* [PR PATCH] rust-cargo-audit: update to 0.17.4.
@ 2022-11-14 9:51 jcgruenhage
2022-11-14 16:44 ` [PR PATCH] [Merged]: " paper42
0 siblings, 1 reply; 2+ messages in thread
From: jcgruenhage @ 2022-11-14 9:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2244 bytes --]
There is a new pull request by jcgruenhage against master on the void-packages repository
https://github.com/jcgruenhage/void-packages rust-cargo-audit-0.17.4_1
https://github.com/void-linux/void-packages/pull/40520
rust-cargo-audit: update to 0.17.4.
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
This update includes scanning of binaries (feature has been turned on by
default upstream, we previously didn't ship that), so together with the
recently merged #40272, this allows us to check binaries shipped by Void for
rustsec advisories like so:
```
void-packages on rust-cargo-audit-0.17.4_1 [$!?] took 3m58s
❯ cargo audit bin /usr/bin/comrak
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 469 security advisories (from /home/jcgruenhage/.cargo/advisory-db)
Updating crates.io index
Found 'cargo auditable' data in /usr/bin/comrak (83 dependencies)
Crate: xml-rs
Version: 0.8.4
Warning: unmaintained
Title: xml-rs is Unmaintained
Date: 2022-01-26
ID: RUSTSEC-2022-0048
URL: https://rustsec.org/advisories/RUSTSEC-2022-0048
Dependency tree:
xml-rs 0.8.4
└── plist 1.3.1
└── syntect 5.0.0
└── comrak 0.15.0
warning: 1 allowed warning found in /usr/bin/comrak
```
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/40520.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-rust-cargo-audit-0.17.4_1-40520.patch --]
[-- Type: text/x-diff, Size: 1657 bytes --]
From 9e7e558e062c650fcce4ed95dcf319ab0cf83f61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?=
<jan.christian@gruenhage.xyz>
Date: Mon, 14 Nov 2022 10:47:34 +0100
Subject: [PATCH] rust-cargo-audit: update to 0.17.4.
---
srcpkgs/rust-cargo-audit/template | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/srcpkgs/rust-cargo-audit/template b/srcpkgs/rust-cargo-audit/template
index 3c7a89682183..cf1089fa5700 100644
--- a/srcpkgs/rust-cargo-audit/template
+++ b/srcpkgs/rust-cargo-audit/template
@@ -1,7 +1,7 @@
# Template file for 'rust-cargo-audit'
pkgname=rust-cargo-audit
-version=0.13.1
-revision=2
+version=0.17.4
+revision=1
build_style=cargo
hostmakedepends="pkg-config"
makedepends="openssl-devel libssh2-devel zlib-devel"
@@ -9,18 +9,14 @@ short_desc="Audit Cargo.lock for crates with security vulnerabilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="Apache-2.0, MIT"
homepage="https://rustsec.org"
+changelog="https://github.com/rustsec/rustsec/raw/main/cargo-audit/CHANGELOG.md"
distfiles="https://static.crates.io/crates/cargo-audit/cargo-audit-${version}.crate"
-checksum=5c04240c97606ef511e5df2e26eb8c7c30031d015613c1f01c59068b50da7df2
+checksum=d081c816d0ad00c75527ea30e1bb10d5ac15a741b945c23a56acde67bb04a7c9
if [ "$XBPS_TARGET_WORDSIZE" = "32" -a "$XBPS_TARGET_ENDIAN" = "be" ]; then
broken="smartstring crate does not build on 32-bit BE architectures"
fi
-pre_build() {
- # fixes an indexmap error when cross compiling
- cargo update --package autocfg:1.0.1 --precise 1.1.0
-}
-
post_install() {
vlicense LICENSE-APACHE
vlicense LICENSE-MIT
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-14 16:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-14 9:51 [PR PATCH] rust-cargo-audit: update to 0.17.4 jcgruenhage
2022-11-14 16:44 ` [PR PATCH] [Merged]: " paper42
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).