Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lftp for openSUSE:Factory checked in at 2021-11-22 23:04:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lftp (Old) and /work/SRC/openSUSE:Factory/.lftp.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lftp" Mon Nov 22 23:04:15 2021 rev:78 rq:932975 version:4.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/lftp/lftp.changes 2020-08-25 09:41:31.476287402 +0200 +++ /work/SRC/openSUSE:Factory/.lftp.new.1895/lftp.changes 2021-11-22 23:05:00.669765510 +0100 @@ -1,0 +2,37 @@ +Mon Nov 22 09:35:04 UTC 2021 - Peter Simons <[email protected]> + +- Deprecate the lftp_wrapper script. It is still available as an + "update-alternative" for "ftp", but it is no longer used by + default. The default implementation of "ftp" now is the "lftp" + executable. [jsc#SLE-19631] + + Lftp_wrapper is an internal creation of SUSE, dating back to + 2005. It was developed to help some customers transition from + lukemftp, which disappeared from SLE between versions 11 and 12, + to lftp. To make the transition as smooth as possible, the + wrapper was made the default FTP client. + + However, the code was never upstreamed and it was never properly + reviewed. From a security perspective (and FTP clients are + definitely a target for attackers), this is rather worrying. + + There are many issues with lftp_wrapper, in addition to the low + code quality and the fact that it has no real upstream: + + * Customers are reporting bugs: bsc#974874, bsc#1178363. + * It has no manual page ("man ftp" displays the lftp manual page, + despite both having different command line options). + * Some command line options are not actually implemented, or only + work in specific cases. + * It was only designed for non-interactive use, but this is only + mentioned in the source code. As a result, customers are not + aware of that limitation, and use the wrapper also + interactively, or pseudo-interactively, and complain when it + doesn't work. + + The newly added "add-deprecation-warning-to-lftp-wrapper.patch" + introduces a deprecation warning for users who might still rely + on the script to make them aware that this wrapper script is + going to be removed from the distribution. + +------------------------------------------------------------------- New: ---- add-deprecation-warning-to-lftp-wrapper.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lftp.spec ++++++ --- /var/tmp/diff_new_pack.IFQZI2/_old 2021-11-22 23:05:01.269763497 +0100 +++ /var/tmp/diff_new_pack.IFQZI2/_new 2021-11-22 23:05:01.269763497 +0100 @@ -1,7 +1,7 @@ # # spec file for package lftp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2012 Pascal Bleser <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -35,6 +35,7 @@ Patch3: 0003-Add-content-of-lftp-completion.patch.patch Patch4: 0004-Include-config.h-to-detect-gnulib-macros.patch Patch5: 0005-Add-the-wrapper-code-to-the-Makefile-in-order-to-bui.patch +Patch6: add-deprecation-warning-to-lftp-wrapper.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -109,11 +110,14 @@ /sbin/ldconfig update-alternatives --install %{_bindir}/ftp ftp %{_bindir}/%{name}_wrapper 5 \ --slave %{_mandir}/man1/ftp.1.gz ftp.1 %{_mandir}/man1/%{name}.1.gz +update-alternatives --install %{_bindir}/ftp ftp %{_bindir}/%{name} 10 \ + --slave %{_mandir}/man1/ftp.1.gz ftp.1 %{_mandir}/man1/%{name}.1.gz %postun /sbin/ldconfig if [ "$1" = 0 ] ; then update-alternatives --remove ftp %{_bindir}/%{name}_wrapper + update-alternatives --remove ftp %{_bindir}/%{name} fi %files -f "lftp.lang" ++++++ add-deprecation-warning-to-lftp-wrapper.patch ++++++ Index: lftp-4.9.2/src/lftp-wrapper.c =================================================================== --- lftp-4.9.2.orig/src/lftp-wrapper.c 2021-11-22 10:32:32.203651686 +0100 +++ lftp-4.9.2/src/lftp-wrapper.c 2021-11-22 10:32:54.527219865 +0100 @@ -372,7 +372,14 @@ int main(int argc, char *argv[]) if (compat_mode_warning && (verbose != -1)) fprintf(stderr, - "Wrapper for lftp to simulate compatibility with lukemftp\n"); + "Wrapper for lftp to simulate compatibility with lukemftp\n" \ + "\n" \ + "********************************************************************\n" \ + "*** Please note that this wrapper script has been deprecated and ***\n" \ + "*** and will be removed in the near future. Please adapt your ***\n" \ + "*** code to call lftp directly instead. ***\n" \ + "********************************************************************\n" \ + "\n"); if (getenv("FTPPROMPT")) not_implemented_ignoring("enviroment variable FTPPROMPT");
