[ubuntu/lucid] lintian 2.3.2ubuntu1 (Accepted)

Kees Cook kees at ubuntu.com
Thu Jan 28 07:15:15 GMT 2010


lintian (2.3.2ubuntu1) lucid; urgency=low

  * Merge with Debian testing; remaining changes:
    - Don't warn about a symlinked changelog file in Ubuntu due to CDBS.

lintian (2.3.2) unstable; urgency=high

  * Summary of tag changes:
    + Added:
      - conflicting-negation-in-source-relation

  * checks/{control-files,files,menu-format,menus}:
    + [RG] Fix CVE-2009-4014: format string vulnerabilities.
  * checks/{fields,patch-systems}:
    + [RG] Fix CVE-2009-4013: missing control files sanitation.
  * checks/{files,patch-systems,po-debconf}:
    + [RG] Fix CVE-2009-4015: arbitrary command execution.
  * checks/changelog-file:
    + [RA] Avoid Perl warning when the NEWS file ends immediately after
      the most recent entry.  (Closes: #563585)
  * checks/copyright-file:
    + [RA] Relax the regex for matching dh-make-perl boilerplate to catch
      the current text.  Thanks, gregor herrmann.  (Closes: #563571)
  * checks/fields{,.desc}:
    + [RA] Reject "all" and "any" in architecture qualifications for build
      dependencies.  Thanks, Jonathan Yu.
    + [RA] Warn if some architectures in a build relation are negated and
      others are not.
  * checks/files.desc:
    + [JP] Fix outdated reference in file-in-usr-lib-site-python.
  * checks/infofiles:
    + [RA] Pass LOCPATH to subprocesses.
    + [ADB] Don't flag info files with filenames of info-N.gz as having an
      incorrect extension if N contains multiple digits.  (Closes: #564900)
  * checks/manpages:
    + [RA] Pass LOCPATH to subprocesses.

  * collection/objdump-info:
    + [RG] Fix CVE-2009-4015: arbitrary command execution.
  * collection/source-control-file:
    + [RG] Fix CVE-2009-4013: missing control files sanitation.

  * data/output/manual-references:
    + [JP] Refresh reference data against Policy 3.8.3, doc-base 0.9.5,
      developers-reference 3.4.3, and Python Policy 0.9.0.

  * debian/control:
    + [RA] Depend on locales.
  * debian/prerm:
    + [RA] Remove /var/lib/lintian/locale on any removal except upgrades.
  * debian/postinst:
    + [RA] Generate an en_US.UTF-8 locale in /var/lib/lintian/locale for
      use for tests, particularly man page tests.  (Closes: #555408)

  * frontend/lintian:
    + [RA] Set LOCPATH to LINTIAN_ROOT/locale or /var/lib/lintian/locale,
      whichever exist.
    + [RG] Fix CVE-2009-4013: missing control files sanitation.

  * lib/Lintian/Collect.pm:
    + [ADB] Update the documentation to reflect the existence of
      Lintian::Collect::Binary.
  * lib/Lintian/Collect/Binary.pm:
    + [ADB] Correct a reference in the documentation indicating that the
      module collects data for source packages.
  * lib/Lintian/Schedule.pm:
    + [RG] Fix CVE-2009-4013: missing control files sanitation.
    + [RG] Fix CVE-2009-4014: format string vulnerabilities.
  * lib/Spelling.pm:
    + [RA] Add additional spelling corrections.
    + [RA] Remove spelling correction for parameterize.  This is the
      correct US spelling.  Thanks, Jonathan Yu.  (Closes: #564523)
    + [RA] Remove spelling correction for useable, a variant permitted
      by the OED.  Thanks, Vagrant Cascadian.  (Closes: #564740)
    + [RG] Add more spelling corrections.
  * lib/Util.pm:
    + [RA] Pass LOCPATH to subprocesses.
    + [RG] Fix CVE-2009-4015: arbitrary command execution.

  * man/lintian.1:
    + [RA] Spelling fix.  Thanks, A. Costa.  (Closes: #564017)

  * private/refresh-manual-refs:
    + [RG] Fix CVE-2009-4015: arbitrary command execution.

  * reporting/{config,html_reports}:
    + [JP] Make it possible to keep a record of statistics of previous
      archive-wide Lintian executions.
  * reporting/templates/maintainer.tmpl:
    + [RA] Really fix the logic to optionally display the archive area of
      additional package entries under the same source package.

  * unpack/unpack-{bin,src}pkg-l1:
    + [RG] Fix CVE-2009-4013: missing control files sanitation.

Date: Wed, 27 Jan 2010 17:05:51 -0800
Changed-By: Kees Cook <kees at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/lintian/2.3.2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 27 Jan 2010 17:05:51 -0800
Source: lintian
Binary: lintian
Architecture: source
Version: 2.3.2ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 lintian    - Debian package checker
Closes: 555408 563571 563585 564017 564523 564740 564900
Changes: 
 lintian (2.3.2ubuntu1) lucid; urgency=low
 .
   * Merge with Debian testing; remaining changes:
     - Don't warn about a symlinked changelog file in Ubuntu due to CDBS.
 .
 lintian (2.3.2) unstable; urgency=high
 .
   * Summary of tag changes:
     + Added:
       - conflicting-negation-in-source-relation
 .
   * checks/{control-files,files,menu-format,menus}:
     + [RG] Fix CVE-2009-4014: format string vulnerabilities.
   * checks/{fields,patch-systems}:
     + [RG] Fix CVE-2009-4013: missing control files sanitation.
   * checks/{files,patch-systems,po-debconf}:
     + [RG] Fix CVE-2009-4015: arbitrary command execution.
   * checks/changelog-file:
     + [RA] Avoid Perl warning when the NEWS file ends immediately after
       the most recent entry.  (Closes: #563585)
   * checks/copyright-file:
     + [RA] Relax the regex for matching dh-make-perl boilerplate to catch
       the current text.  Thanks, gregor herrmann.  (Closes: #563571)
   * checks/fields{,.desc}:
     + [RA] Reject "all" and "any" in architecture qualifications for build
       dependencies.  Thanks, Jonathan Yu.
     + [RA] Warn if some architectures in a build relation are negated and
       others are not.
   * checks/files.desc:
     + [JP] Fix outdated reference in file-in-usr-lib-site-python.
   * checks/infofiles:
     + [RA] Pass LOCPATH to subprocesses.
     + [ADB] Don't flag info files with filenames of info-N.gz as having an
       incorrect extension if N contains multiple digits.  (Closes: #564900)
   * checks/manpages:
     + [RA] Pass LOCPATH to subprocesses.
 .
   * collection/objdump-info:
     + [RG] Fix CVE-2009-4015: arbitrary command execution.
   * collection/source-control-file:
     + [RG] Fix CVE-2009-4013: missing control files sanitation.
 .
   * data/output/manual-references:
     + [JP] Refresh reference data against Policy 3.8.3, doc-base 0.9.5,
       developers-reference 3.4.3, and Python Policy 0.9.0.
 .
   * debian/control:
     + [RA] Depend on locales.
   * debian/prerm:
     + [RA] Remove /var/lib/lintian/locale on any removal except upgrades.
   * debian/postinst:
     + [RA] Generate an en_US.UTF-8 locale in /var/lib/lintian/locale for
       use for tests, particularly man page tests.  (Closes: #555408)
 .
   * frontend/lintian:
     + [RA] Set LOCPATH to LINTIAN_ROOT/locale or /var/lib/lintian/locale,
       whichever exist.
     + [RG] Fix CVE-2009-4013: missing control files sanitation.
 .
   * lib/Lintian/Collect.pm:
     + [ADB] Update the documentation to reflect the existence of
       Lintian::Collect::Binary.
   * lib/Lintian/Collect/Binary.pm:
     + [ADB] Correct a reference in the documentation indicating that the
       module collects data for source packages.
   * lib/Lintian/Schedule.pm:
     + [RG] Fix CVE-2009-4013: missing control files sanitation.
     + [RG] Fix CVE-2009-4014: format string vulnerabilities.
   * lib/Spelling.pm:
     + [RA] Add additional spelling corrections.
     + [RA] Remove spelling correction for parameterize.  This is the
       correct US spelling.  Thanks, Jonathan Yu.  (Closes: #564523)
     + [RA] Remove spelling correction for useable, a variant permitted
       by the OED.  Thanks, Vagrant Cascadian.  (Closes: #564740)
     + [RG] Add more spelling corrections.
   * lib/Util.pm:
     + [RA] Pass LOCPATH to subprocesses.
     + [RG] Fix CVE-2009-4015: arbitrary command execution.
 .
   * man/lintian.1:
     + [RA] Spelling fix.  Thanks, A. Costa.  (Closes: #564017)
 .
   * private/refresh-manual-refs:
     + [RG] Fix CVE-2009-4015: arbitrary command execution.
 .
   * reporting/{config,html_reports}:
     + [JP] Make it possible to keep a record of statistics of previous
       archive-wide Lintian executions.
   * reporting/templates/maintainer.tmpl:
     + [RA] Really fix the logic to optionally display the archive area of
       additional package entries under the same source package.
 .
   * unpack/unpack-{bin,src}pkg-l1:
     + [RG] Fix CVE-2009-4013: missing control files sanitation.
Checksums-Sha1: 
 09f5578497056680a4bb2b39d890b021183b15ef 1349 lintian_2.3.2ubuntu1.dsc
 7d0a64f768ce637cbd1338bd1108f16395ac2d05 781071 lintian_2.3.2ubuntu1.tar.gz
Checksums-Sha256: 
 5dc8e20c990eac2bccbb28b5ddbf8e27008e6a7b94409b83afd3c03f7c370e38 1349 lintian_2.3.2ubuntu1.dsc
 d015ef69acc44eef96a61297cda70814d17fb83388bb0f9d57962135905831da 781071 lintian_2.3.2ubuntu1.tar.gz
Files: 
 92b9c1cd4bab48384124d5008e6c021c 1349 devel optional lintian_2.3.2ubuntu1.dsc
 d015bc41d47c720b94195c535d468ffc 781071 devel optional lintian_2.3.2ubuntu1.tar.gz
Original-Maintainer: Debian Lintian Maintainers <lintian-maint at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>

iEYEARECAAYFAkthOBcACgkQH/9LqRcGPm1RmACgi1bearIp/je+aHuRZcEe2nUK
TQ0An39OG1qbJDaSNBXjWD29E98RR6Du
=ugNF
-----END PGP SIGNATURE-----


More information about the Lucid-changes mailing list