1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## 500-backport-1.23.21-checks.dpatch by Alexander Kanevskiy <alexander.kanevskiy@nokia.com>
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: Backported checks from lintian 1.23.21
8 diff -urNad lintian-1.23.8/checks/binaries.desc lintian-1.23.21/checks/binaries.desc
9 --- lintian-1.23.8/checks/binaries.desc 2005-01-14 21:06:37.000000000 +0000
10 +++ lintian-1.23.21/checks/binaries.desc 2006-07-18 11:42:35.000000000 +0000
12 Please contact &debdev; if you have questions about this.
14 Tag: binary-has-unneeded-section
17 Info: The binary or shared library is stripped, but still contains a
18 - section that is not useful. The utilities (<tt>install -s</tt>
19 - and <tt>dh_strip</tt>) are patched to remove the <tt>.note</tt> and
20 - <tt>.comment</tt> sections.
21 + section that is not useful. You should call strip with
22 + <tt>--remove-section=.comment --remove-section=.note</tt> to remove the
23 + <tt>.note</tt> and <tt>.comment</tt> sections.
25 + <tt>dh_strip</tt> will do this automatically for you, but
26 + <tt>install -s</tt> not because it calls strip without any arguments.
28 Tag: missing-depends-line
31 Info: There is no CXXABI_* mark in the objdump output on this file,
32 and it is linked against a libstdc++, meaning it's likely linking to
33 an obsolete version of the C++ library.
35 +Tag: several-sonames-in-same-package
37 +Info: There are several shared libraries in this package and they
38 + have different sonames. This is usually discouraged because it is
39 + inherently error-prone.
41 +Tag: package-name-doesnt-match-sonames
43 +Info: The package name of a library package should usually reflect
44 + the soname of the included library. The package name can determined
45 + from the library file name with the following code snippet:
47 + $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; s/\.so\.//'
48 +Ref: Library Packaging guide 5
50 +Tag: binary-with-bad-dynamic-table
52 +Info: This appears to be an ELF file but objdump -T cannot parse it.
53 + If it is external debugging symbols for another file, it should be
54 + installed under /usr/lib/debug.
55 diff -urNad lintian-1.23.8/checks/common_data.pm lintian-1.23.21/checks/common_data.pm
56 --- lintian-1.23.8/checks/common_data.pm 2005-01-14 17:19:55.000000000 +0000
57 +++ lintian-1.23.21/checks/common_data.pm 2006-07-18 11:50:09.000000000 +0000
59 %known_obsolete_fields %known_essential %known_build_essential
60 %known_obsolete_packages %known_virtual_packages
61 %known_libstdcs %known_tcls %known_tclxs %known_tks %known_tkxs
63 + %known_libpngs %known_x_metapackages
64 + %non_standard_archs %all_cpus %all_oses
65 + %known_doc_base_formats
68 # simple defines for commonly needed data
70 +# From /usr/share/dpkg/archtable, included here to make lintian results
71 +# consistent no matter what dpkg one has installed.
72 %known_archs = map { $_ => 1 }
73 - ('alpha', 'amd64', 'arm', 'hppa', 'hurd-i386', 'i386', 'ia64', 'mips',
74 - 'mipsel', 'm68k', 'powerpc', 's390', 'sh', 'sparc', 'any', 'all');
75 + ('i386', 'ia64', 'alpha', 'amd64', 'arm', 'hppa', 'm68k', 'mips',
76 + 'mipsel', 'powerpc', 's390', 'sparc', 'hurd-i386', 'any', 'all');
78 +# From /usr/share/dpkg/cputable, included here to make lintian results
79 +# consistent no matter what dpkg one has installed.
80 +%all_cpus = map { $_ => 1 }
81 + ('i386', 'ia64', 'alpha', 'amd64', 'armeb', 'arm', 'hppa', 'm32r', 'm68k',
82 + 'mips', 'mipsel', 'powerpc', 'ppc64', 's390', 's390x', 'sh3', 'sh3eb',
83 + 'sh4', 'sh4eb', 'sparc');
85 +# From /usr/share/dpkg/ostable, included here to make lintian results
86 +# consistent no matter what dpkg one has installed.
87 +%all_oses = map { $_ => 1 }
88 + ('linux', 'darwin', 'freebsd', 'kfreebsd', 'knetbsd', 'netbsd', 'openbsd',
91 +# Yes, this includes combinations that are rather unlikely to ever exist, like
92 +# hurd-sh3, but the chances of those showing up as errors are rather low and
93 +# this reduces the necessary updating.
95 +# For right now, linux-* are non-standard architectures. This probably isn't
96 +# strictly correct and will need to be revisited later.
97 +%non_standard_archs = map { $_ => 1 }
98 + grep { !$known_archs{$_} }
100 + map { my $os = $_; map { "$os-$_" } keys %all_cpus } keys %all_oses);
103 %known_sections = map { $_ => 1 }
104 ('admin', 'base', 'comm', 'devel', 'doc', 'editors', 'electronics',
106 %known_obsolete_packages = map { $_ => 1 }
107 ('libstdc++2.8', 'ncurses3.4', 'slang0.99.38', 'newt0.25', 'mesag2',
108 'libjpegg6a', 'gmp2', 'libgtop0', 'libghttp0', 'libpgsql', 'tk4.2',
109 - 'tcl7.6', 'libpng0g', 'xbase');
110 + 'tcl7.6', 'libpng0g', 'xbase', 'xlibs-dev', 'debmake', 'gcc-2.95' );
112 # Used only (at least lintian 1.23.1) for giving a warning about a
113 # virtual-only dependency
115 %known_libstdcs = map { $_ => 1 }
116 ('libstdc++2.9-glibc2.1', 'libstdc++2.10', 'libstdc++2.10-glibc2.2',
117 'libstdc++3', 'libstdc++3.0', 'libstdc++4', 'libstdc++5',
118 + 'libstdc++6', 'lib64stdc++6',
121 %known_tcls = map { $_ => 1 }
123 %known_libpngs = map { $_ => 1 }
124 ( 'libpng12-0', 'libpng2', 'libpng3', );
126 +%known_x_metapackages = map { $_ => 1 }
127 + ( 'x-window-system', 'x-window-system-dev', 'x-window-system-core',
128 + 'xorg', 'xorg-dev', );
130 +# Supported documentation formats for doc-base files.
131 +%known_doc_base_formats = map { $_ => 1 }
132 + ( 'html', 'text', 'pdf', 'postscript', 'info', 'dvi', 'debiandoc-sgml' );
135 diff -urNad lintian-1.23.8/checks/conffiles lintian-1.23.21/checks/conffiles
136 --- lintian-1.23.8/checks/conffiles 2004-07-04 12:18:33.000000000 +0000
137 +++ lintian-1.23.21/checks/conffiles 2006-07-18 11:42:35.000000000 +0000
139 -# conffiles -- lintian check script
140 +# conffiles -- lintian check script -*- perl -*-
142 # Copyright (C) 1998 Christian Schwarz
145 # You should have received a copy of the GNU General Public License
146 # along with this program. If not, you can find it on the World Wide
147 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
148 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
149 -# MA 02111-1307, USA.
150 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
151 +# MA 02110-1301, USA.
153 package Lintian::conffiles;
156 tag "duplicate-conffile", "$_";
159 - if (m,^/?var/lib/games/,o) {
160 - tag "score-file-must-not-be-conffile", "$_";
164 tag "file-in-usr-marked-as-conffile", "$_";
166 - unless (m,^/?etc/,o or m,^/?var/,o) {
167 - tag "non-etc-or-var-file-marked-as-conffile", "$_";
168 + unless (m,^/?etc/,o) {
169 + tag "non-etc-file-marked-as-conffile", "$_";
173 diff -urNad lintian-1.23.8/checks/conffiles.desc lintian-1.23.21/checks/conffiles.desc
174 --- lintian-1.23.8/checks/conffiles.desc 2005-01-14 20:58:38.000000000 +0000
175 +++ lintian-1.23.21/checks/conffiles.desc 2006-07-18 11:42:35.000000000 +0000
177 administrator would not have a chance to modify this configuration
180 -Tag: non-etc-or-var-file-marked-as-conffile
181 +Tag: non-etc-file-marked-as-conffile
183 -Info: A file installed in some other directory than <tt>/etc</tt> or
184 - <tt>/var</tt> is marked as conffile.
185 +Info: A file installed in some other directory than <tt>/etc</tt>
186 + is marked as conffile. A conffile typically implies a configuration file, and
187 + policy mandates such files to be in /etc
192 Info: All entries in the conffile control file should have an absolute
195 -Tag: score-file-must-not-be-conffile
197 -Info: Game score and data files should not be marked as conffiles.
199 Tag: duplicate-conffile
201 Info: The file is listed more than once in your <tt>debian/conffiles</tt> file.
202 diff -urNad lintian-1.23.8/checks/control-file lintian-1.23.21/checks/control-file
203 --- lintian-1.23.8/checks/control-file 2004-05-17 21:49:43.000000000 +0000
204 +++ lintian-1.23.21/checks/control-file 2006-07-18 11:42:35.000000000 +0000
206 -# control-file -- lintian check script
207 +# control-file -- lintian check script -*- perl -*-
209 # Copyright (C) 2004 Marc Brockschmidt
212 # You should have received a copy of the GNU General Public License
213 # along with this program. If not, you can find it on the World Wide
214 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
215 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
216 -# MA 02111-1307, USA.
217 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
218 +# MA 02110-1301, USA.
220 package Lintian::control_file;
226 +if (-l "debfiles/control") {
227 + tag "debian-control-file-is-a-symlink", "";
230 # check that control is UTF-8 encoded
231 my $line = file_is_encoded_in_non_utf8("debfiles/control", $type, $pkg);
233 tag "debian-control-file-uses-obsolete-national-encoding", "at line $line"
236 +# Check that each field is only used once:
237 +my $seen_fields = {};
238 +open (CONTROL, "debfiles/control") or fail "Couldn't read debfiles/control: $!";
242 + #Reset seen_fields if we enter a new section:
243 + $seen_fields = {} if /^$/;
247 + my $field = lc ($1);
248 + if ($seen_fields->{$field}) {
249 + tag "debian-control-with-duplicate-fields", "$field: $$seen_fields{$field}, $.";
251 + $seen_fields->{$field} = $.;
256 my ($header, @binary_controls) = read_dpkg_control("debfiles/control");
258 for my $binary_control (@binary_controls) {
259 diff -urNad lintian-1.23.8/checks/control-file.desc lintian-1.23.21/checks/control-file.desc
260 --- lintian-1.23.8/checks/control-file.desc 2004-11-24 22:44:10.000000000 +0000
261 +++ lintian-1.23.21/checks/control-file.desc 2006-07-18 11:42:35.000000000 +0000
263 `Build-Conflicts' or `Build-Conflicts-Indep' field in a binary
264 section. These specify source package relationships, and should be in
265 the source section of the control file.
267 +Tag: debian-control-with-duplicate-fields
269 +Info: One of the paragraphs of your debian/control contains the same
270 + field more than once. This can lead to an unexpected behaviour of dpkg
273 +Tag: debian-control-file-is-a-symlink
275 +Info: The <tt>debian/control</tt> file is a symlink rather than a regular
276 + file. Using symlinks for required source package files is unnecessary and
277 + makes package checking and manipulation more difficult. If the control
278 + file should be available in the source package under multiple names, make
279 + <tt>debian/control</tt> the real file and the other names symlinks to it.
280 diff -urNad lintian-1.23.8/checks/copyright-file lintian-1.23.21/checks/copyright-file
281 --- lintian-1.23.8/checks/copyright-file 2004-10-12 21:56:46.000000000 +0000
282 +++ lintian-1.23.21/checks/copyright-file 2006-07-18 11:42:35.000000000 +0000
284 -# copyright-file -- lintian check script
285 +# copyright-file -- lintian check script -*- perl -*-
287 # Copyright (C) 1998 Christian Schwarz
290 # You should have received a copy of the GNU General Public License
291 # along with this program. If not, you can find it on the World Wide
292 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
293 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
294 -# MA 02111-1307, USA.
295 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
296 +# MA 02110-1301, USA.
298 package Lintian::copyright_file;
301 $wrong_directory_detected = 1;
304 -# lame check for old FSF zip code
306 +# Lame check for old FSF zip code. Try to avoid false positives from other
307 +# Cambridge, MA addresses.
308 +if (m/(Free\s*Software\s*Foundation.*02139|02111-1307)/s) {
309 tag "old-fsf-address-in-copyright-file", "";
313 tag "copyright-does-not-refer-to-common-license-file", "$1";
316 +# This check is a bit prone to false positives, since some other licenses
317 +# mention the GPL. Also exclude any mention of the GPL following what looks
318 +# like mail headers, since sometimes e-mail discussions of licensing are
319 +# included in the copyright file but aren't referring to the license of the
321 if (m/(GNU General Public License|GPL)/ && !m,/usr/share/common-licenses,
322 && !m/Zope Public License/ && !m/LICENSE AGREEMENT FOR PYTHON 1.6.1/
323 && !m/LaTeX Project Public License/ && !m/GNU Free Documentation License/
324 + && !m/(^From:.*^To:|^To:.*^From:).*(GNU General Public License|GPL)/ms
325 && !$wrong_directory_detected) {
326 tag "copyright-should-refer-to-common-license-file-for-gpl", "";
328 diff -urNad lintian-1.23.8/checks/copyright-file.desc lintian-1.23.21/checks/copyright-file.desc
329 --- lintian-1.23.8/checks/copyright-file.desc 2004-07-06 19:05:37.000000000 +0000
330 +++ lintian-1.23.21/checks/copyright-file.desc 2006-07-18 11:42:35.000000000 +0000
333 Tag: no-copyright-file
336 Info: Each binary package has to include a plain file
337 /usr/share/doc/<i>pkg</i>/copyright
342 Tag: old-fsf-address-in-copyright-file
345 Info: The /usr/share/doc/<i>pkg</i>/copyright file refers to the old postal
346 address of the Free Software Foundation (FSF). The new address is:
348 - Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
349 - MA 02111-1307, USA.
350 + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
351 + MA 02110-1301, USA.
353 Tag: helper-templates-in-copyright
356 Info: The /usr/share/doc/<i>pkg</i>/copyright file still contains the template
357 contents from a packaging helper. Please include the actual license and
358 download information about the package.
360 Tag: copyright-should-refer-to-common-license-file-for-gpl
363 -Info: Packages distributed under the GNU GPL must make reference to
364 - /usr/share/common-licenses as the location of the GPL on Debian systems.
365 +Info: The string "GNU General Public License" or "GPL" appears in the
366 + copyright file for this package, but the copyright file does not
367 + reference <tt>/usr/share/common-licenses</tt> as the location of the GPL
370 Tag: copyright-lists-upstream-authors-with-dh_make-boilerplate
372 diff -urNad lintian-1.23.8/checks/cruft lintian-1.23.21/checks/cruft
373 --- lintian-1.23.8/checks/cruft 2004-05-17 21:56:40.000000000 +0000
374 +++ lintian-1.23.21/checks/cruft 2006-07-18 11:42:35.000000000 +0000
376 # You should have received a copy of the GNU General Public License
377 # along with this program. If not, you can find it on the World Wide
378 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
379 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
380 -# MA 02111-1307, USA.
381 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
382 +# MA 02110-1301, USA.
384 package Lintian::cruft;
387 tag "source-contains-CVS-dir", "$name";
388 } elsif ($name =~ m,^(.+/)?\.svn$,) {
389 tag "source-contains-svn-control-dir", "$name";
390 + } elsif ($name =~ m,^(.+/)?\.bzr$,) {
391 + tag "source-contains-bzr-control-dir", "$name";
392 + } elsif ($name =~ m,^(.+/)?\{arch\}$,) {
393 + tag "source-contains-arch-control-dir", "$name";
394 + } elsif ($name =~ m,^(.+/)?\.arch-ids$,) {
395 + tag "source-contains-arch-control-dir", "$name";
400 tag "svn-commit-file-in-source", "$name";
401 } elsif ($name =~ m,^(.+/)?\.cvsignore$,) {
402 tag "cvsignore-file-in-source", "$name";
403 + } elsif ($name =~ m,^(.+/)?\.arch-inventory$,) {
404 + tag "arch-inventory-file-in-source", "$name";
405 } elsif ($name =~ m,^(.+/)?\.\#(.+?)\.\d+(\.\d+)*$,) {
406 tag "source-contains-cvs-conflict-copy", "$name";
407 } elsif ($name =~ m,^(.+/)?(.+?)\.(r\d+|mine)$,) {
408 diff -urNad lintian-1.23.8/checks/cruft.desc lintian-1.23.21/checks/cruft.desc
409 --- lintian-1.23.8/checks/cruft.desc 2004-05-17 21:59:53.000000000 +0000
410 +++ lintian-1.23.21/checks/cruft.desc 2006-07-18 11:42:35.000000000 +0000
412 distributed normally. However, since upstream tarball often still contain
413 those, it's only an informational tag.
415 +Tag: arch-inventory-file-in-source
417 +Info: Package contains a '.arch-inventory' file. It may have been included by
418 + accident. It is Version Control System metadata that should not be
419 + distributed normally.
421 Tag: source-contains-svn-control-dir
423 Info: Source contains a .svn directory. It was most likely included by
424 accident, since Subversion version control directories usually don't belong
425 in packages. Export from subversion rather than checkout.
427 +Tag: source-contains-bzr-control-dir
429 +Info: Source contains a .bzr directory. It was most likely included by
430 + accident, since bazaar-ng version control directories usually don't belong
433 +Tag: source-contains-arch-control-dir
435 +Info: Source contains a {arch} or .arch-ids directory. It was most likely
436 + included by accident, since Arch version control directories usually don't
437 + belong in packages.
439 Tag: source-contains-CVS-dir
441 Info: Package contains a CVS directory. It was most likely included by
442 diff -urNad lintian-1.23.8/checks/debdiff lintian-1.23.21/checks/debdiff
443 --- lintian-1.23.8/checks/debdiff 2004-07-04 12:18:33.000000000 +0000
444 +++ lintian-1.23.21/checks/debdiff 2006-07-18 11:42:35.000000000 +0000
446 # You should have received a copy of the GNU General Public License
447 # along with this program. If not, you can find it on the World Wide
448 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
449 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
450 -# MA 02111-1307, USA.
451 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
452 +# MA 02110-1301, USA.
454 package Lintian::debdiff;
458 tag_warn("patch-failure-file-in-diff", $file)
459 if ($file =~ m/\.(orig|rej)$/);
461 + tag_warn("diff-contains-substvars", $file)
462 + if ($file =~ m%^debian/substvars$%);
464 close(STAT) or fail("error reading diffstat file: $!");
466 diff -urNad lintian-1.23.8/checks/debdiff.desc lintian-1.23.21/checks/debdiff.desc
467 --- lintian-1.23.8/checks/debdiff.desc 2004-05-02 01:30:44.000000000 +0000
468 +++ lintian-1.23.21/checks/debdiff.desc 2006-07-18 11:42:35.000000000 +0000
470 the reason is the location of the original source tarball. dpkg-source
471 searches for this in ../package_upstream-version.orig.tar.gz.
473 +Tag: diff-contains-substvars
475 +Info: Lintian found a substvars file in the Debian diff for this source
476 + package. The debian/substvars file is usually generated and modified
477 + dynamically by debian/rules targets, in which case it must be removed by
481 Tag: source-tar-is-posix-tar
483 Info: The source tar archive of this package is made with tar --posix. This
484 diff -urNad lintian-1.23.8/checks/debhelper lintian-1.23.21/checks/debhelper
485 --- lintian-1.23.8/checks/debhelper 2004-11-24 22:44:10.000000000 +0000
486 +++ lintian-1.23.21/checks/debhelper 2006-07-18 11:42:35.000000000 +0000
488 -# debhelper format -- lintian check script
489 +# debhelper format -- lintian check script -*- perl -*-
491 # Copyright (C) 1999 by Joey Hess
494 # You should have received a copy of the GNU General Public License
495 # along with this program. If not, you can find it on the World Wide
496 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
497 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
498 -# MA 02111-1307, USA.
499 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
500 +# MA 02110-1301, USA.
502 package Lintian::debhelper;
505 my $needversiondepends = '';
506 my $seenversiondepends = '0';
510 +# If there is no debian/compat file present but cdbs is being used, cdbs will
511 +# create one automatically. Currently it always uses compatibility level 4.
512 +# It may be better to look at what version of cdbs the package depends on and
513 +# from that derive the compatibility level....
517 # Parse the debian/rules file, and try to figure out if debhelper commands
518 # are run in it that like to modify maintainer scripts. Those debhelper
526 dh_installxmlcatalogs
530 open(RULES, "debfiles/rules") or fail("cannot read debian/rules: $!");
533 if (m/^\s+(dh_\w+)/) {
538 $needbuilddepends = 1;
539 - } elsif (/^\s*export\s+DH_COMPAT\s*=\s*(\d+)/) {
540 + } elsif (m,^include\s+/usr/share/cdbs/1/rules/debhelper.mk,) {
542 + $needbuilddepends = 1;
543 + $needtomodifyscripts = 1;
545 + # CDBS sets DH_COMPAT but doesn't export it. It does, however, create
546 + # a debian/compat file if none was found; that logic is handled later.
547 + $dhcompatvalue = $cdbscompat;
549 + } elsif (/^\s*export\s+DH_COMPAT\s*:?=\s*(\d+)/) {
550 $needversiondepends = $1;
551 + } elsif (/^\s*export\s+DH_COMPAT/) {
552 + $needversiondepends = $dhcompatvalue if $dhcompatvalue;
553 + } elsif (/^\s*DH_COMPAT\s*:?=\s*(\d+)/) {
554 + $dhcompatvalue = $1;
561 if ($needversiondepends) {
562 - tag "declares-possibly-conflicting-debhelper-compat-versions", "$needversiondepends $compat";
563 + tag "declares-possibly-conflicting-debhelper-compat-versions", "rules=$needversiondepends compat=$compat";
565 $needversiondepends = $compat;
571 -if ($needversiondepends and ($needversiondepends > 1) and ! Dep::versions_lte($needversiondepends, $seenversiondepends)) {
572 - tag "package-lacks-versioned-build-depends-on-debhelper", "$needversiondepends";
573 +if ($usescdbs and not $needversiondepends) {
574 + $needversiondepends = $cdbscompat;
576 +$needversiondepends ||= 1;
577 +if ($needversiondepends < 4) {
578 + tag "package-uses-deprecated-debhelper-compat-version", $needversiondepends;
581 +if ($needversiondepends > 4 and ! Dep::versions_lte($needversiondepends, $seenversiondepends)) {
582 + tag "package-lacks-versioned-build-depends-on-debhelper", $needversiondepends;
586 diff -urNad lintian-1.23.8/checks/debhelper.desc lintian-1.23.21/checks/debhelper.desc
587 --- lintian-1.23.8/checks/debhelper.desc 2004-05-02 01:30:44.000000000 +0000
588 +++ lintian-1.23.21/checks/debhelper.desc 2006-07-18 11:42:35.000000000 +0000
591 Tag: dh_testversion-is-deprecated
593 +Ref: dh_testversion(1)
594 Info: This package calls dh_testversion in its <tt>debian/rules</tt> file.
595 - As dh_testversion.1 says, dh_testversion is deprecated. Packages
596 - using debhelper should use versioned build dependencies to ensure
597 - that the correct version of debhelper is installed.
598 + dh_testversion is deprecated. Packages using debhelper should use
599 + versioned build dependencies to ensure that the correct version of
600 + debhelper is installed.
602 Tag: dh_dhelp-is-deprecated
606 Tag: dh_suidregister-is-obsolete
608 +Ref: dh_suidregister(1)
609 Info: suidregister is obsoleted by dpkg-statoverride, so registration of
610 files in with dh_suidregister is unnecessary, and even harmful.
612 - Please refer to the dh_suidregister(1) manual page for more information.
614 Tag: debhelper-compat-file-is-empty
617 Info: The source package has an empty debian/compat file. This is an error,
618 the compat level of debhelper should be in there.
620 - Please refer to the debhelper(7) manual page for more information.
622 Tag: declares-possibly-conflicting-debhelper-compat-versions
625 Info: The source package declares the debhelper compatibility version
626 - both in the debian/control file and in the rules file. If these ever
627 + both in the debian/compat file and in the rules file. If these ever
628 get out of synchronisation, the package may not build as expected.
630 +Tag: package-uses-deprecated-debhelper-compat-version
633 +Info: The debhelper compatibility version used by this package is marked
634 + as deprecated by the debhelper developer. You should really consider
635 + using a newer compatibility version.
637 - Please refer to the debhelper(7) manual page for more information.
638 + The compatibility version can be set in (preferred)
639 + <tt>debian/compat</tt> or by setting and exporting DH_COMPAT in
640 + <tt>debian/rules</tt>. If it is not set in either place, debhelper
641 + defaults to the deprecated compatibility version 1.
642 diff -urNad lintian-1.23.8/checks/description lintian-1.23.21/checks/description
643 --- lintian-1.23.8/checks/description 2005-01-14 23:32:36.000000000 +0000
644 +++ lintian-1.23.21/checks/description 2006-07-18 11:44:07.000000000 +0000
646 -# description -- lintian check script
647 +# description -- lintian check script -*- perl -*-
649 # Copyright (C) 1998 Christian Schwarz
652 # You should have received a copy of the GNU General Public License
653 # along with this program. If not, you can find it on the World Wide
654 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
655 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
656 -# MA 02111-1307, USA.
657 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
658 +# MA 02110-1301, USA.
660 package Lintian::description;
663 if ($synopsis =~ m/^\s*missing\s*$/i) {
664 tag "description-is-debmake-template", "" unless $template++;
665 } elsif ($synopsis =~ m/<insert up to 60 chars description>/) {
666 - tag "description-is-dh_make-template", "";
667 + tag "description-is-dh_make-template", "" unless $template++;
673 my $firstline = lc $_;
674 my $lsyn = lc $synopsis;
675 - if ($firstline =~ /^\Q$lsyn\E/) {
676 + if ($firstline =~ /^\Q$lsyn\E$/) {
677 tag "description-synopsis-is-duplicated", "";
679 $firstline =~ s/[^a-zA-Z0-9]+//g;
681 if (m/^\s*missing\s*$/oi) {
682 tag "description-is-debmake-template", "" unless $template++;
683 } elsif (m/<insert long description, indented with spaces>/) {
684 - tag "description-is-dh_make-template", "";
685 + tag "description-is-dh_make-template", "" unless $template++;
689 diff -urNad lintian-1.23.8/checks/description.desc lintian-1.23.21/checks/description.desc
690 --- lintian-1.23.8/checks/description.desc 2005-01-14 23:32:48.000000000 +0000
691 +++ lintian-1.23.21/checks/description.desc 2006-07-18 11:44:07.000000000 +0000
694 Info: The description contains a line starting with a dot (.). This is
699 Tag: description-too-long
702 Tag: description-contains-tabs
704 Info: The package "Description:" must not contain tab characters.
708 Tag: description-starts-with-leading-spaces
711 starts with a dash (-) or asterisk (*). If this was meant to be a
712 list of items these lines need to be indented (dselect would
713 word-wrap these lines otherwise).
717 Tag: description-is-debmake-template
719 diff -urNad lintian-1.23.8/checks/fields lintian-1.23.21/checks/fields
720 --- lintian-1.23.8/checks/fields 2004-12-25 23:40:20.000000000 +0000
721 +++ lintian-1.23.21/checks/fields 2006-07-18 11:44:07.000000000 +0000
723 -# fields -- lintian check script (rewrite)
724 +# fields -- lintian check script (rewrite) -*- perl -*-
726 # Copyright (C) 2004 Marc Brockschmidt
729 # You should have received a copy of the GNU General Public License
730 # along with this program. If not, you can find it on the World Wide
731 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
732 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
733 -# MA 02111-1307, USA.
734 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
735 +# MA 02110-1301, USA.
737 package Lintian::fields;
739 use lib "$ENV{'LINTIAN_ROOT'}/checks/";
745 +# Certain build tools must be listed in Build-Depends even if there are no
746 +# arch-specific packages because they're required in order to run the clean
747 +# rule. (See Policy 7.6.) The following is a list of package dependencies;
748 +# regular expressions that, if they match anywhere in the debian/rules file,
749 +# say that this package is allowed (and required) in Build-Depends; and
750 +# optional tags to use for reporting the problem if some information other
751 +# than the default is required.
752 +my @global_clean_depends = (
753 + [ cdbs => '^include\s+/usr/share/cdbs/' ],
754 + [ dbs => '^include\s+/usr/share/dbs/' ],
755 + [ debhelper => '^include\s+/usr/share/cdbs/1/rules/debhelper.mk' ],
756 + [ dpatch => '^include\s+/usr/share/cdbs/1/rules/dpatch.mk' ],
757 + [ quilt => '^include\s+/usr/share/cdbs/1/rules/patchsys-quilt.mk' ],
758 + [ dpatch => '^include\s+/usr/share/dpatch/' ],
759 + [ 'quilt (>= 0.40)' => '^include\s+/usr/share/quilt/' ]
762 +# These are similar, but the resulting dependency is only allowed, not
764 +my @global_clean_allowed = (
765 + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/dpatch.mk' ],
766 + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/patchsys-quilt.mk' ],
767 + [ patchutils => '^include\s+/usr/share/cdbs/1/rules/simple-patchsys.mk' ],
770 +# The allowed Python dependencies currently. This is the list of alternatives
771 +# that, either directly or through transitive dependencies that can be relied
772 +# upon, ensure /usr/bin/python will exist for the use of dh_python.
773 +my $python_depend = 'python | python-dev | python-all-dev';
775 +# A list of packages; regular expressions that, if they match anywhere in the
776 +# debian/rules file, this package must be listed in either Build-Depends or
777 +# Build-Depends-Indep as appropriate; and optional tags as above.
778 +my @global_depends = (
779 + [ $python_depend => '/usr/share/cdbs/1/class/python-distutils.mk' ],
780 + [ $python_depend => '^\t\s*dh_python\s', 'missing-dh_python-build-dependency' ],
781 + [ 'debhelper (>= 5.0.31)' => '^\t\s*dh_installxfonts', 'missing-dh_installxfonts-build-dependency' ],
784 +# Similarly, this list of packages, regexes, and optional tags say that if the
785 +# regex matches in one of clean, build-arch, binary-arch, or a rule they
786 +# depend on, this package is allowed (and required) in Build-Depends.
787 +my @rule_clean_depends = (
788 + [ debhelper => '^\t\s*dh_.+' ],
789 + [ dpatch => '^\t\s*dpatch\s' ],
790 + [ patch => '^\t\s*(?:perl debian/)?yada\s+unpatch' ],
791 + [ perl => '^\t\s*perl\s' ],
792 + [ $python_depend => '^\t\s*python\s' ],
793 + [ yada => '^\t\s*yada\s' ],
803 local $/ = undef; #Read everything in one go
808 for my $arch (@archs) {
809 - unless ($known_archs{$arch}) {
810 - tag "unknown-architecture", "";
811 + if ($non_standard_archs{$arch}) {
812 + tag "non-standard-architecture", "$arch";
813 + } elsif (! $known_archs{$arch}) {
814 + tag "unknown-architecture", "$arch";
819 tag "too-many-architectures", "" if (@archs > 1);
820 tag "arch-any-in-binary-pkg", "" if (grep { $_ eq "any" } @archs);
823 + # Used for later tests.
824 + $arch_indep = 1 if (@archs == 1 && $archs[0] eq 'all');
827 #---- Subarchitecture (udeb)
829 my $maintainer = <FH>;
832 + # Note, not expected to hit on uploaders anymore, as dpkg now strips
833 + # newlines for the .dsc, and the newlines don't hurt in debian/control
834 unfold($f, \$maintainer);
836 $maintainer =~ s/^\s*(.+?)\s*$/$1/; #Remove leading and trailing whitespace
838 } elsif (scalar @parts > 1) {
839 tag "unknown-section", "$section" unless $known_archive_parts{$parts[0]};
840 tag "unknown-section", "$section" unless $known_sections{$parts[1]};
841 + } elsif ($parts[0] eq 'unknown') {
842 + tag "section-is-dh_make-template";
844 tag "unknown-section", "$section" unless $known_sections{$parts[0]};
846 @@ -251,14 +313,31 @@
848 #---- Package relations (binary package)
850 +# Check whether the package looks like a meta-package, used for later
851 +# dependency checks. We consider a package to possibly be a meta-package if
852 +# it is a binary package, arch: all, with no files outside of /usr/share/doc.
853 +my $metapackage = 0;
854 +if ($type eq 'binary' && $arch_indep) {
856 + open IN, "index" or fail("cannot open index file index: $!");
860 + my ($mode, $file) = (split(' ', $_, 6))[0,5];
862 + $metapackage = 0 unless ($mode =~ /^d/ || $file =~ m%^\./usr/share/doc/%);
866 if (($type eq "binary") || ($type eq 'udeb')) {
868 + my (%deps, %fields);
869 for my $field (qw(depends pre-depends recommends suggests conflicts provides replaces)) {
870 if (open(FH, "fields/$field")) {
871 #Get data and clean it
873 unfold($field, \$data);
874 $data =~ s/^\s*(.+?)\s*$/$1/;
875 + $fields{$field} = $data;
877 my (@seen_libstdcs, @seen_tcls, @seen_tclxs, @seen_tks, @seen_tkxs, @seen_libpngs);
880 if ($d_version && grep { $d_version->[0] eq $_ } ("<", ">"));
882 tag "bad-version-in-relation", "$field: $part_d_orig"
883 - if ($d_version->[0] && ! (_valid_version($d_version->[1]))[1]);
884 + if ($d_version->[0] && ! defined((_valid_version($d_version->[1]))[1]));
886 tag "package-relation-with-self", "$field: $part_d_orig"
887 if ($pkg eq $d_pkg) && ($field ne 'conflicts');
888 @@ -309,11 +388,14 @@
889 tag "depends-on-obsolete-package", "$field: $part_d_orig"
890 if ($known_obsolete_packages{$d_pkg} && &$is_dep_field($field));
892 + tag "depends-on-x-metapackage", "$field: $part_d_orig"
893 + if ($known_x_metapackages{$d_pkg} && ! $metapackage && &$is_dep_field($field));
895 tag "depends-on-essential-package-without-using-version", "$field: $part_d_orig"
896 if ($d_pkg ne "coreutils" && $known_essential{$d_pkg} && ! $d_version->[0] && &$is_dep_field($field));
898 tag "package-depends-on-an-x-font-package", "$field: $part_d_orig"
899 - if ($field =~ /^(pre-)?depends$/ && $d_pkg =~ /^xfont.*/);
900 + if ($field =~ /^(pre-)?depends$/ && $d_pkg =~ /^xfont.*/ && $d_pkg ne 'xfonts-utils' && $d_pkg ne 'xfongs-encodings');
902 tag "needlessly-depends-on-awk", "$field"
903 if ($d_pkg eq "awk" && ! $d_version->[0] && &$is_dep_field($field));
905 tag "depends-on-libdb1-compat", "$field"
906 if ($d_pkg eq "libdb1-compat" && $pkg !~ /^libc(6|6.1|0.3)/ && $field =~ /^(pre-)depends$/);
908 + tag "depends-on-python-minimal", "$field",
909 + if ($d_pkg eq "python-minimal" && &$is_dep_field($field));
911 tag "doc-package-depends-on-main-package", "$field"
912 if ("$d_pkg-doc" eq $pkg && $field =~ /^(pre-)depends$/);
918 + # If Conflicts is set, make sure it's not inconsistent with the other
919 + # dependency fields.
920 + if ($fields{conflicts}) {
921 + for my $field (qw(depends pre-depends recommends suggests)) {
922 + next unless $fields{$field};
923 + my $depend = Dep::parse($fields{$field});
924 + for my $conflict (split /\s*,\s*/, $fields{conflicts}) {
925 + tag "conflicts-with-dependency", $conflict
926 + if Dep::implies($depend, Dep::parse($conflict));
931 for my $d_pkg_name (keys %deps) {
932 my $d_pkg = $deps{$d_pkg_name};
933 if (scalar @$d_pkg > 1) {
934 @@ -392,48 +490,62 @@
935 $arch_dep_packages++;
940 - if (-e "fields/build-depends" && $arch_dep_packages == 0) {
941 - if (not open(BD, "fields/build-depends")) {
942 - fail("Can't open fields/build-depends");
944 - my $build_depends = <BD>;
949 - if (not open (RULES, "debfiles/rules")) {
950 - fail("cannot read debfiles/rules: $!");
952 - my $target = "none";
953 - local $/ = "\n"; #Read this linewise
955 - $target = $1 if (/^(\S+):/);
956 - if (/^\s+dh_.+/ && grep ($_ eq $target, qw(clean binary-arch build-arch)) or
957 - m#^include\s+/usr/share/cdbs/1/rules/debhelper.mk#) {
963 + # Search through rules and determine which dependencies are required.
964 + # The keys in %needed and %needed_clean are the dependencies; the
965 + # values are the tags to use or the empty string to use the default
967 + my (%needed, %needed_clean, %allowed_clean);
968 + open (RULES, "debfiles/rules") or fail("cannot read debfiles/rules: $!");
969 + my $target = "none";
970 + local $/ = "\n"; # Read this linewise
971 + my @rules = qw(clean binary-arch build-arch);
973 + for my $rule (@global_clean_depends) {
974 + if ($_ =~ /$rule->[1]/) {
975 + $needed_clean{$rule->[0]} = $rule->[2] || $needed_clean{$rule->[0]} || '';
977 - unless ($build_depends =~ /^\s*debhelper(?:\s+\((.+?)\))?(?:\s+(\[.+?\]))?\s*$/ && $uses_dh){
978 - tag "build-depends-without-arch-dep", ""
980 + for my $rule (@global_clean_allowed) {
981 + if ($_ =~ /$rule->[1]/) {
982 + $allowed_clean{$rule->[0]} = 1;
985 + for my $rule (@global_depends) {
986 + if ($_ =~ /$rule->[1]/) {
987 + $needed{$rule->[0]} = $rule->[2] || $needed{$rule->[0]} || '';
990 + if (/^(\S+):(.*)/) {
992 + if (grep ($_ eq $target, @rules)) {
993 + push (@rules, split (' ', $2));
996 + if (grep ($_ eq $target, @rules)) {
997 + for my $rule (@rule_clean_depends) {
998 + if ($_ =~ /$rule->[1]/) {
999 + $needed_clean{$rule->[0]} = $rule->[2] || $needed_clean{$rule->[0]} || '';
1006 tag "build-depends-indep-without-arch-indep", ""
1007 if (-e "fields/build-depends-indep" && $arch_indep_packages == 0);
1009 my $is_dep_field = sub { grep { $_ eq $_[0] } qw(build-depends build-depends-indep) };
1013 for my $field (qw(build-depends build-depends-indep build-conflicts build-conflicts-indep)) {
1014 if (open(FH, "fields/$field")) {
1015 #Get data and clean it
1017 unfold($field, \$data);
1018 $data =~ s/^\s*(.+?)\s*$/$1/;
1019 + $depend{$field} = $data;
1021 for my $dep (split /\s*,\s*/, $data) {
1023 @@ -446,8 +558,11 @@
1024 my ($d_pkg, $d_version, $d_arch, $rest, $part_d_orig) = @$part_d;
1026 for my $arch (@{$d_arch->[0]}) {
1027 - tag "invalid-arch-string-in-source-relation", "$arch [$field: $part_d_orig]"
1028 - unless ($known_archs{$arch} || $arch eq "any" || $arch eq "all");
1029 + if ($non_standard_archs{$arch}) {
1030 + tag "non-standard-arch-in-source-relation", "$arch [$field: $part_d_orig]";
1031 + } elsif (!$known_archs{$arch} && $arch ne "any" && $arch ne "all") {
1032 + tag "invalid-arch-string-in-source-relation", "$arch [$field: $part_d_orig]"
1036 tag "depends-on-build-essential-package-without-using-version", "$d_pkg [$field: $part_d_orig]"
1037 @@ -455,6 +570,11 @@
1039 tag "build-depends-on-essential-package-without-using-version", "$field: $part_d_orig"
1040 if ($d_pkg ne "coreutils" && $known_essential{$d_pkg} && ! $d_version->[0]);
1041 + tag "build-depends-on-obsolete-package", "$field: $part_d_orig"
1042 + if ($known_obsolete_packages{$d_pkg} && &$is_dep_field($field));
1044 + tag "build-depends-on-x-metapackage", "$field: $part_d_orig"
1045 + if ($known_x_metapackages{$d_pkg} && &$is_dep_field($field));
1047 tag "bad-relation", "$field: $part_d_orig"
1049 @@ -462,6 +582,55 @@
1053 + $depend{'build-depends'} = Dep::parse($depend{'build-depends'} || '');
1054 + $depend{'build-depends-indep'} = Dep::parse($depend{'build-depends-indep'} || '');
1056 + # Make sure build dependencies and conflicts are consistent.
1057 + for ($depend{'build-conflicts'}, $depend{'build-conflicts-indep'}) {
1059 + for my $conflict (split /\s*,\s*/, $_) {
1060 + if (Dep::implies($depend{'build-depends'}, Dep::parse($conflict))
1061 + || Dep::implies($depend{'build-depends-indep'}, Dep::parse($conflict))) {
1062 + tag "build-conflicts-with-build-dependency", $conflict;
1067 + # Make sure that all the required build dependencies are there. Don't
1068 + # issue missing-build-dependency errors for debhelper, since there's
1069 + # another test that does that and it would just be a duplicate.
1070 + for my $package (keys %needed_clean) {
1071 + my $dep = Dep::parse($package);
1072 + my $tag = $needed_clean{$package} || 'missing-build-dependency';
1073 + unless (Dep::implies($depend{'build-depends'}, $dep)) {
1074 + if (Dep::implies($depend{'build-depends-indep'}, $dep)) {
1075 + tag "build-depends-indep-should-be-build-depends", $package;
1077 + tag $tag, $package if $package ne 'debhelper';
1081 + for my $package (keys %needed) {
1082 + my $dep = Dep::parse($package);
1083 + my $tag = $needed{$package} || 'missing-build-dependency';
1084 + unless (Dep::implies($depend{'build-depends'}, $dep)) {
1085 + unless (Dep::implies($depend{'build-depends-indep'}, $dep)) {
1086 + tag $tag, $package;
1090 + if (-e "fields/build-depends" && $arch_dep_packages == 0) {
1091 + open(FH, "fields/build-depends") or fail("cannot read fields/build-depends: $!");
1092 + my $build_depends = <FH>;
1094 + my @packages = split /\s*,\s*/, $build_depends;
1095 + foreach my $pkg (@packages) {
1096 + my ($name) = ($pkg =~ /^(\S+)/);
1097 + unless (defined $needed_clean{$name} || defined $allowed_clean{$name}) {
1098 + tag "build-depends-without-arch-dep", $name;
1105 diff -urNad lintian-1.23.8/checks/fields.desc lintian-1.23.21/checks/fields.desc
1106 --- lintian-1.23.8/checks/fields.desc 2004-12-25 23:40:20.000000000 +0000
1107 +++ lintian-1.23.21/checks/fields.desc 2006-07-18 11:44:07.000000000 +0000
1109 Check-Script: fields
1110 Author: Marc 'HE' Brockschmidt <marc@marcbrockschmidt.de>
1112 -Standards-Version: 3.6.1
1113 +Standards-Version: 3.6.2
1114 Type: binary, udeb, source
1116 Needs-Info: debfiles
1118 Info: A package name should be at least two characters long, must consist
1119 of the alphanumerics and `+' `-' and `.', and must start with an
1120 alphanumeric character.
1124 Tag: package-not-lowercase
1126 Info: New packages should not use uppercase characters in their names.
1130 Tag: no-version-field
1133 Tag: bad-version-number
1135 Info: The version number fails one of the syntactic requirements of dpkg.
1139 Tag: upstream-version-not-numeric
1141 Info: The upstream version number should start with a digit.
1145 Tag: debian-revision-not-well-formed
1149 Info: The special architecture values `all' and `any' only make sense if
1154 Tag: unknown-architecture
1156 Info: In addition to the special values `all' and `any', the architecture
1157 - names alpha, amd64, arm, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel,
1158 - powerpc, s390, sh, and sparc are currently in use. The special value
1159 - `source' is only used in .changes files and does not make sense in a binary
1160 - package or a .dsc file.
1161 + names alpha, arm, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel, powerpc,
1162 + s390, and sparc are currently in use. The special value `source' is only
1163 + used in .changes files and does not make sense in a binary package or a
1166 +Tag: non-standard-architecture
1168 +Info: In addition to the special values `all', `any' and the names of the
1169 + architectures already in the archive (alpha, arm, hppa, hurd-386, i386,
1170 + ia64, m68k, mips, mipsel, powerpc, s390, sparc), there are some
1171 + architectures still waiting to be included in the archive. Examples
1172 + include kfreebsd-i386 and ppc64.
1174 Tag: too-many-architectures
1176 Info: A binary package should list exactly one architecture (the one it is
1177 compiled for), or the special value `all' if it is architecture-independent.
1181 Tag: arch-any-in-binary-pkg
1183 Info: The special architecture value `any' does not make sense in a binary
1188 Tag: no-maintainer-field
1192 Info: The maintainer field should contain the package maintainer's name and
1193 email address, with the name followed by the address inside angle
1194 - brackets (< and &rt;). The address seems to be missing.
1195 + brackets (< and >). The address seems to be missing.
1198 Tag: maintainer-address-malformed
1201 Info: The uploader field should contain the package uploader's name and
1202 email address, with the name followed by the address inside angle
1203 - brackets (< and &rt;). The address seems to be missing.
1204 + brackets (< and >). The address seems to be missing.
1207 Tag: uploader-address-malformed
1208 @@ -199,18 +207,18 @@
1209 Tag: essential-in-source-package
1211 Info: This field should only appear in binary packages.
1215 Tag: essential-no-not-needed
1217 Info: Having `Essential: no' is the same as not having the field at all,
1218 so it just makes the Packages file longer with no benefit.
1222 Tag: unknown-essential-value
1224 Info: The only valid values for the Essential field are yes and no.
1228 Tag: no-section-field
1230 @@ -235,6 +243,14 @@
1231 is in the contrib distribution.
1234 +Tag: section-is-dh_make-template
1236 +Info: The `Section:' field in this package's control file is set to
1237 + unknown. This is not a valid section, and usually means a dh_make
1238 + template control file was used and never modified to set the correct
1242 Tag: wrong-section-for-udeb
1244 Info: udeb packages should have `Section: debian-installer'.
1248 Tag: bad-version-in-relation
1252 Info: The version number used in this relationship does not match the
1253 defined format of a version number.
1254 @@ -342,6 +358,28 @@
1256 Info: The package depends on a package that has been superseded.
1258 +Tag: build-depends-on-obsolete-package
1260 +Info: The package build-depends on a package that has been superseded.
1262 +Tag: depends-on-x-metapackage
1264 +Info: Packages that are not themselves metapackages must not depend on X
1265 + Window System metapackages.
1267 + The metapackages xorg, xorg-dev, x-window-system, x-window-system-dev, and
1268 + x-window-system-core exist only for the benefit of users and dependencies
1269 + for other metapackages and should not be used in regular package
1272 +Tag: build-depends-on-x-metapackage
1274 +Info: Packages must not build-depend on X Window System metapackages.
1276 + The metapackages xorg, xorg-dev, x-window-system, x-window-system-dev, and
1277 + x-window-system-core exist only for the benefit of users and should not
1278 + be used in package build dependencies.
1280 Tag: depends-on-essential-package-without-using-version
1283 @@ -371,11 +409,16 @@
1285 Tag: invalid-arch-string-in-source-relation
1289 Info: The architecture string in the source relation does not follow policy.
1290 A common cause of this is a comma in the arch, i.e. [i386, m68k], it should
1293 +Tag: non-standard-arch-in-source-relation
1295 +Info: The architecture string in the source relation is one of the
1296 + architectures still waiting to be included in the archive.
1298 Tag: depends-on-build-essential-package-without-using-version
1300 Info: The package declares a depends on a build essential package without
1301 @@ -403,13 +446,46 @@
1302 Tag: build-depends-without-arch-dep
1305 -Info: The control file specifies source relations for architecture-dependent
1306 - packages, but no architecture-dependent packages are built. There are some
1307 - exceptions, e.g. build dependencies that have to be satisfied while calling
1308 - the "clean" target of debian/rules, the most common case of which is a
1309 - Build-Depends: debhelper if you use dh_clean in the "clean" target.
1310 - In other cases, you most likely need to change Build-Depends to
1311 - Build-Depends-Indep.
1312 +Info: The control file lists the given package in Build-Depends, but no
1313 + architecture-dependent packages are built. If all the packages built are
1314 + architecture-independent, the only packages that should be listed in
1315 + Build-Depends are those required to run the clean target (such as
1316 + debhelper if you use dh_clean). Other build dependencies should be listed
1317 + in Build-Depends-Indep instead.
1319 +Tag: build-depends-indep-should-be-build-depends
1322 +Info: The specified package is required to run the clean target of
1323 + <tt>debian/rules</tt> and therefore must be listed in Build-Depends, even
1324 + if no architecture-dependent packages are built.
1326 +Tag: missing-build-dependency
1329 +Info: The package doesn't specify a build dependency on a package that is
1330 + used in <tt>debian/rules</tt>.
1332 +Tag: missing-dh_python-build-dependency
1335 +Info: The package runs dh_python in <tt>debian/rules</tt> but doesn't
1336 + build-depend on python or python-dev. dh_python requires
1337 + <tt>/usr/bin/python</tt> to run, so packages using dh_python must
1338 + build-depend on python (or python-dev or python-all-dev, which in turn
1339 + depend on python), even if they don't otherwise need Python to build.
1341 +Tag: missing-dh_installxfonts-build-dependency
1343 +Info: dh_installxfonts prior to debhelper 5.0.31 does not correctly handle
1344 + the paths and dependencies for the X.Org 7 modular tree. Any package
1345 + using dh_installxfonts must depend on at least debhelper (>= 5.0.31).
1347 +Tag: build-conflicts-with-build-dependency
1350 +Info: The package build-conflicts with a package that it also
1353 Tag: package-has-a-duplicate-relation
1355 @@ -472,6 +548,20 @@
1356 glibc 2.0 or 2.1. There is intentionally no corresponding development
1357 package. Do not link new applications against this library!
1359 +Tag: depends-on-python-minimal
1361 +Info: The python-minimal package exists only to possibly become an
1362 + Essential package. Depending on it is always an error since it should
1363 + never be installed without python. If it becomes Essential, there is no
1364 + need to depend on it, and until then, packages that require Python must
1367 +Tag: conflicts-with-dependency
1370 +Info: The package seems to conflict with one of its dependencies,
1371 + recommendations, or suggestions.
1375 Info: The field Installer-Menu-Item should only contain positive integer
1376 diff -urNad lintian-1.23.8/checks/files lintian-1.23.21/checks/files
1377 --- lintian-1.23.8/checks/files 2005-01-14 21:34:52.000000000 +0000
1378 +++ lintian-1.23.21/checks/files 2006-07-18 11:44:07.000000000 +0000
1380 -# files -- lintian check script
1381 +# files -- lintian check script -*- perl -*-
1383 # Copyright (C) 1998 Christian Schwarz and Richard Braakman
1386 # You should have received a copy of the GNU General Public License
1387 # along with this program. If not, you can find it on the World Wide
1388 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
1389 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
1390 -# MA 02111-1307, USA.
1391 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
1392 +# MA 02110-1301, USA.
1394 package Lintian::files;
1404 +# We only want to warn about this once.
1405 +my $warned_x11_predepends = 0;
1407 # Read package contents...
1408 open(IN,"index") or fail("cannot open index file index: $!");
1410 @@ -229,17 +233,43 @@
1411 tag "old-app-defaults-directory", "$file";
1414 - #----------------- /usr/{lib,bin,include}/X11/
1415 - elsif ($file =~ m,^usr/(?:lib|bin|include)/X11/,) {
1416 - tag "package-installs-file-to-usr-something-x11", "$file";
1417 + #----------------- /usr/{include,lib}/X11/
1418 + # Packages installing files here must pre-depend on x11-common
1419 + # so that the symlinks will be sorted out first.
1420 + elsif ($file =~ m,^usr/(?:include|lib)/X11/, && !$warned_x11_predepends) {
1421 + if (open (FH, "fields/package")) {
1425 + if ($name ne 'x11-common') {
1426 + my $pre_depends = '';
1427 + if (open (FH, "fields/pre-depends")) {
1428 + $pre_depends = <FH>;
1430 + $pre_depends =~ s/\n//g;
1432 + $pre_depends = Dep::parse($pre_depends);
1433 + tag "file-in-usr-something-x11-without-pre-depends", "$file"
1434 + unless Dep::implies($pre_depends, Dep::parse('x11-common (>= 1:7.0.0)'));
1438 + # Always set this so that we don't redo the check, even if we
1439 + # didn't warn. If the first instance didn't warn, none will.
1440 + $warned_x11_predepends = 1;
1444 #----------------- /usr/X11R6/
1445 + elsif ($file =~ m,^usr/X11R6/bin,) {
1446 + tag "package-installs-file-to-usr-x11r6-bin", "$file";
1448 + elsif ($file =~ m,^usr/X11R6/lib/X11/fonts,) {
1449 + tag "package-installs-font-to-usr-x11r6", "$file";
1451 elsif ($file =~ m,^usr/X11R6/, and
1452 - $file !~ m,^usr/X11R6/lib/X11/fonts, and #font packages are allowed
1453 - $perm !~ m,^l, and #links to FHS locations are encouraged
1454 - $source_pkg ne "xfree86") { #The X Window System is allowed to do anything
1455 - tag "packages-installs-file-to-usr-x11r6", "$file";
1456 + $perm !~ m,^l,) { #links to FHS locations are allowed
1457 + tag "package-installs-file-to-usr-x11r6", "$file";
1460 # ---------------- /usr/lib/sgml
1461 @@ -277,11 +307,14 @@
1464 # ---------------- /usr/share/man and /usr/X11R6/man
1465 - elsif ($file =~ m,^usr/X11R6/man/\S+, or m,^usr/share/man/\S+, ) {
1466 + elsif ($file =~ m,^usr/X11R6/man/\S+, or $file =~ m,^usr/share/man/\S+,) {
1467 if ($type eq 'udeb') {
1468 tag "documentation-file", "$file";
1470 - if ($perm =~ m/^-.*[xt]/) {
1471 + if ($perm =~ m/^d/) {
1472 + tag "stray-directory-in-manpage-directory", "$file"
1473 + if ($file !~ m,^usr/(X11R6|share)/man/(?:[^/]+/)?(man\d/)?$,);
1474 + } elsif ($perm =~ m/^-.*[xt]/) {
1475 tag "executable-manpage", "$file";
1478 @@ -303,7 +336,11 @@
1479 tag "FSSTND-dir-in-usr", "$file";
1482 - elsif ( $file !~ m,^usr/(X11R6|X386|bin|games|include|lib|local|sbin|share|src|spool|tmp)/, ) {
1483 + elsif ( $file !~ m,^usr/(X11R6|X386|
1484 + bin|games|include|
1487 + src|spool|tmp)/,x ) {
1488 tag "non-standard-dir-in-usr", "$file";
1489 } elsif ( $file =~ m,^usr/share/doc, ) {
1490 tag "uses-FHS-doc-dir", "$file";
1493 # ---------------- FHS directory?
1494 elsif ($file =~ m,^[^/]+/$, and $file ne './' and
1495 - $file !~ m,^(bin|boot|dev|etc|home|lib|mnt|opt|root|sbin|tmp|usr|var)/,) { # Make an exception for the base-files package here, because it
1496 + $file !~ m,^(bin|boot|dev|etc|home|lib(64|32)?|mnt|opt|root|sbin|tmp|usr|var)/,) { # Make an exception for the base-files package here, because it
1497 # installs a slew of top-level directories for setting up the
1498 # base system. (Specifically, /cdrom, /floppy, /initrd, and /proc
1499 # are not mentioned in the FHS).
1502 # ---------------- compatibility symlinks should not be used
1503 if ($file =~ m,^usr/(spool|tmp)/, or
1504 - $file =~ m,^usr/(doc|bin|lib|include)/X11/, or
1505 + $file =~ m,^usr/(doc|bin)/X11/, or
1506 $file =~ m,^var/adm/,) {
1507 tag "use-of-compat-symlink", "$file";
1509 @@ -393,8 +430,10 @@
1510 # ---------------- any files
1511 if ($perm !~ m/^d/) {
1512 unless ($type eq 'udeb' or
1513 - $file =~ m,^usr/(bin|dict|doc|games|include|info|lib|man|sbin|share|src|X11R6)/, or
1514 - $file =~ m,^lib/(modules/|libc5-compat/)?, or
1515 + $file =~ m,^usr/(bin|dict|doc|games|
1516 + include|info|lib(32|64)?|
1517 + man|sbin|share|src|X11R6)/,x or
1518 + $file =~ m,^lib(32|64)?/(modules/|libc5-compat/)?, or
1519 $file =~ m,^var/(games|lib|www|named)/, or
1520 $file =~ m,^(bin|boot|dev|etc|sbin)/, or
1521 # non-FHS, but still usual
1523 # because a package had a HTML form for licenses called like that.
1524 # Another exception is made for various picture formats since
1525 # those are likely to just be simply pictures.
1526 - and not $file =~ m/\.(el|c|h|py|cc|pl|pm|html|php|xpm|png)$/
1527 + and not $file =~ m/\.(el|c|h|py|cc|pl|pm|html|php|xpm|png|jpe?g|gif|svg)$/
1528 and not defined $link) {
1529 tag "extra-license-file", "$file";
1531 @@ -468,11 +507,21 @@
1532 tag "cvsignore-file-in-package", "$file";
1535 + # ---------------- arch-inventory files
1536 + if ($file =~ m/\.arch-inventory$/) {
1537 + tag "arch-inventory-file-in-package", "$file";
1540 # ---------------- subversion commit message backups
1541 if ($file =~ m/svn-commit.*\.tmp$/) {
1542 tag "svn-commit-file-in-package", "$file";
1545 + # ---------------- executables with language extensions
1546 + if ($file =~ m,^(usr/)?(s?bin|games)/[^/]+\.(pl|sh|py)$,) {
1547 + tag "script-with-language-extension", "$file";
1550 # ---------------- general: setuid/setgid files!
1551 if ($perm =~ m/s/) {
1552 my ($setuid, $setgid) = ("","");
1553 @@ -486,14 +535,11 @@
1554 $setuid = $user if ($operm & 04000);
1555 $setgid = $group if ($operm & 02000);
1557 - $wanted_operm = 0755;
1559 # 1st special case: program is using svgalib:
1560 if (exists $linked_against_libvga{$file}) {
1561 # setuid root is ok, so remove it
1562 if ($setuid eq 'root') {
1564 - $wanted_operm |= 04000;
1568 @@ -502,25 +548,30 @@
1569 # setgid games is ok, so remove it
1570 if ($setgid eq 'games') {
1572 - $wanted_operm |= 02000;
1576 - #allow anything with suid in the name
1577 + # 3rd special case: allow anything with suid in the name
1578 if ($pkg =~ m,-suid,) {
1580 - $wanted_operm |= 04000;
1583 + # Check for setuid and setgid that isn't expected.
1584 if ($setuid and $setgid) {
1585 tag "setuid-gid-binary", $file, sprintf("%04o $owner",$operm);
1587 tag "setuid-binary", $file, sprintf("%04o $owner",$operm);
1589 tag "setgid-binary", $file, sprintf("%04o $owner",$operm);
1590 - } elsif ($operm != $wanted_operm) {
1591 - tag "non-standard-executable-perm",
1592 - sprintf("$file %04o != %04o",$operm,$wanted_operm);
1595 + # Check for permission problems other than the setuid status.
1596 + if (($operm & 0444) != 0444) {
1597 + tag "executable-is-not-world-readable", $file,
1598 + sprintf("%04o",$operm);
1599 + } elsif ($operm != 04755 && $operm != 02755 && $operm != 06755 && $operm != 04754) {
1600 + tag "non-standard-setuid-executable-perm", $file,
1601 + sprintf("%04o",$operm);
1604 # ---------------- general: executable files
1605 @@ -528,14 +579,17 @@
1607 if ($owner =~ m,root/games,) {
1608 if ($operm != 2755) {
1609 - tag "non-standard-executable-perm", $file,
1610 + tag "non-standard-game-executable-perm", $file,
1611 sprintf("%04o != 2755",$operm);
1614 - if ($operm != 0755) {
1615 + if (($operm & 0444) != 0444) {
1616 + tag "executable-is-not-world-readable", $file,
1617 + sprintf("%04o != 0755",$operm);
1618 + } elsif ($operm != 0755) {
1619 tag "non-standard-executable-perm", $file,
1620 sprintf("%04o != 0755",$operm);
1625 # ---------------- general: normal (non-executable) files
1627 # Ada library information files should be read-only
1628 # since GNAT behaviour depends on that
1630 + } elsif ($operm == 0600 and $file =~ m,etc/backup.d/,) {
1631 + # backupninja expects configurations files to be 0600
1632 } elsif ($operm != 0644) {
1633 tag "non-standard-file-perm", $file,
1634 sprintf("%04o != 0644",$operm);
1635 @@ -574,6 +630,13 @@
1636 if ($file =~ m,/\.svn/?$,) {
1637 tag "package-contains-svn-control-dir", "$file";
1639 + if ($file =~ m,/\.bzr/?$,) {
1640 + tag "package-contains-bzr-control-dir", "$file";
1642 + if (($file =~ m,/\.arch-ids/?$,)
1643 + || ($file =~ m,/\{arch\}/?$,)) {
1644 + tag "package-contains-arch-control-dir", "$file";
1646 if ($file =~ m,/.xvpics/?$,) {
1647 tag "package-contains-xvpics-dir", "$file";
1649 diff -urNad lintian-1.23.8/checks/files.desc lintian-1.23.21/checks/files.desc
1650 --- lintian-1.23.8/checks/files.desc 2005-01-14 21:34:51.000000000 +0000
1651 +++ lintian-1.23.21/checks/files.desc 2006-07-18 11:44:07.000000000 +0000
1654 Author: Christian Schwarz <schwarz@debian.org>
1656 -Standards-Version: 3.5.0
1657 +Standards-Version: 3.7.0
1660 Needs-Info: objdump-info, scripts
1662 this prevents X from replacing it with a compatability symlink.
1665 -Tag: package-installs-file-to-usr-something-x11
1666 +Tag: package-installs-font-to-usr-x11r6
1668 -Info: Packages must not provide or install files into the directories
1669 - /usr/bin/X11/, /usr/include/X11/ or /usr/lib/X11/.
1670 +Info: The standard location for X fonts has moved to /usr/share/fonts/X11.
1671 + Packages providing X fonts must install them into the new path. Fonts
1672 + installed into the old /usr/X11R6/lib/X11/fonts path may not be seen by
1675 + If the package uses imake, it must build-depend on xutils-dev (>=
1676 + 1:1.0.2-2) for the correct paths. If it uses dh_installxfonts to handle X
1677 + font installation, it must build-depend on debhelper (>= 5.0.31).
1680 +Tag: package-installs-file-to-usr-x11r6-bin
1682 +Info: Debian has switched to the modular X tree which now uses the regular
1683 + FHS paths, and all packages must follow. All packages installing binaries
1684 + must install them into /usr/bin (or some other appropriate location)
1685 + instead of /usr/X11R6/bin.
1687 + The x11-common package attempts to change /usr/X11R6/bin into a symlink
1688 + to /usr/bin, so if this migration has already occurred, a package
1689 + installing files into /usr/X11R6/bin may appear to install
1690 + successfully. However, such a package will be left in an inconsistent
1691 + state and may orphan files when the compatibility link goes away.
1693 + If the package uses imake, it must build-depend on xutils-dev (>=
1694 + 1:1.0.2-2) for the correct paths.
1697 -Tag: packages-installs-file-to-usr-x11r6
1699 +Tag: file-in-usr-something-x11-without-pre-depends
1701 +Info: Packages that install files into /usr/include/X11 or /usr/lib/X11
1702 + must pre-depend on at least x11-common (>= 1:7.0.0). These directories
1703 + used to be symlinks and installing files in them while they are still
1704 + symlinks will put files in the wrong locations and cause stranded files
1705 + and other problems. x11-common is responsible for converting the
1706 + symlinks to regular directories.
1709 +Tag: package-installs-file-to-usr-x11r6
1711 Info: Packages using the X Window System should not be configured to install
1712 - files under the /usr/X11R6/ directory unless they use imake. The /usr/X11R6/
1713 - directory hierarchy should be regarded as deprecated for all packages except
1714 - the X Window System itself.
1715 + files under the /usr/X11R6/ directory. Debian has switched to the modular
1716 + X tree which now uses regular FHS paths and all packages should follow.
1718 - Programs that use GNU autoconf and automake are usually easily configured at
1719 - compile time to use /usr/ instead of /usr/X11R6/, and this should be done
1720 - whenever possible.
1721 + Programs that use GNU autoconf and automake are usually easily configured
1722 + at compile time to use /usr/ instead of /usr/X11R6/. Packages that use
1723 + imake must build-depend on xutils-dev (>= 1:1.0.2-2) for the correct
1727 Tag: config-file-reserved $file
1730 Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND.
1732 - Instead, the Filesystem Hierarchy Standard (FHS), version 2.1, is
1733 + Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is
1734 used. You can find it in /usr/share/doc/debian-policy/fhs/ .
1736 Tag: FSSTND-dir-in-var
1738 Info: As of policy version 3.0.0.0, Debian no longer follows the FSSTND.
1740 - Instead, the Filesystem Hierarchy Standard (FHS), version 2.1, is
1741 + Instead, the Filesystem Hierarchy Standard (FHS), version 2.3, is
1742 used. You can find it in /usr/share/doc/debian-policy/fhs/ .
1744 Tag: package-installs-into-etc-rc.d
1746 -Severity: Important
1747 Info: The package installs files into the <tt>/etc/rc.d</tt> or
1748 <tt>/etc/rc?.d</tt> which is not allowed.
1750 @@ -95,23 +127,27 @@
1752 Tag: file-in-usr-local
1754 -Severity: Important
1755 Info: The package installs a file in <tt>/usr/local/...</tt> which is
1761 -Severity: Important
1762 Info: The package installs a file in <tt>/opt/...</tt> which is not allowed.
1764 +Tag: stray-directory-in-manpage-directory
1766 +Info: This package installs a directory under <tt>/usr/share/man</tt> or
1767 + <tt>/usr/X11R6/man</tt> that isn't a manual section directory or locale
1771 Tag: executable-manpage
1773 Info: Manual pages are not meant to be executed.
1775 Tag: dir-in-usr-local
1777 -Severity: Important
1778 Info: The package installs a directory in <tt>/usr/local/...</tt> which is
1781 @@ -134,40 +170,68 @@
1783 Info: The directory has a mode different from 0755, and it's not one of the
1787 -Tag: non-standard-game-executable-perm
1788 +Tag: executable-is-not-world-readable
1790 -Info: The file has a mode different from 2755 or 0755. In some cases this
1791 - is intentional, but in other cases this is a bug.
1792 +Info: All executabless should be readable by any user. Since anyone can
1793 + download the Debian package and obtain a copy of the executable, no
1794 + security is gained by making the executable unreadable even for setuid
1795 + binaries. If only members of a certain group may execute this file,
1796 + remove execute permission for world, but leave read permission.
1799 Tag: non-standard-executable-perm
1801 -Info: The file has a mode different from 0755. In some cases this is
1802 - intentional, but in other cases this is a bug.
1803 +Info: Executables that are not setuid or setgid should always have a mode
1804 + of 0755. Since anyone can obtain the executable by downloading the
1805 + Debian package and extracting it, restricting access serves little
1809 +Tag: non-standard-game-executable-perm
1811 +Info: The file is owned by the games group but is not mode 2755. If a
1812 + game does not have to be setgid games, it should be owned by the root
1813 + group like any other executable. This executable is either owned by the
1814 + wrong group or is not setgid when it should be.
1816 +Tag: non-standard-setuid-executable-perm
1818 +Info: The file is setuid or setgid and has a mode different from any of
1819 + 2755, 4755, 4754, or 6755. Any other permissions on setuid executables
1820 + is probably a bug. In particular, removing root write privileges serves
1821 + no purpose, group-writable setuid or setgid executables are probably bad
1822 + ideas, and setgid executables that are not world-executable serve little
1828 -Info: The file is tagged SETUID. In some cases this is
1829 - intentional, but in other cases this is a bug.
1830 +Info: The file is tagged SETUID. In some cases this is intentional, but in
1831 + other cases this is a bug. If this is intentional, please add a lintian
1832 + override to document this fact.
1836 -Info: The file is tagged SETGID. In some cases this is
1837 - intentional, but in other cases this is a bug.
1838 +Info: The file is tagged SETGID. In some cases this is intentional, but in
1839 + other cases this is a bug. If this is intentional, please add a lintian
1840 + override to document this fact.
1842 Tag: setuid-gid-binary
1844 Info: The file is tagged SETUID and SETGID. In some cases this is
1845 - intentional, but in other cases this is a bug.
1846 + intentional, but in other cases this is a bug. If this is intentional,
1847 + please add a lintian override to document this fact.
1849 Tag: non-standard-file-perm
1851 Info: The file has a mode different from 0644. In some cases this is
1852 intentional, but in other cases this is a bug.
1857 -Severity: Important
1858 Info: The package contains a <i>special</i> file (e.g., a device file).
1859 This is forbidden by current policy. If your program needs this device,
1860 you should create it by calling <tt>makedev</tt> from the postinst
1861 @@ -434,6 +498,18 @@
1862 accident, since Subversion version control directories usually don't belong
1865 +Tag: package-contains-bzr-control-dir
1867 +Info: Package contains a .bzr directory. It was most likely installed by
1868 + accident, since bazaar-ng version control directories usually don't belong
1871 +Tag: package-contains-arch-control-dir
1873 +Info: Package contains a {arch} or .arch-ids directory. It was most likely
1874 + installed by accident, since Arch version control directories usually don't
1875 + belong in packages.
1877 Tag: package-contains-xvpics-dir
1879 Info: Package contains a .xvpics directory. It was most likely installed by
1880 @@ -444,6 +520,11 @@
1881 Info: Package contains a '.cvsignore' file. It may have been installed by
1884 +Tag: arch-inventory-file-in-package
1886 +Info: Package contains a '.arch-inventory' file. It may have been installed by
1889 Tag: svn-commit-file-in-package
1891 Info: Package contains a 'svn-commit(.NNN).tmp' file. This file is almost
1892 @@ -495,3 +576,22 @@
1893 files that are intended to create a menu should be placed in
1894 <tt>/usr/share/applications/</tt>, and no longer in
1895 <tt>/usr/share/gnome/apps</tt> or <tt>/usr/share/applnk</tt>
1897 +Tag: file-in-usr-lib-cgi-bin
1899 +Info: Packages shipping web server CGI files should install them in
1900 + <tt>/usr/lib/cgi-lib</tt>, not in <tt>/usr/lib/cgi-bin</tt>. This is
1901 + done to avoid conflicts with the cgi-bin script alias, which is reserved
1902 + for the local use of webmasters. Web servers should include /cgi-lib/ as
1903 + a standard ScriptAlias pointing to that directory.
1906 +Tag: script-with-language-extension
1908 +Info: When scripts are installed into a directory in the system PATH, the
1909 + script name should not include an extension such as <tt>.sh</tt> or
1910 + <tt>.pl</tt> that denotes the scripting language currently used to
1911 + implement it. The implementation language may change; if it does,
1912 + leaving the name the same would be confusing and changing it would be
1915 diff -urNad lintian-1.23.8/checks/infofiles lintian-1.23.21/checks/infofiles
1916 --- lintian-1.23.8/checks/infofiles 2004-05-11 23:31:10.000000000 +0000
1917 +++ lintian-1.23.21/checks/infofiles 2006-07-18 11:44:07.000000000 +0000
1919 -# infofiles -- lintian check script
1920 +# infofiles -- lintian check script -*- perl -*-
1922 # Copyright (C) 1998 Christian Schwarz
1923 # Copyright (C) 2001 Josip Rodin
1925 # You should have received a copy of the GNU General Public License
1926 # along with this program. If not, you can find it on the World Wide
1927 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
1928 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
1929 -# MA 02111-1307, USA.
1930 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
1931 +# MA 02110-1301, USA.
1933 package Lintian::infofiles;
1936 tag "install-info-not-called-with-quiet-option", ""
1937 unless $postinst{'calls-install-info-quiet'};
1938 tag "install-info-not-called-with-section-option", ""
1939 - unless $postinst{'calls-install-info-section'};
1940 + unless ( $postinst{'calls-install-info-section'}
1941 + || $postinst{'calls-install-info-remove'} ) ;
1943 if ($prerm{'calls-install-info'}) {
1944 # it must use the --quiet option
1946 $pres->{'calls-install-info-quiet'} = 1;
1947 } elsif ($piece eq '--section') {
1948 $pres->{'calls-install-info-section'} = 1;
1949 + } elsif ($piece eq '--remove') {
1950 + $pres->{'calls-install-info-remove'} = 1;
1954 diff -urNad lintian-1.23.8/checks/init.d lintian-1.23.21/checks/init.d
1955 --- lintian-1.23.8/checks/init.d 2004-10-12 22:16:58.000000000 +0000
1956 +++ lintian-1.23.21/checks/init.d 2006-07-18 11:44:07.000000000 +0000
1958 -# init.d -- lintian check script
1959 +# init.d -- lintian check script -*- perl -*-
1961 # Copyright (C) 1998 Christian Schwarz
1964 # You should have received a copy of the GNU General Public License
1965 # along with this program. If not, you can find it on the World Wide
1966 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
1967 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
1968 -# MA 02111-1307, USA.
1969 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
1970 +# MA 02110-1301, USA.
1972 package Lintian::init_d;
1978 +my $opts_r = qr/-\S+\s*/;
1979 +my $name_r = qr/[\w.-]+/;
1980 +my $action_r = qr/\w+/;
1981 +my $exclude_r = qr/if\s+\[\s+-x\s+\S*update-rc\.d/;
1983 # read postinst control file
1984 if (open(IN,$postinst)) {
1986 - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o;
1987 + next if /$exclude_r/o;
1989 - next unless /^(?:.+;)?\s*update-rc\.d\s+(?:-\S+\s*)*(\S+)\s+(\S+)/;
1990 + next unless /^(?:.+;)?\s*update-rc\.d\s+
1991 + (?:$opts_r)*($name_r)\s+($action_r)/xo;
1992 my ($name,$opt) = ($1,$2);
1993 next if $opt eq 'remove';
1994 if ($initd_postinst{$name}++ == 1) {
1996 # read preinst control file
1997 if (open(IN,$preinst)) {
1999 - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o;
2000 + next if /$exclude_r/o;
2002 - next unless m/update-rc\.d\s+(?:-\S+\s*)*(\S+)\s+(\S+)/o;
2003 + next unless m/update-rc\.d\s+(?:$opts_r)*($name_r)\s+($action_r)/o;
2004 my ($name,$opt) = ($1,$2);
2005 next if $opt eq 'remove';
2006 tag "preinst-calls-updaterc.d", "$name";
2008 # read postrm control file
2009 if (open(IN,$postrm)) {
2011 - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o;
2012 + next if /$exclude_r/o;
2014 - next unless m/update-rc\.d\s+(-\S+\s*)*(\S+)/;
2015 + next unless m/update-rc\.d\s+($opts_r)*($name_r)/o;
2016 if ($initd_postrm{$2}++ == 1) {
2017 tag "duplicate-updaterc.d-calls-in-postrm", "$2";
2020 # read prerm control file
2021 if (open(IN,$prerm)) {
2023 - next if m/if\s+\[\s+-x\s+\S*update-rc\.d/o;
2024 + next if /$exclude_r/o;
2026 - next unless m/update-rc\.d\s+(-\S+\s*)*(\S+)/;
2027 + next unless m/update-rc\.d\s+($opts_r)*($name_r)/o;
2028 tag "prerm-calls-updaterc.d", "$2";
2031 diff -urNad lintian-1.23.8/checks/manpages lintian-1.23.21/checks/manpages
2032 --- lintian-1.23.8/checks/manpages 2004-12-25 23:40:20.000000000 +0000
2033 +++ lintian-1.23.21/checks/manpages 2006-07-18 11:44:07.000000000 +0000
2035 -# manpages -- lintian check script
2036 +# manpages -- lintian check script -*- perl -*-
2038 # Copyright (C) 1998 Christian Schwarz
2041 # You should have received a copy of the GNU General Public License
2042 # along with this program. If not, you can find it on the World Wide
2043 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
2044 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
2045 -# MA 02111-1307, USA.
2046 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
2047 +# MA 02110-1301, USA.
2049 package Lintian::manpages;
2052 my ($i, $first) = (0, "");
2054 $first = $manfile[$i++] || "";
2055 - } while ($first =~ /^\.\\"/ && $manfile[$i]);
2057 + } while ($first =~ /^\.\\"/ && $manfile[$i]); #");
2060 tag "empty-manual-page", "$file";
2061 } elsif ($first =~ /^\.so\s+(.+)?$/) {
2062 @@ -235,10 +235,49 @@
2063 # negatives. When man-db is fixed, this limitation should be
2065 if ($path =~ m,/man/man\d/,) {
2066 - if (system("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) {
2067 - tag "manpage-has-bad-whatis-entry", "$file";
2068 + if (system_env("lexgrog unpacked/\Q$file\E >/dev/null 2>&1")) {
2069 + tag "manpage-has-bad-whatis-entry", "$file";
2072 + # If it's not a .so link, run it through "man" to check for errors.
2073 + # If it is in a directory with the standard man layout, cd to the
2074 + # parent directory before running man so that .so directives are
2075 + # processed properly. (Yes, there are man pages that include other
2076 + # pages with .so but aren't simple links; rbash, for instance.)
2078 + if ($file =~ m,^(.*)/(man\d/.*)$,) {
2079 + $cmd = "cd unpacked/\Q$1\E && man -l \Q$2\E";
2081 + $cmd = "man -l unpacked/\Q$file\E";
2083 + my $pid = open MANERRS, '-|';
2084 + if (not defined $pid) {
2085 + fail("cannot run man -l: $!");
2086 + } elsif ($pid == 0) {
2087 + my %newenv = (LANG => 'C', PATH => $ENV{PATH});
2090 + exec "($cmd >/dev/null) 2>&1"
2091 + or fail("cannot run man -l: $!");
2093 + while (<MANERRS>) {
2094 + # ignore progress information from man
2095 + next if /^Reformatting/;
2097 + # ignore errors from gzip, will be dealt with at other places
2098 + next if /^(man|gzip)/;
2099 + # ignore 8bit character errors on localized man pages
2100 + if ($lang ne "") {
2101 + next if /warning: can\'t find numbered character/;
2102 + next if /warning \[.*\]: cannot adjust line/;
2103 + next if /warning \[.*\]: can\'t break line/;
2107 + tag "manpage-has-errors-from-man", "$file", "$_";
2111 # Now we search through the whole man page for some common errors
2115 next if $line =~ /^\.\\\"/o; # comments .\"
2116 if ($line =~ /^\.TH\s/) { # header
2117 require Text::ParseWords;
2118 - my ($th_command, $th_title, $th_section, $th_date ) =
2119 + my ($th_command, $th_title, $th_section, $th_date ) =
2120 Text::ParseWords::parse_line( '\s+', 0, $line);
2121 if ($th_section && (lc($fn_section) ne lc($th_section))) {
2122 tag "manpage-section-mismatch", "$file:$lc $fn_section != $th_section";
2123 diff -urNad lintian-1.23.8/checks/manpages.desc lintian-1.23.21/checks/manpages.desc
2124 --- lintian-1.23.8/checks/manpages.desc 2004-12-25 23:40:20.000000000 +0000
2125 +++ lintian-1.23.21/checks/manpages.desc 2006-07-18 11:44:07.000000000 +0000
2128 Tag: bad-link-to-undocumented-manpage
2130 -Severity: Important
2131 Info: The symbolic link should reference
2132 `<tt>../man[237]/undocumented.[237].gz</tt>' for manual pages in
2133 <tt>/usr/share/man</tt> or
2135 See also groff_man(7) and groff_mdoc(7) for general information on writing
2138 +Tag: manpage-has-errors-from-man
2140 +Info: This man page provokes warnings or errors from man.
2142 + "cannot adjust" or "can't break" are trouble with paragraph filling,
2143 + usually related to long lines. Adjustment can be helped by left
2144 + justifying, breaks can be helped with hyphenation, see "Manipulating
2145 + Filling and Adjusting" and "Manipulating Hyphenation" in the manual.
2147 + "can't find numbered character" usually means latin1 etc in the input, and
2148 + this warning indicates characters will be missing from the output. You can
2149 + change to escapes like \[:a] described on the groff_char man page.
2151 + Other warnings are often formatting typos, like missing quotes around a
2152 + string argument to .IP. These are likely to result in lost or malformed
2153 + output. See the groff_man (or groff_mdoc if using mdoc) man page for
2154 + information on macros.
2156 + At worst, warning messages can be disabled with the .warn directive, see
2157 + "Debugging" in the groff manual.
2159 Tag: manpage-for-x11-binary-in-wrong-directory
2161 Info: Manual pages for binaries which are located in <tt>/usr/X11R6/bin</tt>
2162 diff -urNad lintian-1.23.8/checks/nmu lintian-1.23.21/checks/nmu
2163 --- lintian-1.23.8/checks/nmu 2004-10-12 21:22:43.000000000 +0000
2164 +++ lintian-1.23.21/checks/nmu 2006-07-18 11:44:07.000000000 +0000
2166 -# nmu -- lintian check script
2167 +# nmu -- lintian check script -*- perl -*-
2169 # Copyright (C) 2004 Jeroen van Wolffelaar
2172 # You should have received a copy of the GNU General Public License
2173 # along with this program. If not, you can find it on the World Wide
2174 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
2175 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
2176 -# MA 02111-1307, USA.
2177 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
2178 +# MA 02110-1301, USA.
2180 package Lintian::nmu;
2183 my $changelog_mentions_qa = 0;
2184 my $uploader = undef;
2186 +# This isn't really an NMU check, but right now no other check looks at
2187 +# debian/changelog in source packages. Catch a debian/changelog file that's a
2188 +# symlink. If it was a symlink to a file we didn't unpack, bail rather than
2190 +if (-l "debfiles/changelog") {
2191 + tag "changelog-is-symlink", "";
2192 + return 0 unless -f "debfiles/changelog";
2195 open CHANGELOG, "debfiles/changelog" or fail("Failed opening changelog");
2198 diff -urNad lintian-1.23.8/checks/nmu.desc lintian-1.23.21/checks/nmu.desc
2199 --- lintian-1.23.8/checks/nmu.desc 2005-01-26 12:01:32.000000000 +0000
2200 +++ lintian-1.23.21/checks/nmu.desc 2006-07-18 11:44:07.000000000 +0000
2202 Maybe you didn't intend this upload to be a NMU, in that case, please
2203 doublecheck that the most recent entry in the changelog is byte-for-byte
2204 identical to the maintainer or one of the uploaders.
2206 +Tag: changelog-is-symlink
2208 +Info: The file <tt>debian/changelog</tt> is a symlink instead of a regular
2209 + file. This is unnecessary and makes package checking and manipulation
2210 + more difficult. If the changelog should be available in the source
2211 + package under multiple names, make <tt>debian/changelog</tt> the real
2212 + file and the other names symlinks to it.
2214 + This problem may have prevented lintian from performing other checks,
2215 + leading to undetected changelog errors.
2216 diff -urNad lintian-1.23.8/checks/scripts lintian-1.23.21/checks/scripts
2217 --- lintian-1.23.8/checks/scripts 2005-01-14 17:19:55.000000000 +0000
2218 +++ lintian-1.23.21/checks/scripts 2006-07-18 11:44:07.000000000 +0000
2220 -# scripts -- lintian check script
2221 +# scripts -- lintian check script -*- perl -*-
2223 # This is probably the right file to add a check for the use of
2224 # set -e in bash and sh scripts.
2226 # You should have received a copy of the GNU General Public License
2227 # along with this program. If not, you can find it on the World Wide
2228 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
2229 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
2230 -# MA 02111-1307, USA.
2231 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
2232 +# MA 02110-1301, USA.
2234 package Lintian::scripts;
2237 'csh' => '/bin/csh',
2238 'dash' => '/bin/dash',
2239 'expect' => '/usr/bin/expect',
2240 + 'expectk' => '/usr/bin/expectk',
2241 + 'fish' => '/usr/bin/fish',
2242 'gawk' => '/usr/bin/gawk',
2243 + 'gbx' => '/usr/bin/gbx',
2244 + 'gbx2' => '/usr/bin/gbx2',
2245 'gforth' => '/usr/bin/gforth',
2246 'gnuplot' => '/usr/bin/gnuplot',
2247 'guile' => '/usr/bin/guile',
2248 - 'install-fvwmgenmenu' => '/usr/sbin/install-fvwmgenmenu',
2249 - 'install-menu' => '/usr/sbin/install-menu',
2250 + 'install-menu' => '/usr/bin/install-menu',
2251 'js' => '/usr/bin/js',
2252 'kforth' => '/usr/bin/kforth',
2253 'ksh' => '/bin/ksh',
2254 + 'lefty' => '/usr/bin/lefty',
2255 + 'lua50' => '/usr/bin/lua50',
2256 'magicfilter' => '/usr/sbin/magicfilter',
2257 'make' => '/usr/bin/make',
2258 'mawk' => '/usr/bin/mawk',
2259 'nawk' => '/usr/bin/nawk',
2260 'ocaml' => '/usr/bin/ocamlrun',
2261 'ocamlrun' => '/usr/bin/ocamlrun',
2262 + 'parrot' => '/usr/bin/parrot',
2263 'perl' => '/usr/bin/perl',
2264 'perl-5.005' => '/usr/bin/perl-5.005',
2265 'perl-5.004' => '/usr/bin/perl-5.004',
2267 'python2.2' => '/usr/bin/python2.2',
2268 'python2.3' => '/usr/bin/python2.3',
2269 'python2.4' => '/usr/bin/python2.4',
2270 + 'python2.5' => '/usr/bin/python2.5',
2271 'rexx' => '/usr/bin/rexx',
2272 'regina' => '/usr/bin/regina',
2273 'rc' => '/usr/bin/rc',
2275 'scsh' => '/usr/bin/scsh',
2276 'sed' => '/bin/sed',
2278 + 'slsh' => '/usr/bin/slsh',
2279 + 'speedy' => '/usr/bin/speedy',
2280 'tcl' => '/usr/bin/tcl',
2281 'tclsh' => '/usr/bin/tclsh',
2282 'tclsh8.3' => '/usr/bin/tclsh8.3',
2284 'wish8.3' => '/usr/bin/wish8.3',
2285 'wish8.4' => '/usr/bin/wish8.4',
2286 'yforth' => '/usr/bin/yforth',
2287 - 'zsh' => '/usr/bin/zsh'
2288 + 'zsh' => '/bin/zsh'
2291 my %interpreter_dependencies = (
2292 @@ -104,17 +113,24 @@
2295 'expect' => 'expect',
2296 + 'expectk' => 'expectk',
2299 + 'gbx' => 'gambas-runtime',
2300 + 'gbx2' => 'gambas2-runtime',
2301 'gforth' => 'gforth',
2302 'gnuplot' => 'gnuplot',
2305 'kforth' => 'kforth',
2307 + 'lefty' => 'graphviz',
2308 + 'lua50' => 'lua50',
2309 'magicfilter' => 'magicfilter',
2311 + 'make' => 'make,build-essential',
2314 + 'parrot' => 'parrot',
2315 'perl-5.005' => 'perl-5.005',
2316 'perl-5.004' => 'perl-5.004',
2317 'pforth' => 'pforth',
2319 'runhugs1.4' => 'hugs',
2320 'runhugs98' => 'hugs98',
2324 + 'speedy' => 'speedy-cgi-perl',
2325 + 'tcl' => 'tclx8.3',
2327 'tclsh8.3' => 'tcl8.3',
2328 'tclsh8.4' => 'tcl8.4',
2329 @@ -140,6 +158,16 @@
2333 +# Appearance of one of these regexes in a maintainer script means that there
2334 +# must be a dependency (or pre-dependency) on the given package. The tag
2335 +# reported is maintainer-script-needs-depends-on-%s, so be sure to update
2336 +# scripts.desc when adding a new rule.
2337 +my @depends_needed = (
2338 + [ adduser => '\badduser\b' ],
2339 + [ netbase => '\bupdate-inetd\b' ],
2340 + [ ucf => '\bucf\s' ],
2343 my %executable = ();
2347 unless ($executable{$filename} or
2348 $filename =~ m,usr/(lib|share)/.*\.pm, or
2349 $filename =~ m,\.in$, or
2350 - $filename =~ m,etc/menu-methods,);
2351 + $filename =~ m,etc/menu-methods, or
2352 + $filename =~ m,etc/X11/Xsession.d,);
2354 if (exists $valid_interpreters{$base}) {
2355 unless ($interpreter eq $valid_interpreters{$base} or
2356 @@ -240,27 +269,33 @@
2357 if ($base =~ /^(ruby|python)(?:\d\.\d)?$/) {
2358 tag_error("wrong-path-for-$1", $filename, "#!$interpreter");
2360 - tag_error("wrong-path-for-$base", $filename, "#!$interpreter");
2361 + tag_error("wrong-path-for-interpreter",
2362 + "#!$interpreter != $valid_interpreters{$base}",
2368 # Do not complain about dependencies for non-executable scripts.
2369 if ($executable{$filename}) {
2370 if (exists $interpreter_dependencies{$base}) {
2371 - my $dep = $interpreter_dependencies{$base};
2372 - tag_error("$base-script-but-no-$dep-dep", $filename)
2373 - unless ($deps{$dep});
2374 + my @deps = split(/,/,$interpreter_dependencies{$base});
2375 + if ($base =~ /^(php\d?|(m|g)awk)/) {
2376 + tag_error("$base-script-but-no-$deps[0]-dep", $filename)
2377 + unless (scalar map { $deps{$_}?$_:() } @deps);
2379 + tag_error("missing-dep-for-interpreter",
2380 + "$base => $deps[0]", "($filename)")
2381 + unless (scalar map { $deps{$_}?$_:() } @deps);
2383 } elsif ($base =~ /^python(\d.\d)?$/) {
2384 my $ver = $1 ? $1 : "";
2385 tag_error("python-script-but-no-python-dep", $filename)
2386 - unless ($deps{"python$ver"});
2387 + unless ($deps{"python$ver"}
2388 + || $deps{"python${ver}-minimal"});
2389 } elsif ($base =~ /^ruby(\d.\d)?$/) {
2390 my $ver = $1 ? $1 : "";
2391 tag_error("ruby-script-but-no-ruby-dep", $filename)
2392 unless ($deps{"ruby$ver"});
2393 - } elsif ($base eq 'pike') {
2394 - tag_error("pike-script-but-no-pike-dep", $filename)
2395 - unless ($deps{'pike'} or $deps{'pike7'});
2396 } elsif ($base eq 'perl' && $suid{$filename}) {
2397 tag_error("suid-perl-script-but-no-perl-suid-dep", $filename)
2398 unless ($deps{'perl-suid'});
2399 @@ -293,10 +328,15 @@
2400 tag_warn("csh-considered-harmful", $filename)
2401 if (($base eq 'csh' or $base eq 'tcsh') and $executable{$filename});
2403 + # Don't syntax-check scripts in /usr/src that end in .dpatch. bash -n
2404 + # doesn't stop checking at exit 0 and goes on to blow up on the patch
2406 if ($base =~ /^(?:(?:b|d)?a|k|z)?sh$/) {
2407 if (-x "$interpreter" && ! script_is_evil_and_wrong("unpacked/$filename")) {
2408 - if (system("$interpreter -n unpacked/$filename >/dev/null 2>&1")) {
2409 - tag_error("shell-script-fails-syntax-check", $filename);
2410 + if ($filename !~ m,^./usr/src/.*\.dpatch$,) {
2411 + if (check_script_syntax($interpreter, "unpacked/$filename")) {
2412 + tag_error("shell-script-fails-syntax-check", $filename);
2417 @@ -350,10 +390,10 @@
2418 or $base eq 'perl');
2420 if (exists $interpreter_dependencies{$base}) {
2421 - my $dep = $interpreter_dependencies{$base};
2422 + my @deps = split(/,/,$interpreter_dependencies{$base});
2423 tag_error("interpreter-without-predep", $filename,
2425 - unless (exists $deps{$dep} and $deps{$dep} eq 'pre-depends');
2426 + unless (scalar map { ($deps{$_} && $deps{$_} eq 'pre-depends')?$_:() } @deps);
2427 } elsif ($base eq 'python') {
2428 tag_error("interpreter-without-predep", $filename,
2431 # perhaps just do it when $base eq "sh" instead?
2432 $checkbashisms = $base eq "sh" ? 1 : 0;
2433 if (-x $valid_interpreters{$base}) {
2434 - if (system("$interpreter -n $filename >/dev/null 2>&1")) {
2435 + if (check_script_syntax($interpreter, $filename)) {
2436 tag_error("maintainer-shell-script-fails-syntax-check", $file);
2439 @@ -396,30 +436,41 @@
2441 or fail("cannot open maintainer script $filename for reading: $!");
2443 - my ($warned_tmp, $warned_killall);
2445 + my ($saw_init, $saw_invoke);
2446 my $cat_string = "";
2449 next if m,^\s*\#,; # skip comment lines
2450 s/\#.*$//; # eat comments
2452 - if (m,\W(/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) {
2453 + if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not m/\btempfile\b/ and not m/\bmkdir\b/) {
2454 tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script", "$file:$."
2455 - unless $warned_tmp;
2457 + unless $warned{tmp};
2460 if (m/^\s*killall(?:\s|$)/) {
2461 tag "killall-is-dangerous", "$file:$."
2462 - unless $warned_killall;
2463 - $warned_killall = 1;
2465 - if (m/^\s*dpkg\s+--print-architecture\b/) {
2466 - tag "dpkg-print-architecture-in-maintainer-script", "$file:$.";
2467 + unless $warned{killall};
2468 + $warned{killall} = 1;
2470 if (m/^\s*mknod(?:\s|$)/ and not m/\sp\s/) {
2471 tag "mknod-in-maintainer-script", "$file:$.";
2474 + # Collect information about init script invocations to catch running
2475 + # init scripts directory rather than through invoke-rc.d. Since the
2476 + # script is allowed to run the init script directly if invoke-rc.d
2477 + # doesn't exist, only tag direct invocations where invoke-rc.d is
2478 + # never used in the same script. Lots of false negatives, but
2479 + # hopefully not many false positives.
2480 + if (m%^\s*/etc/init.d/(\S+)\s+[\"\']?(\S+)[\"\']?%) {
2483 + if (m%^\s*invoke-rc.d\s+%) {
2488 if (m/^\s*cat\s*\<\<\s*(\w+)/) {
2490 @@ -431,37 +482,45 @@
2491 if (m,(^|\s+)((/usr)?/bin/)?((b|d)?a|k|z|t?c)sh\s+-c\s*.+,) {
2492 $within_another_shell = 1;
2494 + #Don't use chown foo.bar:
2495 + if (m{(chown\s+[-_A-Za-z0-9]+\.[-_A-Za-z0-9]+)\s+}) {
2496 + tag "deprecated-chown-usage", "$file:$. \'$1\'";
2498 # if cat_string is set, we are in a HERE document and need not
2500 if ($cat_string eq "" and $checkbashisms and !$within_another_shell) {
2502 + my $found_strict = 0;
2504 + my @bashism_string_regexs = (
2505 + '\$\[\w+\]', # arith not allowed
2506 + '\$\{\w+\:\d+(?::\d+)?\}', # ${foo:3[:1]}
2507 + '\$\{\w+(/.+?){1,2}\}', # ${parm/?/pat[/str]}
2508 + '\$\{\#?\w+\[[0-9\*\@]+\]\}',# bash arrays, ${name[0|*|@]}
2510 my @bashism_regexs = (
2511 'function \w+\(\s*\)', # function is useless
2512 - # should be '.', not 'source'
2513 + # should be '.', not 'source'
2514 '(?:^|\s+)source\s+(?:\.\/|\/|\$)[^\s]+',
2515 '(\[|test|-o|-a)\s*[^\s]+\s+==\s', # should be 'b = a'
2516 - '\s\|\&', # pipelining is not POSIX
2517 - '\$\[\w+\]', # arith not allowed
2518 - '\$\{\w+\:\d+(?::\d+)?\}', # ${foo:3[:1]}
2519 - '\$\{\w+(/.+?){1,2}\}', # ${parm/?/pat[/str]}
2520 - '[^\\\]\{([^\s]+?,)+[^\\\}\s]+\}', # brace expansion
2521 + '\s(\|\&)', # pipelining is not POSIX
2522 + '[^\\\]\{([^\s]+?,)+[^\\\}\s]+\}', # brace expansion
2523 '(?:^|\s+)\w+\[\d+\]=', # bash arrays, H[0]
2524 - '\$\{\#?\w+\[[0-9\*\@]+\]\}', # bash arrays, ${name[0|*|@]}
2525 - '(?:^|\s+)(read\s*(?:;|$))' # read without variable
2526 + '(?:^|\s+)read\s*(?:;|$)', # read without variable
2527 + '(?:^|\s+)kill\s+-[^sl]\w*', # kill -[0-9] or -[A-Z]
2528 + '(?:^|\s+)trap\s+["\']?.*["\']?\s+.*[1-9]', # trap with signal numbers
2530 + '\[\[(?!:)', # alternative test command
2532 + my @strict_posix_regexs = (
2533 + '((?:test|\[)\s+.+\s-[ao])\s',# test/[ -a/-o binary operators
2534 + '(?:^\s*)local\s', # local scoping of variables
2537 - for my $re (@bashism_regexs) {
2544 # since this test is ugly, I have to do it by itself
2545 # detect source (.) trying to pass args to the command it runs
2546 if (not $found and m/^\s*(\.\s+[^\s]+\s+([^\s]+))/) {
2547 - if ($2 eq '&&' || $2 eq '||') {
2548 + if ($2 =~ /^(\&|\||\d?>|<)/) {
2552 @@ -469,7 +528,46 @@
2556 - unless ($found == 0) {
2558 + # Ignore anything inside single quotes; it could be an
2559 + # argument to grep or the like.
2561 + $line =~ s/([^\\](?:\\\\)*)\'(?:\\.|[^\\\'])+\'/$1''/g;
2563 + for my $re (@bashism_string_regexs) {
2564 + if ($line =~ m/($re)/) {
2566 + ($match) = m/($re)/;
2571 + # We've checked for all the things we still want to notice in
2572 + # double-quoted strings, so now remove those strings as well.
2574 + $line =~ s/([^\\](?:\\\\)*)\"(?:\\.|[^\\\"])+\"/$1""/g;
2575 + for my $re (@bashism_regexs) {
2576 + if ($line =~ m/($re)/) {
2578 + ($match) = m/($re)/;
2584 + for my $re (@strict_posix_regexs) {
2585 + if ($line =~ m/($re)/) {
2587 + $found_strict = 1;
2588 + ($match) = m/($re)/;
2594 + if ($found && $found_strict) {
2595 + tag "possible-non-posix-code-in-maintainer-script", "$file:$. \'$match\'";
2596 + } elsif ($found) {
2597 tag "possible-bashism-in-maintainer-script", "$file:$. \'$match\'";
2600 @@ -481,9 +579,27 @@
2601 if (m,update\-alternatives \-\-remove,) {
2602 tag "update-alternatives-remove-called-in-postrm", "";
2605 + for my $rule (@depends_needed) {
2606 + my ($package, $regex) = @$rule;
2607 + if (/$regex/ && ! $warned{$package}) {
2608 + my $type = $deps{$package};
2609 + unless ($type and ($type eq 'depends' or $type eq 'pre-depends')) {
2610 + tag "maintainer-script-needs-depends-on-$package", "$file";
2611 + $warned{$package} = 1;
2616 + if (/invoke-rc.d.*\|\| exit 0/) {
2617 + tag "maintainer-script-hides-init-failure", "$file:$.";
2621 + if ($saw_init && ! $saw_invoke) {
2622 + tag "maintainer-script-calls-init-script-directly", "$file:$saw_init";
2628 @@ -524,10 +640,13 @@
2630 open IN, $filename or fail("cannot open $filename: $!");
2634 - last if (++$i > 20);
2636 - if (/^\s*exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/) {
2639 + last if (++$i > 20);
2640 + if (/(^\s*|\beval\s*\'|;)?exec\s*.+\s*.?\$0.?\s*(--\s*)?(\${1\+)?.?\$\@/o) {
2644 @@ -536,6 +655,24 @@
2648 +# Given an interpretor and a file, run the interpretor on that file with the
2649 +# -n option to check syntax, discarding output and returning the exit status.
2650 +sub check_script_syntax {
2651 + my ($interpreter, $script) = @_;
2653 + if (!defined $pid) {
2654 + fail("cannot fork: $!");
2655 + } elsif ($pid == 0) {
2656 + open STDOUT, '>/dev/null' or fail("cannot reopen stdout: $!");
2657 + open STDERR, '>&STDOUT' or fail("cannot reopen stderr: $!");
2658 + exec $interpreter, '-n', $script
2659 + or fail("cannot exec $interpreter: $!");
2668 # vim: syntax=perl ts=8 sw=4
2669 diff -urNad lintian-1.23.8/checks/scripts.desc lintian-1.23.21/checks/scripts.desc
2670 --- lintian-1.23.8/checks/scripts.desc 2005-01-14 21:09:42.000000000 +0000
2671 +++ lintian-1.23.21/checks/scripts.desc 2006-07-18 11:44:07.000000000 +0000
2673 Check-Script: scripts
2674 Author: Richard Braakman <dark@xs4all.nl>
2676 -Standards-Version: 3.2.0
2677 +Standards-Version: 3.7.0
2680 Info: This script checks the #! lines of scripts in a package.
2682 Please do not add a pre-dependency without following the policy for doing so.
2683 (Policy section 3.5).
2685 -Tag: wrong-path-for-awk
2687 -Info: Awk is installed as /usr/bin/awk on Debian systems.
2689 -Tag: wrong-path-for-nawk
2691 -Info: nawk is installed as /usr/bin/nawk on Debian systems.
2693 -Tag: wrong-path-for-gawk
2695 -Info: GNU awk is installed as /usr/bin/gawk on Debian systems.
2697 Tag: gawk-script-but-no-gawk-dep
2699 Info: Packages that use gawk scripts must depend on the gawk package.
2701 In some cases a weaker relationship, such as Suggests or Recommends, will
2702 be more appropriate.
2704 -Tag: wrong-path-for-mawk
2706 -Info: Mawk is installed as /usr/bin/mawk on Debian systems.
2708 Tag: mawk-script-but-no-mawk-dep
2710 Info: Packages that use mawk scripts must depend on the mawk package.
2711 @@ -102,34 +86,14 @@
2712 In some cases a weaker relationship, such as Suggests or Recommends, will
2713 be more appropriate.
2715 -Tag: wrong-path-for-burlap
2717 -Info: burlap is installed as /usr/bin/burlap on Debian systems.
2719 -Tag: burlap-script-but-no-felt-dep
2721 -Info: Packages that use burlap scripts must depend on the felt package.
2723 - In some cases a weaker relationship, such as Suggests or Recommends, will
2724 - be more appropriate.
2726 -Tag: wrong-path-for-csh
2728 -Info: Csh is installed as /bin/csh on Debian systems.
2731 -Tag: wrong-path-for-tcsh
2733 -Info: Tcsh is installed as /usr/bin/tcsh on Debian systems.
2735 -Tag: csh-script-but-no-c-shell-dep
2736 +Tag: missing-dep-for-interpreter
2738 -Info: Packages that use csh scripts must depend on the virtual package c-shell,
2739 - which is provided by csh and tcsh.
2740 +Info: You used an interpreter for a script that is not in an essential
2741 + package. In most cases you will need to add a Dependency on the
2742 + package that contains the interpreter.
2744 In some cases a weaker relationship, such as Suggests or Recommends, will
2745 be more appropriate.
2748 Tag: csh-considered-harmful
2750 @@ -137,138 +101,6 @@
2751 and tcsh as scripting languages.
2754 -Tag: wrong-path-for-ash
2756 -Info: Ash is installed as /bin/ash on Debian systems.
2758 -Tag: ash-script-but-no-ash-dep
2760 -Info: Packages that use ash scripts must depend on the ash package.
2762 - In some cases a weaker relationship, such as Suggests or Recommends, will
2763 - be more appropriate.
2765 -Tag: wrong-path-for-dash
2767 -Info: Dash is installed as /bin/dash on Debian systems.
2769 -Tag: dash-script-but-no-dash-dep
2771 -Info: Packages that use dash scripts must depend on the dash package.
2773 - In some cases a weaker relationship, such as Suggests or Recommends, will
2774 - be more appropriate.
2776 -Tag: wrong-path-for-sh
2778 -Info: The Bourne shell is installed as /bin/sh on Debian systems.
2780 -Tag: wrong-path-for-bash
2782 -Info: Bash is installed as /bin/bash on Debian systems.
2784 -Tag: wrong-path-for-ksh
2786 -Info: Ksh is installed as /bin/ksh on Debian systems.
2788 -Tag: ksh-script-but-no-pdksh-dep
2790 -Info: Packages that use ksh scripts must depend on the pdksh package.
2792 - In some cases a weaker relationship, such as Suggests or Recommends, will
2793 - be more appropriate.
2795 -Tag: wrong-path-for-env
2797 -Info: env is installed as /usr/bin/env on Debian systems.
2799 -Tag: wrong-path-for-expect
2801 -Info: Wish is installed as /usr/bin/expect on Debian systems.
2803 -Tag: expect-script-but-no-expect-dep
2805 -Info: Packages that use expect scripts must depend on the virtual
2808 - In some cases a weaker relationship, such as Suggests or Recommends, will
2809 - be more appropriate.
2811 -Tag: wrong-path-for-gnuplot
2813 -Info: gnuplot is installed as /usr/bin/gnuplot on Debian systems.
2815 -Tag: gnuplot-script-but-no-gnuplot-dep
2817 -Info: Packages that use gnuplot scripts must depend on the gnuplot package.
2819 - In some cases a weaker relationship, such as Suggests or Recommends, will
2820 - be more appropriate.
2822 -Tag: wrong-path-for-guile
2824 -Info: guile is installed as /usr/bin/guile on Debian systems.
2826 -Tag: guile-script-but-no-guile-dep
2828 -Info: Packages that use guile scripts must depend on the virtual package
2831 - In some cases a weaker relationship, such as Suggests or Recommends, will
2832 - be more appropriate.
2834 -Tag: wrong-path-for-install-menu
2836 -Info: Install-menu is installed as /usr/sbin/install-menu.
2838 -Tag: wrong-path-for-install-fvwmgenmenu
2840 -Info: install-fvwmgenmenu is installed as /usr/sbin/install-fvwmgenmenu.
2842 -Tag: wrong-path-for-js
2844 -Info: js is installed as /usr/bin/js on Debian systems.
2846 -Tag: js-script-but-no-ngs-js-dep
2848 -Info: Packages that use js scripts must depend on the package ngs-js,
2849 - which provides the interpreter.
2851 - In some cases a weaker relationship, such as Suggests or Recommends, will
2852 - be more appropriate.
2854 -Tag: wrong-path-for-make
2856 -Info: Make is installed as /usr/bin/make on Debian systems.
2858 -Tag: make-script-but-no-make-dep
2860 -Info: Packages that use make scripts must depend on the make package.
2862 - In some cases a weaker relationship, such as Suggests or Recommends, will
2863 - be more appropriate.
2865 -Tag: wrong-path-for-perl
2867 -Info: Perl is installed as /usr/bin/perl on Debian systems.
2870 -Tag: perl-5.004-script-but-no-perl-5.004-dep
2872 -Info: Packages that use perl-5.004 scripts must depend on the perl-5.004
2875 - In some cases a weaker relationship, such as Suggests or Recommends, will
2876 - be more appropriate.
2878 -Tag: perl-5.005-script-but-no-perl-5.005-dep
2880 -Info: Packages that use perl-5.005 scripts must depend on the perl-5.005
2883 - In some cases a weaker relationship, such as Suggests or Recommends, will
2884 - be more appropriate.
2886 Tag: suid-perl-script-but-no-perl-suid-dep
2888 Info: Packages that use perl scripts that are suid must depend on the
2889 @@ -277,10 +109,6 @@
2890 In some cases a weaker relationship, such as Suggests or Recommends, will
2891 be more appropriate.
2893 -Tag: wrong-path-for-php
2895 -Info: PHP can be called as /usr/bin/php on Debian systems.
2897 Tag: php-script-but-no-php4-cli-dep
2899 Info: Packages that use PHP scripts with /usr/bin/php as interpreter must
2900 @@ -291,10 +119,6 @@
2901 In some cases a weaker relationship, such as Suggests or Recommends, will
2902 be more appropriate.
2904 -Tag: wrong-path-for-php4
2906 -Info: PHP4 is installed as /usr/bin/php4 on Debian systems.
2908 Tag: php4-script-but-no-php4-cli-dep
2910 Info: Packages that use PHP4 scripts must depend on the php4-cli package. Note
2911 @@ -304,28 +128,6 @@
2912 In some cases a weaker relationship, such as Suggests or Recommends, will
2913 be more appropriate.
2915 -Tag: wrong-path-for-pike
2917 -Info: Pike is installed as /usr/bin/pike on Debian systems.
2919 -Tag: pike-script-but-no-pike-dep
2921 -Info: Packages that use Pike scripts must depend on pike or pike7.
2923 - In some cases a weaker relationship, such as Suggests or Recommends, will
2924 - be more appropriate.
2926 -Tag: wrong-path-for-pike7
2928 -Info: Pike7 is installed as /usr/bin/pike7 on Debian systems.
2930 -Tag: pike7-script-but-no-pike7-dep
2932 -Info: Packages that use Pike7 scripts must depend on pike7.
2934 - In some cases a weaker relationship, such as Suggests or Recommends, will
2935 - be more appropriate.
2937 Tag: wrong-path-for-python
2939 Info: Python is installed as /usr/bin/python on Debian systems.
2940 @@ -338,6 +140,10 @@
2942 Specific Ruby versions are installed as /usr/bin/rubyX.Y
2944 +Tag: wrong-path-for-interpreter
2946 +Info: The interpreter you used is installed at another location on Debian systems.
2948 Tag: python-script-but-no-python-dep
2950 Info: Packages with scripts that are executed with python must depend on the
2951 @@ -364,154 +170,6 @@
2952 In some cases a weaker relationship, such as Suggests or Recommends, will
2953 be more appropriate.
2955 -Tag: wrong-path-for-rc
2957 -Info: The rc shell is installed as /usr/bin/rc on Debian systems.
2959 -Tag: rc-script-but-no-rc-dep
2961 -Info: Packages that use rc scripts must depend on the rc package.
2963 - In some cases a weaker relationship, such as Suggests or Recommends, will
2964 - be more appropriate.
2966 -Tag: wrong-path-for-regina
2968 -Info: regina is installed as /usr/bin/regina on Debian systems.
2970 -Tag: regina-script-but-no-regina-rexx-dep
2972 -Info: Packages that use regina scripts must depend on the regina-rexx package.
2974 - In some cases a weaker relationship, such as Suggests or Recommends, will
2975 - be more appropriate.
2977 -Tag: wrong-path-for-rexx
2979 -Info: rexx is installed as /usr/bin/rexx on Debian systems.
2981 -Tag: rexx-script-but-no-regina-rexx-dep
2983 -Info: Packages that use rexx scripts must depend on the regina-rexx package.
2985 - In some cases a weaker relationship, such as Suggests or Recommends, will
2986 - be more appropriate.
2988 -Tag: wrong-path-for-runhugs
2990 -Info: Hugs is installed as /usr/bin/runhugs on Debian systems.
2992 -Tag: wrong-path-for-runhugs1.4
2994 -Info: Hugs is installed as /usr/bin/runhugs or /usr/bin/runhugs1.4 on Debian
2997 -Tag: wrong-path-for-runhugs98
2999 -Info: Hugs is installed as /usr/bin/runhugs or /usr/bin/runhugs98 on Debian
3002 -Tag: runhugs1.4-script-but-no-hugs-dep
3004 -Info: Packages that use runhugs scripts must depend on the hugs package.
3006 - In some cases a weaker relationship, such as Suggests or Recommends, will
3007 - be more appropriate.
3009 -Tag: runhugs98-script-but-no-hugs98-dep
3011 -Info: Packages that use runhugs98 scripts must depend on the hugs98 package.
3013 - In some cases a weaker relationship, such as Suggests or Recommends, will
3014 - be more appropriate.
3016 -Tag: wrong-path-for-scsh
3018 -Info: scsh is installed as /usr/bin/scsh on Debian systems.
3020 -Tag: scsh-script-but-no-scsh-dep
3022 -Info: Packages that use scsh scripts must depend on the scsh package.
3024 - In some cases a weaker relationship, such as Suggests or Recommends, will
3025 - be more appropriate.
3027 -Tag: wrong-path-for-sed
3029 -Info: sed is installed as /bin/sed on Debian systems.
3031 -Tag: wrong-path-for-trs
3033 -Info: trs is installed as /usr/bin/trs on Debian systems.
3035 -Tag: trs-script-but-no-konwert-dep
3037 -Info: Packages that use trs scripts must depend on the konwert package,
3038 - which provides that interpreter.
3040 - In some cases a weaker relationship, such as Suggests or Recommends, will
3041 - be more appropriate.
3043 -Tag: wrong-path-for-tcl
3045 -Info: Tcl is installed as /usr/bin/tcl on Debian systems.
3047 -Tag: tcl-script-but-no-tcl-dep
3049 -Info: Packages that use tcl scripts must depend on the virtual package tcl.
3051 - In some cases a weaker relationship, such as Suggests or Recommends, will
3052 - be more appropriate.
3054 -Tag: wrong-path-for-tclsh
3056 -Info: Tclsh is installed as /usr/bin/tclsh on Debian systems.
3058 -Tag: wrong-path-for-tclsh8.3
3060 -Info: Tclsh 8.3 is installed as /usr/bin/tclsh8.3 on Debian systems.
3062 -Tag: wrong-path-for-tclsh8.4
3064 -Info: Tclsh 8.4 is installed as /usr/bin/tclsh8.4 on Debian systems.
3066 -Tag: tclsh-script-but-no-tclsh-dep
3068 -Info: Packages that use tclsh scripts must depend on the virtual package tclsh.
3070 - In some cases a weaker relationship, such as Suggests or Recommends, will
3071 - be more appropriate.
3073 -Tag: tclsh8.3-script-but-no-tcl8.3-dep
3075 -Info: Packages that use tclsh8.3 scripts must depend on the package tcl8.3.
3077 - In some cases a weaker relationship, such as Suggests or Recommends, will
3078 - be more appropriate.
3080 -Tag: tclsh8.4-script-but-no-tcl8.4-dep
3082 -Info: Packages that use tclsh8.4 scripts must depend on the package tcl8.4.
3084 - In some cases a weaker relationship, such as Suggests or Recommends, will
3085 - be more appropriate.
3087 -Tag: wrong-path-for-bltwish
3089 -Info: bltwish is installed as /usr/bin/bltwish on Debian systems.
3091 -Tag: bltwish-script-but-no-blt-dep
3093 -Info: Packages that use bltwish scripts must depend on the blt package.
3094 - It has superseded the blt8.0 package.
3096 - In some cases a weaker relationship, such as Suggests or Recommends, will
3097 - be more appropriate.
3099 -Tag: wrong-path-for-wish
3101 -Info: Wish is installed as /usr/bin/wish on Debian systems.
3103 Tag: wish-script-but-no-wish-dep
3105 Info: Packages that use wish scripts must depend on the virtual package wish.
3106 @@ -519,28 +177,6 @@
3107 In some cases a weaker relationship, such as Suggests or Recommends, will
3108 be more appropriate.
3110 -Tag: wrong-path-for-wish8.0
3112 -Info: wish8.0 is installed as /usr/bin/wish8.0 on Debian systems.
3114 -Tag: wish8.0-script-but-no-tk8.0-dep
3116 -Info: Packages that use wish8.0 scripts must depend on the tk8.0 package.
3118 - In some cases a weaker relationship, such as Suggests or Recommends, will
3119 - be more appropriate.
3121 -Tag: wrong-path-for-zsh
3123 -Info: Zsh is installed as /usr/bin/zsh on Debian systems.
3125 -Tag: zsh-script-but-no-zsh-dep
3127 -Info: Packages that use zsh scripts must depend on the zsh package.
3129 - In some cases a weaker relationship, such as Suggests or Recommends, will
3130 - be more appropriate.
3132 Tag: calls-suidperl-directly
3134 Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called directly
3135 @@ -580,21 +216,11 @@
3136 processes. Most uses of <tt>killall</tt> should use
3137 <tt>start-stop-daemon</tt> instead.
3139 -Tag: dpkg-print-architecture-in-maintainer-script
3141 -Info: The maintainer script seems to call "<tt>dpkg --print-architecture</tt>".
3142 - This invokes <tt>gcc</tt>, and returns the <em>build</em> architecture
3143 - (which may not be the installation architecture if the system is configured
3144 - for cross-compiling).
3146 - The script should probably use "<tt>dpkg --print-installation-architecture</tt>"
3149 Tag: mknod-in-maintainer-script
3153 -Info: Maintainer scripts should not create device files directly. They
3154 - should call makedev instead.
3155 +Info: Maintainer scripts must not create device files directly. They
3156 + should call MAKEDEV instead.
3158 Tag: possible-bashism-in-maintainer-script
3160 @@ -610,12 +236,41 @@
3161 '. command args', passing arguments to commands via 'source' is not supported
3162 '{foo,bar}' instead of 'foo bar'
3164 +Tag: possible-non-posix-code-in-maintainer-script
3167 +Info: This script is marked as running under <tt>/bin/sh</tt>, but it seems
3168 + to use a shell feature that is not defined in the POSIX standard. The
3169 + feature is so common in current shells that this isn't currently
3170 + considered an release critical bug and there are discussion wether
3171 + policy should be amended to specifically allow the use of the feature.
3174 + '-a' and '-o' as operators of 'test'. You can use shell conditionals
3175 + (&& and ||) instead.
3176 + 'local' scoping of variables.
3178 Tag: suidregister-used-in-maintainer-script
3180 Info: This script calls suidregister which is no longer needed, a new
3181 command 'dpkg-statoverride' gives admins more flexibility. Please see
3182 the documentation of suidmanager and dpkg-statoverride for details.
3184 +Tag: maintainer-script-needs-depends-on-netbase
3186 +Info: This script calls update-inetd, but the package does not depend or
3187 + pre-depend on netbase, which provides it.
3189 +Tag: maintainer-script-needs-depends-on-adduser
3191 +Info: This script calls adduser, but the package does not depend or
3192 + pre-depend on the adduser package.
3194 +Tag: maintainer-script-needs-depends-on-ucf
3196 +Info: This script calls ucf, but the package does not depend or pre-depend
3197 + on the ucf package.
3199 Tag: update-alternatives-remove-called-in-postrm
3201 Info: 'update-alternatives --remove <alternative> foo' is called in the
3202 @@ -629,3 +284,30 @@
3205 update-alternatives --remove should be called in the prerm instead.
3207 +Tag: deprecated-chown-usage
3209 +Info: 'chown user.group' is called in one of the maintainer scripts.
3210 + This should be avoided, as the correct syntax is 'chown user:group'.
3211 + Using "." as a separator is still supported by the GNU tools, but it will
3212 + fail as soon as a system uses the "." in user or group names.
3214 +Tag: maintainer-script-hides-init-failure
3216 +Info: This script calls invoke-rc.d to run an init script but then, if the
3217 + init script fails, exits successfully (using || exit 0). If the init
3218 + script fails, the maintainer script should probably fail.
3220 + The most likely cause of this problem is that the package was built with
3221 + a debhelper version suffering from Bug#337664 that inserted incorrect
3222 + invoke-rc.d code in the generated maintainer script. The package needs to
3223 + be reuploaded (could be bin-NMUd, no source changes needed).
3225 +Tag: maintainer-script-calls-init-script-directly
3227 +Info: This script apparently runs an init script directly rather than
3228 + using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/*
3229 + initscripts instead of calling them directly is required. Maintainer
3230 + scripts may call the init script directly only if invoke-rc.d is not
3232 +Ref: policy 9.3.3.2
3233 diff -urNad lintian-1.23.8/checks/shared-libs lintian-1.23.21/checks/shared-libs
3234 --- lintian-1.23.8/checks/shared-libs 2004-10-12 23:36:08.000000000 +0000
3235 +++ lintian-1.23.21/checks/shared-libs 2006-07-18 11:44:07.000000000 +0000
3237 -# shared-libs -- lintian check script
3238 +# shared-libs -- lintian check script -*- perl -*-
3240 # Copyright (C) 1998 Christian Schwarz
3243 # You should have received a copy of the GNU General Public License
3244 # along with this program. If not, you can find it on the World Wide
3245 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3246 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3247 -# MA 02111-1307, USA.
3248 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3249 +# MA 02110-1301, USA.
3251 package Lintian::shared_libs;
3255 my %ldso_dir = map { $_ => 1 }
3269 +# The following architectures should always have a STACK setting in shared
3270 +# libraries to disable executable stack. Other architectures don't always add
3271 +# this section and therefore can't be checked.
3272 +my %stack_arches = map { $_ => 1 }
3283 my $must_call_ldconfig;
3284 my $postrm = "control/postrm";
3286 my $shlibs_control_file = "control/shlibs";
3294 } elsif (m/^\s*SONAME\s+(\S+)/o) {
3295 $SONAME{$file} = $1;
3296 } elsif (m/^\s*TEXTREL\s/o) {
3297 - tag "shlib-with-non-pic-code", "$file"
3298 - if exists $ldso_dir{dirname($file)};
3299 + tag "shlib-with-non-pic-code", "$file";
3300 } elsif (m/^\s*INTERP\s/) {
3302 + } elsif (m/^\s*STACK\s/) {
3303 + $STACK{$file} = 0;
3305 - $objsomething{$file} = 1;
3306 + if (defined $STACK{$file} and $STACK{$file} eq 0) {
3307 + m/\sflags\s+(\S+)/o;
3308 + $STACK{$file} = $1;
3311 + $objsomething{$file} = 1;
3316 @@ -151,6 +176,23 @@
3317 # yes! so postinst must call ldconfig
3318 $must_call_ldconfig = $real_file;
3321 + # executable stack. We can only warn about a missing section on some
3322 + # architectures. Only warn if there's an Architecture field; if
3323 + # that's missing, we'll already be complaining elsewhere.
3324 + if (exists $objsomething{$cur_file}) {
3325 + if (not defined $STACK{$cur_file}) {
3326 + if (open(FH, "fields/architecture")) {
3330 + tag "shlib-without-PT_GNU_STACK-section", $cur_file
3331 + if $stack_arches{$arch};
3333 + } elsif ($STACK{$cur_file} ne "rw-") {
3334 + tag "shlib-with-executable-stack", $cur_file;
3337 } elsif (exists $objsomething{$cur_file} &&
3338 exists $ldso_dir{dirname($cur_file)} &&
3339 exists $sharedobject{$cur_file}) {
3340 @@ -250,11 +292,14 @@
3343 next if m/^\s*$/ or /^#/;
3345 + $udeb = "udeb: " if s/^udeb:\s+//o;
3346 @words = split(/\s+/o,$_);
3347 - if ($shlibs_control{$words[0]}) {
3348 - tag "duplicate-entry-in-shlibs-control-file", "$words[0]";
3349 + my $shlibs_string = $udeb.$words[0].' '.$words[1];
3350 + if ($shlibs_control{$shlibs_string}) {
3351 + tag "duplicate-entry-in-shlibs-control-file", $shlibs_string;
3353 - $shlibs_control{$words[0]} = 1;
3354 + $shlibs_control{$shlibs_string} = 1;
3358 @@ -262,24 +307,23 @@
3359 for my $shlib (@shlibs) {
3360 $shlib_name = $SONAME{$shlib};
3362 - if ($shlib_name =~ m/(.+)\.so\..*$/) {
3364 + if ($shlib_name =~ m/(.+)\.so\.(.*)$/) {
3365 + $shlib_name = "$1 $2";
3367 - } elsif ($shlib_name =~ m/(.+)\-\w[\w\.]*\.so$/) {
3369 + } elsif ($shlib_name =~ m/(.+)\-(\w[\w\.]*)\.so$/) {
3370 + $shlib_name = "$1 $2";
3372 - if (exists $shlibs_control{$shlib_name}) {
3373 - # ok, have entry in shlibs control file
3374 - $shlibs_control_used{$shlib_name} = 1;
3376 + $shlibs_control_used{$shlib_name} = 1;
3377 + $shlibs_control_used{"udeb: ".$shlib_name} = 1;
3378 + unless (exists $shlibs_control{$shlib_name}) {
3379 # skip it if it's not a public shared library
3380 next unless defined $ldso_dir{dirname($shlib)};
3382 - tag "shlib-missing-in-control-file", "$shlib_name $shlib";
3383 + tag "shlib-missing-in-control-file", $shlib_name, 'for', $shlib;
3386 for $shlib_name (keys %shlibs_control) {
3387 - tag "unused-shlib-entry-in-control-file", "$shlib_name"
3388 + tag "unused-shlib-entry-in-control-file", $shlib_name
3389 unless $shlibs_control_used{$shlib_name};
3392 @@ -293,19 +337,26 @@
3396 +my $we_call_postinst=0;
3398 local $_ = slurp_entire_file($postinst);
3400 # Decide if we call ldconfig
3401 if (/^[^\#]*\bldconfig\b/m) {
3402 - tag "postinst-has-useless-call-to-ldconfig", ""
3403 - unless $must_call_ldconfig;
3405 - tag "postinst-must-call-ldconfig", "$must_call_ldconfig"
3406 - if $must_call_ldconfig;
3407 + $we_call_postinst=1;
3411 +if ($type eq 'udeb') {
3412 + tag "udeb-postinst-must-not-call-ldconfig"
3413 + if $we_call_postinst;
3415 + tag "postinst-has-useless-call-to-ldconfig", ""
3416 + if $we_call_postinst and not $must_call_ldconfig;
3417 + tag "postinst-must-call-ldconfig", "$must_call_ldconfig"
3418 + if not $we_call_postinst and $must_call_ldconfig;
3422 local $_ = slurp_entire_file($prerm);
3423 if (/^[^\#]*\bldconfig\b/m) {
3424 diff -urNad lintian-1.23.8/checks/shared-libs.desc lintian-1.23.21/checks/shared-libs.desc
3425 --- lintian-1.23.8/checks/shared-libs.desc 2005-01-14 20:54:26.000000000 +0000
3426 +++ lintian-1.23.21/checks/shared-libs.desc 2006-07-18 11:44:07.000000000 +0000
3428 Check-Script: shared-libs
3429 Author: Christian Schwarz <schwarz@debian.org>
3431 -Standards-Version: 3.2.0
3432 +Standards-Version: 3.7.2
3435 Needs-Info: file-info, objdump-info
3437 separately from the static libraries with the -fPIC option.
3439 Another common mistake that causes this problem is linking with
3440 - ``gcc -Wl,-shared'' instead of ``gcc -shared''.
3441 + <tt>gcc -Wl,-shared</tt> instead of <tt>gcc -shared</tt>.
3443 + In some cases, exceptions to this rule are warranted. If this is such a
3444 + case, follow the procedure outlined in Policy and then please document
3445 + the exception by adding a lintian override to this package.
3447 Tag: ldconfig-symlink-missing-for-shlib
3449 -Severity: Important
3450 Info: The package should not only include the shared library itself, but also
3451 the symbolic link which ldconfig would produce. (This is necessary, so
3452 that the link gets removed by dpkg automatically when the package
3455 Tag: ldconfig-symlink-before-shlib-in-deb
3457 -Severity: Important
3458 Info: In the package contents list, the shared library has to come before
3459 any symbolic links referencing the shared library.
3461 @@ -138,6 +140,11 @@
3462 installed in a directory controlled by the dynamic library loader.
3465 +Tag: udeb-postinst-must-not-call-ldconfig
3467 +Info: The postinst script calls ldconfig, which is an error in udebs.
3468 + ldconfig is not available and not needed in debian-installer
3470 Tag: postrm-has-useless-call-to-ldconfig
3472 Info: The postrm script calls ldconfig even though no shared libraries are
3473 @@ -167,3 +174,22 @@
3474 SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
3475 where 0 is the major version of the library. If your package uses libtool,
3476 then libtool invoked with the right options should be doing this.
3478 +Tag: shlib-without-PT_GNU_STACK-section
3480 +Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces
3481 + the dynamic linker to make the stack executable.
3483 + The shared lib is linked either with a non-GNU linker or a linker which is
3484 + older than two years. This problem can be fixed with a rebuild.
3486 +Tag: shlib-with-executable-stack
3488 +Info: The listed shared libraries declares the stack as executable.
3490 + Executable stack is usualy an error as it is only needed if the code
3491 + contains GCC trampolines or similar constructs which uses code on the
3492 + stack. One possible source for false positives are object files built
3493 + from assembler files which don't define a proper .note.GNU-stack
3496 diff -urNad lintian-1.23.8/checks/standards-version lintian-1.23.21/checks/standards-version
3497 --- lintian-1.23.8/checks/standards-version 2004-12-25 23:40:20.000000000 +0000
3498 +++ lintian-1.23.21/checks/standards-version 2006-07-18 11:44:07.000000000 +0000
3500 -# standards-version -- lintian check script
3501 +# standards-version -- lintian check script -*- perl -*-
3503 # Copyright (C) 1998 Christian Schwarz and Richard Braakman
3506 # You should have received a copy of the GNU General Public License
3507 # along with this program. If not, you can find it on the World Wide
3508 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3509 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3510 -# MA 02111-1307, USA.
3511 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3512 +# MA 02110-1301, USA.
3514 package Lintian::standards_version;
3519 my %valid_standard = (
3536 # version lintian is programmed for. ($valid_standard[0]?)
3545 @@ -103,17 +107,17 @@
3546 if (($major > $MAJOR) or
3547 ($major == $MAJOR and $minor > $MINOR) or
3548 ($major == $MAJOR and $minor == $MINOR and $patch > $PATCH)) {
3549 - tag "newer-standards-version", "$_";
3550 + tag "newer-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)";
3553 tag "invalid-standards-version", "$_";
3555 } elsif ($valid_standard{$stdver} == 2) {
3557 - tag "out-of-date-standards-version", "$_";
3558 + tag "out-of-date-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)";
3559 } elsif ($valid_standard{$stdver} == 3) {
3560 # OK, now this is ancient.
3561 - tag "ancient-standards-version", "$_";
3562 + tag "ancient-standards-version", "$_ (current is $MAJOR.$MINOR.$PATCH)";
3563 } else { # looks valid ......
3564 if (($major == 3 and $minor == 0) or $major < 3) {
3565 if (-f "fields/build-depends" or
3566 diff -urNad lintian-1.23.8/collection/changelog-file lintian-1.23.21/collection/changelog-file
3567 --- lintian-1.23.8/collection/changelog-file 2004-04-18 00:54:35.000000000 +0000
3568 +++ lintian-1.23.21/collection/changelog-file 2006-07-18 11:44:29.000000000 +0000
3570 # You should have received a copy of the GNU General Public License
3571 # along with this program. If not, you can find it on the World Wide
3572 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3573 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3574 -# MA 02111-1307, USA.
3575 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3576 +# MA 02110-1301, USA.
3581 "unpacked/usr/share/doc/$pkg/changelog.debian",
3582 "unpacked/usr/share/doc/$pkg/changelog.gz",
3583 "unpacked/usr/share/doc/$pkg/changelog",
3584 - "unpacked/usr/doc/$pkg/changelog.Debian.gz",
3585 + "unpacked/usr/doc/$pkg/changelog.Debian.gz",
3586 "unpacked/usr/doc/$pkg/changelog.Debian",
3587 "unpacked/usr/doc/$pkg/changelog.debian.gz",
3588 "unpacked/usr/doc/$pkg/changelog.debian",
3589 diff -urNad lintian-1.23.8/collection/objdump-info lintian-1.23.21/collection/objdump-info
3590 --- lintian-1.23.8/collection/objdump-info 2004-04-18 00:54:35.000000000 +0000
3591 +++ lintian-1.23.21/collection/objdump-info 2006-07-18 11:44:29.000000000 +0000
3593 # You should have received a copy of the GNU General Public License
3594 # along with this program. If not, you can find it on the World Wide
3595 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3596 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3597 -# MA 02111-1307, USA.
3598 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3599 +# MA 02110-1301, USA.
3610 rm -f ../objdump-info
3612 if head $bin | grep -q 'packed.*with.*UPX'; then
3613 echo "objdump: $bin: Packed with UPX" >> ../objdump-info
3615 - objdump --headers --private-headers -T $bin >> ../objdump-info 2>&1
3616 + # readelf is for interpreter information only; ignore failure.
3617 + readelf -l "$bin" >> ../objdump-info 2>&1 || true
3619 + # The main data of interest.
3620 + if objdump --headers --private-headers -T $bin >> ../objdump-info 2>&1 ; then
3621 + # everything is ok
3624 + # If the objdump error is "Invalid operation", we handle it later
3625 + # in the check script, since this is the expected output (for now)
3626 + # on detached debugging information in /usr/lib/debug.
3627 + if objdump -T $bin 2>&1 | grep -q 'Invalid operation$' ; then
3636 diff -urNad lintian-1.23.8/lib/Checker.pm lintian-1.23.21/lib/Checker.pm
3637 --- lintian-1.23.8/lib/Checker.pm 2004-07-06 19:05:32.000000000 +0000
3638 +++ lintian-1.23.21/lib/Checker.pm 2006-07-18 11:45:09.000000000 +0000
3640 # Checker -- Perl checker functions for lintian
3641 -# $Id: Checker.pm 311 2004-07-02 13:47:58Z djpig $
3642 +# $Id: Checker.pm 495 2005-09-21 21:27:05Z djpig $
3644 # Copyright (C) 2004 Jeroen van Wolffelaar
3647 # You should have received a copy of the GNU General Public License
3648 # along with this program. If not, you can find it on the World Wide
3649 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3650 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3651 -# MA 02111-1307, USA.
3652 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3653 +# MA 02110-1301, USA.
3658 # require has a anti-require-twice cache
3659 require "$LINTIAN_ROOT/checks/$name";
3661 - $Tags::prefix = $type eq 'binary' ? $pkg : "$pkg $type";
3664 #print STDERR "Now running $name...\n";
3665 $name =~ s/[-.]/_/g;
3666 eval { &{'Lintian::'.$name.'::run'}($pkg, $type) };
3667 diff -urNad lintian-1.23.8/lib/Dep.pm lintian-1.23.21/lib/Dep.pm
3668 --- lintian-1.23.8/lib/Dep.pm 2004-04-18 00:54:33.000000000 +0000
3669 +++ lintian-1.23.21/lib/Dep.pm 2006-07-18 11:45:09.000000000 +0000
3671 \s* (.*?) # do not attempt to parse version
3672 \s* \) # closing parenthesis
3673 )? # end of optional part
3674 + (?: # start of optional architecture
3675 + \s* \[ # open bracket for architecture
3676 + \s* (.*?) # don't parse architectures now
3677 + \s* \] # closing bracket
3678 + )? # end of optional architecture
3680 - return ['PRED', $1] if not defined $2;
3681 + return ['PRED', $1, undef, undef, $4] if not defined $2;
3685 } elsif ($two eq '>') {
3688 - return ['PRED', $1, $two, $3];
3689 + return ['PRED', $1, $two, $3, $4];
3692 sub Or { return ['OR', @_]; }
3693 @@ -180,9 +185,70 @@
3694 # If the names don't match, there is no relationship between them.
3695 return undef if $$p[1] ne $$q[1];
3697 - # If the names match, then the only difference is in the version clauses.
3698 - # The implication is true if p's clause is stronger than q's, or is
3700 + # If the names match, then the only difference is in the architecture or
3701 + # version clauses. First, check architecture. The architectures for p
3702 + # must be a superset of the architectures for q.
3703 + my @p_arches = split(' ', $$p[4] || '');
3704 + my @q_arches = split(' ', $$q[4] || '');
3705 + if (@p_arches || @q_arches) {
3706 + my $p_arch_neg = @p_arches && $p_arches[0] =~ /^!/;
3707 + my $q_arch_neg = @q_arches && $q_arches[0] =~ /^!/;
3709 + # If p has no arches, it is a superset of q and we should fall through
3710 + # to the version check.
3711 + if (not @p_arches) {
3715 + # If q has no arches, it is a superset of p and there are no useful
3717 + elsif (not @q_arches) {
3721 + # Both have arches. If neither are negated, we know nothing useful
3722 + # unless q is a subset of p.
3723 + elsif (not $p_arch_neg and not $q_arch_neg) {
3724 + my %p_arches = map { $_ => 1 } @p_arches;
3726 + for my $arch (@q_arches) {
3727 + $subset = 0 unless $p_arches{$arch};
3729 + return undef unless $subset;
3732 + # If both are negated, we know nothing useful unless p is a subset of
3733 + # q (and therefore has fewer things excluded, and therefore is more
3735 + elsif ($p_arch_neg and $q_arch_neg) {
3736 + my %q_arches = map { $_ => 1 } @q_arches;
3738 + for my $arch (@p_arches) {
3739 + $subset = 0 unless $q_arches{$arch};
3741 + return undef unless $subset;
3744 + # If q is negated and p isn't, we'd need to know the full list of
3745 + # arches to know if there's any relationship, so bail.
3746 + elsif (not $p_arch_neg and $q_arch_neg) {
3750 + # If p is negated and q isn't, q is a subset of p iff none of the
3751 + # negated arches in p are present in q.
3752 + elsif ($p_arch_neg and not $q_arch_neg) {
3753 + my %q_arches = map { $_ => 1 } @q_arches;
3755 + for my $arch (@p_arches) {
3756 + $subset = 0 if $q_arches{substr($arch, 1)};
3758 + return undef unless $subset;
3762 + # Now, down to version. The implication is true if p's clause is stronger
3763 + # than q's, or is equivalent.
3765 # If q has no version clause, then p's clause is always stronger.
3766 return 1 if not defined $$q[2];
3767 diff -urNad lintian-1.23.8/lib/Read_taginfo.pm lintian-1.23.21/lib/Read_taginfo.pm
3768 --- lintian-1.23.8/lib/Read_taginfo.pm 2004-04-18 00:54:33.000000000 +0000
3769 +++ lintian-1.23.21/lib/Read_taginfo.pm 2006-07-18 11:45:09.000000000 +0000
3771 # You should have received a copy of the GNU General Public License
3772 # along with this program. If not, you can find it on the World Wide
3773 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3774 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3775 -# MA 02111-1307, USA.
3776 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3777 +# MA 02110-1301, USA.
3779 my $LINTIAN_ROOT = $ENV{'LINTIAN_ROOT'} || '/usr/share/lintian';
3780 my $debug = $ENV{'LINTIAN_DEBUG'} || 0;
3782 } elsif (exists $url{$man}) {
3783 $foo[$u] = "<a href=\"$url{$man}\">$foo[$u]</a>";
3785 + } elsif ($foo[$u] =~ m,\s*([\w_-]+\(\d+\w*\))\s*$,i) {
3786 + $foo[$u] = "the $foo[$u] manual page";
3790 diff -urNad lintian-1.23.8/lib/Text_utils.pm lintian-1.23.21/lib/Text_utils.pm
3791 --- lintian-1.23.8/lib/Text_utils.pm 2004-04-18 00:54:32.000000000 +0000
3792 +++ lintian-1.23.21/lib/Text_utils.pm 2006-07-18 11:45:09.000000000 +0000
3794 # You should have received a copy of the GNU General Public License
3795 # along with this program. If not, you can find it on the World Wide
3796 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3797 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3798 -# MA 02111-1307, USA.
3799 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3800 +# MA 02110-1301, USA.
3808 - push(@o,"$_<p>\n");
3809 + push(@o,"<p>$_\n");
3813 diff -urNad lintian-1.23.8/lib/Util.pm lintian-1.23.21/lib/Util.pm
3814 --- lintian-1.23.8/lib/Util.pm 2004-07-06 19:05:33.000000000 +0000
3815 +++ lintian-1.23.21/lib/Util.pm 2006-07-18 11:46:20.000000000 +0000
3817 # You should have received a copy of the GNU General Public License
3818 # along with this program. If not, you can find it on the World Wide
3819 # Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
3820 -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
3821 -# MA 02111-1307, USA.
3822 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
3823 +# MA 02110-1301, USA.
3830 file_is_encoded_in_non_utf8
3837 @@ -207,6 +208,23 @@
3841 +# Just like system, except cleanses the environment first to avoid any strange
3842 +# side effects due to the user's environment.
3844 + my @whitelist = qw(PATH INTLTOOL_EXTRACT);
3845 + my %newenv = map { exists $ENV{$_} ? ($_ => $ENV{$_}) : () } @whitelist;
3847 + if (not defined $pid) {
3849 + } elsif ($pid == 0) {
3851 + exec @_ or die("exec of $_[0] failed: $!\n");
3858 # ------------------------