Hello community,
here is the log from the commit of package obs-service-source_validator for openSUSE:Factory checked in at 2017-08-21 11:35:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/obs-service-source_validator (Old)
and /work/SRC/openSUSE:Factory/.obs-service-source_validator.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "obs-service-source_validator"
Mon Aug 21 11:35:08 2017 rev:38 rq:516111 version:0.6+git20170811.369eb25
Changes:
--------
--- /work/SRC/openSUSE:Factory/obs-service-source_validator/obs-service-source_validator.changes 2017-08-06 11:29:03.104009979 +0200
+++ /work/SRC/openSUSE:Factory/.obs-service-source_validator.new/obs-service-source_validator.changes 2017-08-21 11:35:17.528945766 +0200
@@ -1,0 +2,13 @@
+Fri Aug 11 12:09:25 UTC 2017 - adrian@suse.de
+
+- Update to version 0.6+git20170811.369eb25:
+ * ignore expand errors with macro scripts
+
+-------------------------------------------------------------------
+Thu Aug 10 07:44:02 UTC 2017 - mstrigl@suse.com
+
+- Update to version 0.6+git20170809.6818366:
+ * Ignore not referenced appimage.yml file
+ * Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556 CVE-2017-9274)
+
+-------------------------------------------------------------------
Old:
----
obs-service-source_validator-0.6+git20170719.d4384e5.tar.bz2
New:
----
obs-service-source_validator-0.6+git20170811.369eb25.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ obs-service-source_validator.spec ++++++
--- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.276699965 +0200
+++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.292697716 +0200
@@ -21,7 +21,7 @@
License: GPL-2.0+
Group: Development/Tools/Building
Url: https://github.com/openSUSE/obs-service-source_validator
-Version: 0.6+git20170719.d4384e5
+Version: 0.6+git20170811.369eb25
Release: 0
# use osc service dr to update
Source: %{name}-%{version}.tar.bz2
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.424679154 +0200
+++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.428678591 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">git://github.com/openSUSE/obs-service-source_validator.git</param>
- <param name="changesrevision">080473b4ecd78ef7d7e36f1de0a14a7aa245d76d</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">369eb257d38d9fdd003f65e50b3bc45a15bc2f48</param></service></servicedata>
\ No newline at end of file
++++++ debian.dsc ++++++
--- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.488670154 +0200
+++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.488670154 +0200
@@ -1,6 +1,6 @@
Format: 1.0
Source: obs-service-source-validator
-Version: 0.6+git20170719.d4384e5-0
+Version: 0.6+git20170811.369eb25-0
Binary: obs-service-source-validator
Maintainer: Hib Eris
Architecture: all
++++++ obs-service-source_validator-0.6+git20170719.d4384e5.tar.bz2 -> obs-service-source_validator-0.6+git20170811.369eb25.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/obs-service-source_validator-0.6+git20170719.d4384e5/20-files-present-and-referenced new/obs-service-source_validator-0.6+git20170811.369eb25/20-files-present-and-referenced
--- old/obs-service-source_validator-0.6+git20170719.d4384e5/20-files-present-and-referenced 2017-07-19 10:52:31.000000000 +0200
+++ new/obs-service-source_validator-0.6+git20170811.369eb25/20-files-present-and-referenced 2017-08-11 13:08:58.000000000 +0200
@@ -53,111 +53,37 @@
MY_ARCH="%arm"
;;
esac
-for i in $DIR_TO_CHECK/*.spec ; do
- test -f "$i" || continue
- sed '/^#%([^)]*$/,/^[^(]*)/d
- /^#[^%]/d
- /^#%(.*)/d
- /^%.*%(echo.*)/{;p;d;}
- /^%.*%([^)]*)/{
- s@%([^)]*)@1@
- }
- /^%define/{
- s@%(rpm -q.*)@1@
- }
- /^%define/{;p;d;}
- /^%undefine/{;p;d;}
- /^%nil/{;p;d;}
- /^%{nil}/{;p;d;}
- /^%global.*%(.*)/d
- /^%global/{;p;d;}
- /^%include/d
- /^%[a-z]*_requires/d
- /^%{[a-z]*_requires}/d
- /^%{[a-z]*_preserve_bytecode}/d
- /^%gconf_schemas_prereq/d
- /^%requires_eq/{;p;d;}
- /^%requires_ge/{;p;d;}
- /^%ifarch/{
- s@.*@%ifarch '$MY_ARCH'@
- }
- /^ExcludeArch:/d
- /^%error/d
- /^ExclusiveArch:/{
- s@.*@ExclusiveArch: '$MY_ARCH'@
- }
- /^BuildArch.*:/{
- s@.*@BuildArch: '$MY_ARCH'@
- }
- /^%if.*%{name}/{;p;d;}
- /^%if[^a]/{
- s@.*@%if 1@
- }
- /^%if/{;p;d;}
- /^%{\!/{;p;d;}
- /^%{?/{;p;d;}
- /^%{expand/d
- /^%error/{;p;d;}
- /^%else/{
- s@.*@%endif\n%if 1@
- }
- /^%(.*)/{;d;}
- /^%end/{;p;d;}
- /^%bcond/{;p;d;}
- /^%{py/{;p;d;}
- /^%py_r/{;p;d;}
- /^%/{;s/.*//;q;}
- /^Requires:/d
- /^Requires(.*):/d
- /^No[Ss]ource/d
- /^NoPatch/d
- /^BuildPrereq/d
- /^Build[Rr]equires/d
- /^Pre[Rr]eq/d
- /^Icon/d
- /^Recommends/d
- /^Supplements/d
- /^Provides/d
- /^Obsoletes/d
- /^Suggests/d
- /^Enhances/d
- /^\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*/{
- s/^\(\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*\)\(.*\)/##seen \1\3\n%{echo:\3 }/
- }
- s/^Release:.*/Release: 0/
- s/^\(Release:.*\)\(.*\)/\1_\2/
- s/^\(Release:.*\)\(.*\)/\1_\2/' $i >$TMPDIR/tmp.spec
- grep -a ^Icon: "$i"|sed -n 's/^Icon:[ ]*/%{echo:/
- /^%{echo:/s/$/ }/p' >>$TMPDIR/tmp.spec
- grep -a -q ^Release "$i" || {
- sed -e "/^Version/{;p;s@\(.*\)@Release: 0\
@;}" $TMPDIR/tmp.spec > $TMPDIR/tmp.spec.new
- mv $TMPDIR/tmp.spec.new $TMPDIR/tmp.spec
- }
- while test `grep -a "^%if" $TMPDIR/tmp.spec | wc -l` \
- -gt `grep -a "^%endif" $TMPDIR/tmp.spec | wc -l` ; do
- echo "%endif" >> $TMPDIR/tmp.spec
+
+unique_sources() {
+ local TMP="$1"
+ rm -f "$TMP/unique.sed"
+ for i in "source" "patch"; do
+ grep -i -n "^$i[[:digit:]]*\s*:" "$2" | while IFS=" :" read N L; do
+ # the "i" flag is a GNU extension
+ echo "$N s/^$i/$i$N/i" >> "$TMP/unique.sed"
+ done
done
- while read line ; do
- grep -qx "##seen $line" $TMPDIR/tmp.spec || echo "$line" | sed -e "s/^\(\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*\)\(.*\)/##seen \1\3\n%{echo:\3 }/" >> $TMPDIR/tmp.spec
- done < <(grep -E "^Source:|^Source[0-9]*:|^Patch:|^Patch[0-9]*:" "$i")
- echo "%description" >> $TMPDIR/tmp.spec
-
- # hack for really strange specfiles with more than one Name:/Release:/Version: line
- for nodup in Name Version Release Summary Group License ; do
- sed -e "s@^$nodup:@X$nodup:@" -e "0,/^X$nodup:/{s@^X$nodup:@$nodup:@}" -e "s@^X$nodup:.*@@" $TMPDIR/tmp.spec > $TMPDIR/tmp.spec.2 && mv $TMPDIR/tmp.spec.2 $TMPDIR/tmp.spec
- grep -q "^$nodup:" $TMPDIR/tmp.spec || {
- echo "$nodup: any" > $TMPDIR/tmp.spec.2
- cat $TMPDIR/tmp.spec >> $TMPDIR/tmp.spec.2
- mv $TMPDIR/tmp.spec.2 $TMPDIR/tmp.spec
- }
- done
+ sed -f "$TMP/unique.sed" -i "$2"
+}
- $RPMBUILD --nodeps -bp $TMPDIR/tmp.spec >> $TMPDIR/sources 2>&1 || {
- $RPMBUILD --nodeps -bp $TMPDIR/tmp.spec
+for i in $DIR_TO_CHECK/*.spec ; do
+ test -f "$i" || continue
+ sed -e 's/^\s*//' \
+ -e '/^%if/d' \
+ -e '/^%else/d' \
+ -e '/^%endif/d' "$i" > "$TMPDIR/tmp.spec"
+
+ unique_sources "$TMPDIR" "$TMPDIR/tmp.spec"
+
+ $HELPERS_DIR/spec_sources "$TMPDIR/tmp.spec" "$TMPDIR/sources" \
+ 2>"$TMPDIR/sources.err" || cleanup_and_exit 1
+ # ignore expand errors with macro scripts
+ sed -i "/can't expand %\(...\)/d" "$TMPDIR/sources.err"
+ if [ -s "$TMPDIR/sources.err" ]; then
+ echo "Unable to extract sources from spec - spec_sources failed:"
+ cat "$TMPDIR/sources.err"
cleanup_and_exit 1
- }
- egrep -v '^warning' $TMPDIR/sources > $TMPDIR/sources.t
- test $? != 2 && mv $TMPDIR/sources.t $TMPDIR/sources
+ fi
done
for i in $DIR_TO_CHECK/*.dsc ; do
test -f "$i" || continue
@@ -176,13 +102,6 @@
# check if all Sources, patches and the icon are present
#
touch $TMPDIR/sources.t
-grep -aq "command not found" $TMPDIR/sources && {
- echo "$0 seems to have problems evaluating macros in specfile."
- COMD=`grep -a "command not found" $TMPDIR/sources | head -n 1 | sed -e "s@.*: \([^:]*\): command not found@\1@"`
- echo "command \"$COMD\" is not available used in the following defines:"
- grep -a "%define.*$COMD" $DIR_TO_CHECK/*.spec
- cleanup_and_exit 1
-}
for i in `cat $TMPDIR/sources` ; do
echo "${i##*/}" >> $TMPDIR/sources.t
@@ -420,6 +339,7 @@
.gitignore | \
.emacs.backup | \
PKGBUILD | \
+ appimage.yml | \
debian.changelog | \
debian.compat | \
debian.control | \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/obs-service-source_validator-0.6+git20170719.d4384e5/helpers/spec_sources new/obs-service-source_validator-0.6+git20170811.369eb25/helpers/spec_sources
--- old/obs-service-source_validator-0.6+git20170719.d4384e5/helpers/spec_sources 1970-01-01 01:00:00.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20170811.369eb25/helpers/spec_sources 2017-08-11 13:08:58.000000000 +0200
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+
+BEGIN {
+ unshift @INC, '/usr/lib/build';
+}
+
+use strict;
+use warnings;
+
+use Build;
+
+# Used by the 20-files-present-and-referenced script to extract the
+# sources, patches, and icons from a spec file.
+# Input: spec file, sources file
+# The extracted sources, patches, and icons are written/appended to the
+# sources file (one single line; each entry is separated by a whitespace).
+
+sub parse {
+ my ($fn) = @_;
+ # use noarch, because the spec shouldn't contain arch specific conditionals
+ my $config = Build::read_config('noarch', []);
+ $config->{'warnings'} = 1;
+ my $descr = Build::parse($config, $fn);
+ # for now, we assume that $fn is a spec file (we could generalize
+ # this...)
+ $descr->{'sources'} = [map {$descr->{$_}} grep {/^source/} keys(%$descr)];
+ $descr->{'patches'} = [map {$descr->{$_}} grep {/^patch/} keys(%$descr)];
+ $descr->{'icons'} = [map {@{$descr->{$_}}} grep {/^icon/} keys(%$descr)];
+ return $descr;
+}
+
+sub write_sources {
+ my ($descr, $sfn) = @_;
+ open(F, '>>', $sfn) || die("open: $!\n");
+ print F "@{$descr->{'sources'}} " if @{$descr->{'sources'}};
+ print F "@{$descr->{'patches'}} " if @{$descr->{'patches'}};
+ print F "@{$descr->{'icons'}}" if @{$descr->{'icons'}};
+ close(F) || die("close: $!\n");
+}
+
+my ($dfn, $sfn) = @ARGV;
+die("usage: $0 descr sources\n") unless $dfn && $sfn;
+my $descr = parse($dfn);
+write_sources($descr, $sfn);