Hello community,
here is the log from the commit of package obs-service-source_validator for
openSUSE:Factory checked in at 2016-06-05 14:19:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/obs-service-source_validator (Old)
and /work/SRC/openSUSE:Factory/.obs-service-source_validator.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "obs-service-source_validator"
Changes:
--------
---
/work/SRC/openSUSE:Factory/obs-service-source_validator/obs-service-source_validator.changes
2016-03-07 13:37:09.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.obs-service-source_validator.new/obs-service-source_validator.changes
2016-06-05 14:19:19.000000000 +0200
@@ -1,0 +2,11 @@
+Tue May 31 11:31:57 UTC 2016 - [email protected]
+
+- Update to version 0.6+git20160531.fbfe336:
+ * baselibs.conf: targetname is a valid keyword
+ * added checker for filenames
+ * additional fixes for boo#967610 and bsc#967265
+ * enhanced regex to check
+ * better quoting and checks for dot files
+ * filter out single/double quotes and grave accent from filenames
+
+-------------------------------------------------------------------
Old:
----
obs-service-source_validator-0.6+git20160222.62c56d3.tar.bz2
New:
----
obs-service-source_validator-0.6+git20160531.fbfe336.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ obs-service-source_validator.spec ++++++
--- /var/tmp/diff_new_pack.V3J1zp/_old 2016-06-05 14:19:20.000000000 +0200
+++ /var/tmp/diff_new_pack.V3J1zp/_new 2016-06-05 14:19:20.000000000 +0200
@@ -20,7 +20,7 @@
Summary: An OBS source service: running all the osc source-validator
checks
License: GPL-2.0+
Group: Development/Tools/Building
-Version: 0.6+git20160222.62c56d3
+Version: 0.6+git20160531.fbfe336
Release: 0
# use osc service dr to update
Source: %{name}-%{version}.tar.bz2
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.V3J1zp/_old 2016-06-05 14:19:20.000000000 +0200
+++ /var/tmp/diff_new_pack.V3J1zp/_new 2016-06-05 14:19:20.000000000 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">git://github.com/openSUSE/obs-service-source_validator.git</param>
- <param
name="changesrevision">62c56d3c13eb95c40cadff4d1e036d947c800ad4</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">fbfe33626da76dfff3004b197658c7de3e2ca5da</param></service></servicedata>
\ No newline at end of file
++++++ debian.dsc ++++++
--- /var/tmp/diff_new_pack.V3J1zp/_old 2016-06-05 14:19:20.000000000 +0200
+++ /var/tmp/diff_new_pack.V3J1zp/_new 2016-06-05 14:19:20.000000000 +0200
@@ -1,6 +1,6 @@
Format: 1.0
Source: obs-service-source-validator
-Version: 0.6+git20160222.62c56d3
+Version: 0.6+git20160531.fbfe336
Binary: obs-service-source-validator
Maintainer: Hib Eris <[email protected]>
Architecture: all
++++++ obs-service-source_validator-0.6+git20160222.62c56d3.tar.bz2 ->
obs-service-source_validator-0.6+git20160531.fbfe336.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/20-files-present-and-referenced
new/obs-service-source_validator-0.6+git20160531.fbfe336/20-files-present-and-referenced
---
old/obs-service-source_validator-0.6+git20160222.62c56d3/20-files-present-and-referenced
2016-02-22 18:29:48.000000000 +0100
+++
new/obs-service-source_validator-0.6+git20160531.fbfe336/20-files-present-and-referenced
2016-05-31 13:31:57.000000000 +0200
@@ -6,6 +6,8 @@
DESTINATIONDIR=$2
OSC_MODE=""
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" && {
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
OSC_MODE="true"
@@ -52,7 +54,7 @@
;;
esac
for i in $DIR_TO_CHECK/*.spec ; do
- test -f $i || continue
+ test -f "$i" || continue
sed '/^#%([^)]*$/,/^[^(]*)/d
/^#[^%]/d
/^#%(.*)/d
@@ -123,9 +125,9 @@
s/^Release:.*<RELEASE.*>/Release: 0/
s/^\(Release:.*\)<CI_CNT>\(.*\)/\1_\2/
s/^\(Release:.*\)<B_CNT>\(.*\)/\1_\2/' $i >$TMPDIR/tmp.spec
- grep -a ^Icon: $i|sed -n 's/^Icon:[ ]*/%{echo:/
+ grep -a ^Icon: "$i"|sed -n 's/^Icon:[ ]*/%{echo:/
/^%{echo:/s/$/ }/p' >>$TMPDIR/tmp.spec
- grep -a -q ^Release $i || {
+ grep -a -q ^Release "$i" || {
sed -e "/^Version/{;p;s@\(.*\)@Release: 0\
@;}" $TMPDIR/tmp.spec > $TMPDIR/tmp.spec.new
mv $TMPDIR/tmp.spec.new $TMPDIR/tmp.spec
}
@@ -135,7 +137,7 @@
done
while read line ; do
grep -qx "##seen $line" $TMPDIR/tmp.spec || echo "$line" | sed -e
"s/^\(\([Ss]ource\|[Pp]atch\)[0-9]*:[ ]*\)\(.*\)/##seen \1\3\n%{echo:\3 }/"
>> $TMPDIR/tmp.spec
- done < <(grep -E "^Source:|^Source[0-9]*:|^Patch:|^Patch[0-9]*:" $i)
+ done < <(grep -E "^Source:|^Source[0-9]*:|^Patch:|^Patch[0-9]*:" "$i")
echo "%description" >> $TMPDIR/tmp.spec
# hack for really strange specfiles with more than one
Name:/Release:/Version: line
@@ -155,8 +157,8 @@
egrep -v '^warning' $TMPDIR/sources > $TMPDIR/sources.t && mv
$TMPDIR/sources.t $TMPDIR/sources
done
for i in $DIR_TO_CHECK/*.dsc ; do
- test -f $i || continue
- ( sed -ne '/^Files:/,$p' < $i | sed -e 1d | sed -e '/^[^ ]/,$d' | while
read debchk debsize debfile ; do echo $debfile ; done ) >> $TMPDIR/sources
+ test -f "$i" || continue
+ ( sed -ne '/^Files:/,$p' < "$i" | sed -e 1d | sed -e '/^[^ ]/,$d' |
while read debchk debsize debfile ; do echo "$debfile" ; done ) >>
$TMPDIR/sources
done
test -f $TMPDIR/sources || cleanup_and_exit
@@ -422,17 +424,17 @@
debian.*.prerm )
;;
*)
- grep -a -x $BASE $TMPDIR/sources > /dev/null && continue
+ grep -a -x "$BASE" $TMPDIR/sources > /dev/null && continue
test -f $DIR_TO_CHECK/_service && egrep -q 'mode=.remoterun'
$DIR_TO_CHECK/_service && continue
# be a bit more relaxed for osc, it won't upload directories anyway
- [ -d $DIR_TO_CHECK/$BASE ] && [ -d $DIR_TO_CHECK/.osc ] &&
continue
+ [ -d "$DIR_TO_CHECK/$BASE" ] && [ -d $DIR_TO_CHECK/.osc ] &&
continue
# and source services on server side
- [ -d $DIR_TO_CHECK/$BASE ] && [ -d $DIR_TO_CHECK/.old ] && continue
+ [ -d "$DIR_TO_CHECK/$BASE" ] && [ -d $DIR_TO_CHECK/.old ] &&
continue
warn_on_unmentioned_files $BASE
if test "$RETURN" != "2" ; then
- if [ -d $DIR_TO_CHECK/$BASE ] ; then
+ if [ -d "$DIR_TO_CHECK/$BASE" ] ; then
# be a bit more relaxed for osc, it won't upload
directories anyway
if [ ! -d $DIR_TO_CHECK/.osc ] ; then
echo "!! $BASE is a directory !!"
@@ -460,7 +462,7 @@
read ANSWER
test "$ANSWER" = y -o "$ANSWER" = Y || {
if test "$ANSWER" = d -o "$ANSWER" = D ; then
- rm -v $DIR_TO_CHECK/$BASE
+ rm -v "$DIR_TO_CHECK/$BASE"
else
echo ok, please fix it...
test "$RETURN" != "2" && RETURN=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/30-patches-applied
new/obs-service-source_validator-0.6+git20160531.fbfe336/30-patches-applied
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/30-patches-applied
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/30-patches-applied
2016-05-31 13:31:57.000000000 +0200
@@ -5,7 +5,11 @@
test "$1" = "--batchmode" && { BATCHMODE="--batchmode" ; shift ; }
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
+
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
+
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
RETURN=0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/40-sequence-changes
new/obs-service-source_validator-0.6+git20160531.fbfe336/40-sequence-changes
---
old/obs-service-source_validator-0.6+git20160222.62c56d3/40-sequence-changes
2016-02-22 18:29:48.000000000 +0100
+++
new/obs-service-source_validator-0.6+git20160531.fbfe336/40-sequence-changes
2016-05-31 13:31:57.000000000 +0200
@@ -5,6 +5,9 @@
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
+
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
test "$VERBOSE" = true && echo -n "- checking for sequence in changes files "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/45-stale-changes
new/obs-service-source_validator-0.6+git20160531.fbfe336/45-stale-changes
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/45-stale-changes
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/45-stale-changes
2016-05-31 13:31:57.000000000 +0200
@@ -5,6 +5,9 @@
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
+
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
RETURN=0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/50-spec-version
new/obs-service-source_validator-0.6+git20160531.fbfe336/50-spec-version
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/50-spec-version
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/50-spec-version
2016-05-31 13:31:57.000000000 +0200
@@ -5,6 +5,9 @@
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
+
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
RETURN=0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/60-spec-filelist
new/obs-service-source_validator-0.6+git20160531.fbfe336/60-spec-filelist
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/60-spec-filelist
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/60-spec-filelist
2016-05-31 13:31:57.000000000 +0200
@@ -5,6 +5,9 @@
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
+
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
test "$VERBOSE" = true && echo -n "- checking forbidden paths in filelists "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/70-baselibs
new/obs-service-source_validator-0.6+git20160531.fbfe336/70-baselibs
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/70-baselibs
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/70-baselibs
2016-05-31 13:31:57.000000000 +0200
@@ -5,6 +5,8 @@
DIR_TO_CHECK=$1
DESTINATIONDIR=$2
test -n "$DIR_TO_CHECK" || DIR_TO_CHECK=`pwd`
+HELPERS_DIR="/usr/lib/obs/service/source_validators/helpers"
+$HELPERS_DIR/check_input_filename "$DIR_TO_CHECK" || exit 1
test -z "$DESTINATIONDIR" -a -d "$DIR_TO_CHECK/.osc" &&
DESTINATIONDIR="$DIR_TO_CHECK/.osc"
containsElement () {
@@ -20,8 +22,8 @@
rpm -q --specfile $DIR_TO_CHECK/*.spec >/dev/null 2>&1 || exit 0
BUILTBINARIES=($(rpm -q --qf "%{name}\n" --specfile $DIR_TO_CHECK/*.spec))
-# add 'targettype' as a 'known keyword' to not trip over it
-BUILTBINARIES+=('targettype' 'arch')
+# add known keywords from baselibs specification
+BUILTBINARIES+=('arch' 'targetname' 'targettype')
BASELIBSREF=$(grep -o "^[a-zA-Z0-9.+_-]\+" $DIR_TO_CHECK/baselibs.conf)
RETURN=0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/helpers/check_input_filename
new/obs-service-source_validator-0.6+git20160531.fbfe336/helpers/check_input_filename
---
old/obs-service-source_validator-0.6+git20160222.62c56d3/helpers/check_input_filename
1970-01-01 01:00:00.000000000 +0100
+++
new/obs-service-source_validator-0.6+git20160531.fbfe336/helpers/check_input_filename
2016-05-31 13:31:57.000000000 +0200
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+TEST_DIR=$1
+
+INVALID_FILENAMES=0
+for ORG in $TEST_DIR/* $TEST_DIR/.*
+do
+ NEW=$( echo "$ORG" | perl -pe 's/[\[\]\(\)\<\>\;\s\|\&\$\x27\x22\x60]//g' )
+ # Avoid argument injection
+ NEW=$( echo "$NEW" | perl -pe 's/\/-//' )
+ if [ "$ORG" != "$NEW" ];then
+ echo "Invalid input file name found: '$ORG'"
+ INVALID_FILENAMES=$(( $INVALID_FILENAMES + 1 ))
+ fi
+done
+
+[ $INVALID_FILENAMES -gt 0 ] && exit 1
+
+exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-source_validator-0.6+git20160222.62c56d3/source_validator
new/obs-service-source_validator-0.6+git20160531.fbfe336/source_validator
--- old/obs-service-source_validator-0.6+git20160222.62c56d3/source_validator
2016-02-22 18:29:48.000000000 +0100
+++ new/obs-service-source_validator-0.6+git20160531.fbfe336/source_validator
2016-05-31 13:31:57.000000000 +0200
@@ -21,6 +21,9 @@
FILE="${PATH##*/}"
+HELPERS_DIR=/usr/lib/obs/service/source_validators/helpers
+$HELPERS_DIR/check_input_filename `pwd` || exit 1
+
RETURN=0
for i in /usr/lib/obs/service/source_validators/*; do
if [ -f "$i" ]; then
