Debian Bug report logs - #932634
lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Helen Koike <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Date: Sun, 21 Jul 2019 11:04:36 -0300

Package: lintian
Version: 2.15.0
Severity: important

Dear Maintainer,

In lintian/data/binaries/embedded-libs, the criterium to detect if a
library was linked statically against libyaml is to verify the string:

libyaml   ||(?m)^did not find expected <stream-start>

But this string is also found in package rust-yaml-rust.

This caused a false positive when packaging bat [1].

[1] https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2019-July/006335.html

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lintian depends on:
ii  binutils                       2.32.51.20190707-1
ii  bzip2                          1.0.6-9.2
ii  diffstat                       1.62-1
ii  dpkg                           1.19.7
ii  dpkg-dev                       1.19.7
ii  file                           1:5.35-4
ii  gettext                        0.19.8.1-9
ii  gpg                            2.2.13-2
ii  intltool-debian                0.35.0+20060710.5
ii  libapt-pkg-perl                0.1.36+b1
ii  libarchive-zip-perl            1.64-1
ii  libcapture-tiny-perl           0.48-1
ii  libcgi-pm-perl                 4.40-1
ii  libclass-accessor-perl         0.51-1
ii  libclone-perl                  0.41-1+b1
pn  libdigest-sha-perl             <none>
ii  libdpkg-perl                   1.19.7
ii  libemail-valid-perl            1.202-1
ii  libfile-basedir-perl           0.08-1
ii  libio-async-perl               0.72-1
ii  libipc-run-perl                20180523.0-1
ii  liblist-moreutils-perl         0.416-1+b4
ii  libparse-debianchangelog-perl  1.2.0-13
ii  libpath-tiny-perl              0.108-1
ii  libtext-levenshtein-perl       0.13-1
ii  libtimedate-perl               2.3000-2
ii  libtry-tiny-perl               0.30-1
ii  liburi-perl                    1.76-1
ii  libxml-simple-perl             2.25-1
ii  libyaml-libyaml-perl           0.76+repack-1
ii  man-db                         2.8.5-2
ii  patchutils                     0.3.4-2
ii  perl                           5.28.1-6
ii  t1utils                        1.41-3
ii  xz-utils                       5.2.4-1

Versions of packages lintian recommends:
ii  libperlio-gzip-perl  0.19-1+b5

Versions of packages lintian suggests:
pn  binutils-multiarch     <none>
ii  libhtml-parser-perl    3.72-3+b3
ii  libtext-template-perl  1.55-1

-- no debconf information

Message #10 received at [email protected] (full text, mbox, reply):

From: "Chris Lamb" <[email protected]>

To: "Helen Koike" <[email protected]>, "Debian Bug Tracking System" <[email protected]>

Subject: Re: Bug#932634: lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Date: Wed, 24 Jul 2019 14:51:08 -0300

tags 932634 + moreinfo
thanks

Hi Helen,

> In lintian/data/binaries/embedded-libs, the criterium to detect if a
> library was linked statically against libyaml is to verify the string:
> 
> libyaml   ||(?m)^did not find expected <stream-start>
> 
> But this string is also found in package rust-yaml-rust.

Indeed. So, I not sure how Lintian is meant to "know" that this is
from the Rust version of YAML over the libyaml version. If bat was
called, say, "rust-bat" instead then we could use embedded-libs's
ability to filter via a regular expression, but that is alas not the
case. Any ideas...?


Best wishes,,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] 🍥 chris-lamb.co.uk
       `-

Message #17 received at [email protected] (full text, mbox, reply):

From: Helen Koike <[email protected]>

To: Chris Lamb <[email protected]>

Cc: Debian Bug Tracking System <[email protected]>

Subject: Re: Bug#932634: lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Date: Thu, 25 Jul 2019 14:08:52 -0300

Hi Chris,

On Wed, Jul 24, 2019 at 2:51 PM Chris Lamb <[email protected]> wrote:
>
> tags 932634 + moreinfo
> thanks
>
> Hi Helen,
>
> > In lintian/data/binaries/embedded-libs, the criterium to detect if a
> > library was linked statically against libyaml is to verify the string:
> >
> > libyaml   ||(?m)^did not find expected <stream-start>
> >
> > But this string is also found in package rust-yaml-rust.
>
> Indeed. So, I not sure how Lintian is meant to "know" that this is
> from the Rust version of YAML over the libyaml version. If bat was
> called, say, "rust-bat" instead then we could use embedded-libs's
> ability to filter via a regular expression, but that is alas not the
> case. Any ideas...?

right, the binary package is not called rust-bat but the source package is [1].
Can lintian check for the source package name? (also not sure if it is
a good idea).
Do you think it would be a good idea to rename the binary package?
Or maybe we could try find another string that is present in libyaml and not
in rust-yaml-rust.

Just a question regarding how lintian works: one thing that confused me is that
bat doesn't depend on rust-yaml-rust directly, it depends on rust-syntect which
depends on rust-yaml-rust. So I was wondering why I didn't get this
error in lintian
when building rust-syntect.

[1] https://ftp-master.debian.org/new/rust-bat_0.11.0-1.html

Thanks
Helen

>
>
> Best wishes,,
>
> --
>       ,''`.
>      : :'  :     Chris Lamb
>      `. `'`      [email protected] chris-lamb.co.uk
>        `-

Message #22 received at [email protected] (full text, mbox, reply):

From: "Chris Lamb" <[email protected]>

To: "Helen Koike" <[email protected]>

Cc: "Debian Bug Tracking System" <[email protected]>

Subject: Re: Bug#932634: lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Date: Fri, 26 Jul 2019 05:33:03 -0300

Hi Helen,

> right, the binary package is not called rust-bat but the source package is [1].
> Can lintian check for the source package name? (also not sure if it is
> a good idea).

It could but, alas, the I think the "package exception" mechanism
regarding the binaries/embedded-libs data file appears to use the
binary package name...

> Do you think it would be a good idea to rename the binary package?

Just to silence this Lintian warning? That would seem like extreme
overkill to me! Regarding finding another string that is present in.
libyaml and not in rust-yaml-rust, do you have any suggestion at this
point?

> Just a question regarding how lintian works: one thing that confused me is that
> bat doesn't depend on rust-yaml-rust directly, it depends on rust-syntect which
> depends on rust-yaml-rust. So I was wondering why I didn't get this
> error in lintian when building rust-syntect.

I have not checked but isn't the question/issue around Rust embedding
the code of the library in question rather separate to the chain of
Debian-level dependencies. In other words, isn't this apparent
perculiarity explained by that bat embeds the rust-yaml-rust bit of
YAML parsing/generation code whilst that bit of rust-yaml-rust isn't
used in rust-syntect and thus is not embedded?


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] 🍥 chris-lamb.co.uk
       `-

Message #27 received at [email protected] (full text, mbox, reply):

From: Helen Koike <[email protected]>

To: Chris Lamb <[email protected]>

Cc: Debian Bug Tracking System <[email protected]>

Subject: Re: Bug#932634: lintian: false-positive embedded-library libyaml due to matching string (defined in data/binaries/embedded-libs) with package rust-yaml-rust

Date: Fri, 26 Jul 2019 12:48:54 -0300

Hi Chris,

On Fri, Jul 26, 2019 at 5:33 AM Chris Lamb <[email protected]> wrote:
>
> Hi Helen,
>
> > right, the binary package is not called rust-bat but the source package is [1].
> > Can lintian check for the source package name? (also not sure if it is
> > a good idea).
>
> It could but, alas, the I think the "package exception" mechanism
> regarding the binaries/embedded-libs data file appears to use the
> binary package name...
>
> > Do you think it would be a good idea to rename the binary package?
>
> Just to silence this Lintian warning? That would seem like extreme
> overkill to me! Regarding finding another string that is present in.
> libyaml and not in rust-yaml-rust, do you have any suggestion at this
> point?

This is the output of "strings libyaml-0.so.2.0.5": http://ix.io/1PAz
And this is the output of "strings bat": http://ix.io/1PAJ

Maybe we can get a string that is not present in both and long enough to not
conflict with other things? e.g.:
 - "unexpected low surrogate area"
- "control characters are not allowed"
- "found a tab character where an indentation space is expected"

(I also checked that these strings are not present in rust-yaml-rust package, in
case the compiler is optimizing something when compiling bat)

What do you think?

>
> > Just a question regarding how lintian works: one thing that confused me is that
> > bat doesn't depend on rust-yaml-rust directly, it depends on rust-syntect which
> > depends on rust-yaml-rust. So I was wondering why I didn't get this
> > error in lintian when building rust-syntect.
>
> I have not checked but isn't the question/issue around Rust embedding
> the code of the library in question rather separate to the chain of
> Debian-level dependencies. In other words, isn't this apparent
> perculiarity explained by that bat embeds the rust-yaml-rust bit of
> YAML parsing/generation code whilst that bit of rust-yaml-rust isn't
> used in rust-syntect and thus is not embedded?

I just noticed that librust*.deb packages just provides source code in
rust, I think
that is why the same lintian warning wasn't fired on rust-syntec (as
librust-syntect-dev*.deb just
provides source code).
So when compiling in a final binary (bat in this case), lintian
detects the embedded-binary.

Thanks
Helen

>
>
> Regards,
>
> --
>       ,''`.
>      : :'  :     Chris Lamb
>      `. `'`      [email protected] chris-lamb.co.uk
>        `-

Message #34 received at [email protected] (full text, mbox, reply):

From: Felix Lechner <[email protected]>

To: [email protected]

Subject: Bug#932634 marked as pending in lintian

Date: Thu, 13 Jan 2022 19:23:26 +0000

Control: tag -1 pending

Hello,

Bug #932634 in lintian reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/lintian/lintian/-/commit/4c091cd2d2433e434e3b4326e094ed14534cd3cf

------------------------------------------------------------------------
Turn embedded-library into a classification tag. (Closes: #932634)

Linking statically may no longer be a packaging error in 2022. Many ostensibly
modern languages such as Golang, Rust or Haskell link most or all libraries
statically into the binaries they produce.

For some time, I tried to find other identifying characteristics that would
distinguish the C library libyaml, when linked in statically, from binaries in
other statically linked languages.

Vexingly for this purpose, the newer YAML implementations seem to mirror the
strings found in the C version with amazing accuracy. The sole exception was the
string "found a tab character that violate indentation" (missing an S) but it
seemed unwise to rely on a misspelling that might be corrected, even while the
defective string was still present in the latest libyaml version in unstable.

Of course, the security considerations stated in the tag description still
apply, but those issues reach nowadays far beyond static linking. My desperate
searches on codesearch.d.n were furter befuddled by many vendored sources that
should perhaps not be there. [1]

After some reflection, the Security Team likely has to examine all embedded
versions of affected libraries even when the mode of linking is not actionable
by the Debian distributor because a language works that way.

As a compromise, this commit hides the tag from everyday users but keeps the
information accessible via our website's JSON interface [2] for anyone
researching security matters.

Thanks to Helen Koike for bringning the matter to our attention!

[1] For an example, see yaml.v2 here: https://sources.debian.org/src/golang-github-coreos-discovery-etcd-io/2.0.0+git2019.04.19.git.78fb45d3c9-4/Gopkg.lock/#L543-L549
[2] https://lintian.debian.org/query
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/932634

Message #41 received at [email protected] (full text, mbox, reply):

From: Debian FTP Masters <[email protected]>

To: [email protected]

Subject: Bug#932634: fixed in lintian 2.115.0

Date: Mon, 20 Jun 2022 14:34:13 +0000

Source: lintian
Source-Version: 2.115.0
Done: Axel Beckert <[email protected]>

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert <[email protected]> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 13:23:02 +0200
Source: lintian
Architecture: source
Version: 2.115.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <[email protected]>
Changed-By: Axel Beckert <[email protected]>
Closes: 657390 932634 941656 963099 989381 995286 996740 999768 999810 1000234 1000977 1001655 1002828 1003131 1003272 1003353 1003456 1003668 1003817 1003913 1003941 1004231 1004239 1004240 1004660 1005046 1005184 1005762 1006390 1006859 1007140 1007257 1012090
Changes:
 lintian (2.115.0) unstable; urgency=medium
 .
   The Lintian Resurrection Release.
 .
   * Summary of tag changes:
     + Added:
       - alien-tag
       - chown-with-dot
       - conflicting-test-fields
       - declare-python-versions-for-test
       - drop-python-version-declaration
       - invalid-override-restriction
       - missing-prerequisite-for-pyproject-backend
       - old-devhelp-standard
       - stray-devhelp-documentation
       - test-leaves-python-version-untested
       - uses-poetry-cli
     + Removed:
       - crossing-screens
       - debhelper-compatibility-level-not-a-number
       - debian-tests-control-and-control-autodep8
       - exclusive-runtime-tests-field
       - package-contains-devhelp-file-without-symlink
 .
   [ Axel Beckert ]
   * Adopting Lintian. (Changes #1012289 from ITA to pure RFH.)
     + Remove Chris Lamb from Uploaders (see #1012289) and re-add myself.
   * Workarounds until
     https://github.com/Perl-Critic/Perl-Critic/issues/925 is fixed:
     + Replace all occurrences of "Copyright ©" with "Copyright (C)" again.
     + Remove unnecessary usage of UTF-8 from bin/lintian.
     + Replace UTF-8 characters in mostly Copyright comments.
     + Replace UTF-8 characters in code with \N{…}.
   * Remove literal unicode character U+0334 COMBINING TILDE OVERLAY which
     likely had been added accidentally. (Triggered by the symptoms of
     https://github.com/Perl-Critic/Perl-Critic/issues/925, but permanent.)
   * Update copyright years in debian/copyright.
   * Run perltidy over lib, bin/lintian, private/refresh-perl-provides,
     private/runtests and several files in t/scripts/.
   * data/…/perl-provides updated by running "debian/rules
     refresh-perl-provides".
   * Add Felix Lechner to debian/copyright based on copyright statements
     elsewhere. Thanks for all your contributions!
   * Update t/recipes/README: "debian/rules runtests" → "private/runtests"
   * Follow module renaming: Perl::Critic::Freenode → Perl::…::Community.
   * t/s…/h…/tag-coverage.t: Replace "$ENV{'LINTIAN_BASE'}" with
     "$ENV{'LINTIAN_BASE'} // '.'" to be able to run it with "prove -l".
   * init.d-general check: Avoid relying on line numbers in #DEBHELPER#
     replacement code.
   * very-long-line-length-in-source-file: Ignore files listed in new data
     file binary-file-extensions. (Closes: #1005046)
   * Fix false positives for adopted-extended-field with X- prefixed
     fields. (Closes: #999768)
     + Empty hints files seem to require a Test-Against field in desc.
   * Update own source lintian-overrides for "pointed hints".
     + Make them work with old and new lintian versions by using wildcards.
   * Rename README.developers to have a proper file suffix (.pod).
   * Switch syntax marker of README.developers.pod from "perl" to "pod".
   * Documentation update: Replace directory "frontend/" with "bin/".
   * Fix a bunch of "Use of uninitialized value $_ in concatenation"
     warnings when running tests with "prove -l" directly.
   * README.developers.pod: Explain the difference between check and test.
   * lintian(1): Drop mentioning of never existing --no-overrides option.
   * Replace unfitting Text::Glob with more flexible Regexp::Wildcards
     (Closes: #1003353)
     + Add unit test for Lintian::Util::match_glob. The current testsuite
       does not seem to be able to cover such a case.
   * Declare compliance with Debian Policy 4.6.1. (No changes needed.)
   * Refresh data using private/refresh-data. Skip unreleased policy though
     for now.
   * Fix "Use of uninitialized value $step in concatenation" in
     Lintian::Version which showed up as unrecognized tag (!) when running
     the test suite on the git repo already tagged for a release.
   * debian/gbp.conf: Declare so far used tag format so that gbp uses it.
   * Add lintian override for very-long-line-length-in-source-file in
     Lintian::Check::Cruft as well as test-leaves-python-version-untested.
   * Use versioned Breaks instead of Conflicts against lzd, see #1001655.
     Thanks Lintian for reporting ;-) and Paul Gevers for the sanity check!
 .
   [ Felix Lechner ]
   * Refresh manual references.
   * Use Text::Glob to match hint contexts with override patterns. Replaces
     a trusted homegrown routine. (Closes: #1003272)
   * Refresh list of available Debhelper commands.
   * Refresh list of installable fonts.
   * Generate section references for Lintian manual from repo; point to
     website.
   * Accept globbing patterns in profiles when enabling and disabling
     checks or tags.
   * Refresh data sources in parallel.
   * Add the New Maintainer's Guide to the list of quotable authorities.
   * Eliminate unpredictable output in the check siles/privacy-breach.
   * Honor the environment variable NO_COLOR as specified in
     https://no-color.org/.
   * More attempts to eliminate unpredictable output in the check
     files/privacy-breach.
   * Drop the tag debian-tests-control-and-control-autodep8.
   * Set authority references apart from other data sources.
   * Provide rudimentary Emacs integration. (See: #968758)
   * Associate Emacs modules with the 'editors' archive section.
   * Recognize /usr/bin/raku as a known interpreter for scripts. (Closes:
     #1002828)
   * Do not depend on any particular Lzip implementation. (Closes:
     #1001655)
   * Exempt installables designated as documentation from warning about new
     Python2 packages. (Closes: #995286)
   * Update citations in two tags. (Closes: #1003131)
   * Drop version requirement from
     skip-systemd-native-flag-missing-pre-depends. (See: #1003271)
   * Import new CSS style sheet from the website.
   * Recognize dh-sequence-sphinxdoc as a valid prerequisite for
     dh_sphinxdoc. (Closes: #999810)
   * Tolerate multiarch acceptors in prerequisites for Debhelper commands
     and addons. (Closes: #1000234)
   * Issue yet more pointed hints.
   * Recognize pybuild-plugin-pyproject as a valid prerequisite for the
     python3 Debhelper plugin. (Closes: #1003668)
   * Exempt bullseye backports from changelog-file-missing-explicit-entry.
     (Closes: #941656)
   * Mask long source lines in autotools-generated files. (Closes: #996740)
   * Turn embedded-library into a classification tag. (Closes: #932634)
   * Require the targets build-arch and build-indep in debian/rules.
     (Closes: #657390)
   * Do not insist on a particular name for unversioned links to a shared
     library. (Closes: #963099)
   * Exempt the names of Debian folks associated with a package from
     spelling checks. (Closes: #989381)
   * Require py3version invocation consistent with presence of
     X-Python3-Version in d/control. (See: #1001677)
   * Exempt CGI scripts from executable-in-usr-lib. (Closes: #1003941)
   * CGI scripts can be ELF executables. (See: #1003941)
   * Exempt Python's .dist-info and .egg-info folders everywhere from
     documentation-outside-usr-share. (Closes: #1003913)
   * Flag an outdated Debian copyright just once; use the most recent
     year. (Closes: #1003817)
   * Implement '--no-show-overrides'; honor it for overrides and masks
     alike. (See: #1004240)
   * Allow the command-line option '--no-info' to reverse 'info=yes' in the
     configuration file. (Closes: #1004240)
   * Elide manual references to ancient Lintian versions; use modern
     examples. (Closes: #1004231)
   * Deprecate --no-tag-display-limit for '--tag-display-limit 0'; update
     documentation. (Closes: #1004239)
   * Also provide a default output width for
     lintian-annotate-hints. (Closes: #1004660)
   * Mask examples in tests from
     package-does-not-install-examples. (Closes: #1005184)
   * Recognize Java 18 in unstable, and Java 19 as otherwise
     available. (Closes: #1005762)
   * Leave default Java bytecode version at 56. (See: #1005762)
   * Adjust documentation reference to manual page for dh_make. (Closes:
     #1006390)
   * Warn about devhelp index files that use version 1. (Closes: #1006859)
   * Store ELF information from readelf in an MLDBM database. (Closes:
     #1003456)
   * Issue pedantic hint for dot in 'chown user.group' instead of a
     colon. (Closes: #1007140)
   * Upgrade missing-systemd-timer-for-cron-script to warning; no longer
     experimental. (Closes: #1007257)
 .
   [ Ryan Finnie ]
   * Provide a constant citation for
     systemd-service-file-uses-nobody-or-nogroup. (Closes: !385)
 .
   [ Louis-Philippe Véronneau ]
   * Check that tests pulling in all Python versions also query which ones
     are available. (Closes: !361)
   * Add new Python tags for pyproject.toml build backends according to
     PEP-517. (Closes: !384)
   * Rename 'python3-flit' to 'flit', as there is no 'python3-flit'
     package. (Closes: !386)
 .
   [ Daniel Kahn Gillmor ]
   * Correct lintian-annotate-hints manpage.
 .
   [ Simon McVittie ]
   * Silence a very widespread false positive for detached debug symbols.
     (Closes: #1000977, !387)
 .
   [ Simon Quigley ]
   * Add "kinetic" as a known Ubuntu distribution. (Closes: !392)
 .
   [ xiao sheng wen(肖盛文) ]
   * Add riscv64 support (Closes: #1012090, !394)
 .
   [ Damyan Ivanov ]
   * Update releases.json data for Debian policy releases (4.6.1 added;
     closes: !393)
 .
   [ Paul Wise ]
   * Add more obsolete domains for former source code hosting services.
Checksums-Sha1:
 863a51cffc5b8359ef133d6e6f150d9cac148eb3 2503 lintian_2.115.0.dsc
 e20194c63f481a7361969fab6ea7739f3f6e03d5 2170172 lintian_2.115.0.tar.xz
 3453b48f59dd2f58e2e78523e9018c58a42faebe 7274 lintian_2.115.0_source.buildinfo
Checksums-Sha256:
 431a025b52e185cac6cbf2fedca8b6c60e2f7dfa55d89d86fcd543a34e8232b9 2503 lintian_2.115.0.dsc
 f353d372d036daa6ad0341b418728cfe73c11688708b6c3a33d50acb445d2b53 2170172 lintian_2.115.0.tar.xz
 e1c1bd41b7f5a8014231f9db422c1711e97cf50146eab83a1d113370735f02d9 7274 lintian_2.115.0_source.buildinfo
Files:
 4484e31abe39a15def23b119f92ef3ab 2503 devel optional lintian_2.115.0.dsc
 9d7922b69d30a63693825120e049ea00 2170172 devel optional lintian_2.115.0.tar.xz
 12f2494d410df4c2bf03f82075ce5f60 7274 devel optional lintian_2.115.0_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAmKwZiIACgkQa+Zjx1o1
yXUIng/5ARDjo8W4NggeM79xaeIgqtRbCao5XuBX6VyAE6hupaK8vHH/konnGmwg
jfRvPQK6YCXfqHggIKNQnToJgKUxdI+U3e10PYrbc5qt2UWFMiRfEHGqG3cfu+uA
JhqldKXfRkvmY4+9WPChWZ4C8qjdPZNcQwwdwm1Rg6gKMreYDGNIWJ94Hh7BkNsC
lNowSbDW6uE0XLBxVVeHhQGrn0Aki8fkx82W+Hod2A26sCXv/Gx7OSb8KVERa3+7
D05KDZd+ZGXBIdk/zRn/AeCxwcLXXMCS7qNDsfbJ8oUeYyy7y7QrQbGeFrBdOTyk
JbqqG0rTGbvfg3UcviOm/rvkr5QHdA5OMLUKRoljApMJEzbASGzYqNiUSmZNWH8x
v9EZ/qTHrcPFL/bIC9POvjD3FhSs3EkgQxXCuVPWZRruurgEme6DmnxHEj9TAe6L
GcUr+6DDHMw+j9SlO04VDDpUFVO2ftPfMcSckNCNM3eMxfig4XjPmyay3m6BjgaF
Rq6ckTUCUt5hsm7T48I0PAjXMRcAbemfI3PmVOUgwIf3BvzcdvJew0h90ULOY94N
cCWdsZ5SwC1hoz6EsBVmD16XxxYvZM7/wcf40PJkJ+YwtJu2Wm3dAv5WPK8UTrYr
qK1s62DfByho45eV9rXKeLnjvRN37rQYOWl7WwYy6YfpzQYDFWU=
=3dK3
-----END PGP SIGNATURE-----

Message #60 received at [email protected] (full text, mbox, reply):

From: Debian FTP Masters <[email protected]>

To: [email protected]

Subject: Bug#932634: fixed in lintian 2.116.0

Date: Tue, 17 Jan 2023 07:00:29 +0000

Source: lintian
Source-Version: 2.116.0
Done: Axel Beckert <[email protected]>

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert <[email protected]> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Jan 2023 01:37:56 +0100
Source: lintian
Architecture: source
Version: 2.116.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <[email protected]>
Changed-By: Axel Beckert <[email protected]>
Closes: 932634 1002053 1006631 1013314 1014175 1014956 1016147 1019235 1019541 1019851 1024361 1025164 1025436 1025644 1025868 1026920 1027323 1027399 1028274 1028975
Changes:
 lintian (2.116.0) unstable; urgency=medium
 .
   The "Crowd Merging" Release.
 .
   * Summary of tag changes:
     + Added:
       - dbus-policy-in-etc
       - homepage-github-url-ends-with-dot-git
       - homepage-gitlab-url-ends-with-dot-git
       - homepage-salsa-url-ends-with-dot-git
       - uses-pdm-cli
       - uses-python-distutils
     + Removed:
       - init.d-script-needs-depends-on-lsb-base
       - old-dpmt-vcs
       - old-papt-vcs
       - python-teams-merged
 .
   [ Sebastian Ramacher ]
   * Revert "Turn embedded-library into a classification tag. (Closes:
     #932634)". The tag embedded-library is used by FTP masters for
     automatic rejects.  So let's revert this change. First, #932634 has
     seen no coordination with FTP masters. Second, it confuses developers
     when their packages get rejected for tags that are not emitted
     locally.
 .
   [ Simon McVittie ]
   * obsolete-packages: Add some more transitional packages.
   * desktop/dbus: Check for dbus policy files installed into /etc/.
     (Closes: #1006631)
   * Don't emit very-long-line-length-in-source-file for REUSE licenses.
     (Closes: #1013314)
 .
   [ Bastien Roucariès ]
   * Run test suite at build time except on Salsa.
   * Fix warning: cannot run debian/readme check on
     package binary:postgresql-15_15~beta2-2+salsaci_amd64
     (Closes: #1014175)
   * Refresh data.
   * L…/C…/Files/PrivacyBreach.pm: Run lc in sliding windows block.
 .
   [ Axel Beckert ]
   * data/spelling/corrections: Remove valid word "licence".
   * Fix typos and add missing changelog items in 2.115.3 release.
   * .gitignore: Also ignore debian/*.debhelper files and drop wrong
     trailing slash for doc/lintian.html.
   * private/refresh-virtual-packages-data: Replace "egrep" with "grep -E".
   * Replace "egrep" and "fgrep" in all test suite dummy packages with "grep
     -E/-F".
   * Add build-dependencies of the test suite.
   * Fix test broken by dpatch removal.
   * Fix test broken by updating the list of virtual packages.
   * Extend spellintian.t to check all listed misspellings against dictionaries.
     Add test suite build dependencies on liblist-someutils-perl, wamerican
     and wbritish. (Closes: #1019541)
   * Make spellintian.t to use the installed corrections list under autopkgtest.
   * t/scripts/tags/fields.t: Allow running with just "prove -l".
   * Remove spelling corrections which are valid words and now caught by
     the new spellintian.t check against English dictionaries.
     (Closes: #1019235)
   * Remove valid word "tye" from data/spelling/corrections.
   * Remove spelling correction for "curren", it's a valid HTML entity.
   * Refresh data: Adds Debian Policy 4.6.2 and Loong64 architectures among
     other things.
   * Declare compliance with Debian Policy 4.6.2.
   * Make test for generate-tag-summary more precise and properly cover all
     cases.
   * out-of-date-/newer-standards-version: Only output the significant
     digits of the current policy version.
   * Salsa CI: Override the lintian version being used to the just built
     version.
   * Extend desc-fields.t to only accept known field names, see #1025868.
   * Fix singular vs plural field name typo. (Fixes ½ of #1025868)
   * debian/copyright: Bump my copyright years to 2023.
   * Make "lintian --version" emit versions unique per commit if run from a
     git checkout.
   * Fix read error with libpath-tiny-perl ≥ 0.142 if debian/templates is a
     directory. Thanks to Salvatore Bonaccorso and src:linux. :-)
   * Fix arm64 autopkgtest by using a shell script as example instead of a
     compiled C binary for testing bin-sbin-mismatch. Also fix that so far
     on other architectures there was a bin-sbin-mismatch false negative
     accepted by the test suite while the true positive on arm64 hadn't
     been accepted by the test suite. (Closes: #1025868)
   * inconsistent-appstream-metadata-license:
     + Versions with trailing ".0" are equivalent to versions without
       (Closes: #1002053)
     + Normalize comparison (-or-later/+, -only suffix)
     + Tag description: Text improvements; add direct reference to
       AppStream metadata_license tag specification. (Closes: #1014956)
   * Unpack orig.tar: Ignore warnings about tar ignoring tar ball
     peculiarities. (Closes: #1028975)
   * Fix error with Path::Tiny ≥ 0.142 when searching for upstream
     signatures. (Closes: #1028274)
   * license-problem-php-license: Also refer to
     https://ftp-master.debian.org/php-license.html
   * Delete dangling symlink reporting/harness. (Closes: 1027323)
   * spellintian.t: Make sure that no bad spelling is used as good spelling
     of another bad spelling. Prompted by #1027399. Add build-dependency on
     "libarray-utils-perl <!nocheck>" and autopkgtest dependency for that.
   * Fix bad spellings that were used as good spelling for another bad
     spelling. (Closes: #1027399)
   * Do not emit executable-stack-in-shared-library on MIPS architectures
     for now. (Closes: #1025436, see also #1022787)
   * run-private-scripts.t:
     + Do not run auto-reject-diff as it requires network access.
     + Skip generate-tag-summary without git.
     Thanks Louis-Philippe Véronneau!
 .
   [ Akbarkhon Variskhanov ]
   * debian/control: Bump Standards-Version in Description.
 .
   [ Simon Quigley ]
   * Add "lunar" as a known Ubuntu distribution.
 .
   [ billchenchina ]
   * README.md: use zless for lintian.txt.gz.
 .
   [ Philip Hands ]
   * Accept bpo...+salsaci versions. (Closes: #1024361)
 .
   [ Aurélien COUDERC ]
   * Add SingleMainWindow to known-desktop-keys.
 .
   [ Johannes Schauer Marin Rodrigues ]
   * transitional-package-not-oldlibs-optional: Developer reference section
     6.7.7 is now 6.8.7.
   * Remove init.d-script-needs-depends-on-lsb-base and add lsb-base to
     obsolete-packages. (Closes: #1019851)
 .
   [ Louis-Philippe Véronneau ]
   * missing-prerequisite-for-pyproject-backend: Add support for
     pdm-pep517.
   * uses-pdm-cli: Create new tag.
   * Fix false-positive for missing-build-dependency-for-dh-addon when
     using dh-sequence-python3. (Closes: #1016147)
   * Add new tag 'uses-python-distutils' to warn people of the Python
     distutils deprecation.
   * Remove tag 'python-teams-merged', as this transition has been done and
     no package in the archive raises it anymore.
   * Remove tags 'old-dpmt/papt-vcs', as this transition has been done and
     no package in the archive raises them anymore.
   * Rework the 'package-is-team-maintained' tag.
   * Mark 'very-long-line-length-in-source-file' as experimental, because
     of the high number of false-positives.
   * Update known autopkgtest restrictions to add 'needs-sudo'.
   * Mark the 'update-debian-copyright' tag as experimental.
     (Closes: #1025644)
   * Fix false-positive for missing-prerequisite-for-pyproject-backend when
     the backend is specified as a Build-Depends-Indep. (Closes: #1025164)
   * missing-prerequisite-for-pyproject-backend: Add support for hatchling.
   * Add 'autopkgtest-pkg-pybuild' as known autopkgtest testsuite.
   * Make sure pybuild-plugin-pyproject is registered as a valid
     prerequisite for dh-python3.
 .
   [ Edward Betts ]
   * spelling: Add a correction.
   * dh-sequence-vim-addon pulls in dh-vim-addon.
   * GitHub, GitLab and Salsa URLs shouldn't end with ".git" in Homepage
     header.
 .
   [ Fatih Altun ]
   * Add "yirmiuc" as a known Pardus distribution.
 .
   [ William Desportes ]
   * data: Register .{dbf,shp,shx,sbx,sbn,qix} ESRI file extensions.
   * Fix false positive for license-problem-php-license for pear.php.net
     source code.
 .
   [ Luca Boccassi ]
   * missing-systemd-service-for-init.d-script: Mention future deprecation
     of generator.
 .
   [ Christoph Biedl ]
   * Lintian::Index::FileTypes: Call "file" with "--raw" to unbreak test
     suite with file/libmagic ≥ 5.42. (Closes: #1026920)
Checksums-Sha1:
 a5dbcda81046ff5765a19dd6d12630158a2d9598 3922 lintian_2.116.0.dsc
 1f2ebc2c65eaa335d2f5e85b5d6cda1f70b79939 2227640 lintian_2.116.0.tar.xz
 e4c3a5668770ceac2d2331d1a3e32d3494371d02 27997 lintian_2.116.0_source.buildinfo
Checksums-Sha256:
 3cbffca1d1854cfe68e3d80abe053865fe197da4ad9220a9655cbcebdb684618 3922 lintian_2.116.0.dsc
 d13fa5b1c4aec49869de87188d798f1e35b909610a5057fdf4a078fce120c219 2227640 lintian_2.116.0.tar.xz
 c92093030995e536bf383016964e51e32285baca9618dde814c196e08d0e27c4 27997 lintian_2.116.0_source.buildinfo
Files:
 8a048fe7d62d592292111fb5f4ce317b 3922 devel optional lintian_2.116.0.dsc
 91643467ccf12437d2ab00aa6b9949af 2227640 devel optional lintian_2.116.0.tar.xz
 ba332d868ee926076c6ce51a2463e7e7 27997 devel optional lintian_2.116.0_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAmPGORQACgkQa+Zjx1o1
yXWxBhAAw1DZHens4Mhoe5zHVYxboi6/OuMltpBMB14yTSq2dvzA6XpvykYsGSPR
xxVYYmxGYLwjTFnQ7T/M2MRLX4E8WJS445OUB399jIYeJHIyn+fn4ujfxTdciJjY
pdDb4KX7cfJ7eHNcl2EXOf7+UPptxQBupgAQ7b8yyXQwLPqp64siUA6bzSFWipE7
vUruqrkcw2plkvTukGXJ5b5i1pK8173AgzHFW1gExeE6xTFkJ5YHq54TPYDsoWfQ
H6GFresuhSOPRHm0vKdJbDCLliZoqXibisnjSd6IO/83gwdz0EpSVEiXtoLXWc2B
whX2j12lmsaYGlLHBhocLrFRrOq6slV4HV4cDTQO5vhPdkP7VplL/Kh1bvA1qBs3
2cegJxpIHHSUT9GDIHkxy4NU4JIz//kuUy+vX2yxXXYlcxpURaaXDm3r08IIwNbk
x5y0CfBXvnJ9QggXqpXzb7pnOUwVKRhmUS/W6bfFQ/qJiD/wfU7S/dTnEhQD5xBO
46nlio7Z1VofFQ1V39w4KY0S3nz8/+od17L7mnxaw/AfiRef22xyhuByy/Twrgu3
AdtpDRqAz//1pBMyO/VICSSDsggdRq5wPRaCwUj5u/rAlddQ302KCSALjQAERpXT
8OpY5GnyKtzXvktrzGe4vxzHbiYHbK0ykK6y1SfZJpbaX8Z3obU=
=SW6x
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.