Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package govulncheck for openSUSE:Factory
checked in at 2023-09-25 20:03:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/govulncheck (Old)
and /work/SRC/openSUSE:Factory/.govulncheck.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "govulncheck"
Mon Sep 25 20:03:28 2023 rev:3 rq:1113319 version:1.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/govulncheck/govulncheck.changes 2023-09-13
20:47:17.047894581 +0200
+++ /work/SRC/openSUSE:Factory/.govulncheck.new.1770/govulncheck.changes
2023-09-25 20:47:33.242284575 +0200
@@ -1,0 +2,15 @@
+Sun Sep 24 23:15:41 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- Update to version 1.0.1:
+ * all: go get golang.org/x/tools@74c255b
+ * internal/scan: change the way convert mode works
+ * internal/scan: add -version flag
+ * internal/vulncheck/internal/gosym: fix typo
+ * internal/gosym: update binary mode version parsing
+ * internal/scan: refactor to remove redundant code
+ * vulncheck/internal/gosym: add support for go versions > 1.20
+ * internal/vulncheck/internal/buildinfo: skip failing tests
+ * cmd/govulncheck: skip TestCommand in short mode
+- _service add setversion to automatically update spec Version
+
+-------------------------------------------------------------------
@@ -7 +21,0 @@
-
Old:
----
govulncheck-1.0.0.tar.gz
New:
----
govulncheck-1.0.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ govulncheck.spec ++++++
--- /var/tmp/diff_new_pack.AvM4jM/_old 2023-09-25 20:47:34.502330094 +0200
+++ /var/tmp/diff_new_pack.AvM4jM/_new 2023-09-25 20:47:34.506330239 +0200
@@ -17,7 +17,7 @@
Name: govulncheck
-Version: 1.0.0
+Version: 1.0.1
Release: 0
Summary: CLI tool to report known CVE vulnerabilities in Go source code
and binaries
License: Apache-2.0 AND BSD-3-Clause
++++++ _service ++++++
--- /var/tmp/diff_new_pack.AvM4jM/_old 2023-09-25 20:47:34.538331395 +0200
+++ /var/tmp/diff_new_pack.AvM4jM/_new 2023-09-25 20:47:34.542331540 +0200
@@ -3,12 +3,14 @@
<param name="url">https://github.com/golang/vuln.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v1.0.0</param>
+ <param name="revision">v1.0.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="filename">govulncheck</param>
</service>
+ <service name="set_version" mode="manual">
+ </service>
<service name="recompress" mode="manual">
<param name="file">*.tar</param>
<param name="compression">gz</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.AvM4jM/_old 2023-09-25 20:47:34.562332262 +0200
+++ /var/tmp/diff_new_pack.AvM4jM/_new 2023-09-25 20:47:34.562332262 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/golang/vuln.git</param>
- <param
name="changesrevision">f69de671333b611ab6b6f21f8ff0ab53f6d96c61</param></service></servicedata>
+ <param
name="changesrevision">da4b74a5408a0116e9a2dde953659a7b0956dc56</param></service></servicedata>
(No newline at EOF)
++++++ govulncheck-1.0.0.tar.gz -> govulncheck-1.0.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/main_command_118_test.go
new/govulncheck-1.0.1/cmd/govulncheck/main_command_118_test.go
--- old/govulncheck-1.0.0/cmd/govulncheck/main_command_118_test.go
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/main_command_118_test.go
2023-08-17 19:30:53.000000000 +0200
@@ -59,8 +59,8 @@
pattern: `Scanning your code and (\d+) packages across (\d+)`,
replace: `Scanning your code and P packages across M`,
}, {
- pattern: `govulncheck@v([^ ]*) `,
- replace: `govulncheck@v0.0.0-00000000000-20000101010101 `,
+ pattern: `Scanner: govulncheck@v.*`,
+ replace: `Scanner: govulncheck@v1.0.0`,
}, {
pattern: `"([^"]*") is a file`,
replace: `govulncheck: myfile is a file`,
@@ -77,8 +77,8 @@
pattern: `modified (.*)\)`,
replace: `modified 01 Jan 21 00:00 UTC)`,
}, {
- pattern: `Using (go1.[\.\d]*|devel).* and`,
- replace: `Using go1.18 and`,
+ pattern: `Go: (go1.[\.\d]*|devel).*`,
+ replace: `Go: go1.18`,
}, {
pattern: `"go_version": "go[^\s"]*"`,
replace: `"go_version": "go1.18"`,
@@ -103,6 +103,10 @@
}
func TestCommand(t *testing.T) {
+ if testing.Short() {
+ t.Skip("skipping test that uses internet in short mode")
+ }
+
testDir, err := os.Getwd()
if err != nil {
t.Fatal(err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/binary_fail.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/binary_fail.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/binary_fail.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/binary_fail.ct
2023-08-17 19:30:53.000000000 +0200
@@ -6,8 +6,6 @@
#####
# Test of passing a non-binary file to -mode=binary
$ govulncheck -mode=binary ${moddir}/vuln/go.mod --> FAIL 1
-Using govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data
from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your binary for known vulnerabilities...
govulncheck: could not parse provided binary: unrecognized file format
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/binary_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/binary_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/binary_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/binary_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test basic binary scanning with text output
$ govulncheck -mode=binary ${vuln_binary} --> FAIL 3
-Using govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data
from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your binary for known vulnerabilities...
Vulnerability #1: GO-2021-0265
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/convert_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/convert_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/convert_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/convert_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test using the conversion from json on stdin to text on stdout
-$ govulncheck -mode=convert < convert_input.json
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
+$ govulncheck -mode=convert < convert_input.json --> FAIL 3
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
Vulnerability #1: GO-2021-0265
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_fail.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_fail.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_fail.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_fail.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test of missing go.mod error message.
$ govulncheck -C ${moddir}/nogomod . --> FAIL 1
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
govulncheck: no go.mod file
govulncheck only works with Go modules. Try navigating to your module
directory.
@@ -24,8 +22,6 @@
#####
# Test of handing an invalid package pattern to source mode
$ govulncheck -C ${moddir}/vuln blah --> FAIL 1
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
govulncheck: loading packages:
There are errors with the provided package patterns:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_informational_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_informational_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_informational_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_informational_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test souce mode with no callstacks
$ govulncheck -C ${moddir}/informational -show=traces .
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
=== Informational ===
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_multientry_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_multientry_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_multientry_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_multientry_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test for multiple call stacks in source mode with expanded traces
$ govulncheck -C ${moddir}/multientry . --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent module for known
vulnerabilities...
Vulnerability #1: GO-2021-0113
@@ -25,8 +23,6 @@
#####
# Test for multple call stacks in source mode with expanded traces
$ govulncheck -C ${moddir}/multientry -show=traces ./... --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent module for known
vulnerabilities...
Vulnerability #1: GO-2021-0113
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_replace_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_replace_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_replace_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_replace_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -2,8 +2,6 @@
# Test of source mode on a module with a replace directive.
$ govulncheck -C ${moddir}/replace ./... --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent module for known
vulnerabilities...
Vulnerability #1: GO-2021-0113
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_stdlib_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_stdlib_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_stdlib_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_stdlib_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test finding stdlib vulnerability in source mode
$ govulncheck -C ${moddir}/stdlib . --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
Vulnerability #1: GO-2022-0969
@@ -23,8 +21,6 @@
#####
# Test finding stdlib vulnerability in source mode with expanded traces
$ govulncheck -C ${moddir}/stdlib -show=traces . --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
Vulnerability #1: GO-2022-0969
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_subdir_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_subdir_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_subdir_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_subdir_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test govulncheck runs on the subdirectory of a module
$ govulncheck -C ${moddir}/vuln/subdir . --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent module for known
vulnerabilities...
Vulnerability #1: GO-2021-0113
@@ -24,8 +22,6 @@
#####
# Test govulncheck runs on the subdirectory of a module
$ govulncheck -C ${moddir}/vuln/subdir -show=traces . --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent module for known
vulnerabilities...
Vulnerability #1: GO-2021-0113
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_vuln_text.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_vuln_text.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/source_vuln_text.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/source_vuln_text.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
#####
# Test of basic govulncheck in source mode
$ govulncheck -C ${moddir}/vuln ./... --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
Vulnerability #1: GO-2021-0265
@@ -50,8 +48,6 @@
#####
# Test of basic govulncheck in source mode with expanded traces
$ govulncheck -C ${moddir}/vuln -show=traces ./... --> FAIL 3
-Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your code and P packages across M dependent modules for known
vulnerabilities...
Vulnerability #1: GO-2021-0265
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/cmd/govulncheck/testdata/strip/strip.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/strip/strip.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/strip/strip.ct
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/strip/strip.ct
2023-08-17 19:30:53.000000000 +0200
@@ -1,8 +1,6 @@
# Test for stripped binaries (see #57764).
$ govulncheck -mode=binary ${strip_binary} --> FAIL 3
-Using govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data
from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
-
Scanning your binary for known vulnerabilities...
Vulnerability #1: GO-2021-0113
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/cmd/govulncheck/testdata/usage.ct
new/govulncheck-1.0.1/cmd/govulncheck/testdata/usage.ct
--- old/govulncheck-1.0.0/cmd/govulncheck/testdata/usage.ct 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/cmd/govulncheck/testdata/usage.ct 2023-08-17
19:30:53.000000000 +0200
@@ -25,35 +25,26 @@
comma-separated list of build tags
-test
analyze test files (only valid for source mode)
+ -version
+ print the version information
For details, see https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck.
#####
-# Same output as -h, but failure.
-$ govulncheck --> FAIL 2
-Govulncheck reports known vulnerabilities in dependencies.
-
-Usage:
-
- govulncheck [flags] [patterns]
- govulncheck -mode=binary [flags] [binary]
-
- -C dir
- change to dir before running govulncheck
- -db url
- vulnerability database url (default "https://vuln.go.dev";)
- -json
- output JSON
- -mode string
- supports source or binary (default "source")
- -scan string
- set the scanning level desired, one of module, package or symbol
(default "symbol")
- -show list
- enable display of additional information specified by the comma
separated list
- The only supported value is 'traces'
- -tags list
- comma-separated list of build tags
- -test
- analyze test files (only valid for source mode)
+# Not scanning anything.
+$ govulncheck
+No vulnerabilities found.
-For details, see https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck.
+Share feedback at https://go.dev/s/govulncheck-feedback.
+
+#####
+# Reporting version without scanning anything.
+$ govulncheck -version
+Go: go1.18
+Scanner: govulncheck@v1.0.0
+DB: testdata/vulndb-v1
+DB updated: 2023-04-03 15:57:51 +0000 UTC
+
+No vulnerabilities found.
+
+Share feedback at https://go.dev/s/govulncheck-feedback.
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/go.mod new/govulncheck-1.0.1/go.mod
--- old/govulncheck-1.0.0/go.mod 2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/go.mod 2023-08-17 19:30:53.000000000 +0200
@@ -5,13 +5,13 @@
require (
github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786
github.com/google/go-cmp v0.5.8
- golang.org/x/mod v0.10.0
- golang.org/x/sync v0.1.0
- golang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47
+ golang.org/x/mod v0.12.0
+ golang.org/x/sync v0.3.0
+ golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846
mvdan.cc/unparam v0.0.0-20230312165513-e84e2d14e3b8
)
require (
github.com/google/renameio v0.1.0 // indirect
- golang.org/x/sys v0.7.0 // indirect
+ golang.org/x/sys v0.11.0 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/go.sum new/govulncheck-1.0.1/go.sum
--- old/govulncheck-1.0.0/go.sum 2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/go.sum 2023-08-17 19:30:53.000000000 +0200
@@ -5,13 +5,13 @@
github.com/google/go-cmp v0.5.8/go.mod
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/renameio v0.1.0
h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47
h1:fQlOhMJ24apqitZX8S4hbCbHU1Z9AvyWkN3BYI55Le4=
-golang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47/go.mod
h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846
h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E=
+golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod
h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
mvdan.cc/unparam v0.0.0-20230312165513-e84e2d14e3b8
h1:VuJo4Mt0EVPychre4fNlDWDuE5AjXtPJpRUWqZDQhaI=
mvdan.cc/unparam v0.0.0-20230312165513-e84e2d14e3b8/go.mod
h1:Oh/d7dEtzsNHGOq1Cdv8aMm3KdKhVvPbRQcM8WFpBR8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/binary.go
new/govulncheck-1.0.1/internal/scan/binary.go
--- old/govulncheck-1.0.0/internal/scan/binary.go 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/binary.go 2023-08-17
19:30:53.000000000 +0200
@@ -32,7 +32,7 @@
if err := handler.Progress(p); err != nil {
return err
}
- vr, err := binary(ctx, exe, &cfg.Config, client)
+ vr, err := vulncheck.Binary(ctx, exe, &cfg.Config, client)
if err != nil {
return fmt.Errorf("govulncheck: %v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/binary_118.go
new/govulncheck-1.0.1/internal/scan/binary_118.go
--- old/govulncheck-1.0.0/internal/scan/binary_118.go 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/binary_118.go 1970-01-01
01:00:00.000000000 +0100
@@ -1,21 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.18
-// +build go1.18
-
-package scan
-
-import (
- "context"
- "io"
-
- "golang.org/x/vuln/internal/client"
- "golang.org/x/vuln/internal/govulncheck"
- "golang.org/x/vuln/internal/vulncheck"
-)
-
-func binary(ctx context.Context, exe io.ReaderAt, cfg *govulncheck.Config,
client *client.Client) (_ *vulncheck.Result, err error) {
- return vulncheck.Binary(ctx, exe, cfg, client)
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/binary_not118.go
new/govulncheck-1.0.1/internal/scan/binary_not118.go
--- old/govulncheck-1.0.0/internal/scan/binary_not118.go 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/binary_not118.go 1970-01-01
01:00:00.000000000 +0100
@@ -1,20 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.18
-// +build !go1.18
-
-package scan
-
-import (
- "context"
- "errors"
- "io"
-
- "golang.org/x/vuln/internal/vulncheck"
-)
-
-func binary(ctx context.Context, exe io.ReaderAt, cfg *vulncheck.Config) (_
*vulncheck.Result, err error) {
- return nil, errors.New("compile with Go 1.18 or higher to analyze
binary files")
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/flags.go
new/govulncheck-1.0.1/internal/scan/flags.go
--- old/govulncheck-1.0.0/internal/scan/flags.go 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/flags.go 2023-08-17
19:30:53.000000000 +0200
@@ -39,6 +39,7 @@
func parseFlags(cfg *config, stderr io.Writer, args []string) error {
var tagsFlag buildutil.TagsFlag
var showFlag showFlag
+ var version bool
flags := flag.NewFlagSet("", flag.ContinueOnError)
flags.SetOutput(stderr)
flags.BoolVar(&cfg.json, "json", false, "output JSON")
@@ -48,6 +49,7 @@
flags.StringVar(&cfg.mode, "mode", modeSource, "supports source or
binary")
flags.Var(&tagsFlag, "tags", "comma-separated `list` of build tags")
flags.Var(&showFlag, "show", "enable display of additional information
specified by the comma separated `list`\nThe only supported value is 'traces'")
+ flags.BoolVar(&version, "version", false, "print the version
information")
scanLevel := flags.String("scan", "symbol", "set the scanning level
desired, one of module, package or symbol")
flags.Usage = func() {
fmt.Fprint(flags.Output(), `Govulncheck reports known
vulnerabilities in dependencies.
@@ -68,12 +70,11 @@
return err
}
cfg.patterns = flags.Args()
- if cfg.mode != modeConvert && len(cfg.patterns) == 0 {
- flags.Usage()
- return errUsage
- }
cfg.tags = tagsFlag
cfg.show = showFlag
+ if version {
+ cfg.show = append(cfg.show, "version")
+ }
cfg.ScanLevel = govulncheck.ScanLevel(*scanLevel)
if err := validateConfig(cfg); err != nil {
fmt.Fprintln(flags.Output(), err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/run.go
new/govulncheck-1.0.1/internal/scan/run.go
--- old/govulncheck-1.0.0/internal/scan/run.go 2023-07-13 06:55:19.000000000
+0200
+++ new/govulncheck-1.0.1/internal/scan/run.go 2023-08-17 19:30:53.000000000
+0200
@@ -27,9 +27,6 @@
if err := parseFlags(cfg, stderr, args); err != nil {
return err
}
- if cfg.mode == modeConvert {
- return convertJSONToText(r, stdout)
- }
client, err := client.NewClient(cfg.db, nil)
if err != nil {
@@ -60,6 +57,8 @@
err = runBinary(ctx, handler, cfg, client)
case modeQuery:
err = runQuery(ctx, handler, cfg, client)
+ case modeConvert:
+ err = govulncheck.HandleJSON(r, handler)
}
if err != nil {
return err
@@ -132,14 +131,3 @@
}
cfg.ScannerVersion = buf.String()
}
-
-// convertJSONToText converts r, which is expected to be the JSON output of
govulncheck,
-// into the text output, and writes the output to w.
-func convertJSONToText(r io.Reader, w io.Writer) error {
- h := NewTextHandler(w)
- if err := govulncheck.HandleJSON(r, h); err != nil {
- return err
- }
- Flush(h)
- return nil
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/source.go
new/govulncheck-1.0.1/internal/scan/source.go
--- old/govulncheck-1.0.0/internal/scan/source.go 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/source.go 2023-08-17
19:30:53.000000000 +0200
@@ -23,6 +23,9 @@
// symbol is actually exercised) or just imported by the package
// (likely having a non-affecting outcome).
func runSource(ctx context.Context, handler govulncheck.Handler, cfg *config,
client *client.Client, dir string) error {
+ if len(cfg.patterns) == 0 {
+ return nil
+ }
var pkgs []*packages.Package
graph := vulncheck.NewPackageGraph(cfg.GoVersion)
pkgConfig := &packages.Config{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/testdata/binary.txt
new/govulncheck-1.0.1/internal/scan/testdata/binary.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/binary.txt 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/binary.txt 2023-08-17
19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
Vulnerability #1: GO-0000-0002
Stdlib vulnerability
More info: https://pkg.go.dev/vuln/GO-0000-0002
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/multi-stacks.txt
new/govulncheck-1.0.1/internal/scan/testdata/multi-stacks.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/multi-stacks.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/multi-stacks.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
Vulnerability #1: GO-0000-0001
Third-party vulnerability
More info: https://pkg.go.dev/vuln/GO-0000-0001
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/no-vulns.txt
new/govulncheck-1.0.1/internal/scan/testdata/no-vulns.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/no-vulns.txt 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/no-vulns.txt 2023-08-17
19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/platform-all.txt
new/govulncheck-1.0.1/internal/scan/testdata/platform-all.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/platform-all.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/platform-all.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/platform-one-arch-only.txt
new/govulncheck-1.0.1/internal/scan/testdata/platform-one-arch-only.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/platform-one-arch-only.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/platform-one-arch-only.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/platform-one-import.txt
new/govulncheck-1.0.1/internal/scan/testdata/platform-one-import.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/platform-one-import.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/platform-one-import.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/platform-two-imports.txt
new/govulncheck-1.0.1/internal/scan/testdata/platform-two-imports.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/platform-two-imports.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/platform-two-imports.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/platform-two-os-only.txt
new/govulncheck-1.0.1/internal/scan/testdata/platform-two-os-only.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/platform-two-os-only.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/platform-two-os-only.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
=== Informational ===
Found 1 vulnerability in packages that you import, but there are no call
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/testdata/source.txt
new/govulncheck-1.0.1/internal/scan/testdata/source.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/source.txt 2023-07-13
06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/source.txt 2023-08-17
19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
Vulnerability #1: GO-0000-0001
Third-party vulnerability
More info: https://pkg.go.dev/vuln/GO-0000-0001
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/scan/testdata/source_traces.txt
new/govulncheck-1.0.1/internal/scan/testdata/source_traces.txt
--- old/govulncheck-1.0.0/internal/scan/testdata/source_traces.txt
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/scan/testdata/source_traces.txt
2023-08-17 19:30:53.000000000 +0200
@@ -1,5 +1,3 @@
-Using govulncheck with vulnerability data from .
-
Vulnerability #1: GO-0000-0001
Third-party vulnerability
More info: https://pkg.go.dev/vuln/GO-0000-0001
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/govulncheck-1.0.0/internal/scan/text.go
new/govulncheck-1.0.1/internal/scan/text.go
--- old/govulncheck-1.0.0/internal/scan/text.go 2023-07-13 06:55:19.000000000
+0200
+++ new/govulncheck-1.0.1/internal/scan/text.go 2023-08-17 19:30:53.000000000
+0200
@@ -18,8 +18,6 @@
const (
defaultStyle = style(iota)
- goStyle
- scannerStyle
osvCalledStyle
osvImportedStyle
detailsStyle
@@ -40,8 +38,9 @@
err error
- showColor bool
- showTraces bool
+ showColor bool
+ showTraces bool
+ showVersion bool
}
const (
@@ -57,6 +56,8 @@
h.showTraces = true
case "color":
h.showColor = true
+ case "version":
+ h.showVersion = true
}
}
}
@@ -82,25 +83,32 @@
return nil
}
-// Config writes text output formatted according to govulncheck-intro.tmpl.
+// Config writes version information only if --version was set.
func (h *TextHandler) Config(config *govulncheck.Config) error {
- h.print("Using ")
+ if !h.showVersion {
+ return nil
+ }
if config.GoVersion != "" {
- h.style(goStyle, config.GoVersion)
- h.print(` and `)
+ h.style(keyStyle, "Go: ")
+ h.print(config.GoVersion, "\n")
}
if config.ScannerName != "" {
- h.style(scannerStyle, config.ScannerName)
+ h.style(keyStyle, "Scanner: ")
+ h.print(config.ScannerName)
if config.ScannerVersion != "" {
h.print(`@`, config.ScannerVersion)
}
- h.print(` with `)
+ h.print("\n")
}
- h.print(`vulnerability data from `, config.DB)
- if config.DBLastModified != nil {
- h.print(` (last modified `, *config.DBLastModified, `)`)
+ if config.DB != "" {
+ h.style(keyStyle, "DB: ")
+ h.print(config.DB, "\n")
+ if config.DBLastModified != nil {
+ h.style(keyStyle, "DB updated: ")
+ h.print(*config.DBLastModified, "\n")
+ }
}
- h.print(".\n\n")
+ h.print("\n")
return h.err
}
@@ -279,10 +287,6 @@
switch style {
default:
h.print(colorReset)
- case goStyle:
- h.print(colorBold)
- case scannerStyle:
- h.print(colorBold)
case osvCalledStyle:
h.print(colorBold, fgRed)
case osvImportedStyle:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/vulncheck/internal/buildinfo/additions_scan_test.go
new/govulncheck-1.0.1/internal/vulncheck/internal/buildinfo/additions_scan_test.go
---
old/govulncheck-1.0.0/internal/vulncheck/internal/buildinfo/additions_scan_test.go
2023-07-13 06:55:19.000000000 +0200
+++
new/govulncheck-1.0.1/internal/vulncheck/internal/buildinfo/additions_scan_test.go
2023-08-17 19:30:53.000000000 +0200
@@ -94,6 +94,7 @@
// is complete on darwin even in the presence of stripping.
// This test will become obsolete once #61051 is addressed.
func TestStrippedDarwin(t *testing.T) {
+ t.Skip("to temporarily resolve #61511")
testAll(t, []string{"darwin"}, []string{"amd64", "386", "arm", "arm64"},
func(t *testing.T, goos, goarch string) {
binary, done := test.GoBuild(t, "testdata", "", true,
"GOOS", goos, "GOARCH", goarch)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/vulncheck/internal/gosym/additions.go
new/govulncheck-1.0.1/internal/vulncheck/internal/gosym/additions.go
--- old/govulncheck-1.0.0/internal/vulncheck/internal/gosym/additions.go
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/vulncheck/internal/gosym/additions.go
2023-08-17 19:30:53.000000000 +0200
@@ -18,25 +18,19 @@
funcSymNameGo120 string = "go:func.*"
)
-// FuncSymName returns symbol name for Go functions
-// used in binaries based on Go version. Supported
-// Go versions are 1.18, 1.19, and 1.20. Otherwise,
-// returns an empty string.
+// FuncSymName returns symbol name for Go functions used in binaries
+// based on Go version. Supported Go versions are 1.18 and greater.
+// If the go version is unreadable it assumes that it is a newer version
+// and returns the symbol name for go version 1.20 or greater.
func FuncSymName(goVersion string) string {
// Support devel goX.Y...
v := strings.TrimPrefix(goVersion, "devel ")
v = semver.GoTagToSemver(v)
mm := sv.MajorMinor(v)
- if mm == "v1.18" || mm == "v1.19" {
- return funcSymNameGo119Lower
- } else if mm == "v1.20" {
- return funcSymNameGo120
- } else if v == "" && strings.HasPrefix(goVersion, "devel") {
- // We currently don't have a direct way of mapping
- // Go versions of the form devel <hash> to semver,
- // so we map it to the most recent supported major
- // Go version, which is currently go1.20.
+ if sv.Compare(mm, "v1.20") >= 0 || mm == "" {
return funcSymNameGo120
+ } else if sv.Compare(mm, "v1.18") >= 0 {
+ return funcSymNameGo119Lower
}
return ""
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/govulncheck-1.0.0/internal/vulncheck/internal/gosym/additions_test.go
new/govulncheck-1.0.1/internal/vulncheck/internal/gosym/additions_test.go
--- old/govulncheck-1.0.0/internal/vulncheck/internal/gosym/additions_test.go
2023-07-13 06:55:19.000000000 +0200
+++ new/govulncheck-1.0.1/internal/vulncheck/internal/gosym/additions_test.go
2023-08-17 19:30:53.000000000 +0200
@@ -18,12 +18,15 @@
v string
want string
}{
- {"go1.18", "go.func.*"},
- {"go1.19", "go.func.*"},
- {"devel go1.19", "go.func.*"},
- {"go1.19-pre4", "go.func.*"},
- {"go1.20", "go:func.*"},
- {"devel bd56cb90a72e6725e", "go:func.*"},
+ {"go1.15", ""},
+ {"go1.18", funcSymNameGo119Lower},
+ {"go1.19", funcSymNameGo119Lower},
+ {"devel go1.19", funcSymNameGo119Lower},
+ {"go1.19-pre4", funcSymNameGo119Lower},
+ {"go1.20", funcSymNameGo120},
+ {"devel bd56cb90a72e6725e", funcSymNameGo120},
+ {"go1.21", funcSymNameGo120},
+ {"unknown version", funcSymNameGo120},
} {
if got := FuncSymName(test.v); got != test.want {
t.Errorf("got %s; want %s", got, test.want)
@@ -32,6 +35,7 @@
}
func TestInlineTree(t *testing.T) {
+ t.Skip("to temporarily resolve #61511")
pclinetestBinary, cleanup := dotest(t)
defer cleanup()
++++++ vendor.tar.gz ++++++
++++ 4988 lines of diff (skipped)
