general/desc  | 1 -
 3 files changed, 3 insertions(+), 3 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/02: Fix fail tests::version-substvars-general: Tag substvar-source-version-is-deprecated listed in Test-For but not found

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 083b1e1cfd49a038a9313307e02a78bfab03c719
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 12:02:05 2016 +0100

Fix fail tests::version-substvars-general: Tag 
substvar-source-version-is-deprecated listed in Test-For but not found

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/version-substvars-general/desc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/t/tests/version-substvars-general/desc 
b/t/tests/version-substvars-general/desc
index 82126c5..0c92572 100644
--- a/t/tests/version-substvars-general/desc
+++ b/t/tests/version-substvars-general/desc
@@ -7,5 +7,4 @@ Test-For:
  not-binnmuable-all-depends-any
  not-binnmuable-any-depends-all
  not-binnmuable-any-depends-any
- substvar-source-version-is-deprecated
  version-substvar-for-external-package

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 02/02: Fix testsuite for libbaz

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit ff9bfbdc2529eeb3a2078ba637dee27cd1054fc5
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 12:04:55 2016 +0100

Fix testsuite for libbaz

Newer dpkg crash. Fix it

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/legacy-libbaz/debian/debian/control | 2 +-
 t/tests/legacy-libbaz/tags  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/t/tests/legacy-libbaz/debian/debian/control 
b/t/tests/legacy-libbaz/debian/debian/control
index 983084c..54cc21b 100644
--- a/t/tests/legacy-libbaz/debian/debian/control
+++ b/t/tests/legacy-libbaz/debian/debian/control
@@ -37,7 +37,7 @@ Description: test handling of library packages (good)
 
 Package: libbaz2-dev
 Architecture: any
-Depends: ${shlibs:Depends}, libbaz2 (= ${Source-Version})
+Depends: ${shlibs:Depends}, libbaz2 (= ${source:Version})
 Description: development package (good)
  Regression test for lintian's handling of libraries (dev good).
  .
diff --git a/t/tests/legacy-libbaz/tags b/t/tests/legacy-libbaz/tags
index 8e6c45e..e022d01 100644
--- a/t/tests/legacy-libbaz/tags
+++ b/t/tests/legacy-libbaz/tags
@@ -1,5 +1,7 @@
 E: libbaz source: not-binnmuable-any-depends-any libbaz1-dev -> libbaz1
+E: libbaz source: not-binnmuable-any-depends-any libbaz2-dev -> libbaz2
 E: libbaz source: weak-library-dev-dependency libbaz1-dev on libbaz1 (= 
${source:Version})
+E: libbaz source: weak-library-dev-dependency libbaz2-dev on libbaz2 (= 
${source:Version})
 E: libbaz1-dev: missing-dependency-on-libc needed by 
usr/lib/ma-dir/perl/version/auto/Foo/Foo.so
 E: libbaz1: control-file-has-bad-permissions shlibs 0755 != 0644
 E: libbaz1: control-file-has-bad-permissions symbols 0755 != 0644
@@ -46,7 +48,6 @@ W: libbaz source: debhelper-but-no-misc-depends libbaz2-dev
 W: libbaz source: native-package-with-dash-version
 W: libbaz source: package-uses-deprecated-debhelper-compat-version 6
 W: libbaz source: source-nmu-has-incorrect-version-number 1-1
-W: libbaz source: substvar-source-version-is-deprecated libbaz2-dev
 W: libbaz1-dev: wrong-section-according-to-package-name libbaz1-dev => libdevel
 W: libbaz1: dev-pkg-without-shlib-symlink usr/lib/libbaz.so usr/lib/libbaz.so
 W: libbaz1: dev-pkg-without-shlib-symlink usr/lib/libbaz3.so.1.0.3b 
usr/lib/libbaz3.so

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (9a8f036 -> 4507bf7)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  9a8f036   Fix bug number in cruft.desc
   new  4bbbaf0   Disable deb-format-udeb-compression for newer dpkg
   new  26ef071   Fix legacy-binary with newer dpkg
   new  4507bf7   Do not run testsuite with ${souce-Version} with newer dpkg

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 t/tests/deb-format-udeb-compression/desc  | 2 ++
 t/tests/legacy-binary/debian/debian/control   | 4 ++--
 t/tests/legacy-binary/tags| 3 ---
 t/tests/version-substvars-general/debian/debian/control.in| 2 +-
 t/tests/version-substvars-general/tags| 1 -
 .../debian/debian/control.in  | 0
 .../desc  | 4 +++-
 t/tests/version-substvars-obsolete/tags   | 8 
 8 files changed, 16 insertions(+), 8 deletions(-)
 copy t/tests/{version-substvars-general => 
version-substvars-obsolete}/debian/debian/control.in (100%)
 copy t/tests/{version-substvars-general => version-substvars-obsolete}/desc 
(71%)
 create mode 100644 t/tests/version-substvars-obsolete/tags

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 03/03: Do not run testsuite with ${souce-Version} with newer dpkg

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 4507bf78498b7524d55c368619cb8a4d71e2f49d
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 11:45:57 2016 +0100

Do not run testsuite with ${souce-Version} with newer dpkg

Dpkg will crash thus crashing testsuite

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/version-substvars-general/debian/debian/control.in  |  2 +-
 t/tests/version-substvars-general/tags  |  1 -
 .../debian/debian/control.in|  0
 t/tests/version-substvars-obsolete/desc | 13 +
 t/tests/version-substvars-obsolete/tags |  8 
 5 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/t/tests/version-substvars-general/debian/debian/control.in 
b/t/tests/version-substvars-general/debian/debian/control.in
index b00030d..c483f80 100644
--- a/t/tests/version-substvars-general/debian/debian/control.in
+++ b/t/tests/version-substvars-general/debian/debian/control.in
@@ -20,7 +20,7 @@ Description: {$description}
 Package: program-data
 Architecture: all
 Depends: $\{shlibs:Depends\}, $\{misc:Depends\},
- foreign-pkg:any (= $\{Source-Version\})
+ foreign-pkg:any (= $\{source:Version\})
 Replaces: other-foreign-pkg:any (<< $\{binary:Version\})
 Description: {$description} - data
  This is a test package designed to exercise some feature or tag of
diff --git a/t/tests/version-substvars-general/tags 
b/t/tests/version-substvars-general/tags
index 7d61949..56b29e5 100644
--- a/t/tests/version-substvars-general/tags
+++ b/t/tests/version-substvars-general/tags
@@ -5,4 +5,3 @@ E: version-substvars-general source: 
not-binnmuable-any-depends-all program-util
 E: version-substvars-general source: not-binnmuable-any-depends-any 
program-utils -> program-bin
 E: version-substvars-general source: version-substvar-for-external-package 
program-data -> foreign-pkg
 E: version-substvars-general source: version-substvar-for-external-package 
program-data -> other-foreign-pkg
-W: version-substvars-general source: substvar-source-version-is-deprecated 
program-data
diff --git a/t/tests/version-substvars-general/debian/debian/control.in 
b/t/tests/version-substvars-obsolete/debian/debian/control.in
similarity index 100%
copy from t/tests/version-substvars-general/debian/debian/control.in
copy to t/tests/version-substvars-obsolete/debian/debian/control.in
diff --git a/t/tests/version-substvars-obsolete/desc 
b/t/tests/version-substvars-obsolete/desc
new file mode 100644
index 000..d8d9246
--- /dev/null
+++ b/t/tests/version-substvars-obsolete/desc
@@ -0,0 +1,13 @@
+Testname: version-substvars-obsolete
+Version: 1.0
+Description: Test of substvars
+Options: -L +classification -C version-substvars
+Test-For:
+ maybe-not-arch-all-binnmuable
+ not-binnmuable-all-depends-any
+ not-binnmuable-any-depends-all
+ not-binnmuable-any-depends-any
+ substvar-source-version-is-deprecated
+ version-substvar-for-external-package
+# dpkg 1.18.11 Will error out for ${source-version}
+Test-Depends: dpkg (<< 1.17.2)
diff --git a/t/tests/version-substvars-obsolete/tags 
b/t/tests/version-substvars-obsolete/tags
new file mode 100644
index 000..eb28e2c
--- /dev/null
+++ b/t/tests/version-substvars-obsolete/tags
@@ -0,0 +1,8 @@
+C: version-substvars-obsolete source: maybe-not-arch-all-binnmuable 
program-bin -> program-data-extra
+E: version-substvars-obsolete source: not-binnmuable-all-depends-any 
program-data-extra -> program-bin
+E: version-substvars-obsolete source: not-binnmuable-any-depends-all 
program-bin -> program-data
+E: version-substvars-obsolete source: not-binnmuable-any-depends-all 
program-utils -> program-data
+E: version-substvars-obsolete source: not-binnmuable-any-depends-any 
program-utils -> program-bin
+E: version-substvars-obsolete source: version-substvar-for-external-package 
program-data -> foreign-pkg
+E: version-substvars-obsolete source: version-substvar-for-external-package 
program-data -> other-foreign-pkg
+W: version-substvars-obsolete source: substvar-source-version-is-deprecated 
program-data

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 02/03: Fix legacy-binary with newer dpkg

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 26ef0711d2efaeefae0109cc7248ad918e291e47
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 11:36:12 2016 +0100

Fix legacy-binary with newer dpkg

Newer dpkg will emit some message with ${source-Version}. Remove for legacy 
testsuite

Signed-off-by: Bastien ROUCARIÈS 
---
 t/tests/legacy-binary/debian/debian/control | 4 ++--
 t/tests/legacy-binary/tags  | 3 ---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/t/tests/legacy-binary/debian/debian/control 
b/t/tests/legacy-binary/debian/debian/control
index 03cc317..3debc9f 100644
--- a/t/tests/legacy-binary/debian/debian/control
+++ b/t/tests/legacy-binary/debian/debian/control
@@ -11,7 +11,7 @@ XS-Dm-Upload-Allowed: yes
 
 Package: binary
 Architecture: any
-Pre-Depends: ${shlibs:Depends}, xorg, binary-data (= ${Source-Version}), 
libssl0.9.8
+Pre-Depends: ${shlibs:Depends}, xorg, binary-data (= ${source:Version}), 
libssl0.9.8
 Homepage: 
 Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk
 Description: test handling of binary files
@@ -25,7 +25,7 @@ Description: test handling of binary files
 
 Package: binary-data
 Architecture: all
-Depends: binary (= ${Source-Version}), libssl-not-openssl,
+Depends: binary (= ${source:Version}), libssl-not-openssl,
  libssl0.9.8 | or-something-else
 Description: test handling of binary relationships
  Regression test for lintian's checking of package relationships between
diff --git a/t/tests/legacy-binary/tags b/t/tests/legacy-binary/tags
index ab6edbb..d5dc3d5 100644
--- a/t/tests/legacy-binary/tags
+++ b/t/tests/legacy-binary/tags
@@ -1,6 +1,5 @@
 E: binary source: debian-rules-missing-required-target binary-indep
 E: binary source: not-binnmuable-all-depends-any binary-data -> binary
-E: binary source: not-binnmuable-any-depends-all binary -> binary-data
 E: binary: changelog-file-not-compressed changelog
 E: binary: debian-changelog-file-missing-or-wrong-name
 E: binary: debian-copyright-file-uses-obsolete-national-encoding at line 13
@@ -70,8 +69,6 @@ W: binary source: intra-source-package-circular-dependency 
binary binary-data
 W: binary source: maintainer-upload-has-incorrect-version-number 4-1.1
 W: binary source: native-package-with-dash-version
 W: binary source: package-would-benefit-from-build-arch-targets
-W: binary source: substvar-source-version-is-deprecated binary
-W: binary source: substvar-source-version-is-deprecated binary-data
 W: binary-data: control-file-is-empty md5sums
 W: binary-data: empty-binary-package
 W: binary: binary-without-manpage usr/bin/hello

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/03: Disable deb-format-udeb-compression for newer dpkg

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 4bbbaf051990b44601533cff7770b5f67a4d4c0f
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 11:30:43 2016 +0100

Disable deb-format-udeb-compression for newer dpkg

Dpkg will warn for us
---
 t/tests/deb-format-udeb-compression/desc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/t/tests/deb-format-udeb-compression/desc 
b/t/tests/deb-format-udeb-compression/desc
index 6ff31ec..fd79525 100644
--- a/t/tests/deb-format-udeb-compression/desc
+++ b/t/tests/deb-format-udeb-compression/desc
@@ -2,3 +2,5 @@ Testname: deb-format-udeb-compression
 Version: 1.0
 Description: Test of compression of udeb data member
 Test-For: udeb-uses-unsupported-compression-for-data-tarball
+# dpkg 1.18.1 Will warn for us
+Test-Depends: dpkg (<< 1.18.11)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Fix bug number in cruft.desc

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 9a8f03681d928f32edebe8da71abc6bd5edb647e
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 00:22:35 2016 +0100

Fix bug number in cruft.desc
---
 checks/cruft.desc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/cruft.desc b/checks/cruft.desc
index 009d749..dc2133e 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -762,7 +762,7 @@ Info: The following file source files include material 
under a
  by repacking.
  .
  If this is a false-positive, please report a bug against Lintian.
-Ref: https://bugs.debian.org/823100
+Ref: #823100
 
 Tag: license-problem-md5sum-non-distributable-file
 Severity: serious

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (cd264e4 -> 732b235)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  cd264e4   Add case correction for LUA -> Lua
   new  732b235   Detect non free utf code

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/cruft.desc   | 18 ++
 data/cruft/non-free-license |  2 ++
 debian/changelog|  3 +++
 t/scripts/implemented-tags.t|  1 +
 t/tests/cruft-non-free-utf/debian/src/bad.c | 18 ++
 t/tests/cruft-non-free-utf/desc |  4 
 t/tests/cruft-non-free-utf/tags |  1 +
 7 files changed, 47 insertions(+)
 create mode 100644 t/tests/cruft-non-free-utf/debian/src/bad.c
 create mode 100644 t/tests/cruft-non-free-utf/desc
 create mode 100644 t/tests/cruft-non-free-utf/tags

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Detect non free utf code

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 732b23524f035d0768e423c7b4ac3252496c5dee
Author: Bastien ROUCARIÈS 
Date:   Tue Nov 8 00:00:38 2016 +0100

Detect non free utf code

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/cruft.desc   | 18 ++
 data/cruft/non-free-license |  2 ++
 debian/changelog|  3 +++
 t/scripts/implemented-tags.t|  1 +
 t/tests/cruft-non-free-utf/debian/src/bad.c | 18 ++
 t/tests/cruft-non-free-utf/desc |  4 
 t/tests/cruft-non-free-utf/tags |  1 +
 7 files changed, 47 insertions(+)

diff --git a/checks/cruft.desc b/checks/cruft.desc
index 3c5b8de..009d749 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -746,6 +746,24 @@ Info: The following source files include material under a
  If this is a false-positive, please report a bug against Lintian.
 Ref: https://bugs.debian.org/724930#27
 
+Tag: license-problem-convert-utf-code
+Severity: serious
+Certainty: possible
+Info: The following file source files include material under a
+ non-free license from Unicode Inc. Therefore, it is
+ not possible to ship this in main or contrib.
+ .
+ This license does not grant any permission
+ to modify the files (thus failing DFSG#3). Moreover, the license grant
+ to attempt to restrict use to "products supporting the Unicode
+ Standard" (thus failing DFSG#6).
+ .
+ In this case a solution is to use libicu and to remove this code
+ by repacking.
+ .
+ If this is a false-positive, please report a bug against Lintian.
+Ref: https://bugs.debian.org/823100
+
 Tag: license-problem-md5sum-non-distributable-file
 Severity: serious
 Certainty: certain
diff --git a/data/cruft/non-free-license b/data/cruft/non-free-license
index 938244e..622c093 100644
--- a/data/cruft/non-free-license
+++ b/data/cruft/non-free-license
@@ -29,3 +29,5 @@ source-contains-autogenerated-visual-c++-file ~~ microsoft && 
visual && generate
 source-contains-autogenerated-gperf-data ~~ code && produced && gperf && 
version ~~ code produced by gperf version ~~ code [ ] produced [ ] by [ ] gperf 
[ ] version [ ] \d+\.\d+
 # warn about copy of ieee-data
 source-contains-data-from-ieee-data-oui-db ~~ struck && scitex && racore ~~ 
dr. b. struck ~~ dr. [ ] b. [ ] struck
+# warn about unicode license for utf for convert utf
+license-problem-convert-utf-code ~~ fall-through && bytestowrite && utf-8 ~~ 
the fall-through switches in utf-8 reading ~~ the [ ] fall-through [ ] switches 
[ ] in [ ] utf-8 [ ] reading [ ] code [ ] save 
diff --git a/debian/changelog b/debian/changelog
index ac1af5a..65b0cef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ lintian (2.5.50) UNRELEASED; urgency=medium
 
   XXX: generate tag summary with private/generate-tag-summary
 
+  * checks/cruft.desc:
++ [BR] Detect utf convert non free code.
+  (Closes: #843595)
   * checks/binaries.desc:
 + [NT] Update hardening-no-pie description to reflect that
   PIE is on by default in Debian.
diff --git a/t/scripts/implemented-tags.t b/t/scripts/implemented-tags.t
index 4b2..796dd38 100755
--- a/t/scripts/implemented-tags.t
+++ b/t/scripts/implemented-tags.t
@@ -49,6 +49,7 @@ our $EXCLUDE =join(
   ^maintainer-script-may-.*$
   ^install-info-used-in-maintainer-script$
   ^license-problem-cc-by-nc-sa$
+  ^license-problem-convert-utf-code$
   ^license-problem-json-evil$
   ^license-problem-non-free-RFC$
   ^license-problem-non-free-RFC-BCP78$
diff --git a/t/tests/cruft-non-free-utf/debian/src/bad.c 
b/t/tests/cruft-non-free-utf/debian/src/bad.c
new file mode 100644
index 000..753e63a
--- /dev/null
+++ b/t/tests/cruft-non-free-utf/debian/src/bad.c
@@ -0,0 +1,18 @@
+/* -
+
+Note A.
+The fall-through switches in UTF-8 reading code save a
+temp variable, some decrements & conditionals.  The switches
+are equivalent to the following loop:
+{
+int tmpBytesToRead = extraBytesToRead+1;
+do {
+ch += *source++;
+--tmpBytesToRead;
+if (tmpBytesToRead) ch <<= 6;
+} while (tmpBytesToRead > 0);
+}
+In UTF-8 writing code, the switches on "bytesToWrite" are
+similarly unrolled loops.
+
+   - */
diff --git a/t/tests/cruft-non-free-utf/desc b/t/tests/cruft-non-free-utf/desc
new file mode 100644
index 000..318dfe2
--- /dev/null
+++ b/t/tests/cruft-non-free-utf/desc
@@ -0,0 +1,4 @@
+Testname: cruft-non-free-utf
+Version: 1.0
+Description: Check for non free utf
+Test-For: license-problem-convert-utf-code
diff --git 

[lintian] branch master updated (0622f0b -> c4ee793)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  0622f0b   Allow debhelper "--with" addons to be quoted
   new  c4ee793   Improve logos detection

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/files/privacy-breaker-websites | 2 +-
 debian/changelog| 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (c4ee793 -> 2109a7e)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  c4ee793   Improve logos detection
   new  2109a7e   Fix changelog

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Fix changelog

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 2109a7e938dee9b9d4f74d1da51154c3c57f2e2f
Author: Bastien ROUCARIÈS 
Date:   Thu Oct 27 22:20:59 2016 +0200

Fix changelog

Signed-off-by: Bastien ROUCARIÈS 
---
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 4113156..ac1af5a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,7 +5,7 @@ lintian (2.5.50) UNRELEASED; urgency=medium
   * checks/binaries.desc:
 + [NT] Update hardening-no-pie description to reflect that
   PIE is on by default in Debian.
-  * checks/debhelper.pm
+  * checks/debhelper.pm:
 + [BR] Apply patch from Yann Soubeyrand :
   "Allow debhelper "--with" addons to be quoted".
   (Closes: #839822)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (90e8628 -> 0622f0b)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  90e8628   c/binaries.desc: PIE is on by default now
   new  0622f0b   Allow debhelper "--with" addons to be quoted

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/debhelper.pm | 4 ++--
 debian/changelog| 4 
 2 files changed, 6 insertions(+), 2 deletions(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Allow debhelper "--with" addons to be quoted

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 0622f0bde185d8bb7c291a6102564da21f131dd4
Author: Yann Soubeyrand 
Date:   Thu Oct 27 22:04:20 2016 +0200

Allow debhelper "--with" addons to be quoted

dh $@ --with 'python2'

Signed-off-by: Bastien ROUCARIÈS 
---
 checks/debhelper.pm | 4 ++--
 debian/changelog| 4 
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/checks/debhelper.pm b/checks/debhelper.pm
index 62c6372..1dd99d5 100644
--- a/checks/debhelper.pm
+++ b/checks/debhelper.pm
@@ -134,8 +134,8 @@ sub run {
 $seencommand = 1;
 $needbuilddepends = 1;
 $needtomodifyscripts = 1;
-while (m/\s--with(?:=|\s+)(\S+)/go) {
-my $addon_list = $1;
+while (m/\s--with(?:=|\s+)(['"]?)(\S+)\1/go) {
+my $addon_list = $2;
 for my $addon (split(m/,/o, $addon_list)) {
 $addon =~ y,-,_,;
 my $depends =$dh_addons_manual->value($addon)
diff --git a/debian/changelog b/debian/changelog
index 1f12dfe..29104a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,10 @@ lintian (2.5.50) UNRELEASED; urgency=medium
   * checks/binaries.desc:
 + [NT] Update hardening-no-pie description to reflect that
   PIE is on by default in Debian.
+  * checks/debhelper.pm
++ [BR] Apply patch from Yann Soubeyrand :
+  "Allow debhelper "--with" addons to be quoted".
+  (Closes: #839822)
 
   * data/spelling/corrections:
 + [PW] Add more corrections.

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] 01/01: Improve logos detection

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit c4ee7930dc223960e0f5600e175335d396b890df
Author: Bastien ROUCARIÈS 
Date:   Thu Oct 27 22:17:47 2016 +0200

Improve logos detection
---
 data/files/privacy-breaker-websites | 2 +-
 debian/changelog| 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/files/privacy-breaker-websites 
b/data/files/privacy-breaker-websites
index f4539b4..cd3db97 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -12,7 +12,7 @@ privacy-breach-google-cse
~~^(?:[^\./]+\.)?google\.[^\./]
 privacy-breach-google-plus   
~~(?:^(?:[^\./]+\.)?google\.[^\./]+\.?/js/plusone\.[^\./]+\Z|^plus\.google\.com/)
 privacy-breach-donation  
~~(?:(?:donate|paypal|support)\.(gif|jpe?g|png|svg)$|^(?:[^\./]+\.)?(?:flattr\.(?:com|net)|paypal(?:objects)?\.com|pledgie\.com|xoom\.com)/)
 privacy-breach-facebook  
~~^(?:[^\./]+\.)?facebook\.com(?:/|\Z)
-privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|logos?_[^/\.]*)\.(gif|ico|jpe?g|png|svg)$)
+privacy-breach-logo  
~~(?:^(?:sflogo\.)?(?:sourceforge|sf)\.[^\./]+/sflogo\.php\?|/logos?/|(?:acrobat|clanlib|(?:fav|github-)?icons?|logos?_?(?:\d+|small)|mascot[^\./]*|youtube-icon[^\./]*|twitter_logo[^\./]*|doxygen|logos?_[^/\.]*|logos?)\.(gif|ico|jpe?g|png|svg)$)
 privacy-breach-piwik ~~/piwik\.php\?
 privacy-breach-statistics-website
~~^(?:(?:[^\./]+\.)?(?:count\.digitalpoint\.com|cruel-carlota\.pagodabox\.com|linkexchange\.com|nedstatbasic\.net|onestat\.com|sitemeter\.com|statcounter\.com|webstats\.motigo\.com)(?:/|\Z)|/count(?:er)?\.cgi\?[^/]*\Z)
 privacy-breach-w3c-valid-html
~~^(?:(?:[^\./]+\.)?w3.org/(?:icons/valid-|css-validator/images/)(?:[^/]+)?$|validator\.w3\.org(?:/|\Z))
diff --git a/debian/changelog b/debian/changelog
index 29104a5..4113156 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,8 @@ lintian (2.5.50) UNRELEASED; urgency=medium
 
   * data/spelling/corrections:
 + [PW] Add more corrections.
+  * data/files/privacy-breaker-websites:
++ [BR] Detect more logos.
 
  -- Niels Thykier   Wed, 26 Oct 2016 20:42:18 +
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (eb260df -> a3c42c5)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  eb260df   Detect rapidjson files
   new  a3c42c5   Detect audio tag in html tag

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/files/privacy-breaker-tag-attr   |  1 +
 debian/changelog  |  3 +++
 .../debian/src/privacy-breach-generic/audio.html  |  7 +++
 .../debian/src/privacy-breach-generic/audiotrack.html | 11 +++
 t/tests/files-privacybreach/tags  |  2 ++
 5 files changed, 24 insertions(+)
 create mode 100644 
t/tests/files-privacybreach/debian/src/privacy-breach-generic/audio.html
 create mode 100644 
t/tests/files-privacybreach/debian/src/privacy-breach-generic/audiotrack.html

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (ff53a17 -> eb260df)

[Bastien ROUCARIES]

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a change to branch master
in repository lintian.

  from  ff53a17   L::Util: Apply perltidy
   new  eb260df   Detect rapidjson files

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/cruft/non-distributable-files | 2 ++
 debian/changelog   | 3 +++
 2 files changed, 5 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Bug#840009: Applied

[Bastien ROUCARIES]

Patch is fine

Applied