Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openbabel for openSUSE:Factory checked in at 2026-07-01 16:38:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openbabel (Old) and /work/SRC/openSUSE:Factory/.openbabel.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbabel" Wed Jul 1 16:38:03 2026 rev:44 rq:1362729 version:3.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openbabel/openbabel.changes 2026-06-22 17:36:01.787608485 +0200 +++ /work/SRC/openSUSE:Factory/.openbabel.new.11887/openbabel.changes 2026-07-01 16:38:58.449939914 +0200 @@ -1,0 +2,14 @@ +Tue Jun 30 19:03:19 UTC 2026 - Martin Pluskal <[email protected]> + +- Drop test fixtures with incompatible licenses (boo#1269820): + * remove test/fuzz/FuzzedDataProvider.h and + test/files/fuzz_regress/methane-pointgroup.g09 -- test-only + data carrying Apache-2.0-WITH-LLVM-exception and proprietary + Gaussian-09 output; never compiled in or shipped, removed to + keep the source tree free of incompatible-licensed material + * add openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch to + unwire the fuzz harnesses that include the removed header so + the test suite keeps building (CVE coverage retained via the + fuzz_obconversion_{sdf,smiles} harnesses) + +------------------------------------------------------------------- New: ---- openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch ----------(New B)---------- New: keep the source tree free of incompatible-licensed material * add openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch to unwire the fuzz harnesses that include the removed header so ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openbabel.spec ++++++ --- /var/tmp/diff_new_pack.oDHj1l/_old 2026-07-01 16:39:00.306004516 +0200 +++ /var/tmp/diff_new_pack.oDHj1l/_new 2026-07-01 16:39:00.306004516 +0200 @@ -33,6 +33,8 @@ Source0: https://github.com/openbabel/openbabel/archive/%{upstream_version}/%{name}-%{version}.tar.gz # PATCH-FIX-UPSTREAM openbabel-3.1.1-wx-stl-compat.patch -- Fix build with wxWidgets using STL (gh#openbabel/openbabel!2527) Patch0: openbabel-3.1.1-wx-stl-compat.patch +# PATCH-FIX-OPENSUSE openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch boo#1269820 -- Unwire the fuzz harnesses that include the removed Apache-2.0-WITH-LLVM-exception FuzzedDataProvider.h header so the test suite still builds without it +Patch1: openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch BuildRequires: cmake >= 3.1 BuildRequires: gcc-c++ BuildRequires: inchi-devel >= 1.04 @@ -116,6 +118,26 @@ %prep %autosetup -p1 -n "%{name}-%{upstream_version}" +# boo#1269820: drop test-only fixtures whose licenses are incompatible with +# this GPL-2.0-only package. test/fuzz/FuzzedDataProvider.h is an +# Apache-2.0-WITH-LLVM-exception fuzzing helper and +# test/files/fuzz_regress/methane-pointgroup.g09 is captured proprietary +# Gaussian-09 output; neither is ever compiled into or shipped by any +# subpackage. They are removed here so the source tree carries no +# incompatible-licensed material for future legal reviews. +rm -f test/fuzz/FuzzedDataProvider.h +rm -f test/files/fuzz_regress/methane-pointgroup.g09 +# The fuzz harnesses that #include the removed FuzzedDataProvider.h are built +# unconditionally with the test suite; Patch1 unwires them from +# test/CMakeLists.txt, so drop their now-unreferenced sources and corpora too. +# Independent CVE coverage is retained via the fuzz_obconversion_{sdf,smiles} +# harnesses, which do not use the header. +rm -f test/fuzz/fuzz_convert.cpp test/fuzz/fuzz_molecule.cpp \ + test/fuzz/fuzz_smart.cpp test/fuzz/fuzz_empty_write.cpp \ + test/fuzz/fuzz_depict.cpp +rm -rf test/fuzz/corpus/fuzz_convert test/fuzz/corpus/fuzz_smart \ + test/fuzz/corpus/fuzz_empty_write + %build %define __builder ninja %cmake \ ++++++ openbabel-3.2.0-drop-incompatible-fuzz-harnesses.patch ++++++ --- a/test/CMakeLists.txt 2026-06-30 21:02:09.121216538 +0200 +++ b/test/CMakeLists.txt 2026-06-30 21:02:23.990886131 +0200 @@ -359,33 +359,11 @@ target_compile_definitions(fuzz_obconversion_sdf PRIVATE -DFUZZ_INPUT_FORMAT="SDF") target_link_libraries(fuzz_obconversion_sdf ${libs} ${_fuzz_main_lib}) -add_executable(fuzz_convert fuzz/fuzz_convert.cpp ${_fuzz_extra_src}) -target_link_libraries(fuzz_convert ${libs} ${_fuzz_main_lib}) -# fuzz_convert.cpp pulls in FuzzedDataProvider.h, which requires C++17 -# (e.g. std::is_enum_v). The top-level project default is still C++11. -set_target_properties(fuzz_convert PROPERTIES CXX_STANDARD 17) - -add_executable(fuzz_molecule fuzz/fuzz_molecule.cpp ${_fuzz_extra_src}) -target_link_libraries(fuzz_molecule ${libs} ${_fuzz_main_lib}) -set_target_properties(fuzz_molecule PROPERTIES CXX_STANDARD 17) - -add_executable(fuzz_smart fuzz/fuzz_smart.cpp ${_fuzz_extra_src}) -target_link_libraries(fuzz_smart ${libs} ${_fuzz_main_lib}) -set_target_properties(fuzz_smart PROPERTIES CXX_STANDARD 17) - -add_executable(fuzz_empty_write fuzz/fuzz_empty_write.cpp ${_fuzz_extra_src}) -target_link_libraries(fuzz_empty_write ${libs} ${_fuzz_main_lib}) -set_target_properties(fuzz_empty_write PROPERTIES CXX_STANDARD 17) - -#add_executable(fuzz_depict fuzz/fuzz_depict.cpp ${_fuzz_extra_src}) -#target_link_libraries(fuzz_depict ${libs} ${_fuzz_main_lib}) -#set_target_properties(fuzz_depict PROPERTIES CXX_STANDARD 17) - # Replay each saved corpus file as a regression test. CMake re-evaluates # the glob at configure time, so dropping a new file into the corpus # directory and re-running cmake is enough to register a new test. if(NOT DEFINED ENV{LIB_FUZZING_ENGINE}) - set(_fuzz_targets fuzz_convert fuzz_obconversion_sdf fuzz_obconversion_smiles fuzz_molecule fuzz_smart fuzz_empty_write) #fuzz_depict + set(_fuzz_targets fuzz_obconversion_sdf fuzz_obconversion_smiles) #fuzz_depict foreach(_target ${_fuzz_targets}) file(GLOB _corpus_files CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/fuzz/corpus/${_target}/*")
