- Update vendor.tar.zst: gix-path improper path resolution

(bsc#1230688 CVE-2024-45405).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=41
This commit is contained in:
William Brown 2024-09-24 05:13:39 +00:00 committed by Git OBS Bridge
commit fa917fb019
10 changed files with 1424 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

9
_constraints Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0"?>
<constraints>
<hardware>
<disk>
<!-- Needed because PPC chronically runs out of disk because sigghhh -->
<size unit="G">25</size>
</disk>
</hardware>
</constraints>

30
_service Normal file
View File

@ -0,0 +1,30 @@
<services>
<service mode="disabled" name="obs_scm">
<param name="url">https://github.com/RustSec/rustsec.git</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="scm">git</param>
<!-- <param name="revision">cargo-audit/v0.20.0</param> -->
<param name="revision">main</param>
<param name="match-tag">cargo-audit/v*</param>
<param name="versionrewrite-pattern">.*v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">william.brown@suse.com</param>
</service>
<service mode="disabled" name="set_version"/>
<service mode="disabled" name="tar" />
<service mode="disabled" name="recompress">
<param name="file">*.tar</param>
<param name="compression">zst</param>
</service>
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">rustsec</param>
<param name="compression">zst</param>
<param name="update">false</param>
<param name="i-accept-the-risk">RUSTSEC-2024-0019</param>
</service>
<service name="cargo_audit" mode="disabled">
<param name="srcdir">rustsec</param>
<param name="lockfile">Cargo.lock</param>
</service>
</services>

4
_servicedata Normal file
View File

@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/RustSec/rustsec.git</param>
<param name="changesrevision">972ac9329076e2e6347a8324dc95ec4cc35561a1</param></service></servicedata>

1288
cargo-audit.changes Normal file

File diff suppressed because it is too large Load Diff

58
cargo-audit.spec Normal file
View File

@ -0,0 +1,58 @@
#
# spec file for package cargo-audit
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2
%global workspace_name rustsec
Name: cargo-audit
Version: 0.20.0~git66.972ac93
Release: 0
Summary: Audit rust sources for known security vulnerabilities
License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+
Group: Development/Languages/Rust
URL: https://github.com/RustSec/cargo-audit
Source0: %{workspace_name}-%{version}.tar.zst
Source1: vendor.tar.zst
Source2: cargo_config
BuildRequires: cargo
BuildRequires: cargo-packaging
BuildRequires: pkgconfig(openssl)
ExclusiveArch: %{rust_tier1_arches}
%description
Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.
%prep
%setup -q -n %{workspace_name}-%{version}
%setup -qa1 -n %{workspace_name}-%{version}
mkdir -p .cargo
cp %{SOURCE2} .cargo/config
%build
%{cargo_build}
%install
install -D -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 %{_builddir}/%{workspace_name}-%{version}/target/release/cargo-audit %{buildroot}%{_bindir}/cargo-audit
%files
%{_bindir}/cargo-audit
%changelog

5
cargo_config Normal file
View File

@ -0,0 +1,5 @@
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b2aa891ed289a8b0ec3165b52722186d5898a5316e022a8da22476b0cf2d2c76
size 656733

3
vendor.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a918976508ec0af1a59b91c4d0dbf6b11c8ca255d7c73bcca674926b344ab638
size 32308276