Hello community, here is the log from the commit of package obs-service-source_validator for openSUSE:Factory checked in at 2017-08-21 11:35:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/obs-service-source_validator (Old) and /work/SRC/openSUSE:Factory/.obs-service-source_validator.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "obs-service-source_validator" Mon Aug 21 11:35:08 2017 rev:38 rq:516111 version:0.6+git20170811.369eb25 Changes: -------- --- /work/SRC/openSUSE:Factory/obs-service-source_validator/obs-service-source_validator.changes 2017-08-06 11:29:03.104009979 +0200 +++ /work/SRC/openSUSE:Factory/.obs-service-source_validator.new/obs-service-source_validator.changes 2017-08-21 11:35:17.528945766 +0200 @@ -1,0 +2,13 @@ +Fri Aug 11 12:09:25 UTC 2017 - adr...@suse.de + +- Update to version 0.6+git20170811.369eb25: + * ignore expand errors with macro scripts + +------------------------------------------------------------------- +Thu Aug 10 07:44:02 UTC 2017 - mstr...@suse.com + +- Update to version 0.6+git20170809.6818366: + * Ignore not referenced appimage.yml file + * Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556 CVE-2017-9274) + +------------------------------------------------------------------- Old: ---- obs-service-source_validator-0.6+git20170719.d4384e5.tar.bz2 New: ---- obs-service-source_validator-0.6+git20170811.369eb25.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ obs-service-source_validator.spec ++++++ --- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.276699965 +0200 +++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.292697716 +0200 @@ -21,7 +21,7 @@ License: GPL-2.0+ Group: Development/Tools/Building Url: https://github.com/openSUSE/obs-service-source_validator -Version: 0.6+git20170719.d4384e5 +Version: 0.6+git20170811.369eb25 Release: 0 # use osc service dr to update Source: %{name}-%{version}.tar.bz2 ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.424679154 +0200 +++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.428678591 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/openSUSE/obs-service-source_validator.git</param> - <param name="changesrevision">080473b4ecd78ef7d7e36f1de0a14a7aa245d76d</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">369eb257d38d9fdd003f65e50b3bc45a15bc2f48</param></service></servicedata> \ No newline at end of file ++++++ debian.dsc ++++++ --- /var/tmp/diff_new_pack.jjid54/_old 2017-08-21 11:35:19.488670154 +0200 +++ /var/tmp/diff_new_pack.jjid54/_new 2017-08-21 11:35:19.488670154 +0200 @@ -1,6 +1,6 @@ Format: 1.0 Source: obs-service-source-validator -Version: 0.6+git20170719.d4384e5-0 +Version: 0.6+git20170811.369eb25-0 Binary: obs-service-source-validator Maintainer: Hib Eris <h...@hiberis.nl> Architecture: all ++++++ obs-service-source_validator-0.6+git20170719.d4384e5.tar.bz2 -> obs-service-source_validator-0.6+git20170811.369eb25.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/obs-service-source_validator-0.6+git20170719.d4384e5/20-files-present-and-referenced new/obs-service-source_validator-0.6+git20170811.369eb25/20-files-present-and-referenced --- old/obs-service-source_validator-0.6+git20170719.d4384e5/20-files-present-and-referenced 2017-07-19 10:52:31.000000000 +0200 +++ new/obs-service-source_validator-0.6+git20170811.369eb25/20-files-present-and-referenced 2017-08-11 13:08:58.000000000 +0200 @@ -53,111 +53,37 @@ MY_ARCH="%arm" ;; esac -for i in $DIR_TO_CHECK/*.spec ; do - test -f "$i" || continue - sed '/^#%([^)]*$/,/^[^(]*)/d - /^#[^%]/d - /^#%(.*)/d - /^%.*%(echo.*)/{;p;d;} - /^%.*%([^)]*)/{ - s@%([^)]*)@1@ - } - /^%define/{ - s@%(rpm -q.*)@1@ - } - /^%define/{;p;d;} - /^%undefine/{;p;d;} - /^%nil/{;p;d;} - /^%{nil}/{;p;d;} - /^%global.*%(.*)/d - /^%global/{;p;d;} - /^%include/d - /^%[a-z]*_requires/d - /^%{[a-z]*_requires}/d - /^%{[a-z]*_preserve_bytecode}/d - /^%gconf_schemas_prereq/d - /^%requires_eq/{;p;d;} - /^%requires_ge/{;p;d;} - /^%ifarch/{ - s@.*@%ifarch '$MY_ARCH'@ - } - /^ExcludeArch:/d - /^%error/d - /^ExclusiveArch:/{ - s@.*@ExclusiveArch: '$MY_ARCH'@ - } - /^BuildArch.*:/{ - s@.*@BuildArch: '$MY_ARCH'@ - } - /^%if.*%{name}/{;p;d;} - /^%if[^a]/{ - s@.*@%if 1@ - } - /^%if/{;p;d;} - /^%{\!/{;p;d;} - /^%{?/{;p;d;} - /^%{expand/d - /^%error/{;p;d;} - /^%else/{ - s@.*@%endif\n%if 1@ - } - /^%(.*)/{;d;} - /^%end/{;p;d;} - /^%bcond/{;p;d;} - /^%{py/{;p;d;} - /^%py_r/{;p;d;} - /^%/{;s/.*//;q;} - /^Requires:/d - /^Requires(.*):/d - /^No[Ss]ource/d - /^NoPatch/d - /^BuildPrereq/d - /^Build[Rr]equires/d - /^Pre[Rr]eq/d - /^Icon/d - /^Recommends/d - /^Supplements/d - /^Provides/d - /^Obsoletes/d - /^Suggests/d - /^Enhances/d - /^\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*/{ - s/^\(\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*\)\(.*\)/##seen \1\3\n%{echo:\3 }/ - } - s/^Release:.*<RELEASE.*>/Release: 0/ - s/^\(Release:.*\)<CI_CNT>\(.*\)/\1_\2/ - s/^\(Release:.*\)<B_CNT>\(.*\)/\1_\2/' $i >$TMPDIR/tmp.spec - grep -a ^Icon: "$i"|sed -n 's/^Icon:[ ]*/%{echo:/ - /^%{echo:/s/$/ }/p' >>$TMPDIR/tmp.spec - grep -a -q ^Release "$i" || { - sed -e "/^Version/{;p;s@\(.*\)@Release: 0\ @;}" $TMPDIR/tmp.spec > $TMPDIR/tmp.spec.new - mv $TMPDIR/tmp.spec.new $TMPDIR/tmp.spec - } - while test `grep -a "^%if" $TMPDIR/tmp.spec | wc -l` \ - -gt `grep -a "^%endif" $TMPDIR/tmp.spec | wc -l` ; do - echo "%endif" >> $TMPDIR/tmp.spec + +unique_sources() { + local TMP="$1" + rm -f "$TMP/unique.sed" + for i in "source" "patch"; do + grep -i -n "^$i[[:digit:]]*\s*:" "$2" | while IFS=" :" read N L; do + # the "i" flag is a GNU extension + echo "$N s/^$i/$i$N/i" >> "$TMP/unique.sed" + done done - while read line ; do - grep -qx "##seen $line" $TMPDIR/tmp.spec || echo "$line" | sed -e "s/^\(\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*\)\(.*\)/##seen \1\3\n%{echo:\3 }/" >> $TMPDIR/tmp.spec - done < <(grep -E "^Source:|^Source[0-9]*:|^Patch:|^Patch[0-9]*:" "$i") - echo "%description" >> $TMPDIR/tmp.spec - - # hack for really strange specfiles with more than one Name:/Release:/Version: line - for nodup in Name Version Release Summary Group License ; do - sed -e "s@^$nodup:@X$nodup:@" -e "0,/^X$nodup:/{s@^X$nodup:@$nodup:@}" -e "s@^X$nodup:.*@@" $TMPDIR/tmp.spec > $TMPDIR/tmp.spec.2 && mv $TMPDIR/tmp.spec.2 $TMPDIR/tmp.spec - grep -q "^$nodup:" $TMPDIR/tmp.spec || { - echo "$nodup: any" > $TMPDIR/tmp.spec.2 - cat $TMPDIR/tmp.spec >> $TMPDIR/tmp.spec.2 - mv $TMPDIR/tmp.spec.2 $TMPDIR/tmp.spec - } - done + sed -f "$TMP/unique.sed" -i "$2" +} - $RPMBUILD --nodeps -bp $TMPDIR/tmp.spec >> $TMPDIR/sources 2>&1 || { - $RPMBUILD --nodeps -bp $TMPDIR/tmp.spec +for i in $DIR_TO_CHECK/*.spec ; do + test -f "$i" || continue + sed -e 's/^\s*//' \ + -e '/^%if/d' \ + -e '/^%else/d' \ + -e '/^%endif/d' "$i" > "$TMPDIR/tmp.spec" + + unique_sources "$TMPDIR" "$TMPDIR/tmp.spec" + + $HELPERS_DIR/spec_sources "$TMPDIR/tmp.spec" "$TMPDIR/sources" \ + 2>"$TMPDIR/sources.err" || cleanup_and_exit 1 + # ignore expand errors with macro scripts + sed -i "/can't expand %\(...\)/d" "$TMPDIR/sources.err" + if [ -s "$TMPDIR/sources.err" ]; then + echo "Unable to extract sources from spec - spec_sources failed:" + cat "$TMPDIR/sources.err" cleanup_and_exit 1 - } - egrep -v '^warning' $TMPDIR/sources > $TMPDIR/sources.t - test $? != 2 && mv $TMPDIR/sources.t $TMPDIR/sources + fi done for i in $DIR_TO_CHECK/*.dsc ; do test -f "$i" || continue @@ -176,13 +102,6 @@ # check if all Sources, patches and the icon are present # touch $TMPDIR/sources.t -grep -aq "command not found" $TMPDIR/sources && { - echo "$0 seems to have problems evaluating macros in specfile." - COMD=`grep -a "command not found" $TMPDIR/sources | head -n 1 | sed -e "s@.*: \([^:]*\): command not found@\1@"` - echo "command \"$COMD\" is not available used in the following defines:" - grep -a "%define.*$COMD" $DIR_TO_CHECK/*.spec - cleanup_and_exit 1 -} for i in `cat $TMPDIR/sources` ; do echo "${i##*/}" >> $TMPDIR/sources.t @@ -420,6 +339,7 @@ .gitignore | \ .emacs.backup | \ PKGBUILD | \ + appimage.yml | \ debian.changelog | \ debian.compat | \ debian.control | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/obs-service-source_validator-0.6+git20170719.d4384e5/helpers/spec_sources new/obs-service-source_validator-0.6+git20170811.369eb25/helpers/spec_sources --- old/obs-service-source_validator-0.6+git20170719.d4384e5/helpers/spec_sources 1970-01-01 01:00:00.000000000 +0100 +++ new/obs-service-source_validator-0.6+git20170811.369eb25/helpers/spec_sources 2017-08-11 13:08:58.000000000 +0200 @@ -0,0 +1,44 @@ +#!/usr/bin/perl + +BEGIN { + unshift @INC, '/usr/lib/build'; +} + +use strict; +use warnings; + +use Build; + +# Used by the 20-files-present-and-referenced script to extract the +# sources, patches, and icons from a spec file. +# Input: spec file, sources file +# The extracted sources, patches, and icons are written/appended to the +# sources file (one single line; each entry is separated by a whitespace). + +sub parse { + my ($fn) = @_; + # use noarch, because the spec shouldn't contain arch specific conditionals + my $config = Build::read_config('noarch', []); + $config->{'warnings'} = 1; + my $descr = Build::parse($config, $fn); + # for now, we assume that $fn is a spec file (we could generalize + # this...) + $descr->{'sources'} = [map {$descr->{$_}} grep {/^source/} keys(%$descr)]; + $descr->{'patches'} = [map {$descr->{$_}} grep {/^patch/} keys(%$descr)]; + $descr->{'icons'} = [map {@{$descr->{$_}}} grep {/^icon/} keys(%$descr)]; + return $descr; +} + +sub write_sources { + my ($descr, $sfn) = @_; + open(F, '>>', $sfn) || die("open: $!\n"); + print F "@{$descr->{'sources'}} " if @{$descr->{'sources'}}; + print F "@{$descr->{'patches'}} " if @{$descr->{'patches'}}; + print F "@{$descr->{'icons'}}" if @{$descr->{'icons'}}; + close(F) || die("close: $!\n"); +} + +my ($dfn, $sfn) = @ARGV; +die("usage: $0 descr sources\n") unless $dfn && $sfn; +my $descr = parse($dfn); +write_sources($descr, $sfn);