Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package csvprintf for openSUSE:Factory
checked in at 2023-02-02 18:08:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/csvprintf (Old)
and /work/SRC/openSUSE:Factory/.csvprintf.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "csvprintf"
Thu Feb 2 18:08:36 2023 rev:11 rq:1062537 version:1.3.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/csvprintf/csvprintf.changes 2021-12-22
20:19:06.359876281 +0100
+++ /work/SRC/openSUSE:Factory/.csvprintf.new.32243/csvprintf.changes
2023-02-02 18:23:08.737545369 +0100
@@ -1,0 +2,7 @@
+Wed Jan 25 19:14:29 UTC 2023 - Archie Cobbs <archie.co...@gmail.com>
+
+- Update to release 1.3.2
+ - Fixed bug where we could emit empty XML tag names
+ - Fixed bug in man page examples for "-b" flag
+
+-------------------------------------------------------------------
Old:
----
csvprintf-1.3.1.obscpio
New:
----
csvprintf-1.3.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ csvprintf.spec ++++++
--- /var/tmp/diff_new_pack.r0IIGZ/_old 2023-02-02 18:23:09.097547566 +0100
+++ /var/tmp/diff_new_pack.r0IIGZ/_new 2023-02-02 18:23:09.105547615 +0100
@@ -1,7 +1,7 @@
#
# spec file for package csvprintf
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: csvprintf
-Version: 1.3.1
+Version: 1.3.2
Release: 0
Summary: Simple CSV file parser for the UNIX command line
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.r0IIGZ/_old 2023-02-02 18:23:09.141547835 +0100
+++ /var/tmp/diff_new_pack.r0IIGZ/_new 2023-02-02 18:23:09.141547835 +0100
@@ -2,8 +2,8 @@
<service mode="localonly" name="obs_scm">
<param name="scm">git</param>
<param name="url">https://github.com/archiecobbs/csvprintf</param>
- <param name="versionformat">1.3.1</param>
- <param name="revision">1.3.1</param>
+ <param name="versionformat">1.3.2</param>
+ <param name="revision">1.3.2</param>
<param name="filename">csvprintf</param>
</service>
<service mode="buildtime" name="tar"/>
++++++ csvprintf-1.3.1.obscpio -> csvprintf-1.3.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/.gitignore
new/csvprintf-1.3.2/.gitignore
--- old/csvprintf-1.3.1/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/csvprintf-1.3.2/.gitignore 2023-01-25 20:11:28.000000000 +0100
@@ -0,0 +1,17 @@
+aclocal.m4
+autom4te.cache
+config.h
+config.h.in
+config.log
+config.status
+configure
+csvprintf
+csvprintf.1
+.deps
+gitrev.c
+Makefile
+Makefile.in
+*.o
+scripts
+stamp-h1
+xml2csv
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/CHANGES new/csvprintf-1.3.2/CHANGES
--- old/csvprintf-1.3.1/CHANGES 2021-12-14 22:11:31.000000000 +0100
+++ new/csvprintf-1.3.2/CHANGES 2023-01-25 20:11:28.000000000 +0100
@@ -1,3 +1,8 @@
+Version 1.3.2 released January 25, 2023
+
+ - Fixed bug where we could emit empty XML tag names
+ - Fixed bug in man page examples for "-b" flag
+
Version 1.3.1 released December 14, 2021
- Added "-c" flag for explicit column names
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/README.md
new/csvprintf-1.3.2/README.md
--- old/csvprintf-1.3.1/README.md 2021-12-14 22:11:31.000000000 +0100
+++ new/csvprintf-1.3.2/README.md 2023-01-25 20:11:28.000000000 +0100
@@ -2,7 +2,7 @@
**cvsprintf** works just like the `printf(1)` command line utility. You supply
a `printf(1)` format string on the command line and each record in the CSV file
is formatted accordingly. Each format specifier in the format string contains a
column accessor to specify which CSV column to use, so for example `%3$d` would
format the third column as a decimal value.
-**csvprintf** can also convert CSV files into XML and JSON documents.
+**csvprintf** can also convert CSV files into XML, JSON, and `bash(1)`
variable assignments.
You can view the
[ManPage](https://github.com/archiecobbs/csvprintf/wiki/ManPage) online.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/configure.ac
new/csvprintf-1.3.2/configure.ac
--- old/csvprintf-1.3.1/configure.ac 2021-12-14 22:11:31.000000000 +0100
+++ new/csvprintf-1.3.2/configure.ac 2023-01-25 20:11:28.000000000 +0100
@@ -16,7 +16,7 @@
# under the License.
#
-AC_INIT([csvprintf - Simple CSV file parser for the UNIX command
line],[1.3.1],[https://github.com/archiecobbs/csvprintf],[csvprintf])
+AC_INIT([csvprintf - Simple CSV file parser for the UNIX command
line],[1.3.2],[https://github.com/archiecobbs/csvprintf],[csvprintf])
AC_CONFIG_AUX_DIR(scripts)
AM_INIT_AUTOMAKE
dnl AM_MAINTAINER_MODE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/csvprintf.1.in
new/csvprintf-1.3.2/csvprintf.1.in
--- old/csvprintf-1.3.1/csvprintf.1.in 2021-12-14 22:11:31.000000000 +0100
+++ new/csvprintf-1.3.2/csvprintf.1.in 2023-01-25 20:11:28.000000000 +0100
@@ -157,7 +157,7 @@
as an array of values.
The resulting output can be used like this:
.Bd -literal -offset indent
-cat input.csv | csvprintf -b | while read LINE; do
+cat input.csv | csvprintf -b | while read -r LINE; do
eval "${LINE}"
echo "The first column is: ${ROW[0]}"
echo "The second column is: ${ROW[1]}"
@@ -179,30 +179,36 @@
.Pp
can be processed like this:
.Bd -literal -offset indent
-cat input.csv | csvprintf -bi -p ROW_ | while read LINE; do
+cat input.csv | csvprintf -bi -p ROW_ | while read -r LINE; do
eval "${LINE}"
echo "First name: ${ROW_First_Name}"
echo "Last name: ${ROW_Last_Name}"
echo "Registered: ${ROW_Registered___}"
done
.Ed
+.Sh Bash Mode Security Concerns
+There are two security issues to be aware of when using Bash Mode.
.Pp
-The
+First, the
.Fl i
-flag opens a potential security hole because Bash has several special
variables like
+flag opens a security hole because Bash has several special variables like
.Ar PATH ,
.Ar TMPDIR ,
etc., which could be overwritten by malicious input.
To prevent this,
.Nm
-omits known Bash variables.
-They can be explicitly white-listed using the
+omits known Bash variables, but for tighter security use the
.Fl c
-flag.
-.Pp
-In any case, use of the
+flag to explicitly white-list the variables you need.
+In addition, use of the
.Fl p
-flag is recommended in Bash Mode to help avoid namespace collisions.
+flag is always recommended in Bash Mode to help avoid namespace collisions.
+.Pp
+Secondly, if the Bash Mode output is piped into
+.Ar "while read"
+then the
+.Fl r
+flag must be used to prevent extraneous decoding of backslash escapes.
.Sh Input Encoding
In all modes, lines must be terminated by LF bytes or CR+LF byte pairs, and
the separator and quote characters must be recognizable as single byte values.
This parsing behavior is compatible with ASCII, ISO-8859-1, UTF-8, etc., but
not multi-byte encodings such as UTF-16, which must be re-encoded (e.g., to
UTF-8) first.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/main.c new/csvprintf-1.3.2/main.c
--- old/csvprintf-1.3.1/main.c 2021-12-14 22:11:31.000000000 +0100
+++ new/csvprintf-1.3.2/main.c 2023-01-25 20:11:28.000000000 +0100
@@ -390,6 +390,7 @@
for (col = 0; col < row.num; col++) {
const char *ptr = row.fields[col];
int len = strlen(ptr);
+ int use_column_names_this_tag;
const char *esc;
int uchar;
int uclen;
@@ -402,9 +403,13 @@
&& !findstring(&allowed_column_names,
column_names.fields[col]))
continue;
+ // Determine whether we can actually use column name for XML
tag name
+ use_column_names_this_tag = use_column_names && col <
column_names.num
+ && (*name_prefix != '\0' || *column_names.fields[col] !=
'\0');
+
// Open XML tag
printf(" <");
- if (use_column_names && col < column_names.num) {
+ if (use_column_names_this_tag) {
print_xml_tag_name(name_prefix, linenum);
print_xml_tag_name(column_names.fields[col], linenum);
} else
@@ -426,7 +431,7 @@
// Close XML tag
printf("</");
- if (use_column_names && col < column_names.num) {
+ if (use_column_names_this_tag) {
print_xml_tag_name(name_prefix, linenum);
print_xml_tag_name(column_names.fields[col], linenum);
} else
@@ -1250,8 +1255,11 @@
static void
version(void)
{
- fprintf(stderr, "%s version %s (%s)\n", PACKAGE_TARNAME, PACKAGE_VERSION,
csvprintf_version);
- fprintf(stderr, "Copyright (C) 2010 Archie L. Cobbs\n");
+ fprintf(stderr, "%s version %s", PACKAGE_TARNAME, PACKAGE_VERSION);
+ if (*csvprintf_version != '\0')
+ fprintf(stderr, " (%s)", csvprintf_version);
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Copyright (C) 2010-2023 Archie L. Cobbs\n");
fprintf(stderr, "This is free software; see the source for copying
conditions. There is NO\n");
fprintf(stderr, "warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.\n");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/csvprintf-1.3.1/tests/test-bash-quote.tst
new/csvprintf-1.3.2/tests/test-bash-quote.tst
--- old/csvprintf-1.3.1/tests/test-bash-quote.tst 1970-01-01
01:00:00.000000000 +0100
+++ new/csvprintf-1.3.2/tests/test-bash-quote.tst 2023-01-25
20:11:28.000000000 +0100
@@ -0,0 +1,5 @@
+FLAGS='-bi -p PA_'
+STDIN=$'aaa,bbb,ccc\n\'aa\'xx\',"bb""yy",cc`zz\\ww\n'
+STDOUT=$'PA_aaa=$\'\\\'aa\\\'xx\\\'\'; PA_bbb=\'bb"yy\';
PA_ccc=\'cc`zz\\ww\';\n'
+STDERR=''
+EXITVAL='0'
++++++ csvprintf.obsinfo ++++++
--- /var/tmp/diff_new_pack.r0IIGZ/_old 2023-02-02 18:23:09.249548494 +0100
+++ /var/tmp/diff_new_pack.r0IIGZ/_new 2023-02-02 18:23:09.253548519 +0100
@@ -1,6 +1,5 @@
name: csvprintf
-version: 1.3.1
-mtime: 1639516291
-commit: 5d84b997c8ce5f1946a7df6c29cc4bc799e53f1b
-
+version: 1.3.2
+mtime: 1674673888
+commit: 1e24bae7118cba71954f7f71f67ab34f6b5f58ed
