#! /bin/sh /usr/share/dpatch/dpatch-run ## 500-backport-1.23.21-checks.dpatch by Alexander Kanevskiy ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Backported checks from lintian 1.23.21 @DPATCH@ diff -urNad lintian-1.23.8/checks/binaries.desc lintian-1.23.21/checks/binaries.desc --- lintian-1.23.8/checks/binaries.desc 2005-01-14 21:06:37.000000000 +0000 +++ lintian-1.23.21/checks/binaries.desc 2006-07-18 11:42:35.000000000 +0000 @@ -61,11 +61,14 @@ Please contact &debdev; if you have questions about this. Tag: binary-has-unneeded-section -Type: warning +Type: info Info: The binary or shared library is stripped, but still contains a - section that is not useful. The utilities (install -s - and dh_strip) are patched to remove the .note and - .comment sections. + section that is not useful. You should call strip with + --remove-section=.comment --remove-section=.note to remove the + .note and .comment sections. + . + dh_strip will do this automatically for you, but + install -s not because it calls strip without any arguments. Tag: missing-depends-line Type: warning @@ -121,3 +124,24 @@ Info: There is no CXXABI_* mark in the objdump output on this file, and it is linked against a libstdc++, meaning it's likely linking to an obsolete version of the C++ library. + +Tag: several-sonames-in-same-package +Type: info +Info: There are several shared libraries in this package and they + have different sonames. This is usually discouraged because it is + inherently error-prone. + +Tag: package-name-doesnt-match-sonames +Type: warning +Info: The package name of a library package should usually reflect + the soname of the included library. The package name can determined + from the library file name with the following code snippet: + . + $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; s/\.so\.//' +Ref: Library Packaging guide 5 + +Tag: binary-with-bad-dynamic-table +Type: error +Info: This appears to be an ELF file but objdump -T cannot parse it. + If it is external debugging symbols for another file, it should be + installed under /usr/lib/debug. diff -urNad lintian-1.23.8/checks/common_data.pm lintian-1.23.21/checks/common_data.pm --- lintian-1.23.8/checks/common_data.pm 2005-01-14 17:19:55.000000000 +0000 +++ lintian-1.23.21/checks/common_data.pm 2006-07-18 11:50:09.000000000 +0000 @@ -7,14 +7,43 @@ %known_obsolete_fields %known_essential %known_build_essential %known_obsolete_packages %known_virtual_packages %known_libstdcs %known_tcls %known_tclxs %known_tks %known_tkxs - %known_libpngs + %known_libpngs %known_x_metapackages + %non_standard_archs %all_cpus %all_oses + %known_doc_base_formats ); # simple defines for commonly needed data +# From /usr/share/dpkg/archtable, included here to make lintian results +# consistent no matter what dpkg one has installed. %known_archs = map { $_ => 1 } - ('alpha', 'amd64', 'arm', 'hppa', 'hurd-i386', 'i386', 'ia64', 'mips', - 'mipsel', 'm68k', 'powerpc', 's390', 'sh', 'sparc', 'any', 'all'); + ('i386', 'ia64', 'alpha', 'amd64', 'arm', 'hppa', 'm68k', 'mips', + 'mipsel', 'powerpc', 's390', 'sparc', 'hurd-i386', 'any', 'all'); + +# From /usr/share/dpkg/cputable, included here to make lintian results +# consistent no matter what dpkg one has installed. +%all_cpus = map { $_ => 1 } + ('i386', 'ia64', 'alpha', 'amd64', 'armeb', 'arm', 'hppa', 'm32r', 'm68k', + 'mips', 'mipsel', 'powerpc', 'ppc64', 's390', 's390x', 'sh3', 'sh3eb', + 'sh4', 'sh4eb', 'sparc'); + +# From /usr/share/dpkg/ostable, included here to make lintian results +# consistent no matter what dpkg one has installed. +%all_oses = map { $_ => 1 } + ('linux', 'darwin', 'freebsd', 'kfreebsd', 'knetbsd', 'netbsd', 'openbsd', + 'hurd'); + +# Yes, this includes combinations that are rather unlikely to ever exist, like +# hurd-sh3, but the chances of those showing up as errors are rather low and +# this reduces the necessary updating. +# +# For right now, linux-* are non-standard architectures. This probably isn't +# strictly correct and will need to be revisited later. +%non_standard_archs = map { $_ => 1 } + grep { !$known_archs{$_} } + (keys %all_cpus, + map { my $os = $_; map { "$os-$_" } keys %all_cpus } keys %all_oses); + %known_sections = map { $_ => 1 } ('admin', 'base', 'comm', 'devel', 'doc', 'editors', 'electronics', @@ -66,7 +95,7 @@ %known_obsolete_packages = map { $_ => 1 } ('libstdc++2.8', 'ncurses3.4', 'slang0.99.38', 'newt0.25', 'mesag2', 'libjpegg6a', 'gmp2', 'libgtop0', 'libghttp0', 'libpgsql', 'tk4.2', - 'tcl7.6', 'libpng0g', 'xbase'); + 'tcl7.6', 'libpng0g', 'xbase', 'xlibs-dev', 'debmake', 'gcc-2.95' ); # Used only (at least lintian 1.23.1) for giving a warning about a # virtual-only dependency @@ -98,6 +127,7 @@ %known_libstdcs = map { $_ => 1 } ('libstdc++2.9-glibc2.1', 'libstdc++2.10', 'libstdc++2.10-glibc2.2', 'libstdc++3', 'libstdc++3.0', 'libstdc++4', 'libstdc++5', + 'libstdc++6', 'lib64stdc++6', ); %known_tcls = map { $_ => 1 } @@ -115,4 +145,12 @@ %known_libpngs = map { $_ => 1 } ( 'libpng12-0', 'libpng2', 'libpng3', ); +%known_x_metapackages = map { $_ => 1 } + ( 'x-window-system', 'x-window-system-dev', 'x-window-system-core', + 'xorg', 'xorg-dev', ); + +# Supported documentation formats for doc-base files. +%known_doc_base_formats = map { $_ => 1 } + ( 'html', 'text', 'pdf', 'postscript', 'info', 'dvi', 'debiandoc-sgml' ); + 1; diff -urNad lintian-1.23.8/checks/conffiles lintian-1.23.21/checks/conffiles --- lintian-1.23.8/checks/conffiles 2004-07-04 12:18:33.000000000 +0000 +++ lintian-1.23.21/checks/conffiles 2006-07-18 11:42:35.000000000 +0000 @@ -1,4 +1,4 @@ -# conffiles -- lintian check script +# conffiles -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::conffiles; use strict; @@ -47,15 +47,11 @@ tag "duplicate-conffile", "$_"; } - if (m,^/?var/lib/games/,o) { - tag "score-file-must-not-be-conffile", "$_"; - } - if (m,^/?usr/,o) { tag "file-in-usr-marked-as-conffile", "$_"; } else { - unless (m,^/?etc/,o or m,^/?var/,o) { - tag "non-etc-or-var-file-marked-as-conffile", "$_"; + unless (m,^/?etc/,o) { + tag "non-etc-file-marked-as-conffile", "$_"; } } diff -urNad lintian-1.23.8/checks/conffiles.desc lintian-1.23.21/checks/conffiles.desc --- lintian-1.23.8/checks/conffiles.desc 2005-01-14 20:58:38.000000000 +0000 +++ lintian-1.23.21/checks/conffiles.desc 2006-07-18 11:42:35.000000000 +0000 @@ -14,10 +14,11 @@ administrator would not have a chance to modify this configuration file. -Tag: non-etc-or-var-file-marked-as-conffile +Tag: non-etc-file-marked-as-conffile Type: warning -Info: A file installed in some other directory than /etc or - /var is marked as conffile. +Info: A file installed in some other directory than /etc + is marked as conffile. A conffile typically implies a configuration file, and + policy mandates such files to be in /etc Status: untested Ref: policy 10.7.2 @@ -27,10 +28,6 @@ Info: All entries in the conffile control file should have an absolute path specification. -Tag: score-file-must-not-be-conffile -Type: error -Info: Game score and data files should not be marked as conffiles. - Tag: duplicate-conffile Type: error Info: The file is listed more than once in your debian/conffiles file. diff -urNad lintian-1.23.8/checks/control-file lintian-1.23.21/checks/control-file --- lintian-1.23.8/checks/control-file 2004-05-17 21:49:43.000000000 +0000 +++ lintian-1.23.21/checks/control-file 2006-07-18 11:42:35.000000000 +0000 @@ -1,4 +1,4 @@ -# control-file -- lintian check script +# control-file -- lintian check script -*- perl -*- # # Copyright (C) 2004 Marc Brockschmidt # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::control_file; use strict; @@ -28,12 +28,36 @@ my $pkg = shift; my $type = shift; +if (-l "debfiles/control") { + tag "debian-control-file-is-a-symlink", ""; +} + # check that control is UTF-8 encoded my $line = file_is_encoded_in_non_utf8("debfiles/control", $type, $pkg); if ($line) { tag "debian-control-file-uses-obsolete-national-encoding", "at line $line" } +# Check that each field is only used once: +my $seen_fields = {}; +open (CONTROL, "debfiles/control") or fail "Couldn't read debfiles/control: $!"; +while () { + s/\s*\n$//; + + #Reset seen_fields if we enter a new section: + $seen_fields = {} if /^$/; + + #line with field: + if (/^(\S+):/) { + my $field = lc ($1); + if ($seen_fields->{$field}) { + tag "debian-control-with-duplicate-fields", "$field: $$seen_fields{$field}, $."; + } + $seen_fields->{$field} = $.; + } +} +close CONTROL; + my ($header, @binary_controls) = read_dpkg_control("debfiles/control"); for my $binary_control (@binary_controls) { diff -urNad lintian-1.23.8/checks/control-file.desc lintian-1.23.21/checks/control-file.desc --- lintian-1.23.8/checks/control-file.desc 2004-11-24 22:44:10.000000000 +0000 +++ lintian-1.23.21/checks/control-file.desc 2006-07-18 11:42:35.000000000 +0000 @@ -25,3 +25,17 @@ `Build-Conflicts' or `Build-Conflicts-Indep' field in a binary section. These specify source package relationships, and should be in the source section of the control file. + +Tag: debian-control-with-duplicate-fields +Type: error +Info: One of the paragraphs of your debian/control contains the same + field more than once. This can lead to an unexpected behaviour of dpkg + and apt. + +Tag: debian-control-file-is-a-symlink +Type: warning +Info: The debian/control file is a symlink rather than a regular + file. Using symlinks for required source package files is unnecessary and + makes package checking and manipulation more difficult. If the control + file should be available in the source package under multiple names, make + debian/control the real file and the other names symlinks to it. diff -urNad lintian-1.23.8/checks/copyright-file lintian-1.23.21/checks/copyright-file --- lintian-1.23.8/checks/copyright-file 2004-10-12 21:56:46.000000000 +0000 +++ lintian-1.23.21/checks/copyright-file 2006-07-18 11:42:35.000000000 +0000 @@ -1,4 +1,4 @@ -# copyright-file -- lintian check script +# copyright-file -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::copyright_file; use strict; @@ -162,8 +162,9 @@ $wrong_directory_detected = 1; } -# lame check for old FSF zip code -if (m/02139/) { +# Lame check for old FSF zip code. Try to avoid false positives from other +# Cambridge, MA addresses. +if (m/(Free\s*Software\s*Foundation.*02139|02111-1307)/s) { tag "old-fsf-address-in-copyright-file", ""; } @@ -186,9 +187,15 @@ tag "copyright-does-not-refer-to-common-license-file", "$1"; } +# This check is a bit prone to false positives, since some other licenses +# mention the GPL. Also exclude any mention of the GPL following what looks +# like mail headers, since sometimes e-mail discussions of licensing are +# included in the copyright file but aren't referring to the license of the +# package. if (m/(GNU General Public License|GPL)/ && !m,/usr/share/common-licenses, && !m/Zope Public License/ && !m/LICENSE AGREEMENT FOR PYTHON 1.6.1/ && !m/LaTeX Project Public License/ && !m/GNU Free Documentation License/ + && !m/(^From:.*^To:|^To:.*^From:).*(GNU General Public License|GPL)/ms && !$wrong_directory_detected) { tag "copyright-should-refer-to-common-license-file-for-gpl", ""; } diff -urNad lintian-1.23.8/checks/copyright-file.desc lintian-1.23.21/checks/copyright-file.desc --- lintian-1.23.8/checks/copyright-file.desc 2004-07-06 19:05:37.000000000 +0000 +++ lintian-1.23.21/checks/copyright-file.desc 2006-07-18 11:42:35.000000000 +0000 @@ -15,7 +15,6 @@ Tag: no-copyright-file Type: error -Severity: Important Info: Each binary package has to include a plain file /usr/share/doc/pkg/copyright Ref: policy 12.5 @@ -84,16 +83,15 @@ Ref: policy 12.5 Tag: old-fsf-address-in-copyright-file -Type: error +Type: warning Info: The /usr/share/doc/pkg/copyright file refers to the old postal address of the Free Software Foundation (FSF). The new address is: . - Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA. + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. Tag: helper-templates-in-copyright Type: error -Severity: Important Info: The /usr/share/doc/pkg/copyright file still contains the template contents from a packaging helper. Please include the actual license and download information about the package. @@ -134,8 +132,10 @@ Tag: copyright-should-refer-to-common-license-file-for-gpl Type: error Ref: policy 12.5 -Info: Packages distributed under the GNU GPL must make reference to - /usr/share/common-licenses as the location of the GPL on Debian systems. +Info: The string "GNU General Public License" or "GPL" appears in the + copyright file for this package, but the copyright file does not + reference /usr/share/common-licenses as the location of the GPL + on Debian systems. Tag: copyright-lists-upstream-authors-with-dh_make-boilerplate Type: warning diff -urNad lintian-1.23.8/checks/cruft lintian-1.23.21/checks/cruft --- lintian-1.23.8/checks/cruft 2004-05-17 21:56:40.000000000 +0000 +++ lintian-1.23.21/checks/cruft 2006-07-18 11:42:35.000000000 +0000 @@ -18,8 +18,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::cruft; use strict; @@ -76,6 +76,12 @@ tag "source-contains-CVS-dir", "$name"; } elsif ($name =~ m,^(.+/)?\.svn$,) { tag "source-contains-svn-control-dir", "$name"; + } elsif ($name =~ m,^(.+/)?\.bzr$,) { + tag "source-contains-bzr-control-dir", "$name"; + } elsif ($name =~ m,^(.+/)?\{arch\}$,) { + tag "source-contains-arch-control-dir", "$name"; + } elsif ($name =~ m,^(.+/)?\.arch-ids$,) { + tag "source-contains-arch-control-dir", "$name"; } } @@ -86,6 +92,8 @@ tag "svn-commit-file-in-source", "$name"; } elsif ($name =~ m,^(.+/)?\.cvsignore$,) { tag "cvsignore-file-in-source", "$name"; + } elsif ($name =~ m,^(.+/)?\.arch-inventory$,) { + tag "arch-inventory-file-in-source", "$name"; } elsif ($name =~ m,^(.+/)?\.\#(.+?)\.\d+(\.\d+)*$,) { tag "source-contains-cvs-conflict-copy", "$name"; } elsif ($name =~ m,^(.+/)?(.+?)\.(r\d+|mine)$,) { diff -urNad lintian-1.23.8/checks/cruft.desc lintian-1.23.21/checks/cruft.desc --- lintian-1.23.8/checks/cruft.desc 2004-05-17 21:59:53.000000000 +0000 +++ lintian-1.23.21/checks/cruft.desc 2006-07-18 11:42:35.000000000 +0000 @@ -56,12 +56,30 @@ distributed normally. However, since upstream tarball often still contain those, it's only an informational tag. +Tag: arch-inventory-file-in-source +Type: info +Info: Package contains a '.arch-inventory' file. It may have been included by + accident. It is Version Control System metadata that should not be + distributed normally. + Tag: source-contains-svn-control-dir Type: warning Info: Source contains a .svn directory. It was most likely included by accident, since Subversion version control directories usually don't belong in packages. Export from subversion rather than checkout. +Tag: source-contains-bzr-control-dir +Type: warning +Info: Source contains a .bzr directory. It was most likely included by + accident, since bazaar-ng version control directories usually don't belong + in packages. + +Tag: source-contains-arch-control-dir +Type: warning +Info: Source contains a {arch} or .arch-ids directory. It was most likely + included by accident, since Arch version control directories usually don't + belong in packages. + Tag: source-contains-CVS-dir Type: warning Info: Package contains a CVS directory. It was most likely included by diff -urNad lintian-1.23.8/checks/debdiff lintian-1.23.21/checks/debdiff --- lintian-1.23.8/checks/debdiff 2004-07-04 12:18:33.000000000 +0000 +++ lintian-1.23.21/checks/debdiff 2006-07-18 11:42:35.000000000 +0000 @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::debdiff; use strict; @@ -50,6 +50,9 @@ $file = $1; tag_warn("patch-failure-file-in-diff", $file) if ($file =~ m/\.(orig|rej)$/); + + tag_warn("diff-contains-substvars", $file) + if ($file =~ m%^debian/substvars$%); } close(STAT) or fail("error reading diffstat file: $!"); diff -urNad lintian-1.23.8/checks/debdiff.desc lintian-1.23.21/checks/debdiff.desc --- lintian-1.23.8/checks/debdiff.desc 2004-05-02 01:30:44.000000000 +0000 +++ lintian-1.23.21/checks/debdiff.desc 2006-07-18 11:42:35.000000000 +0000 @@ -24,6 +24,14 @@ the reason is the location of the original source tarball. dpkg-source searches for this in ../package_upstream-version.orig.tar.gz. +Tag: diff-contains-substvars +Type: warning +Info: Lintian found a substvars file in the Debian diff for this source + package. The debian/substvars file is usually generated and modified + dynamically by debian/rules targets, in which case it must be removed by + the clean target. +Ref: policy 4.9 + Tag: source-tar-is-posix-tar Type: error Info: The source tar archive of this package is made with tar --posix. This diff -urNad lintian-1.23.8/checks/debhelper lintian-1.23.21/checks/debhelper --- lintian-1.23.8/checks/debhelper 2004-11-24 22:44:10.000000000 +0000 +++ lintian-1.23.21/checks/debhelper 2006-07-18 11:42:35.000000000 +0000 @@ -1,4 +1,4 @@ -# debhelper format -- lintian check script +# debhelper format -- lintian check script -*- perl -*- # Copyright (C) 1999 by Joey Hess # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::debhelper; use strict; @@ -39,6 +39,14 @@ my $needversiondepends = ''; my $seenversiondepends = '0'; my $compat = ''; +my $usescdbs = ''; + +# If there is no debian/compat file present but cdbs is being used, cdbs will +# create one automatically. Currently it always uses compatibility level 4. +# It may be better to look at what version of cdbs the package depends on and +# from that derive the compatibility level.... + +my $cdbscompat = 4; # Parse the debian/rules file, and try to figure out if debhelper commands # are run in it that like to modify maintainer scripts. Those debhelper @@ -57,6 +65,7 @@ dh_installmenu dh_installmime dh_installmodules + dh_installtexfonts dh_installwm dh_installxfonts dh_installxmlcatalogs @@ -68,6 +77,7 @@ ); open(RULES, "debfiles/rules") or fail("cannot read debian/rules: $!"); +my $dhcompatvalue; while () { if (m/^\s+(dh_\w+)/) { my $dhcommand = $1; @@ -87,8 +97,21 @@ } $seencommand = 1; $needbuilddepends = 1; - } elsif (/^\s*export\s+DH_COMPAT\s*=\s*(\d+)/) { + } elsif (m,^include\s+/usr/share/cdbs/1/rules/debhelper.mk,) { + $seencommand = 1; + $needbuilddepends = 1; + $needtomodifyscripts = 1; + + # CDBS sets DH_COMPAT but doesn't export it. It does, however, create + # a debian/compat file if none was found; that logic is handled later. + $dhcompatvalue = $cdbscompat; + $usescdbs = 1; + } elsif (/^\s*export\s+DH_COMPAT\s*:?=\s*(\d+)/) { $needversiondepends = $1; + } elsif (/^\s*export\s+DH_COMPAT/) { + $needversiondepends = $dhcompatvalue if $dhcompatvalue; + } elsif (/^\s*DH_COMPAT\s*:?=\s*(\d+)/) { + $dhcompatvalue = $1; } } close RULES; @@ -140,7 +163,7 @@ if ($compat) { chomp $compat; if ($needversiondepends) { - tag "declares-possibly-conflicting-debhelper-compat-versions", "$needversiondepends $compat"; + tag "declares-possibly-conflicting-debhelper-compat-versions", "rules=$needversiondepends compat=$compat"; } else { $needversiondepends = $compat; } @@ -173,8 +196,16 @@ } closedir(DEBIAN); -if ($needversiondepends and ($needversiondepends > 1) and ! Dep::versions_lte($needversiondepends, $seenversiondepends)) { - tag "package-lacks-versioned-build-depends-on-debhelper", "$needversiondepends"; +if ($usescdbs and not $needversiondepends) { + $needversiondepends = $cdbscompat; +} +$needversiondepends ||= 1; +if ($needversiondepends < 4) { + tag "package-uses-deprecated-debhelper-compat-version", $needversiondepends; +} + +if ($needversiondepends > 4 and ! Dep::versions_lte($needversiondepends, $seenversiondepends)) { + tag "package-lacks-versioned-build-depends-on-debhelper", $needversiondepends; } } diff -urNad lintian-1.23.8/checks/debhelper.desc lintian-1.23.21/checks/debhelper.desc --- lintian-1.23.8/checks/debhelper.desc 2004-05-02 01:30:44.000000000 +0000 +++ lintian-1.23.21/checks/debhelper.desc 2006-07-18 11:42:35.000000000 +0000 @@ -36,10 +36,11 @@ Tag: dh_testversion-is-deprecated Type: warning +Ref: dh_testversion(1) Info: This package calls dh_testversion in its debian/rules file. - As dh_testversion.1 says, dh_testversion is deprecated. Packages - using debhelper should use versioned build dependencies to ensure - that the correct version of debhelper is installed. + dh_testversion is deprecated. Packages using debhelper should use + versioned build dependencies to ensure that the correct version of + debhelper is installed. Tag: dh_dhelp-is-deprecated Type: warning @@ -53,22 +54,31 @@ Tag: dh_suidregister-is-obsolete Type: warning +Ref: dh_suidregister(1) Info: suidregister is obsoleted by dpkg-statoverride, so registration of files in with dh_suidregister is unnecessary, and even harmful. - . - Please refer to the dh_suidregister(1) manual page for more information. Tag: debhelper-compat-file-is-empty Type: error +Ref: debhelper(7) Info: The source package has an empty debian/compat file. This is an error, the compat level of debhelper should be in there. - . - Please refer to the debhelper(7) manual page for more information. Tag: declares-possibly-conflicting-debhelper-compat-versions Type: error +Ref: debhelper(7) Info: The source package declares the debhelper compatibility version - both in the debian/control file and in the rules file. If these ever + both in the debian/compat file and in the rules file. If these ever get out of synchronisation, the package may not build as expected. + +Tag: package-uses-deprecated-debhelper-compat-version +Type: warning +Ref: debhelper(7) +Info: The debhelper compatibility version used by this package is marked + as deprecated by the debhelper developer. You should really consider + using a newer compatibility version. . - Please refer to the debhelper(7) manual page for more information. + The compatibility version can be set in (preferred) + debian/compat or by setting and exporting DH_COMPAT in + debian/rules. If it is not set in either place, debhelper + defaults to the deprecated compatibility version 1. diff -urNad lintian-1.23.8/checks/description lintian-1.23.21/checks/description --- lintian-1.23.8/checks/description 2005-01-14 23:32:36.000000000 +0000 +++ lintian-1.23.21/checks/description 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# description -- lintian check script +# description -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::description; use strict; @@ -68,7 +68,7 @@ if ($synopsis =~ m/^\s*missing\s*$/i) { tag "description-is-debmake-template", "" unless $template++; } elsif ($synopsis =~ m//) { - tag "description-is-dh_make-template", ""; + tag "description-is-dh_make-template", "" unless $template++; } } @@ -80,7 +80,7 @@ if ($lines == 0) { my $firstline = lc $_; my $lsyn = lc $synopsis; - if ($firstline =~ /^\Q$lsyn\E/) { + if ($firstline =~ /^\Q$lsyn\E$/) { tag "description-synopsis-is-duplicated", ""; } else { $firstline =~ s/[^a-zA-Z0-9]+//g; @@ -113,7 +113,7 @@ if (m/^\s*missing\s*$/oi) { tag "description-is-debmake-template", "" unless $template++; } elsif (m//) { - tag "description-is-dh_make-template", ""; + tag "description-is-dh_make-template", "" unless $template++; } } diff -urNad lintian-1.23.8/checks/description.desc lintian-1.23.21/checks/description.desc --- lintian-1.23.8/checks/description.desc 2005-01-14 23:32:48.000000000 +0000 +++ lintian-1.23.21/checks/description.desc 2006-07-18 11:44:07.000000000 +0000 @@ -24,7 +24,7 @@ Type: error Info: The description contains a line starting with a dot (.). This is not allowed. -Ref: policy 5.6.12 +Ref: policy 5.6.13 Tag: description-too-long Type: error @@ -46,7 +46,7 @@ Tag: description-contains-tabs Type: error Info: The package "Description:" must not contain tab characters. -Ref: policy 5.6.12 +Ref: policy 5.6.13 Tag: description-starts-with-leading-spaces Type: warning @@ -60,7 +60,7 @@ starts with a dash (-) or asterisk (*). If this was meant to be a list of items these lines need to be indented (dselect would word-wrap these lines otherwise). -Ref: policy 5.6.12 +Ref: policy 5.6.13 Tag: description-is-debmake-template Type: error diff -urNad lintian-1.23.8/checks/fields lintian-1.23.21/checks/fields --- lintian-1.23.8/checks/fields 2004-12-25 23:40:20.000000000 +0000 +++ lintian-1.23.21/checks/fields 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# fields -- lintian check script (rewrite) +# fields -- lintian check script (rewrite) -*- perl -*- # # Copyright (C) 2004 Marc Brockschmidt # @@ -19,21 +19,74 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::fields; use strict; use lib "$ENV{'LINTIAN_ROOT'}/checks/"; use common_data; +use Dep; use Tags; use Util; +# Certain build tools must be listed in Build-Depends even if there are no +# arch-specific packages because they're required in order to run the clean +# rule. (See Policy 7.6.) The following is a list of package dependencies; +# regular expressions that, if they match anywhere in the debian/rules file, +# say that this package is allowed (and required) in Build-Depends; and +# optional tags to use for reporting the problem if some information other +# than the default is required. +my @global_clean_depends = ( + [ cdbs => '^include\s+/usr/share/cdbs/' ], + [ dbs => '^include\s+/usr/share/dbs/' ], + [ debhelper => '^include\s+/usr/share/cdbs/1/rules/debhelper.mk' ], + [ dpatch => '^include\s+/usr/share/cdbs/1/rules/dpatch.mk' ], + [ quilt => '^include\s+/usr/share/cdbs/1/rules/patchsys-quilt.mk' ], + [ dpatch => '^include\s+/usr/share/dpatch/' ], + [ 'quilt (>= 0.40)' => '^include\s+/usr/share/quilt/' ] +); + +# These are similar, but the resulting dependency is only allowed, not +# required. +my @global_clean_allowed = ( + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/dpatch.mk' ], + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/patchsys-quilt.mk' ], + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/simple-patchsys.mk' ], +); + +# The allowed Python dependencies currently. This is the list of alternatives +# that, either directly or through transitive dependencies that can be relied +# upon, ensure /usr/bin/python will exist for the use of dh_python. +my $python_depend = 'python | python-dev | python-all-dev'; + +# A list of packages; regular expressions that, if they match anywhere in the +# debian/rules file, this package must be listed in either Build-Depends or +# Build-Depends-Indep as appropriate; and optional tags as above. +my @global_depends = ( + [ $python_depend => '/usr/share/cdbs/1/class/python-distutils.mk' ], + [ $python_depend => '^\t\s*dh_python\s', 'missing-dh_python-build-dependency' ], + [ 'debhelper (>= 5.0.31)' => '^\t\s*dh_installxfonts', 'missing-dh_installxfonts-build-dependency' ], +); + +# Similarly, this list of packages, regexes, and optional tags say that if the +# regex matches in one of clean, build-arch, binary-arch, or a rule they +# depend on, this package is allowed (and required) in Build-Depends. +my @rule_clean_depends = ( + [ debhelper => '^\t\s*dh_.+' ], + [ dpatch => '^\t\s*dpatch\s' ], + [ patch => '^\t\s*(?:perl debian/)?yada\s+unpatch' ], + [ perl => '^\t\s*perl\s' ], + [ $python_depend => '^\t\s*python\s' ], + [ yada => '^\t\s*yada\s' ], +); + sub run { my $pkg = shift; my $type = shift; my $version; +my $arch_indep; local $/ = undef; #Read everything in one go @@ -105,8 +158,10 @@ } for my $arch (@archs) { - unless ($known_archs{$arch}) { - tag "unknown-architecture", ""; + if ($non_standard_archs{$arch}) { + tag "non-standard-architecture", "$arch"; + } elsif (! $known_archs{$arch}) { + tag "unknown-architecture", "$arch"; } } @@ -114,6 +169,9 @@ tag "too-many-architectures", "" if (@archs > 1); tag "arch-any-in-binary-pkg", "" if (grep { $_ eq "any" } @archs); } + + # Used for later tests. + $arch_indep = 1 if (@archs == 1 && $archs[0] eq 'all'); } #---- Subarchitecture (udeb) @@ -135,6 +193,8 @@ my $maintainer = ; close FH; + # Note, not expected to hit on uploaders anymore, as dpkg now strips + # newlines for the .dsc, and the newlines don't hurt in debian/control unfold($f, \$maintainer); $maintainer =~ s/^\s*(.+?)\s*$/$1/; #Remove leading and trailing whitespace @@ -212,6 +272,8 @@ } elsif (scalar @parts > 1) { tag "unknown-section", "$section" unless $known_archive_parts{$parts[0]}; tag "unknown-section", "$section" unless $known_sections{$parts[1]}; + } elsif ($parts[0] eq 'unknown') { + tag "section-is-dh_make-template"; } else { tag "unknown-section", "$section" unless $known_sections{$parts[0]}; } @@ -251,14 +313,31 @@ #---- Package relations (binary package) +# Check whether the package looks like a meta-package, used for later +# dependency checks. We consider a package to possibly be a meta-package if +# it is a binary package, arch: all, with no files outside of /usr/share/doc. +my $metapackage = 0; +if ($type eq 'binary' && $arch_indep) { + $metapackage = 1; + open IN, "index" or fail("cannot open index file index: $!"); + local $_; + local $/ = "\n"; + while () { + my ($mode, $file) = (split(' ', $_, 6))[0,5]; + next unless $file; + $metapackage = 0 unless ($mode =~ /^d/ || $file =~ m%^\./usr/share/doc/%); + } + close IN; +} if (($type eq "binary") || ($type eq 'udeb')) { - my %deps; + my (%deps, %fields); for my $field (qw(depends pre-depends recommends suggests conflicts provides replaces)) { if (open(FH, "fields/$field")) { #Get data and clean it my $data = ; unfold($field, \$data); $data =~ s/^\s*(.+?)\s*$/$1/; + $fields{$field} = $data; my (@seen_libstdcs, @seen_tcls, @seen_tclxs, @seen_tks, @seen_tkxs, @seen_libpngs); @@ -298,7 +377,7 @@ if ($d_version && grep { $d_version->[0] eq $_ } ("<", ">")); tag "bad-version-in-relation", "$field: $part_d_orig" - if ($d_version->[0] && ! (_valid_version($d_version->[1]))[1]); + if ($d_version->[0] && ! defined((_valid_version($d_version->[1]))[1])); tag "package-relation-with-self", "$field: $part_d_orig" if ($pkg eq $d_pkg) && ($field ne 'conflicts'); @@ -309,11 +388,14 @@ tag "depends-on-obsolete-package", "$field: $part_d_orig" if ($known_obsolete_packages{$d_pkg} && &$is_dep_field($field)); + tag "depends-on-x-metapackage", "$field: $part_d_orig" + if ($known_x_metapackages{$d_pkg} && ! $metapackage && &$is_dep_field($field)); + tag "depends-on-essential-package-without-using-version", "$field: $part_d_orig" if ($d_pkg ne "coreutils" && $known_essential{$d_pkg} && ! $d_version->[0] && &$is_dep_field($field)); tag "package-depends-on-an-x-font-package", "$field: $part_d_orig" - if ($field =~ /^(pre-)?depends$/ && $d_pkg =~ /^xfont.*/); + if ($field =~ /^(pre-)?depends$/ && $d_pkg =~ /^xfont.*/ && $d_pkg ne 'xfonts-utils' && $d_pkg ne 'xfongs-encodings'); tag "needlessly-depends-on-awk", "$field" if ($d_pkg eq "awk" && ! $d_version->[0] && &$is_dep_field($field)); @@ -321,6 +403,9 @@ tag "depends-on-libdb1-compat", "$field" if ($d_pkg eq "libdb1-compat" && $pkg !~ /^libc(6|6.1|0.3)/ && $field =~ /^(pre-)depends$/); + tag "depends-on-python-minimal", "$field", + if ($d_pkg eq "python-minimal" && &$is_dep_field($field)); + tag "doc-package-depends-on-main-package", "$field" if ("$d_pkg-doc" eq $pkg && $field =~ /^(pre-)depends$/); } @@ -340,6 +425,19 @@ } } + # If Conflicts is set, make sure it's not inconsistent with the other + # dependency fields. + if ($fields{conflicts}) { + for my $field (qw(depends pre-depends recommends suggests)) { + next unless $fields{$field}; + my $depend = Dep::parse($fields{$field}); + for my $conflict (split /\s*,\s*/, $fields{conflicts}) { + tag "conflicts-with-dependency", $conflict + if Dep::implies($depend, Dep::parse($conflict)); + } + } + } + for my $d_pkg_name (keys %deps) { my $d_pkg = $deps{$d_pkg_name}; if (scalar @$d_pkg > 1) { @@ -392,48 +490,62 @@ $arch_dep_packages++; } } - } - - if (-e "fields/build-depends" && $arch_dep_packages == 0) { - if (not open(BD, "fields/build-depends")) { - fail("Can't open fields/build-depends"); - } else { - my $build_depends = ; - close BD; + } - my $uses_dh = 0; - if (not open (RULES, "debfiles/rules")) { - fail("cannot read debfiles/rules: $!"); - } else { - my $target = "none"; - local $/ = "\n"; #Read this linewise - while () { - $target = $1 if (/^(\S+):/); - if (/^\s+dh_.+/ && grep ($_ eq $target, qw(clean binary-arch build-arch)) or - m#^include\s+/usr/share/cdbs/1/rules/debhelper.mk#) { - $uses_dh = "yes"; - last - } - } - close RULES; + # Search through rules and determine which dependencies are required. + # The keys in %needed and %needed_clean are the dependencies; the + # values are the tags to use or the empty string to use the default + # tag. + my (%needed, %needed_clean, %allowed_clean); + open (RULES, "debfiles/rules") or fail("cannot read debfiles/rules: $!"); + my $target = "none"; + local $/ = "\n"; # Read this linewise + my @rules = qw(clean binary-arch build-arch); + while () { + for my $rule (@global_clean_depends) { + if ($_ =~ /$rule->[1]/) { + $needed_clean{$rule->[0]} = $rule->[2] || $needed_clean{$rule->[0]} || ''; } - unless ($build_depends =~ /^\s*debhelper(?:\s+\((.+?)\))?(?:\s+(\[.+?\]))?\s*$/ && $uses_dh){ - tag "build-depends-without-arch-dep", "" + } + for my $rule (@global_clean_allowed) { + if ($_ =~ /$rule->[1]/) { + $allowed_clean{$rule->[0]} = 1; + } + } + for my $rule (@global_depends) { + if ($_ =~ /$rule->[1]/) { + $needed{$rule->[0]} = $rule->[2] || $needed{$rule->[0]} || ''; + } + } + if (/^(\S+):(.*)/) { + $target = $1; + if (grep ($_ eq $target, @rules)) { + push (@rules, split (' ', $2)); + } + } + if (grep ($_ eq $target, @rules)) { + for my $rule (@rule_clean_depends) { + if ($_ =~ /$rule->[1]/) { + $needed_clean{$rule->[0]} = $rule->[2] || $needed_clean{$rule->[0]} || ''; + } } } } + close RULES; tag "build-depends-indep-without-arch-indep", "" if (-e "fields/build-depends-indep" && $arch_indep_packages == 0); my $is_dep_field = sub { grep { $_ eq $_[0] } qw(build-depends build-depends-indep) }; - + + my %depend; for my $field (qw(build-depends build-depends-indep build-conflicts build-conflicts-indep)) { if (open(FH, "fields/$field")) { #Get data and clean it my $data = ; unfold($field, \$data); $data =~ s/^\s*(.+?)\s*$/$1/; + $depend{$field} = $data; for my $dep (split /\s*,\s*/, $data) { my @alternatives; @@ -446,8 +558,11 @@ my ($d_pkg, $d_version, $d_arch, $rest, $part_d_orig) = @$part_d; for my $arch (@{$d_arch->[0]}) { - tag "invalid-arch-string-in-source-relation", "$arch [$field: $part_d_orig]" - unless ($known_archs{$arch} || $arch eq "any" || $arch eq "all"); + if ($non_standard_archs{$arch}) { + tag "non-standard-arch-in-source-relation", "$arch [$field: $part_d_orig]"; + } elsif (!$known_archs{$arch} && $arch ne "any" && $arch ne "all") { + tag "invalid-arch-string-in-source-relation", "$arch [$field: $part_d_orig]" + } } tag "depends-on-build-essential-package-without-using-version", "$d_pkg [$field: $part_d_orig]" @@ -455,6 +570,11 @@ tag "build-depends-on-essential-package-without-using-version", "$field: $part_d_orig" if ($d_pkg ne "coreutils" && $known_essential{$d_pkg} && ! $d_version->[0]); + tag "build-depends-on-obsolete-package", "$field: $part_d_orig" + if ($known_obsolete_packages{$d_pkg} && &$is_dep_field($field)); + + tag "build-depends-on-x-metapackage", "$field: $part_d_orig" + if ($known_x_metapackages{$d_pkg} && &$is_dep_field($field)); tag "bad-relation", "$field: $part_d_orig" if $rest; @@ -462,6 +582,55 @@ } } } + $depend{'build-depends'} = Dep::parse($depend{'build-depends'} || ''); + $depend{'build-depends-indep'} = Dep::parse($depend{'build-depends-indep'} || ''); + + # Make sure build dependencies and conflicts are consistent. + for ($depend{'build-conflicts'}, $depend{'build-conflicts-indep'}) { + next unless $_; + for my $conflict (split /\s*,\s*/, $_) { + if (Dep::implies($depend{'build-depends'}, Dep::parse($conflict)) + || Dep::implies($depend{'build-depends-indep'}, Dep::parse($conflict))) { + tag "build-conflicts-with-build-dependency", $conflict; + } + } + } + + # Make sure that all the required build dependencies are there. Don't + # issue missing-build-dependency errors for debhelper, since there's + # another test that does that and it would just be a duplicate. + for my $package (keys %needed_clean) { + my $dep = Dep::parse($package); + my $tag = $needed_clean{$package} || 'missing-build-dependency'; + unless (Dep::implies($depend{'build-depends'}, $dep)) { + if (Dep::implies($depend{'build-depends-indep'}, $dep)) { + tag "build-depends-indep-should-be-build-depends", $package; + } else { + tag $tag, $package if $package ne 'debhelper'; + } + } + } + for my $package (keys %needed) { + my $dep = Dep::parse($package); + my $tag = $needed{$package} || 'missing-build-dependency'; + unless (Dep::implies($depend{'build-depends'}, $dep)) { + unless (Dep::implies($depend{'build-depends-indep'}, $dep)) { + tag $tag, $package; + } + } + } + if (-e "fields/build-depends" && $arch_dep_packages == 0) { + open(FH, "fields/build-depends") or fail("cannot read fields/build-depends: $!"); + my $build_depends = ; + close FH; + my @packages = split /\s*,\s*/, $build_depends; + foreach my $pkg (@packages) { + my ($name) = ($pkg =~ /^(\S+)/); + unless (defined $needed_clean{$name} || defined $allowed_clean{$name}) { + tag "build-depends-without-arch-dep", $name; + } + } + } } #----- Origin diff -urNad lintian-1.23.8/checks/fields.desc lintian-1.23.21/checks/fields.desc --- lintian-1.23.8/checks/fields.desc 2004-12-25 23:40:20.000000000 +0000 +++ lintian-1.23.21/checks/fields.desc 2006-07-18 11:44:07.000000000 +0000 @@ -1,7 +1,7 @@ Check-Script: fields Author: Marc 'HE' Brockschmidt Abbrev: fld -Standards-Version: 3.6.1 +Standards-Version: 3.6.2 Type: binary, udeb, source Unpack-Level: 1 Needs-Info: debfiles @@ -18,12 +18,12 @@ Info: A package name should be at least two characters long, must consist of the alphanumerics and `+' `-' and `.', and must start with an alphanumeric character. -Ref: policy 5.6.6 +Ref: policy 5.6.7 Tag: package-not-lowercase Type: error Info: New packages should not use uppercase characters in their names. -Ref: policy 5.6.6 +Ref: policy 5.6.7 Tag: no-version-field Type: error @@ -33,12 +33,12 @@ Tag: bad-version-number Type: error Info: The version number fails one of the syntactic requirements of dpkg. -Ref: policy 5.6.11 +Ref: policy 5.6.12 Tag: upstream-version-not-numeric Type: error Info: The upstream version number should start with a digit. -Ref: policy 5.6.11 +Ref: policy 5.6.12 Tag: debian-revision-not-well-formed Type: warning @@ -64,27 +64,35 @@ Type: error Info: The special architecture values `all' and `any' only make sense if they occur alone. -Ref: policy 5.6.7 +Ref: policy 5.6.8 Tag: unknown-architecture Type: warning Info: In addition to the special values `all' and `any', the architecture - names alpha, amd64, arm, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel, - powerpc, s390, sh, and sparc are currently in use. The special value - `source' is only used in .changes files and does not make sense in a binary - package or a .dsc file. + names alpha, arm, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel, powerpc, + s390, and sparc are currently in use. The special value `source' is only + used in .changes files and does not make sense in a binary package or a + .dsc file. + +Tag: non-standard-architecture +Type: info +Info: In addition to the special values `all', `any' and the names of the + architectures already in the archive (alpha, arm, hppa, hurd-386, i386, + ia64, m68k, mips, mipsel, powerpc, s390, sparc), there are some + architectures still waiting to be included in the archive. Examples + include kfreebsd-i386 and ppc64. Tag: too-many-architectures Type: error Info: A binary package should list exactly one architecture (the one it is compiled for), or the special value `all' if it is architecture-independent. -Ref: policy 5.6.7 +Ref: policy 5.6.8 Tag: arch-any-in-binary-pkg Type: error Info: The special architecture value `any' does not make sense in a binary package. -Ref: policy 5.6.7 +Ref: policy 5.6.8 Tag: no-maintainer-field Type: error @@ -102,7 +110,7 @@ Type: error Info: The maintainer field should contain the package maintainer's name and email address, with the name followed by the address inside angle - brackets (< and &rt;). The address seems to be missing. + brackets (< and >). The address seems to be missing. Ref: policy 5.6.2 Tag: maintainer-address-malformed @@ -137,7 +145,7 @@ Type: error Info: The uploader field should contain the package uploader's name and email address, with the name followed by the address inside angle - brackets (< and &rt;). The address seems to be missing. + brackets (< and >). The address seems to be missing. Ref: policy 5.6.2 Tag: uploader-address-malformed @@ -199,18 +207,18 @@ Tag: essential-in-source-package Type: error Info: This field should only appear in binary packages. -Ref: policy 5.6.8 +Ref: policy 5.6.9 Tag: essential-no-not-needed Type: error Info: Having `Essential: no' is the same as not having the field at all, so it just makes the Packages file longer with no benefit. -Ref: policy 5.6.8 +Ref: policy 5.6.9 Tag: unknown-essential-value Type: error Info: The only valid values for the Essential field are yes and no. -Ref: policy 5.6.8 +Ref: policy 5.6.9 Tag: no-section-field Type: warning @@ -235,6 +243,14 @@ is in the contrib distribution. Ref: policy 2.4 +Tag: section-is-dh_make-template +Type: error +Info: The `Section:' field in this package's control file is set to + unknown. This is not a valid section, and usually means a dh_make + template control file was used and never modified to set the correct + section. +Ref: policy 2.4 + Tag: wrong-section-for-udeb Type: warning Info: udeb packages should have `Section: debian-installer'. @@ -301,7 +317,7 @@ instead. Tag: bad-version-in-relation -Ref: policy 5.6.11 +Ref: policy 5.6.12 Type: error Info: The version number used in this relationship does not match the defined format of a version number. @@ -342,6 +358,28 @@ Type: error Info: The package depends on a package that has been superseded. +Tag: build-depends-on-obsolete-package +Type: error +Info: The package build-depends on a package that has been superseded. + +Tag: depends-on-x-metapackage +Type: error +Info: Packages that are not themselves metapackages must not depend on X + Window System metapackages. + . + The metapackages xorg, xorg-dev, x-window-system, x-window-system-dev, and + x-window-system-core exist only for the benefit of users and dependencies + for other metapackages and should not be used in regular package + dependencies. + +Tag: build-depends-on-x-metapackage +Type: error +Info: Packages must not build-depend on X Window System metapackages. + . + The metapackages xorg, xorg-dev, x-window-system, x-window-system-dev, and + x-window-system-core exist only for the benefit of users and should not + be used in package build dependencies. + Tag: depends-on-essential-package-without-using-version Type: error Ref: policy 3.5 @@ -371,11 +409,16 @@ Tag: invalid-arch-string-in-source-relation Type: error -Ref: policy 5.6.7 +Ref: policy 5.6.8 Info: The architecture string in the source relation does not follow policy. A common cause of this is a comma in the arch, i.e. [i386, m68k], it should be [i386 m68k]. +Tag: non-standard-arch-in-source-relation +Type: info +Info: The architecture string in the source relation is one of the + architectures still waiting to be included in the archive. + Tag: depends-on-build-essential-package-without-using-version Type: error Info: The package declares a depends on a build essential package without @@ -403,13 +446,46 @@ Tag: build-depends-without-arch-dep Type: warning Ref: policy 7.6 -Info: The control file specifies source relations for architecture-dependent - packages, but no architecture-dependent packages are built. There are some - exceptions, e.g. build dependencies that have to be satisfied while calling - the "clean" target of debian/rules, the most common case of which is a - Build-Depends: debhelper if you use dh_clean in the "clean" target. - In other cases, you most likely need to change Build-Depends to - Build-Depends-Indep. +Info: The control file lists the given package in Build-Depends, but no + architecture-dependent packages are built. If all the packages built are + architecture-independent, the only packages that should be listed in + Build-Depends are those required to run the clean target (such as + debhelper if you use dh_clean). Other build dependencies should be listed + in Build-Depends-Indep instead. + +Tag: build-depends-indep-should-be-build-depends +Type: error +Ref: policy 7.6 +Info: The specified package is required to run the clean target of + debian/rules and therefore must be listed in Build-Depends, even + if no architecture-dependent packages are built. + +Tag: missing-build-dependency +Type: error +Ref: policy 4.2 +Info: The package doesn't specify a build dependency on a package that is + used in debian/rules. + +Tag: missing-dh_python-build-dependency +Type: error +Ref: dh_python(1) +Info: The package runs dh_python in debian/rules but doesn't + build-depend on python or python-dev. dh_python requires + /usr/bin/python to run, so packages using dh_python must + build-depend on python (or python-dev or python-all-dev, which in turn + depend on python), even if they don't otherwise need Python to build. + +Tag: missing-dh_installxfonts-build-dependency +Type: error +Info: dh_installxfonts prior to debhelper 5.0.31 does not correctly handle + the paths and dependencies for the X.Org 7 modular tree. Any package + using dh_installxfonts must depend on at least debhelper (>= 5.0.31). + +Tag: build-conflicts-with-build-dependency +Type: error +Ref: policy 7.6 +Info: The package build-conflicts with a package that it also + build-depends on. Tag: package-has-a-duplicate-relation Type: warning @@ -472,6 +548,20 @@ glibc 2.0 or 2.1. There is intentionally no corresponding development package. Do not link new applications against this library! +Tag: depends-on-python-minimal +Type: error +Info: The python-minimal package exists only to possibly become an + Essential package. Depending on it is always an error since it should + never be installed without python. If it becomes Essential, there is no + need to depend on it, and until then, packages that require Python must + depend on python. + +Tag: conflicts-with-dependency +Type: error +Ref: 7.3 +Info: The package seems to conflict with one of its dependencies, + recommendations, or suggestions. + Tag: bad-menu-item Type: error Info: The field Installer-Menu-Item should only contain positive integer diff -urNad lintian-1.23.8/checks/files lintian-1.23.21/checks/files --- lintian-1.23.8/checks/files 2005-01-14 21:34:52.000000000 +0000 +++ lintian-1.23.21/checks/files 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# files -- lintian check script +# files -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz and Richard Braakman # @@ -15,11 +15,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::files; use strict; +use Dep; use Tags; use Util; @@ -70,6 +71,9 @@ } close(SCRIPTS); +# We only want to warn about this once. +my $warned_x11_predepends = 0; + # Read package contents... open(IN,"index") or fail("cannot open index file index: $!"); while () { @@ -229,17 +233,43 @@ tag "old-app-defaults-directory", "$file"; } - #----------------- /usr/{lib,bin,include}/X11/ - elsif ($file =~ m,^usr/(?:lib|bin|include)/X11/,) { - tag "package-installs-file-to-usr-something-x11", "$file"; + #----------------- /usr/{include,lib}/X11/ + # Packages installing files here must pre-depend on x11-common + # so that the symlinks will be sorted out first. + elsif ($file =~ m,^usr/(?:include|lib)/X11/, && !$warned_x11_predepends) { + if (open (FH, "fields/package")) { + my $name = ; + close FH; + $name =~ s/\n//g; + if ($name ne 'x11-common') { + my $pre_depends = ''; + if (open (FH, "fields/pre-depends")) { + $pre_depends = ; + close FH; + $pre_depends =~ s/\n//g; + } + $pre_depends = Dep::parse($pre_depends); + tag "file-in-usr-something-x11-without-pre-depends", "$file" + unless Dep::implies($pre_depends, Dep::parse('x11-common (>= 1:7.0.0)')); + } + } + + # Always set this so that we don't redo the check, even if we + # didn't warn. If the first instance didn't warn, none will. + $warned_x11_predepends = 1; } + #----------------- /usr/X11R6/ + elsif ($file =~ m,^usr/X11R6/bin,) { + tag "package-installs-file-to-usr-x11r6-bin", "$file"; + } + elsif ($file =~ m,^usr/X11R6/lib/X11/fonts,) { + tag "package-installs-font-to-usr-x11r6", "$file"; + } elsif ($file =~ m,^usr/X11R6/, and - $file !~ m,^usr/X11R6/lib/X11/fonts, and #font packages are allowed - $perm !~ m,^l, and #links to FHS locations are encouraged - $source_pkg ne "xfree86") { #The X Window System is allowed to do anything - tag "packages-installs-file-to-usr-x11r6", "$file"; + $perm !~ m,^l,) { #links to FHS locations are allowed + tag "package-installs-file-to-usr-x11r6", "$file"; } # ---------------- /usr/lib/sgml @@ -277,11 +307,14 @@ } } # ---------------- /usr/share/man and /usr/X11R6/man - elsif ($file =~ m,^usr/X11R6/man/\S+, or m,^usr/share/man/\S+, ) { + elsif ($file =~ m,^usr/X11R6/man/\S+, or $file =~ m,^usr/share/man/\S+,) { if ($type eq 'udeb') { tag "documentation-file", "$file"; } - if ($perm =~ m/^-.*[xt]/) { + if ($perm =~ m/^d/) { + tag "stray-directory-in-manpage-directory", "$file" + if ($file !~ m,^usr/(X11R6|share)/man/(?:[^/]+/)?(man\d/)?$,); + } elsif ($perm =~ m/^-.*[xt]/) { tag "executable-manpage", "$file"; } } @@ -303,7 +336,11 @@ tag "FSSTND-dir-in-usr", "$file"; } # FHS dirs - elsif ( $file !~ m,^usr/(X11R6|X386|bin|games|include|lib|local|sbin|share|src|spool|tmp)/, ) { + elsif ( $file !~ m,^usr/(X11R6|X386| + bin|games|include| + lib|lib32|lib64| + local|sbin|share| + src|spool|tmp)/,x ) { tag "non-standard-dir-in-usr", "$file"; } elsif ( $file =~ m,^usr/share/doc, ) { tag "uses-FHS-doc-dir", "$file"; @@ -368,7 +405,7 @@ } # ---------------- FHS directory? elsif ($file =~ m,^[^/]+/$, and $file ne './' and - $file !~ m,^(bin|boot|dev|etc|home|lib|mnt|opt|root|sbin|tmp|usr|var)/,) { # Make an exception for the base-files package here, because it + $file !~ m,^(bin|boot|dev|etc|home|lib(64|32)?|mnt|opt|root|sbin|tmp|usr|var)/,) { # Make an exception for the base-files package here, because it # installs a slew of top-level directories for setting up the # base system. (Specifically, /cdrom, /floppy, /initrd, and /proc # are not mentioned in the FHS). @@ -380,7 +417,7 @@ # ---------------- compatibility symlinks should not be used if ($file =~ m,^usr/(spool|tmp)/, or - $file =~ m,^usr/(doc|bin|lib|include)/X11/, or + $file =~ m,^usr/(doc|bin)/X11/, or $file =~ m,^var/adm/,) { tag "use-of-compat-symlink", "$file"; } @@ -393,8 +430,10 @@ # ---------------- any files if ($perm !~ m/^d/) { unless ($type eq 'udeb' or - $file =~ m,^usr/(bin|dict|doc|games|include|info|lib|man|sbin|share|src|X11R6)/, or - $file =~ m,^lib/(modules/|libc5-compat/)?, or + $file =~ m,^usr/(bin|dict|doc|games| + include|info|lib(32|64)?| + man|sbin|share|src|X11R6)/,x or + $file =~ m,^lib(32|64)?/(modules/|libc5-compat/)?, or $file =~ m,^var/(games|lib|www|named)/, or $file =~ m,^(bin|boot|dev|etc|sbin)/, or # non-FHS, but still usual @@ -449,7 +488,7 @@ # because a package had a HTML form for licenses called like that. # Another exception is made for various picture formats since # those are likely to just be simply pictures. - and not $file =~ m/\.(el|c|h|py|cc|pl|pm|html|php|xpm|png)$/ + and not $file =~ m/\.(el|c|h|py|cc|pl|pm|html|php|xpm|png|jpe?g|gif|svg)$/ and not defined $link) { tag "extra-license-file", "$file"; } @@ -468,11 +507,21 @@ tag "cvsignore-file-in-package", "$file"; } + # ---------------- arch-inventory files + if ($file =~ m/\.arch-inventory$/) { + tag "arch-inventory-file-in-package", "$file"; + } + # ---------------- subversion commit message backups if ($file =~ m/svn-commit.*\.tmp$/) { tag "svn-commit-file-in-package", "$file"; } + # ---------------- executables with language extensions + if ($file =~ m,^(usr/)?(s?bin|games)/[^/]+\.(pl|sh|py)$,) { + tag "script-with-language-extension", "$file"; + } + # ---------------- general: setuid/setgid files! if ($perm =~ m/s/) { my ($setuid, $setgid) = ("",""); @@ -486,14 +535,11 @@ $setuid = $user if ($operm & 04000); $setgid = $group if ($operm & 02000); - $wanted_operm = 0755; - # 1st special case: program is using svgalib: if (exists $linked_against_libvga{$file}) { # setuid root is ok, so remove it if ($setuid eq 'root') { undef $setuid; - $wanted_operm |= 04000; } } @@ -502,25 +548,30 @@ # setgid games is ok, so remove it if ($setgid eq 'games') { undef $setgid; - $wanted_operm |= 02000; } } - #allow anything with suid in the name + # 3rd special case: allow anything with suid in the name if ($pkg =~ m,-suid,) { undef $setuid; - $wanted_operm |= 04000; } + # Check for setuid and setgid that isn't expected. if ($setuid and $setgid) { tag "setuid-gid-binary", $file, sprintf("%04o $owner",$operm); } elsif ($setuid) { tag "setuid-binary", $file, sprintf("%04o $owner",$operm); } elsif ($setgid) { tag "setgid-binary", $file, sprintf("%04o $owner",$operm); - } elsif ($operm != $wanted_operm) { - tag "non-standard-executable-perm", - sprintf("$file %04o != %04o",$operm,$wanted_operm); + } + + # Check for permission problems other than the setuid status. + if (($operm & 0444) != 0444) { + tag "executable-is-not-world-readable", $file, + sprintf("%04o",$operm); + } elsif ($operm != 04755 && $operm != 02755 && $operm != 06755 && $operm != 04754) { + tag "non-standard-setuid-executable-perm", $file, + sprintf("%04o",$operm); } } # ---------------- general: executable files @@ -528,14 +579,17 @@ # executable if ($owner =~ m,root/games,) { if ($operm != 2755) { - tag "non-standard-executable-perm", $file, + tag "non-standard-game-executable-perm", $file, sprintf("%04o != 2755",$operm); } } else { - if ($operm != 0755) { + if (($operm & 0444) != 0444) { + tag "executable-is-not-world-readable", $file, + sprintf("%04o != 0755",$operm); + } elsif ($operm != 0755) { tag "non-standard-executable-perm", $file, sprintf("%04o != 0755",$operm); - } + } } } # ---------------- general: normal (non-executable) files @@ -549,6 +603,8 @@ # Ada library information files should be read-only # since GNAT behaviour depends on that # everything is ok + } elsif ($operm == 0600 and $file =~ m,etc/backup.d/,) { + # backupninja expects configurations files to be 0600 } elsif ($operm != 0644) { tag "non-standard-file-perm", $file, sprintf("%04o != 0644",$operm); @@ -574,6 +630,13 @@ if ($file =~ m,/\.svn/?$,) { tag "package-contains-svn-control-dir", "$file"; } + if ($file =~ m,/\.bzr/?$,) { + tag "package-contains-bzr-control-dir", "$file"; + } + if (($file =~ m,/\.arch-ids/?$,) + || ($file =~ m,/\{arch\}/?$,)) { + tag "package-contains-arch-control-dir", "$file"; + } if ($file =~ m,/.xvpics/?$,) { tag "package-contains-xvpics-dir", "$file"; } diff -urNad lintian-1.23.8/checks/files.desc lintian-1.23.21/checks/files.desc --- lintian-1.23.8/checks/files.desc 2005-01-14 21:34:51.000000000 +0000 +++ lintian-1.23.21/checks/files.desc 2006-07-18 11:44:07.000000000 +0000 @@ -1,7 +1,7 @@ Check-Script: files Author: Christian Schwarz Abbrev: fil -Standards-Version: 3.5.0 +Standards-Version: 3.7.0 Type: binary, udeb Unpack-Level: 1 Needs-Info: objdump-info, scripts @@ -23,22 +23,55 @@ this prevents X from replacing it with a compatability symlink. Ref: policy 11.8.6 -Tag: package-installs-file-to-usr-something-x11 +Tag: package-installs-font-to-usr-x11r6 Type: error -Info: Packages must not provide or install files into the directories - /usr/bin/X11/, /usr/include/X11/ or /usr/lib/X11/. +Info: The standard location for X fonts has moved to /usr/share/fonts/X11. + Packages providing X fonts must install them into the new path. Fonts + installed into the old /usr/X11R6/lib/X11/fonts path may not be seen by + the X server. + . + If the package uses imake, it must build-depend on xutils-dev (>= + 1:1.0.2-2) for the correct paths. If it uses dh_installxfonts to handle X + font installation, it must build-depend on debhelper (>= 5.0.31). +Ref: policy 11.8.5 + +Tag: package-installs-file-to-usr-x11r6-bin +Type: error +Info: Debian has switched to the modular X tree which now uses the regular + FHS paths, and all packages must follow. All packages installing binaries + must install them into /usr/bin (or some other appropriate location) + instead of /usr/X11R6/bin. + . + The x11-common package attempts to change /usr/X11R6/bin into a symlink + to /usr/bin, so if this migration has already occurred, a package + installing files into /usr/X11R6/bin may appear to install + successfully. However, such a package will be left in an inconsistent + state and may orphan files when the compatibility link goes away. + . + If the package uses imake, it must build-depend on xutils-dev (>= + 1:1.0.2-2) for the correct paths. Ref: policy 11.8.7 -Tag: packages-installs-file-to-usr-x11r6 -Type: warning +Tag: file-in-usr-something-x11-without-pre-depends +Type: error +Info: Packages that install files into /usr/include/X11 or /usr/lib/X11 + must pre-depend on at least x11-common (>= 1:7.0.0). These directories + used to be symlinks and installing files in them while they are still + symlinks will put files in the wrong locations and cause stranded files + and other problems. x11-common is responsible for converting the + symlinks to regular directories. +Ref: policy 11.8.7 + +Tag: package-installs-file-to-usr-x11r6 +Type: error Info: Packages using the X Window System should not be configured to install - files under the /usr/X11R6/ directory unless they use imake. The /usr/X11R6/ - directory hierarchy should be regarded as deprecated for all packages except - the X Window System itself. + files under the /usr/X11R6/ directory. Debian has switched to the modular + X tree which now uses regular FHS paths and all packages should follow. . - Programs that use GNU autoconf and automake are usually easily configured at - compile time to use /usr/ instead of /usr/X11R6/, and this should be done - whenever possible. + Programs that use GNU autoconf and automake are usually easily configured + at compile time to use /usr/ instead of /usr/X11R6/. Packages that use + imake must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct + paths. Ref: policy 11.8.7 Tag: config-file-reserved $file @@ -57,19 +90,18 @@ Type: error Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . - Instead, the Filesystem Hierarchy Standard (FHS), version 2.1, is + Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Tag: FSSTND-dir-in-var Type: error Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND. . - Instead, the Filesystem Hierarchy Standard (FHS), version 2.1, is + Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is used. You can find it in /usr/share/doc/debian-policy/fhs/ . Tag: package-installs-into-etc-rc.d Type: error -Severity: Important Info: The package installs files into the /etc/rc.d or /etc/rc?.d which is not allowed. Ref: policy 9.3.3 @@ -95,23 +127,27 @@ Tag: file-in-usr-local Type: error -Severity: Important Info: The package installs a file in /usr/local/... which is not allowed. Ref: policy 9.1.2 Tag: file-in-opt Type: error -Severity: Important Info: The package installs a file in /opt/... which is not allowed. +Tag: stray-directory-in-manpage-directory +Type: error +Info: This package installs a directory under /usr/share/man or + /usr/X11R6/man that isn't a manual section directory or locale + directory. +Ref: fhs 4.11.5 + Tag: executable-manpage Type: error Info: Manual pages are not meant to be executed. Tag: dir-in-usr-local Type: error -Severity: Important Info: The package installs a directory in /usr/local/... which is not allowed. . @@ -134,40 +170,68 @@ Type: warning Info: The directory has a mode different from 0755, and it's not one of the known exceptions. +Ref: policy 10.9 -Tag: non-standard-game-executable-perm +Tag: executable-is-not-world-readable Type: warning -Info: The file has a mode different from 2755 or 0755. In some cases this - is intentional, but in other cases this is a bug. +Info: All executabless should be readable by any user. Since anyone can + download the Debian package and obtain a copy of the executable, no + security is gained by making the executable unreadable even for setuid + binaries. If only members of a certain group may execute this file, + remove execute permission for world, but leave read permission. +Ref: policy 10.9 Tag: non-standard-executable-perm Type: warning -Info: The file has a mode different from 0755. In some cases this is - intentional, but in other cases this is a bug. +Info: Executables that are not setuid or setgid should always have a mode + of 0755. Since anyone can obtain the executable by downloading the + Debian package and extracting it, restricting access serves little + purpose. +Ref: policy 10.9 + +Tag: non-standard-game-executable-perm +Type: warning +Info: The file is owned by the games group but is not mode 2755. If a + game does not have to be setgid games, it should be owned by the root + group like any other executable. This executable is either owned by the + wrong group or is not setgid when it should be. + +Tag: non-standard-setuid-executable-perm +Type: warning +Info: The file is setuid or setgid and has a mode different from any of + 2755, 4755, 4754, or 6755. Any other permissions on setuid executables + is probably a bug. In particular, removing root write privileges serves + no purpose, group-writable setuid or setgid executables are probably bad + ideas, and setgid executables that are not world-executable serve little + purpose. +Ref: policy 10.9 Tag: setuid-binary Type: warning -Info: The file is tagged SETUID. In some cases this is - intentional, but in other cases this is a bug. +Info: The file is tagged SETUID. In some cases this is intentional, but in + other cases this is a bug. If this is intentional, please add a lintian + override to document this fact. Tag: setgid-binary Type: warning -Info: The file is tagged SETGID. In some cases this is - intentional, but in other cases this is a bug. +Info: The file is tagged SETGID. In some cases this is intentional, but in + other cases this is a bug. If this is intentional, please add a lintian + override to document this fact. Tag: setuid-gid-binary Type: warning Info: The file is tagged SETUID and SETGID. In some cases this is - intentional, but in other cases this is a bug. + intentional, but in other cases this is a bug. If this is intentional, + please add a lintian override to document this fact. Tag: non-standard-file-perm Type: warning Info: The file has a mode different from 0644. In some cases this is intentional, but in other cases this is a bug. +Ref: policy 10.9 Tag: special-file Type: error -Severity: Important Info: The package contains a special file (e.g., a device file). This is forbidden by current policy. If your program needs this device, you should create it by calling makedev from the postinst @@ -434,6 +498,18 @@ accident, since Subversion version control directories usually don't belong in packages. +Tag: package-contains-bzr-control-dir +Type: warning +Info: Package contains a .bzr directory. It was most likely installed by + accident, since bazaar-ng version control directories usually don't belong + in packages. + +Tag: package-contains-arch-control-dir +Type: warning +Info: Package contains a {arch} or .arch-ids directory. It was most likely + installed by accident, since Arch version control directories usually don't + belong in packages. + Tag: package-contains-xvpics-dir Type: error Info: Package contains a .xvpics directory. It was most likely installed by @@ -444,6 +520,11 @@ Info: Package contains a '.cvsignore' file. It may have been installed by accident. +Tag: arch-inventory-file-in-package +Type: warning +Info: Package contains a '.arch-inventory' file. It may have been installed by + accident. + Tag: svn-commit-file-in-package Type: warning Info: Package contains a 'svn-commit(.NNN).tmp' file. This file is almost @@ -495,3 +576,22 @@ files that are intended to create a menu should be placed in /usr/share/applications/, and no longer in /usr/share/gnome/apps or /usr/share/applnk + +Tag: file-in-usr-lib-cgi-bin +Type: warning +Info: Packages shipping web server CGI files should install them in + /usr/lib/cgi-lib, not in /usr/lib/cgi-bin. This is + done to avoid conflicts with the cgi-bin script alias, which is reserved + for the local use of webmasters. Web servers should include /cgi-lib/ as + a standard ScriptAlias pointing to that directory. +Ref: policy 11.5 + +Tag: script-with-language-extension +Type: warning +Info: When scripts are installed into a directory in the system PATH, the + script name should not include an extension such as .sh or + .pl that denotes the scripting language currently used to + implement it. The implementation language may change; if it does, + leaving the name the same would be confusing and changing it would be + disruptive. +Ref: policy 10.4 diff -urNad lintian-1.23.8/checks/infofiles lintian-1.23.21/checks/infofiles --- lintian-1.23.8/checks/infofiles 2004-05-11 23:31:10.000000000 +0000 +++ lintian-1.23.21/checks/infofiles 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# infofiles -- lintian check script +# infofiles -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # Copyright (C) 2001 Josip Rodin @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::infofiles; use strict; @@ -116,7 +116,8 @@ tag "install-info-not-called-with-quiet-option", "" unless $postinst{'calls-install-info-quiet'}; tag "install-info-not-called-with-section-option", "" - unless $postinst{'calls-install-info-section'}; + unless ( $postinst{'calls-install-info-section'} + || $postinst{'calls-install-info-remove'} ) ; } if ($prerm{'calls-install-info'}) { # it must use the --quiet option @@ -175,6 +176,8 @@ $pres->{'calls-install-info-quiet'} = 1; } elsif ($piece eq '--section') { $pres->{'calls-install-info-section'} = 1; + } elsif ($piece eq '--remove') { + $pres->{'calls-install-info-remove'} = 1; } } } diff -urNad lintian-1.23.8/checks/init.d lintian-1.23.21/checks/init.d --- lintian-1.23.8/checks/init.d 2004-10-12 22:16:58.000000000 +0000 +++ lintian-1.23.21/checks/init.d 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# init.d -- lintian check script +# init.d -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::init_d; use strict; @@ -38,12 +38,18 @@ my %initd_postrm; my %conffiles; +my $opts_r = qr/-\S+\s*/; +my $name_r = qr/[\w.-]+/; +my $action_r = qr/\w+/; +my $exclude_r = qr/if\s+\[\s+-x\s+\S*update-rc\.d/; + # read postinst control file if (open(IN,$postinst)) { while () { - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o; + next if /$exclude_r/o; s/\#.*$//o; - next unless /^(?:.+;)?\s*update-rc\.d\s+(?:-\S+\s*)*(\S+)\s+(\S+)/; + next unless /^(?:.+;)?\s*update-rc\.d\s+ + (?:$opts_r)*($name_r)\s+($action_r)/xo; my ($name,$opt) = ($1,$2); next if $opt eq 'remove'; if ($initd_postinst{$name}++ == 1) { @@ -60,9 +66,9 @@ # read preinst control file if (open(IN,$preinst)) { while () { - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o; + next if /$exclude_r/o; s/\#.*$//o; - next unless m/update-rc\.d\s+(?:-\S+\s*)*(\S+)\s+(\S+)/o; + next unless m/update-rc\.d\s+(?:$opts_r)*($name_r)\s+($action_r)/o; my ($name,$opt) = ($1,$2); next if $opt eq 'remove'; tag "preinst-calls-updaterc.d", "$name"; @@ -73,9 +79,9 @@ # read postrm control file if (open(IN,$postrm)) { while () { - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o; + next if /$exclude_r/o; s/\#.*$//o; - next unless m/update-rc\.d\s+(-\S+\s*)*(\S+)/; + next unless m/update-rc\.d\s+($opts_r)*($name_r)/o; if ($initd_postrm{$2}++ == 1) { tag "duplicate-updaterc.d-calls-in-postrm", "$2"; next; @@ -90,9 +96,9 @@ # read prerm control file if (open(IN,$prerm)) { while () { - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o; + next if /$exclude_r/o; s/\#.*$//o; - next unless m/update-rc\.d\s+(-\S+\s*)*(\S+)/; + next unless m/update-rc\.d\s+($opts_r)*($name_r)/o; tag "prerm-calls-updaterc.d", "$2"; } close(IN); diff -urNad lintian-1.23.8/checks/manpages lintian-1.23.21/checks/manpages --- lintian-1.23.8/checks/manpages 2004-12-25 23:40:20.000000000 +0000 +++ lintian-1.23.21/checks/manpages 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# manpages -- lintian check script +# manpages -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::manpages; use strict; @@ -200,8 +200,8 @@ my ($i, $first) = (0, ""); do { $first = $manfile[$i++] || ""; - } while ($first =~ /^\.\\"/ && $manfile[$i]); - + } while ($first =~ /^\.\\"/ && $manfile[$i]); #"); + unless ($first) { tag "empty-manual-page", "$file"; } elsif ($first =~ /^\.so\s+(.+)?$/) { @@ -235,10 +235,49 @@ # negatives. When man-db is fixed, this limitation should be # removed. if ($path =~ m,/man/man\d/,) { - if (system("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) { - tag "manpage-has-bad-whatis-entry", "$file"; + if (system_env("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) { + tag "manpage-has-bad-whatis-entry", "$file"; } } + # If it's not a .so link, run it through "man" to check for errors. + # If it is in a directory with the standard man layout, cd to the + # parent directory before running man so that .so directives are + # processed properly. (Yes, there are man pages that include other + # pages with .so but aren't simple links; rbash, for instance.) + my $cmd; + if ($file =~ m,^(.*)/(man\d/.*)$,) { + $cmd = "cd unpacked/\Q$1\E && man -l \Q$2\E"; + } else { + $cmd = "man -l unpacked/\Q$file\E"; + } + my $pid = open MANERRS, '-|'; + if (not defined $pid) { + fail("cannot run man -l: $!"); + } elsif ($pid == 0) { + my %newenv = (LANG => 'C', PATH => $ENV{PATH}); + undef %ENV; + %ENV = %newenv; + exec "($cmd >/dev/null) 2>&1" + or fail("cannot run man -l: $!"); + } + while () { + # ignore progress information from man + next if /^Reformatting/; + next if /^\s*$/; + # ignore errors from gzip, will be dealt with at other places + next if /^(man|gzip)/; + # ignore 8bit character errors on localized man pages + if ($lang ne "") { + next if /warning: can\'t find numbered character/; + next if /warning \[.*\]: cannot adjust line/; + next if /warning \[.*\]: can\'t break line/; + } + chomp; + s/^[^:]+://o; + tag "manpage-has-errors-from-man", "$file", "$_"; + last; + } + close(MANERRS); # Now we search through the whole man page for some common errors my $lc = 0; my $hc = 0; @@ -248,7 +287,7 @@ next if $line =~ /^\.\\\"/o; # comments .\" if ($line =~ /^\.TH\s/) { # header require Text::ParseWords; - my ($th_command, $th_title, $th_section, $th_date ) = + my ($th_command, $th_title, $th_section, $th_date ) = Text::ParseWords::parse_line( '\s+', 0, $line); if ($th_section && (lc($fn_section) ne lc($th_section))) { tag "manpage-section-mismatch", "$file:$lc $fn_section != $th_section"; diff -urNad lintian-1.23.8/checks/manpages.desc lintian-1.23.21/checks/manpages.desc --- lintian-1.23.8/checks/manpages.desc 2004-12-25 23:40:20.000000000 +0000 +++ lintian-1.23.21/checks/manpages.desc 2006-07-18 11:44:07.000000000 +0000 @@ -9,7 +9,6 @@ Tag: bad-link-to-undocumented-manpage Type: error -Severity: Important Info: The symbolic link should reference `../man[237]/undocumented.[237].gz' for manual pages in /usr/share/man or @@ -95,6 +94,27 @@ See also groff_man(7) and groff_mdoc(7) for general information on writing manual pages. +Tag: manpage-has-errors-from-man +Type: warning +Info: This man page provokes warnings or errors from man. + . + "cannot adjust" or "can't break" are trouble with paragraph filling, + usually related to long lines. Adjustment can be helped by left + justifying, breaks can be helped with hyphenation, see "Manipulating + Filling and Adjusting" and "Manipulating Hyphenation" in the manual. + . + "can't find numbered character" usually means latin1 etc in the input, and + this warning indicates characters will be missing from the output. You can + change to escapes like \[:a] described on the groff_char man page. + . + Other warnings are often formatting typos, like missing quotes around a + string argument to .IP. These are likely to result in lost or malformed + output. See the groff_man (or groff_mdoc if using mdoc) man page for + information on macros. + . + At worst, warning messages can be disabled with the .warn directive, see + "Debugging" in the groff manual. + Tag: manpage-for-x11-binary-in-wrong-directory Type: error Info: Manual pages for binaries which are located in /usr/X11R6/bin diff -urNad lintian-1.23.8/checks/nmu lintian-1.23.21/checks/nmu --- lintian-1.23.8/checks/nmu 2004-10-12 21:22:43.000000000 +0000 +++ lintian-1.23.21/checks/nmu 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# nmu -- lintian check script +# nmu -- lintian check script -*- perl -*- # Copyright (C) 2004 Jeroen van Wolffelaar # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::nmu; use strict; @@ -31,6 +31,15 @@ my $changelog_mentions_qa = 0; my $uploader = undef; +# This isn't really an NMU check, but right now no other check looks at +# debian/changelog in source packages. Catch a debian/changelog file that's a +# symlink. If it was a symlink to a file we didn't unpack, bail rather than +# abort. +if (-l "debfiles/changelog") { + tag "changelog-is-symlink", ""; + return 0 unless -f "debfiles/changelog"; +} + open CHANGELOG, "debfiles/changelog" or fail("Failed opening changelog"); ; my $firstline = 1; diff -urNad lintian-1.23.8/checks/nmu.desc lintian-1.23.21/checks/nmu.desc --- lintian-1.23.8/checks/nmu.desc 2005-01-26 12:01:32.000000000 +0000 +++ lintian-1.23.21/checks/nmu.desc 2006-07-18 11:44:07.000000000 +0000 @@ -49,3 +49,14 @@ Maybe you didn't intend this upload to be a NMU, in that case, please doublecheck that the most recent entry in the changelog is byte-for-byte identical to the maintainer or one of the uploaders. + +Tag: changelog-is-symlink +Type: warning +Info: The file debian/changelog is a symlink instead of a regular + file. This is unnecessary and makes package checking and manipulation + more difficult. If the changelog should be available in the source + package under multiple names, make debian/changelog the real + file and the other names symlinks to it. + . + This problem may have prevented lintian from performing other checks, + leading to undetected changelog errors. diff -urNad lintian-1.23.8/checks/scripts lintian-1.23.21/checks/scripts --- lintian-1.23.8/checks/scripts 2005-01-14 17:19:55.000000000 +0000 +++ lintian-1.23.21/checks/scripts 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# scripts -- lintian check script +# scripts -- lintian check script -*- perl -*- # # This is probably the right file to add a check for the use of # set -e in bash and sh scripts. @@ -19,8 +19,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::scripts; use strict; @@ -40,21 +40,27 @@ 'csh' => '/bin/csh', 'dash' => '/bin/dash', 'expect' => '/usr/bin/expect', + 'expectk' => '/usr/bin/expectk', + 'fish' => '/usr/bin/fish', 'gawk' => '/usr/bin/gawk', + 'gbx' => '/usr/bin/gbx', + 'gbx2' => '/usr/bin/gbx2', 'gforth' => '/usr/bin/gforth', 'gnuplot' => '/usr/bin/gnuplot', 'guile' => '/usr/bin/guile', - 'install-fvwmgenmenu' => '/usr/sbin/install-fvwmgenmenu', - 'install-menu' => '/usr/sbin/install-menu', + 'install-menu' => '/usr/bin/install-menu', 'js' => '/usr/bin/js', 'kforth' => '/usr/bin/kforth', 'ksh' => '/bin/ksh', + 'lefty' => '/usr/bin/lefty', + 'lua50' => '/usr/bin/lua50', 'magicfilter' => '/usr/sbin/magicfilter', 'make' => '/usr/bin/make', 'mawk' => '/usr/bin/mawk', 'nawk' => '/usr/bin/nawk', 'ocaml' => '/usr/bin/ocamlrun', 'ocamlrun' => '/usr/bin/ocamlrun', + 'parrot' => '/usr/bin/parrot', 'perl' => '/usr/bin/perl', 'perl-5.005' => '/usr/bin/perl-5.005', 'perl-5.004' => '/usr/bin/perl-5.004', @@ -70,6 +76,7 @@ 'python2.2' => '/usr/bin/python2.2', 'python2.3' => '/usr/bin/python2.3', 'python2.4' => '/usr/bin/python2.4', + 'python2.5' => '/usr/bin/python2.5', 'rexx' => '/usr/bin/rexx', 'regina' => '/usr/bin/regina', 'rc' => '/usr/bin/rc', @@ -82,6 +89,8 @@ 'scsh' => '/usr/bin/scsh', 'sed' => '/bin/sed', 'sh' => '/bin/sh', + 'slsh' => '/usr/bin/slsh', + 'speedy' => '/usr/bin/speedy', 'tcl' => '/usr/bin/tcl', 'tclsh' => '/usr/bin/tclsh', 'tclsh8.3' => '/usr/bin/tclsh8.3', @@ -94,7 +103,7 @@ 'wish8.3' => '/usr/bin/wish8.3', 'wish8.4' => '/usr/bin/wish8.4', 'yforth' => '/usr/bin/yforth', - 'zsh' => '/usr/bin/zsh' + 'zsh' => '/bin/zsh' ); my %interpreter_dependencies = ( @@ -104,17 +113,24 @@ 'csh' => 'c-shell', 'dash' => 'dash', 'expect' => 'expect', + 'expectk' => 'expectk', + 'fish' => 'fish', 'gawk' => 'gawk', + 'gbx' => 'gambas-runtime', + 'gbx2' => 'gambas2-runtime', 'gforth' => 'gforth', 'gnuplot' => 'gnuplot', 'guile' => 'guile', 'js' => 'ngs-js', 'kforth' => 'kforth', 'ksh' => 'pdksh', + 'lefty' => 'graphviz', + 'lua50' => 'lua50', 'magicfilter' => 'magicfilter', - 'make' => 'make', + 'make' => 'make,build-essential', 'mawk' => 'mawk', 'ocaml' => 'ocaml', + 'parrot' => 'parrot', 'perl-5.005' => 'perl-5.005', 'perl-5.004' => 'perl-5.004', 'pforth' => 'pforth', @@ -129,7 +145,9 @@ 'runhugs1.4' => 'hugs', 'runhugs98' => 'hugs98', 'scsh' => 'scsh', - 'tcl' => 'tcl', + 'slsh' => 'slsh', + 'speedy' => 'speedy-cgi-perl', + 'tcl' => 'tclx8.3', 'tclsh' => 'tclsh', 'tclsh8.3' => 'tcl8.3', 'tclsh8.4' => 'tcl8.4', @@ -140,6 +158,16 @@ 'zsh' => 'zsh' ); +# Appearance of one of these regexes in a maintainer script means that there +# must be a dependency (or pre-dependency) on the given package. The tag +# reported is maintainer-script-needs-depends-on-%s, so be sure to update +# scripts.desc when adding a new rule. +my @depends_needed = ( + [ adduser => '\badduser\b' ], + [ netbase => '\bupdate-inetd\b' ], + [ ucf => '\bucf\s' ], +); + my %executable = (); my %suid = (); my %ELF = (); @@ -231,7 +259,8 @@ unless ($executable{$filename} or $filename =~ m,usr/(lib|share)/.*\.pm, or $filename =~ m,\.in$, or - $filename =~ m,etc/menu-methods,); + $filename =~ m,etc/menu-methods, or + $filename =~ m,etc/X11/Xsession.d,); if (exists $valid_interpreters{$base}) { unless ($interpreter eq $valid_interpreters{$base} or @@ -240,27 +269,33 @@ if ($base =~ /^(ruby|python)(?:\d\.\d)?$/) { tag_error("wrong-path-for-$1", $filename, "#!$interpreter"); } else { - tag_error("wrong-path-for-$base", $filename, "#!$interpreter"); + tag_error("wrong-path-for-interpreter", + "#!$interpreter != $valid_interpreters{$base}", + "($filename)"); } } - + # Do not complain about dependencies for non-executable scripts. if ($executable{$filename}) { if (exists $interpreter_dependencies{$base}) { - my $dep = $interpreter_dependencies{$base}; - tag_error("$base-script-but-no-$dep-dep", $filename) - unless ($deps{$dep}); + my @deps = split(/,/,$interpreter_dependencies{$base}); + if ($base =~ /^(php\d?|(m|g)awk)/) { + tag_error("$base-script-but-no-$deps[0]-dep", $filename) + unless (scalar map { $deps{$_}?$_:() } @deps); + } else { + tag_error("missing-dep-for-interpreter", + "$base => $deps[0]", "($filename)") + unless (scalar map { $deps{$_}?$_:() } @deps); + } } elsif ($base =~ /^python(\d.\d)?$/) { my $ver = $1 ? $1 : ""; tag_error("python-script-but-no-python-dep", $filename) - unless ($deps{"python$ver"}); + unless ($deps{"python$ver"} + || $deps{"python${ver}-minimal"}); } elsif ($base =~ /^ruby(\d.\d)?$/) { my $ver = $1 ? $1 : ""; tag_error("ruby-script-but-no-ruby-dep", $filename) unless ($deps{"ruby$ver"}); - } elsif ($base eq 'pike') { - tag_error("pike-script-but-no-pike-dep", $filename) - unless ($deps{'pike'} or $deps{'pike7'}); } elsif ($base eq 'perl' && $suid{$filename}) { tag_error("suid-perl-script-but-no-perl-suid-dep", $filename) unless ($deps{'perl-suid'}); @@ -293,10 +328,15 @@ tag_warn("csh-considered-harmful", $filename) if (($base eq 'csh' or $base eq 'tcsh') and $executable{$filename}); + # Don't syntax-check scripts in /usr/src that end in .dpatch. bash -n + # doesn't stop checking at exit 0 and goes on to blow up on the patch + # itself. if ($base =~ /^(?:(?:b|d)?a|k|z)?sh$/) { if (-x "$interpreter" && ! script_is_evil_and_wrong("unpacked/$filename")) { - if (system("$interpreter -n unpacked/$filename >/dev/null 2>&1")) { - tag_error("shell-script-fails-syntax-check", $filename); + if ($filename !~ m,^./usr/src/.*\.dpatch$,) { + if (check_script_syntax($interpreter, "unpacked/$filename")) { + tag_error("shell-script-fails-syntax-check", $filename); + } } } next; @@ -350,10 +390,10 @@ or $base eq 'perl'); if (exists $interpreter_dependencies{$base}) { - my $dep = $interpreter_dependencies{$base}; + my @deps = split(/,/,$interpreter_dependencies{$base}); tag_error("interpreter-without-predep", $filename, "#!$interpreter") - unless (exists $deps{$dep} and $deps{$dep} eq 'pre-depends'); + unless (scalar map { ($deps{$_} && $deps{$_} eq 'pre-depends')?$_:() } @deps); } elsif ($base eq 'python') { tag_error("interpreter-without-predep", $filename, "#!$interpreter") @@ -381,7 +421,7 @@ # perhaps just do it when $base eq "sh" instead? $checkbashisms = $base eq "sh" ? 1 : 0; if (-x $valid_interpreters{$base}) { - if (system("$interpreter -n $filename >/dev/null 2>&1")) { + if (check_script_syntax($interpreter, $filename)) { tag_error("maintainer-shell-script-fails-syntax-check", $file); } } @@ -396,30 +436,41 @@ open C, "$filename" or fail("cannot open maintainer script $filename for reading: $!"); - my ($warned_tmp, $warned_killall); + my %warned; + my ($saw_init, $saw_invoke); my $cat_string = ""; while () { next if m,^\s*\#,; # skip comment lines s/\#.*$//; # eat comments chomp(); - if (m,\W(/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) { + if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) { tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", "$file:$." - unless $warned_tmp; - $warned_tmp = 1; + unless $warned{tmp}; + $warned{tmp} = 1; } if (m/^\s*killall(?:\s|$)/) { tag "killall-is-dangerous", "$file:$." - unless $warned_killall; - $warned_killall = 1; - } - if (m/^\s*dpkg\s+--print-architecture\b/) { - tag "dpkg-print-architecture-in-maintainer-script", "$file:$."; + unless $warned{killall}; + $warned{killall} = 1; } if (m/^\s*mknod(?:\s|$)/ and not m/\sp\s/) { tag "mknod-in-maintainer-script", "$file:$."; } + # Collect information about init script invocations to catch running + # init scripts directory rather than through invoke-rc.d. Since the + # script is allowed to run the init script directly if invoke-rc.d + # doesn't exist, only tag direct invocations where invoke-rc.d is + # never used in the same script. Lots of false negatives, but + # hopefully not many false positives. + if (m%^\s*/etc/init.d/(\S+)\s+[\"\']?(\S+)[\"\']?%) { + $saw_init = $.; + } + if (m%^\s*invoke-rc.d\s+%) { + $saw_invoke = $.; + } + if ($shellscript) { if (m/^\s*cat\s*\<\<\s*(\w+)/) { $cat_string = $1; @@ -431,37 +482,45 @@ if (m,(^|\s+)((/usr)?/bin/)?((b|d)?a|k|z|t?c)sh\s+-c\s*.+,) { $within_another_shell = 1; } + #Don't use chown foo.bar: + if (m{(chown\s+[-_A-Za-z0-9]+\.[-_A-Za-z0-9]+)\s+}) { + tag "deprecated-chown-usage", "$file:$. \'$1\'"; + } # if cat_string is set, we are in a HERE document and need not # check for things if ($cat_string eq "" and $checkbashisms and !$within_another_shell) { my $found = 0; + my $found_strict = 0; my $match = ''; + my @bashism_string_regexs = ( + '\$\[\w+\]', # arith not allowed + '\$\{\w+\:\d+(?::\d+)?\}', # ${foo:3[:1]} + '\$\{\w+(/.+?){1,2}\}', # ${parm/?/pat[/str]} + '\$\{\#?\w+\[[0-9\*\@]+\]\}',# bash arrays, ${name[0|*|@]} + ); my @bashism_regexs = ( 'function \w+\(\s*\)', # function is useless - # should be '.', not 'source' + # should be '.', not 'source' '(?:^|\s+)source\s+(?:\.\/|\/|\$)[^\s]+', '(\[|test|-o|-a)\s*[^\s]+\s+==\s', # should be 'b = a' - '\s\|\&', # pipelining is not POSIX - '\$\[\w+\]', # arith not allowed - '\$\{\w+\:\d+(?::\d+)?\}', # ${foo:3[:1]} - '\$\{\w+(/.+?){1,2}\}', # ${parm/?/pat[/str]} - '[^\\\]\{([^\s]+?,)+[^\\\}\s]+\}', # brace expansion + '\s(\|\&)', # pipelining is not POSIX + '[^\\\]\{([^\s]+?,)+[^\\\}\s]+\}', # brace expansion '(?:^|\s+)\w+\[\d+\]=', # bash arrays, H[0] - '\$\{\#?\w+\[[0-9\*\@]+\]\}', # bash arrays, ${name[0|*|@]} - '(?:^|\s+)(read\s*(?:;|$))' # read without variable + '(?:^|\s+)read\s*(?:;|$)', # read without variable + '(?:^|\s+)kill\s+-[^sl]\w*', # kill -[0-9] or -[A-Z] + '(?:^|\s+)trap\s+["\']?.*["\']?\s+.*[1-9]', # trap with signal numbers + '\&>', # cshism + '\[\[(?!:)', # alternative test command ); + my @strict_posix_regexs = ( + '((?:test|\[)\s+.+\s-[ao])\s',# test/[ -a/-o binary operators + '(?:^\s*)local\s', # local scoping of variables + ); - for my $re (@bashism_regexs) { - if (m/($re)/) { - $found = 1; - $match = $1; - last; - } - } # since this test is ugly, I have to do it by itself # detect source (.) trying to pass args to the command it runs if (not $found and m/^\s*(\.\s+[^\s]+\s+([^\s]+))/) { - if ($2 eq '&&' || $2 eq '||') { + if ($2 =~ /^(\&|\||\d?>|<)/) { # everything is ok ; } else { @@ -469,7 +528,46 @@ $match = $1; } } - unless ($found == 0) { + + # Ignore anything inside single quotes; it could be an + # argument to grep or the like. + my $line = $_; + $line =~ s/([^\\](?:\\\\)*)\'(?:\\.|[^\\\'])+\'/$1''/g; + + for my $re (@bashism_string_regexs) { + if ($line =~ m/($re)/) { + $found = 1; + ($match) = m/($re)/; + last; + } + } + + # We've checked for all the things we still want to notice in + # double-quoted strings, so now remove those strings as well. + unless ($found) { + $line =~ s/([^\\](?:\\\\)*)\"(?:\\.|[^\\\"])+\"/$1""/g; + for my $re (@bashism_regexs) { + if ($line =~ m/($re)/) { + $found = 1; + ($match) = m/($re)/; + last; + } + } + } + unless ($found) { + for my $re (@strict_posix_regexs) { + if ($line =~ m/($re)/) { + $found = 1; + $found_strict = 1; + ($match) = m/($re)/; + last; + } + } + } + + if ($found && $found_strict) { + tag "possible-non-posix-code-in-maintainer-script", "$file:$. \'$match\'"; + } elsif ($found) { tag "possible-bashism-in-maintainer-script", "$file:$. \'$match\'"; } } @@ -481,9 +579,27 @@ if (m,update\-alternatives \-\-remove,) { tag "update-alternatives-remove-called-in-postrm", ""; } + } else { + for my $rule (@depends_needed) { + my ($package, $regex) = @$rule; + if (/$regex/ && ! $warned{$package}) { + my $type = $deps{$package}; + unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) { + tag "maintainer-script-needs-depends-on-$package", "$file"; + $warned{$package} = 1; + } + } + } + } + if (/invoke-rc.d.*\|\| exit 0/) { + tag "maintainer-script-hides-init-failure", "$file:$."; } } + if ($saw_init && ! $saw_invoke) { + tag "maintainer-script-calls-init-script-directly", "$file:$saw_init"; + } + close C; } @@ -524,10 +640,13 @@ my $ret = 0; open IN, $filename or fail("cannot open $filename: $!"); my $i = 0; + local $_; while () { - last if (++$i > 20); chomp; - if (/^\s*exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/) { + next if /^#/o; + next if /^$/o; + last if (++$i > 20); + if (/(^\s*|\beval\s*\'|;)?exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/o) { $ret = 1; last; } @@ -536,6 +655,24 @@ return $ret; } +# Given an interpretor and a file, run the interpretor on that file with the +# -n option to check syntax, discarding output and returning the exit status. +sub check_script_syntax { + my ($interpreter, $script) = @_; + my $pid = fork; + if (!defined $pid) { + fail("cannot fork: $!"); + } elsif ($pid == 0) { + open STDOUT, '>/dev/null' or fail("cannot reopen stdout: $!"); + open STDERR, '>&STDOUT' or fail("cannot reopen stderr: $!"); + exec $interpreter, '-n', $script + or fail("cannot exec $interpreter: $!"); + } else { + waitpid $pid, 0; + } + return $?; +} + 1; # vim: syntax=perl ts=8 sw=4 diff -urNad lintian-1.23.8/checks/scripts.desc lintian-1.23.21/checks/scripts.desc --- lintian-1.23.8/checks/scripts.desc 2005-01-14 21:09:42.000000000 +0000 +++ lintian-1.23.21/checks/scripts.desc 2006-07-18 11:44:07.000000000 +0000 @@ -1,7 +1,7 @@ Check-Script: scripts Author: Richard Braakman Abbrev: scr -Standards-Version: 3.2.0 +Standards-Version: 3.7.0 Type: binary Unpack-Level: 2 Info: This script checks the #! lines of scripts in a package. @@ -68,18 +68,6 @@ Please do not add a pre-dependency without following the policy for doing so. (Policy section 3.5). -Tag: wrong-path-for-awk -Type: error -Info: Awk is installed as /usr/bin/awk on Debian systems. - -Tag: wrong-path-for-nawk -Type: error -Info: nawk is installed as /usr/bin/nawk on Debian systems. - -Tag: wrong-path-for-gawk -Type: error -Info: GNU awk is installed as /usr/bin/gawk on Debian systems. - Tag: gawk-script-but-no-gawk-dep Type: error Info: Packages that use gawk scripts must depend on the gawk package. @@ -89,10 +77,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-mawk -Type: error -Info: Mawk is installed as /usr/bin/mawk on Debian systems. - Tag: mawk-script-but-no-mawk-dep Type: error Info: Packages that use mawk scripts must depend on the mawk package. @@ -102,34 +86,14 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-burlap -Type: error -Info: burlap is installed as /usr/bin/burlap on Debian systems. - -Tag: burlap-script-but-no-felt-dep -Type: error -Info: Packages that use burlap scripts must depend on the felt package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-csh -Type: error -Info: Csh is installed as /bin/csh on Debian systems. -Ref: policy 10.4 - -Tag: wrong-path-for-tcsh -Type: error -Info: Tcsh is installed as /usr/bin/tcsh on Debian systems. - -Tag: csh-script-but-no-c-shell-dep +Tag: missing-dep-for-interpreter Type: error -Info: Packages that use csh scripts must depend on the virtual package c-shell, - which is provided by csh and tcsh. +Info: You used an interpreter for a script that is not in an essential + package. In most cases you will need to add a Dependency on the + package that contains the interpreter. . In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Ref: policy 10.4 Tag: csh-considered-harmful Type: warning @@ -137,138 +101,6 @@ and tcsh as scripting languages. Ref: policy 10.4 -Tag: wrong-path-for-ash -Type: error -Info: Ash is installed as /bin/ash on Debian systems. - -Tag: ash-script-but-no-ash-dep -Type: error -Info: Packages that use ash scripts must depend on the ash package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-dash -Type: error -Info: Dash is installed as /bin/dash on Debian systems. - -Tag: dash-script-but-no-dash-dep -Type: error -Info: Packages that use dash scripts must depend on the dash package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-sh -Type: error -Info: The Bourne shell is installed as /bin/sh on Debian systems. - -Tag: wrong-path-for-bash -Type: error -Info: Bash is installed as /bin/bash on Debian systems. - -Tag: wrong-path-for-ksh -Type: error -Info: Ksh is installed as /bin/ksh on Debian systems. - -Tag: ksh-script-but-no-pdksh-dep -Type: error -Info: Packages that use ksh scripts must depend on the pdksh package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-env -Type: error -Info: env is installed as /usr/bin/env on Debian systems. - -Tag: wrong-path-for-expect -Type: error -Info: Wish is installed as /usr/bin/expect on Debian systems. - -Tag: expect-script-but-no-expect-dep -Type: error -Info: Packages that use expect scripts must depend on the virtual - package expect. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-gnuplot -Type: error -Info: gnuplot is installed as /usr/bin/gnuplot on Debian systems. - -Tag: gnuplot-script-but-no-gnuplot-dep -Type: error -Info: Packages that use gnuplot scripts must depend on the gnuplot package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-guile -Type: error -Info: guile is installed as /usr/bin/guile on Debian systems. - -Tag: guile-script-but-no-guile-dep -Type: error -Info: Packages that use guile scripts must depend on the virtual package - `guile'. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-install-menu -Type: error -Info: Install-menu is installed as /usr/sbin/install-menu. - -Tag: wrong-path-for-install-fvwmgenmenu -Type: error -Info: install-fvwmgenmenu is installed as /usr/sbin/install-fvwmgenmenu. - -Tag: wrong-path-for-js -Type: error -Info: js is installed as /usr/bin/js on Debian systems. - -Tag: js-script-but-no-ngs-js-dep -Type: error -Info: Packages that use js scripts must depend on the package ngs-js, - which provides the interpreter. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-make -Type: error -Info: Make is installed as /usr/bin/make on Debian systems. - -Tag: make-script-but-no-make-dep -Type: error -Info: Packages that use make scripts must depend on the make package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-perl -Type: error -Info: Perl is installed as /usr/bin/perl on Debian systems. -Ref: policy 10.4 - -Tag: perl-5.004-script-but-no-perl-5.004-dep -Type: error -Info: Packages that use perl-5.004 scripts must depend on the perl-5.004 - package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: perl-5.005-script-but-no-perl-5.005-dep -Type: error -Info: Packages that use perl-5.005 scripts must depend on the perl-5.005 - package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - Tag: suid-perl-script-but-no-perl-suid-dep Type: error Info: Packages that use perl scripts that are suid must depend on the @@ -277,10 +109,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-php -Type: error -Info: PHP can be called as /usr/bin/php on Debian systems. - Tag: php-script-but-no-php4-cli-dep Type: error Info: Packages that use PHP scripts with /usr/bin/php as interpreter must @@ -291,10 +119,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-php4 -Type: error -Info: PHP4 is installed as /usr/bin/php4 on Debian systems. - Tag: php4-script-but-no-php4-cli-dep Type: error Info: Packages that use PHP4 scripts must depend on the php4-cli package. Note @@ -304,28 +128,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-pike -Type: error -Info: Pike is installed as /usr/bin/pike on Debian systems. - -Tag: pike-script-but-no-pike-dep -Type: error -Info: Packages that use Pike scripts must depend on pike or pike7. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-pike7 -Type: error -Info: Pike7 is installed as /usr/bin/pike7 on Debian systems. - -Tag: pike7-script-but-no-pike7-dep -Type: error -Info: Packages that use Pike7 scripts must depend on pike7. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - Tag: wrong-path-for-python Type: error Info: Python is installed as /usr/bin/python on Debian systems. @@ -338,6 +140,10 @@ . Specific Ruby versions are installed as /usr/bin/rubyX.Y +Tag: wrong-path-for-interpreter +Type: error +Info: The interpreter you used is installed at another location on Debian systems. + Tag: python-script-but-no-python-dep Type: error Info: Packages with scripts that are executed with python must depend on the @@ -364,154 +170,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-rc -Type: error -Info: The rc shell is installed as /usr/bin/rc on Debian systems. - -Tag: rc-script-but-no-rc-dep -Type: error -Info: Packages that use rc scripts must depend on the rc package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-regina -Type: error -Info: regina is installed as /usr/bin/regina on Debian systems. - -Tag: regina-script-but-no-regina-rexx-dep -Type: error -Info: Packages that use regina scripts must depend on the regina-rexx package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-rexx -Type: error -Info: rexx is installed as /usr/bin/rexx on Debian systems. - -Tag: rexx-script-but-no-regina-rexx-dep -Type: error -Info: Packages that use rexx scripts must depend on the regina-rexx package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-runhugs -Type: error -Info: Hugs is installed as /usr/bin/runhugs on Debian systems. - -Tag: wrong-path-for-runhugs1.4 -Type: error -Info: Hugs is installed as /usr/bin/runhugs or /usr/bin/runhugs1.4 on Debian - systems. - -Tag: wrong-path-for-runhugs98 -Type: error -Info: Hugs is installed as /usr/bin/runhugs or /usr/bin/runhugs98 on Debian - systems. - -Tag: runhugs1.4-script-but-no-hugs-dep -Type: error -Info: Packages that use runhugs scripts must depend on the hugs package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: runhugs98-script-but-no-hugs98-dep -Type: error -Info: Packages that use runhugs98 scripts must depend on the hugs98 package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-scsh -Type: error -Info: scsh is installed as /usr/bin/scsh on Debian systems. - -Tag: scsh-script-but-no-scsh-dep -Type: error -Info: Packages that use scsh scripts must depend on the scsh package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-sed -Type: error -Info: sed is installed as /bin/sed on Debian systems. - -Tag: wrong-path-for-trs -Type: error -Info: trs is installed as /usr/bin/trs on Debian systems. - -Tag: trs-script-but-no-konwert-dep -Type: error -Info: Packages that use trs scripts must depend on the konwert package, - which provides that interpreter. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-tcl -Type: error -Info: Tcl is installed as /usr/bin/tcl on Debian systems. - -Tag: tcl-script-but-no-tcl-dep -Type: error -Info: Packages that use tcl scripts must depend on the virtual package tcl. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-tclsh -Type: error -Info: Tclsh is installed as /usr/bin/tclsh on Debian systems. - -Tag: wrong-path-for-tclsh8.3 -Type: error -Info: Tclsh 8.3 is installed as /usr/bin/tclsh8.3 on Debian systems. - -Tag: wrong-path-for-tclsh8.4 -Type: error -Info: Tclsh 8.4 is installed as /usr/bin/tclsh8.4 on Debian systems. - -Tag: tclsh-script-but-no-tclsh-dep -Type: error -Info: Packages that use tclsh scripts must depend on the virtual package tclsh. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: tclsh8.3-script-but-no-tcl8.3-dep -Type: error -Info: Packages that use tclsh8.3 scripts must depend on the package tcl8.3. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: tclsh8.4-script-but-no-tcl8.4-dep -Type: error -Info: Packages that use tclsh8.4 scripts must depend on the package tcl8.4. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-bltwish -Type: error -Info: bltwish is installed as /usr/bin/bltwish on Debian systems. - -Tag: bltwish-script-but-no-blt-dep -Type: error -Info: Packages that use bltwish scripts must depend on the blt package. - It has superseded the blt8.0 package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-wish -Type: error -Info: Wish is installed as /usr/bin/wish on Debian systems. - Tag: wish-script-but-no-wish-dep Type: error Info: Packages that use wish scripts must depend on the virtual package wish. @@ -519,28 +177,6 @@ In some cases a weaker relationship, such as Suggests or Recommends, will be more appropriate. -Tag: wrong-path-for-wish8.0 -Type: error -Info: wish8.0 is installed as /usr/bin/wish8.0 on Debian systems. - -Tag: wish8.0-script-but-no-tk8.0-dep -Type: error -Info: Packages that use wish8.0 scripts must depend on the tk8.0 package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - -Tag: wrong-path-for-zsh -Type: error -Info: Zsh is installed as /usr/bin/zsh on Debian systems. - -Tag: zsh-script-but-no-zsh-dep -Type: error -Info: Packages that use zsh scripts must depend on the zsh package. - . - In some cases a weaker relationship, such as Suggests or Recommends, will - be more appropriate. - Tag: calls-suidperl-directly Type: error Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called directly @@ -580,21 +216,11 @@ processes. Most uses of killall should use start-stop-daemon instead. -Tag: dpkg-print-architecture-in-maintainer-script -Type: warning -Info: The maintainer script seems to call "dpkg --print-architecture". - This invokes gcc, and returns the build architecture - (which may not be the installation architecture if the system is configured - for cross-compiling). - . - The script should probably use "dpkg --print-installation-architecture" - instead. - Tag: mknod-in-maintainer-script -Type: warning +Type: error Ref: policy 10.6 -Info: Maintainer scripts should not create device files directly. They - should call makedev instead. +Info: Maintainer scripts must not create device files directly. They + should call MAKEDEV instead. Tag: possible-bashism-in-maintainer-script Type: warning @@ -610,12 +236,41 @@ '. command args', passing arguments to commands via 'source' is not supported '{foo,bar}' instead of 'foo bar' +Tag: possible-non-posix-code-in-maintainer-script +Type: info +Ref: policy 10.4 +Info: This script is marked as running under /bin/sh, but it seems + to use a shell feature that is not defined in the POSIX standard. The + feature is so common in current shells that this isn't currently + considered an release critical bug and there are discussion wether + policy should be amended to specifically allow the use of the feature. + . + Examples: + '-a' and '-o' as operators of 'test'. You can use shell conditionals + (&& and ||) instead. + 'local' scoping of variables. + Tag: suidregister-used-in-maintainer-script Type: error Info: This script calls suidregister which is no longer needed, a new command 'dpkg-statoverride' gives admins more flexibility. Please see the documentation of suidmanager and dpkg-statoverride for details. +Tag: maintainer-script-needs-depends-on-netbase +Type: warning +Info: This script calls update-inetd, but the package does not depend or + pre-depend on netbase, which provides it. + +Tag: maintainer-script-needs-depends-on-adduser +Type: warning +Info: This script calls adduser, but the package does not depend or + pre-depend on the adduser package. + +Tag: maintainer-script-needs-depends-on-ucf +Type: warning +Info: This script calls ucf, but the package does not depend or pre-depend + on the ucf package. + Tag: update-alternatives-remove-called-in-postrm Type: warning Info: 'update-alternatives --remove <alternative> foo' is called in the @@ -629,3 +284,30 @@ run by hand. . update-alternatives --remove should be called in the prerm instead. + +Tag: deprecated-chown-usage +Type: warning +Info: 'chown user.group' is called in one of the maintainer scripts. + This should be avoided, as the correct syntax is 'chown user:group'. + Using "." as a separator is still supported by the GNU tools, but it will + fail as soon as a system uses the "." in user or group names. + +Tag: maintainer-script-hides-init-failure +Type: warning +Info: This script calls invoke-rc.d to run an init script but then, if the + init script fails, exits successfully (using || exit 0). If the init + script fails, the maintainer script should probably fail. + . + The most likely cause of this problem is that the package was built with + a debhelper version suffering from Bug#337664 that inserted incorrect + invoke-rc.d code in the generated maintainer script. The package needs to + be reuploaded (could be bin-NMUd, no source changes needed). + +Tag: maintainer-script-calls-init-script-directly +Type: error +Info: This script apparently runs an init script directly rather than + using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/* + initscripts instead of calling them directly is required. Maintainer + scripts may call the init script directly only if invoke-rc.d is not + available. +Ref: policy 9.3.3.2 diff -urNad lintian-1.23.8/checks/shared-libs lintian-1.23.21/checks/shared-libs --- lintian-1.23.8/checks/shared-libs 2004-10-12 23:36:08.000000000 +0000 +++ lintian-1.23.21/checks/shared-libs 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# shared-libs -- lintian check script +# shared-libs -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::shared_libs; use strict; @@ -28,7 +28,11 @@ my %ldso_dir = map { $_ => 1 } qw( lib + lib32 + lib64 usr/lib + usr/lib32 + usr/lib64 usr/lib/libg++-dbg usr/X11R6/lib/Xaw3d usr/local/lib @@ -37,6 +41,19 @@ lib/libc5-compat ); +# The following architectures should always have a STACK setting in shared +# libraries to disable executable stack. Other architectures don't always add +# this section and therefore can't be checked. +my %stack_arches = map { $_ => 1 } + qw( alpha + amd64 + i386 + m68k + powerpc + s390 + sparc + ); + my $file; my $must_call_ldconfig; my $postrm = "control/postrm"; @@ -46,6 +63,7 @@ my $shlibs_control_file = "control/shlibs"; my %SONAME; my %INTERP; +my %STACK; my %objsomething; my %sharedobject; my %index_info; @@ -72,12 +90,19 @@ } elsif (m/^\s*SONAME\s+(\S+)/o) { $SONAME{$file} = $1; } elsif (m/^\s*TEXTREL\s/o) { - tag "shlib-with-non-pic-code", "$file" - if exists $ldso_dir{dirname($file)}; + tag "shlib-with-non-pic-code", "$file"; } elsif (m/^\s*INTERP\s/) { $INTERP{$file} = 1; + } elsif (m/^\s*STACK\s/) { + $STACK{$file} = 0; } else { - $objsomething{$file} = 1; + if (defined $STACK{$file} and $STACK{$file} eq 0) { + m/\sflags\s+(\S+)/o; + $STACK{$file} = $1; + } + else { + $objsomething{$file} = 1; + } } } close(IN); @@ -151,6 +176,23 @@ # yes! so postinst must call ldconfig $must_call_ldconfig = $real_file; } + + # executable stack. We can only warn about a missing section on some + # architectures. Only warn if there's an Architecture field; if + # that's missing, we'll already be complaining elsewhere. + if (exists $objsomething{$cur_file}) { + if (not defined $STACK{$cur_file}) { + if (open(FH, "fields/architecture")) { + my $arch = ; + close FH; + chomp $arch; + tag "shlib-without-PT_GNU_STACK-section", $cur_file + if $stack_arches{$arch}; + } + } elsif ($STACK{$cur_file} ne "rw-") { + tag "shlib-with-executable-stack", $cur_file; + } + } } elsif (exists $objsomething{$cur_file} && exists $ldso_dir{dirname($cur_file)} && exists $sharedobject{$cur_file}) { @@ -250,11 +292,14 @@ while () { chop; next if m/^\s*$/ or /^#/; + my $udeb=""; + $udeb = "udeb: " if s/^udeb:\s+//o; @words = split(/\s+/o,$_); - if ($shlibs_control{$words[0]}) { - tag "duplicate-entry-in-shlibs-control-file", "$words[0]"; + my $shlibs_string = $udeb.$words[0].' '.$words[1]; + if ($shlibs_control{$shlibs_string}) { + tag "duplicate-entry-in-shlibs-control-file", $shlibs_string; } else { - $shlibs_control{$words[0]} = 1; + $shlibs_control{$shlibs_string} = 1; } } close(SHLIBS); @@ -262,24 +307,23 @@ for my $shlib (@shlibs) { $shlib_name = $SONAME{$shlib}; # libfoo.so.X.X - if ($shlib_name =~ m/(.+)\.so\..*$/) { - $shlib_name = $1; + if ($shlib_name =~ m/(.+)\.so\.(.*)$/) { + $shlib_name = "$1 $2"; # libfoo-X.X.so - } elsif ($shlib_name =~ m/(.+)\-\w[\w\.]*\.so$/) { - $shlib_name = $1; + } elsif ($shlib_name =~ m/(.+)\-(\w[\w\.]*)\.so$/) { + $shlib_name = "$1 $2"; } - if (exists $shlibs_control{$shlib_name}) { - # ok, have entry in shlibs control file - $shlibs_control_used{$shlib_name} = 1; - } else { + $shlibs_control_used{$shlib_name} = 1; + $shlibs_control_used{"udeb: ".$shlib_name} = 1; + unless (exists $shlibs_control{$shlib_name}) { # skip it if it's not a public shared library next unless defined $ldso_dir{dirname($shlib)}; # no!! - tag "shlib-missing-in-control-file", "$shlib_name $shlib"; + tag "shlib-missing-in-control-file", $shlib_name, 'for', $shlib; } } for $shlib_name (keys %shlibs_control) { - tag "unused-shlib-entry-in-control-file", "$shlib_name" + tag "unused-shlib-entry-in-control-file", $shlib_name unless $shlibs_control_used{$shlib_name}; } } @@ -293,19 +337,26 @@ } } +my $we_call_postinst=0; if (-f $postinst) { local $_ = slurp_entire_file($postinst); # Decide if we call ldconfig if (/^[^\#]*\bldconfig\b/m) { - tag "postinst-has-useless-call-to-ldconfig", "" - unless $must_call_ldconfig; - } else { - tag "postinst-must-call-ldconfig", "$must_call_ldconfig" - if $must_call_ldconfig; + $we_call_postinst=1; } } +if ($type eq 'udeb') { + tag "udeb-postinst-must-not-call-ldconfig" + if $we_call_postinst; +} else { + tag "postinst-has-useless-call-to-ldconfig", "" + if $we_call_postinst and not $must_call_ldconfig; + tag "postinst-must-call-ldconfig", "$must_call_ldconfig" + if not $we_call_postinst and $must_call_ldconfig; +} + if (-f $prerm) { local $_ = slurp_entire_file($prerm); if (/^[^\#]*\bldconfig\b/m) { diff -urNad lintian-1.23.8/checks/shared-libs.desc lintian-1.23.21/checks/shared-libs.desc --- lintian-1.23.8/checks/shared-libs.desc 2005-01-14 20:54:26.000000000 +0000 +++ lintian-1.23.21/checks/shared-libs.desc 2006-07-18 11:44:07.000000000 +0000 @@ -1,7 +1,7 @@ Check-Script: shared-libs Author: Christian Schwarz Abbrev: shl -Standards-Version: 3.2.0 +Standards-Version: 3.7.2 Type: binary, udeb Unpack-Level: 1 Needs-Info: file-info, objdump-info @@ -25,11 +25,14 @@ separately from the static libraries with the -fPIC option. . Another common mistake that causes this problem is linking with - ``gcc -Wl,-shared'' instead of ``gcc -shared''. + gcc -Wl,-shared instead of gcc -shared. + . + In some cases, exceptions to this rule are warranted. If this is such a + case, follow the procedure outlined in Policy and then please document + the exception by adding a lintian override to this package. Tag: ldconfig-symlink-missing-for-shlib Type: error -Severity: Important Info: The package should not only include the shared library itself, but also the symbolic link which ldconfig would produce. (This is necessary, so that the link gets removed by dpkg automatically when the package @@ -39,7 +42,6 @@ Tag: ldconfig-symlink-before-shlib-in-deb Type: error -Severity: Important Info: In the package contents list, the shared library has to come before any symbolic links referencing the shared library. Ref: policy 8.1 @@ -138,6 +140,11 @@ installed in a directory controlled by the dynamic library loader. Ref: policy 8.1.1 +Tag: udeb-postinst-must-not-call-ldconfig +Type: error +Info: The postinst script calls ldconfig, which is an error in udebs. + ldconfig is not available and not needed in debian-installer + Tag: postrm-has-useless-call-to-ldconfig Type: warning Info: The postrm script calls ldconfig even though no shared libraries are @@ -167,3 +174,22 @@ SONAMEs are set with something like gcc -Wl,-soname,libfoo.so.0, where 0 is the major version of the library. If your package uses libtool, then libtool invoked with the right options should be doing this. + +Tag: shlib-without-PT_GNU_STACK-section +Type: error +Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces + the dynamic linker to make the stack executable. + . + The shared lib is linked either with a non-GNU linker or a linker which is + older than two years. This problem can be fixed with a rebuild. + +Tag: shlib-with-executable-stack +Type: warning +Info: The listed shared libraries declares the stack as executable. + . + Executable stack is usualy an error as it is only needed if the code + contains GCC trampolines or similar constructs which uses code on the + stack. One possible source for false positives are object files built + from assembler files which don't define a proper .note.GNU-stack + section. + diff -urNad lintian-1.23.8/checks/standards-version lintian-1.23.21/checks/standards-version --- lintian-1.23.8/checks/standards-version 2004-12-25 23:40:20.000000000 +0000 +++ lintian-1.23.21/checks/standards-version 2006-07-18 11:44:07.000000000 +0000 @@ -1,4 +1,4 @@ -# standards-version -- lintian check script +# standards-version -- lintian check script -*- perl -*- # Copyright (C) 1998 Christian Schwarz and Richard Braakman # @@ -15,8 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Lintian::standards_version; use strict; @@ -29,11 +29,15 @@ # 2 means old # 3 means ancient my %valid_standard = ( - '3.6.1', 1, + '3.7.2', 1, + '3.7.1', 2, + '3.7.0', 2, + '3.6.2', 2, + '3.6.1', 2, '3.6.0', 2, '3.5.10', 2, '3.5.9', 2, - '3.5.8', 2, + '3.5.8', 3, '3.5.7', 3, '3.5.6', 3, '3.5.5', 3, @@ -66,8 +70,8 @@ # version lintian is programmed for. ($valid_standard[0]?) my $MAJOR = 3; -my $MINOR = 6; -my $PATCH = 1; +my $MINOR = 7; +my $PATCH = 2; my $pkg = shift; my $type = shift; @@ -103,17 +107,17 @@ if (($major > $MAJOR) or ($major == $MAJOR and $minor > $MINOR) or ($major == $MAJOR and $minor == $MINOR and $patch > $PATCH)) { - tag "newer-standards-version", "$_"; + tag "newer-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)"; } else { # invalid standard tag "invalid-standards-version", "$_"; } } elsif ($valid_standard{$stdver} == 2) { # old standard - tag "out-of-date-standards-version", "$_"; + tag "out-of-date-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)"; } elsif ($valid_standard{$stdver} == 3) { # OK, now this is ancient. - tag "ancient-standards-version", "$_"; + tag "ancient-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)"; } else { # looks valid ...... if (($major == 3 and $minor == 0) or $major < 3) { if (-f "fields/build-depends" or diff -urNad lintian-1.23.8/collection/changelog-file lintian-1.23.21/collection/changelog-file --- lintian-1.23.8/collection/changelog-file 2004-04-18 00:54:35.000000000 +0000 +++ lintian-1.23.21/collection/changelog-file 2006-07-18 11:44:29.000000000 +0000 @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. use strict; @@ -36,7 +36,7 @@ "unpacked/usr/share/doc/$pkg/changelog.debian", "unpacked/usr/share/doc/$pkg/changelog.gz", "unpacked/usr/share/doc/$pkg/changelog", - "unpacked/usr/doc/$pkg/changelog.Debian.gz", + "unpacked/usr/doc/$pkg/changelog.Debian.gz", "unpacked/usr/doc/$pkg/changelog.Debian", "unpacked/usr/doc/$pkg/changelog.debian.gz", "unpacked/usr/doc/$pkg/changelog.debian", diff -urNad lintian-1.23.8/collection/objdump-info lintian-1.23.21/collection/objdump-info --- lintian-1.23.8/collection/objdump-info 2004-04-18 00:54:35.000000000 +0000 +++ lintian-1.23.21/collection/objdump-info 2006-07-18 11:44:29.000000000 +0000 @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. set -e @@ -30,6 +30,7 @@ exit 2 fi +CDPATH= cd unpacked rm -f ../objdump-info @@ -46,7 +47,23 @@ if head $bin | grep -q 'packed.*with.*UPX'; then echo "objdump: $bin: Packed with UPX" >> ../objdump-info else - objdump --headers --private-headers -T $bin >> ../objdump-info 2>&1 + # readelf is for interpreter information only; ignore failure. + readelf -l "$bin" >> ../objdump-info 2>&1 || true + + # The main data of interest. + if objdump --headers --private-headers -T $bin >> ../objdump-info 2>&1 ; then + # everything is ok + : + else + # If the objdump error is "Invalid operation", we handle it later + # in the check script, since this is the expected output (for now) + # on detached debugging information in /usr/lib/debug. + if objdump -T $bin 2>&1 | grep -q 'Invalid operation$' ; then + : + else + exit 1 + fi + fi fi done diff -urNad lintian-1.23.8/lib/Checker.pm lintian-1.23.21/lib/Checker.pm --- lintian-1.23.8/lib/Checker.pm 2004-07-06 19:05:32.000000000 +0000 +++ lintian-1.23.21/lib/Checker.pm 2006-07-18 11:45:09.000000000 +0000 @@ -1,5 +1,5 @@ # Checker -- Perl checker functions for lintian -# $Id: Checker.pm 311 2004-07-02 13:47:58Z djpig $ +# $Id: Checker.pm 495 2005-09-21 21:27:05Z djpig $ # Copyright (C) 2004 Jeroen van Wolffelaar # @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Checker; use strict; @@ -62,9 +62,6 @@ # require has a anti-require-twice cache require "$LINTIAN_ROOT/checks/$name"; - $Tags::prefix = $type eq 'binary' ? $pkg : "$pkg $type"; - #Tags::reset(); - #print STDERR "Now running $name...\n"; $name =~ s/[-.]/_/g; eval { &{'Lintian::'.$name.'::run'}($pkg, $type) }; diff -urNad lintian-1.23.8/lib/Dep.pm lintian-1.23.21/lib/Dep.pm --- lintian-1.23.8/lib/Dep.pm 2004-04-18 00:54:33.000000000 +0000 +++ lintian-1.23.21/lib/Dep.pm 2006-07-18 11:45:09.000000000 +0000 @@ -36,15 +36,20 @@ \s* (.*?) # do not attempt to parse version \s* \) # closing parenthesis )? # end of optional part + (?: # start of optional architecture + \s* \[ # open bracket for architecture + \s* (.*?) # don't parse architectures now + \s* \] # closing bracket + )? # end of optional architecture /x; - return ['PRED', $1] if not defined $2; + return ['PRED', $1, undef, undef, $4] if not defined $2; my $two = $2; if ($two eq '<') { $two = '<<'; } elsif ($two eq '>') { $two = '>>'; } - return ['PRED', $1, $two, $3]; + return ['PRED', $1, $two, $3, $4]; } sub Or { return ['OR', @_]; } @@ -180,9 +185,70 @@ # If the names don't match, there is no relationship between them. return undef if $$p[1] ne $$q[1]; - # If the names match, then the only difference is in the version clauses. - # The implication is true if p's clause is stronger than q's, or is - # equivalent. + # If the names match, then the only difference is in the architecture or + # version clauses. First, check architecture. The architectures for p + # must be a superset of the architectures for q. + my @p_arches = split(' ', $$p[4] || ''); + my @q_arches = split(' ', $$q[4] || ''); + if (@p_arches || @q_arches) { + my $p_arch_neg = @p_arches && $p_arches[0] =~ /^!/; + my $q_arch_neg = @q_arches && $q_arches[0] =~ /^!/; + + # If p has no arches, it is a superset of q and we should fall through + # to the version check. + if (not @p_arches) { + # nothing + } + + # If q has no arches, it is a superset of p and there are no useful + # implications. + elsif (not @q_arches) { + return undef; + } + + # Both have arches. If neither are negated, we know nothing useful + # unless q is a subset of p. + elsif (not $p_arch_neg and not $q_arch_neg) { + my %p_arches = map { $_ => 1 } @p_arches; + my $subset = 1; + for my $arch (@q_arches) { + $subset = 0 unless $p_arches{$arch}; + } + return undef unless $subset; + } + + # If both are negated, we know nothing useful unless p is a subset of + # q (and therefore has fewer things excluded, and therefore is more + # general). + elsif ($p_arch_neg and $q_arch_neg) { + my %q_arches = map { $_ => 1 } @q_arches; + my $subset = 1; + for my $arch (@p_arches) { + $subset = 0 unless $q_arches{$arch}; + } + return undef unless $subset; + } + + # If q is negated and p isn't, we'd need to know the full list of + # arches to know if there's any relationship, so bail. + elsif (not $p_arch_neg and $q_arch_neg) { + return undef; + } + + # If p is negated and q isn't, q is a subset of p iff none of the + # negated arches in p are present in q. + elsif ($p_arch_neg and not $q_arch_neg) { + my %q_arches = map { $_ => 1 } @q_arches; + my $subset = 1; + for my $arch (@p_arches) { + $subset = 0 if $q_arches{substr($arch, 1)}; + } + return undef unless $subset; + } + } + + # Now, down to version. The implication is true if p's clause is stronger + # than q's, or is equivalent. # If q has no version clause, then p's clause is always stronger. return 1 if not defined $$q[2]; diff -urNad lintian-1.23.8/lib/Read_taginfo.pm lintian-1.23.21/lib/Read_taginfo.pm --- lintian-1.23.8/lib/Read_taginfo.pm 2004-04-18 00:54:33.000000000 +0000 +++ lintian-1.23.21/lib/Read_taginfo.pm 2006-07-18 11:45:09.000000000 +0000 @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. my $LINTIAN_ROOT = $ENV{'LINTIAN_ROOT'} || '/usr/share/lintian'; my $debug = $ENV{'LINTIAN_DEBUG'} || 0; @@ -105,6 +105,8 @@ } elsif (exists $url{$man}) { $foo[$u] = "$foo[$u]"; } + } elsif ($foo[$u] =~ m,\s*([\w_-]+\(\d+\w*\))\s*$,i) { + $foo[$u] = "the $foo[$u] manual page"; } } diff -urNad lintian-1.23.8/lib/Text_utils.pm lintian-1.23.21/lib/Text_utils.pm --- lintian-1.23.8/lib/Text_utils.pm 2004-04-18 00:54:32.000000000 +0000 +++ lintian-1.23.21/lib/Text_utils.pm 2006-07-18 11:45:09.000000000 +0000 @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. use strict; @@ -136,7 +136,7 @@ push(@o,""); $pre=0; } - push(@o,"$_

\n"); + push(@o,"

$_\n"); } } if ($pre) { diff -urNad lintian-1.23.8/lib/Util.pm lintian-1.23.21/lib/Util.pm --- lintian-1.23.8/lib/Util.pm 2004-07-06 19:05:33.000000000 +0000 +++ lintian-1.23.21/lib/Util.pm 2006-07-18 11:46:20.000000000 +0000 @@ -16,8 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, you can find it on the World Wide # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA. +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. package Util; use strict; @@ -31,7 +31,8 @@ slurp_entire_file get_file_md5 file_is_encoded_in_non_utf8 - fail); + fail + system_env); use FileHandle; use Pipeline; @@ -207,6 +208,23 @@ return 0; } +# Just like system, except cleanses the environment first to avoid any strange +# side effects due to the user's environment. +sub system_env { + my @whitelist = qw(PATH INTLTOOL_EXTRACT); + my %newenv = map { exists $ENV{$_} ? ($_ => $ENV{$_}) : () } @whitelist; + my $pid = fork; + if (not defined $pid) { + return -1; + } elsif ($pid == 0) { + %ENV = %newenv; + exec @_ or die("exec of $_[0] failed: $!\n"); + } else { + waitpid $pid, 0; + return $?; + } +} + # ------------------------ sub fail {