Compare commits

..

No commits in common. 'i9ce' and 'c10-beta' have entirely different histories.

3
.gitignore vendored

@ -1 +1,2 @@
SOURCES/llhttp-9.2.1.tar.gz SOURCES/llhttp-9.1.3-nm-dev.tgz
SOURCES/llhttp-9.1.3.tar.gz

@ -1 +1,2 @@
a9bc2288b1fbb830bb4f454ea9803fe317472375 SOURCES/llhttp-9.2.1.tar.gz 95778471ca43cf222724cd4a3e16a7a7506a3d8e SOURCES/llhttp-9.1.3-nm-dev.tgz
a504e64bd543a743fa25d99abca569a01ce33e74 SOURCES/llhttp-9.1.3.tar.gz

@ -12,19 +12,6 @@ modules = "<unknown version>"
# tslib/test/validateModuleExportsMatchCommonJS # tslib/test/validateModuleExportsMatchCommonJS
validateModuleExportsMatchCommonJS = "<unknown version>" validateModuleExportsMatchCommonJS = "<unknown version>"
# Similarly, these are all just ES6 module (mjs) or CommonJS (cjs) module
# wrappers in packages that do have proper license information:
# node_modules_dev/@ungap/structured-clone/cjs
# node_modules_dev/@typescript-eslint/utils/node_modules/minimatch/dist/cjs
# node_modules_dev/@typescript-eslint/utils/node_modules/minimatch/dist/mjs
# node_modules_dev/@typescript-eslint/parser/node_modules/minimatch/dist/cjs
# node_modules_dev/@typescript-eslint/parser/node_modules/minimatch/dist/mjs
# node_modules_dev/@typescript-eslint/type-utils/node_modules/minimatch/dist/cjs
# node_modules_dev/@typescript-eslint/type-utils/node_modules/minimatch/dist/mjs
# node_modules_dev/flatted/cjs
cjs = "<unknown version>"
mjs = "<unknown version>"
# These are all “dummy” modules in the tests for resolve: # These are all “dummy” modules in the tests for resolve:
# resolve/test/module_dir/zmodules/bbb # resolve/test/module_dir/zmodules/bbb
bbb = "<unknown version>" bbb = "<unknown version>"

@ -6,10 +6,7 @@ from argparse import ArgumentParser, FileType, RawDescriptionHelpFormatter
from pathlib import Path from pathlib import Path
from sys import exit, stderr from sys import exit, stderr
try: import tomllib
import tomllib
except ImportError:
import tomli as tomllib
def main(): def main():
@ -24,7 +21,9 @@ def main():
continue # Do not even check the license continue # Do not even check the license
elif license is None: elif license is None:
problem = True problem = True
print(f"Missing license in package.json for {identity}", file=stderr) print(
f"Missing license in package.json for {identity}", file=stderr
)
elif isinstance(license, dict): elif isinstance(license, dict):
if isinstance(license.get("type"), str): if isinstance(license.get("type"), str):
continue continue
@ -63,6 +62,10 @@ def main():
return "At least one missing license was found." return "At least one missing license was found."
def check_exception(exceptions, name, version):
x = args.exceptions
def parse(package_json_path): def parse(package_json_path):
with package_json_path.open("rb") as pjfile: with package_json_path.open("rb") as pjfile:
pj = json.load(pjfile) pj = json.load(pjfile)
@ -82,7 +85,9 @@ def parse(package_json_path):
def parse_args(): def parse_args():
parser = ArgumentParser( parser = ArgumentParser(
formatter_class=RawDescriptionHelpFormatter, formatter_class=RawDescriptionHelpFormatter,
description=("Search for bundled dependencies without declared licenses"), description=(
"Search for bundled dependencies without declared licenses"
),
epilog=""" epilog="""
The exceptions file must be a TOML file with zero or more tables. Each tables The exceptions file must be a TOML file with zero or more tables. Each tables
@ -149,7 +154,9 @@ considered an error, and the program returns with nonzero status.
parser.error(f"Invalid format in {xname}: not an object") parser.error(f"Invalid format in {xname}: not an object")
for tablename, table in args.exceptions.items(): for tablename, table in args.exceptions.items():
if not isinstance(table, dict): if not isinstance(table, dict):
parser.error(f"Non-table entry in {xname}: {tablename} = {table!r}") parser.error(
f"Non-table entry in {xname}: {tablename} = {table!r}"
)
overlay = {} overlay = {}
for key, value in table.items(): for key, value in table.items():
if isinstance(value, str): if isinstance(value, str):
@ -169,7 +176,9 @@ considered an error, and the program returns with nonzero status.
x.update(args.exceptions[add]) x.update(args.exceptions[add])
except KeyError: except KeyError:
if xname is None: if xname is None:
parser.error(f"No table {add}, as no exceptions file was given") parser.error(
f"No table {add}, as no exceptions file was given"
)
else: else:
parser.error(f"No table {add} in {xname}") parser.error(f"No table {add} in {xname}")
# Store the merged dictionary # Store the merged dictionary

@ -97,13 +97,12 @@ mv node_modules/ node_modules_dev
if [[ -d node_modules_prod ]] if [[ -d node_modules_prod ]]
then then
tar -cf "../llhttp-${VERSION}-nm-prod.tar" node_modules_prod tar -czf "../llhttp-${VERSION}-nm-prod.tgz" node_modules_prod
fi fi
if [[ -d node_modules_dev ]] if [[ -d node_modules_dev ]]
then then
tar -cf "../llhttp-${VERSION}-nm-dev.tar" node_modules_dev tar -czf "../llhttp-${VERSION}-nm-dev.tgz" node_modules_dev
fi fi
zstdmt --ultra -22 "../llhttp-${VERSION}-nm-prod.tar" "../llhttp-${VERSION}-nm-dev.tar"
cd .. cd ..
find . -mindepth 1 -maxdepth 1 -type f \( -name "$(basename "${ARCHIVE}")" \ find . -mindepth 1 -maxdepth 1 -type f \( -name "$(basename "${ARCHIVE}")" \

@ -1,8 +1,8 @@
## START: Set by rpmautospec ## START: Set by rpmautospec
## (rpmautospec version 0.6.3) ## (rpmautospec version 0.6.1)
## RPMAUTOSPEC: autorelease, autochangelog ## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 1; release_number = 7;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1); print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@ -36,8 +36,8 @@
# additional source even if we do not do the re-generation ourselves. # additional source even if we do not do the re-generation ourselves.
Name: llhttp Name: llhttp
Version: 9.2.1 Version: 9.1.3
%global so_version 9.2 %global so_version 9.1
Release: %autorelease Release: %autorelease
Summary: Port of http_parser to llparse Summary: Port of http_parser to llparse
@ -56,7 +56,7 @@ Source0: %{url}/archive/v%{version}/llhttp-%{version}.tar.gz
# therefore, no bundled licenses text file is generated either # therefore, no bundled licenses text file is generated either
Source1: llhttp-packaging-bundler Source1: llhttp-packaging-bundler
# Created with llhttp-packaging-bundler (Source1): # Created with llhttp-packaging-bundler (Source1):
Source2: llhttp-%{version}-nm-dev.tar.zst Source2: llhttp-%{version}-nm-dev.tgz
# While nothing in the dev bundle is installed, we still choose to audit for # While nothing in the dev bundle is installed, we still choose to audit for
# null licenses at build time and to keep manually-approved exceptions in a # null licenses at build time and to keep manually-approved exceptions in a
@ -81,7 +81,11 @@ BuildRequires: gcc-c++
# For check-null-licenses # For check-null-licenses
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: (python3dist(tomli) if python3 < 3.11) %if !0%{?rhel}
# For additional license auditing:
BuildRequires: askalono-cli
BuildRequires: licensecheck
%endif
%description %description
This project is a port of http_parser to TypeScript. llparse is used to This project is a port of http_parser to TypeScript. llparse is used to
@ -113,7 +117,7 @@ sed -r -i 's@ -[Og].\b@@g' Makefile
# Set up bundled (dev) node modules required to generate the C sources from the # Set up bundled (dev) node modules required to generate the C sources from the
# TypeScript sources. # TypeScript sources.
tar --zstd --extract --file='%{SOURCE2}' tar -xzf '%{SOURCE2}'
mkdir -p node_modules mkdir -p node_modules
pushd node_modules pushd node_modules
ln -s ../node_modules_dev/* . ln -s ../node_modules_dev/* .
@ -157,7 +161,72 @@ popd
# code with license problems in the source RPM. # code with license problems in the source RPM.
%{python3} '%{SOURCE3}' --exceptions '%{SOURCE4}' --with dev node_modules_dev %{python3} '%{SOURCE3}' --exceptions '%{SOURCE4}' --with dev node_modules_dev
%set_build_flags %if !0%{?rhel}
# Ensure we have checked all of the licenses in the dev dependency bundle for
# allowability.
pattern="${pattern-}${pattern+|}UNKNOWN|(Apache|Python) License 2\\.0"
pattern="${pattern-}${pattern+|}(MIT|ISC|BSD [023]-Clause) License"
pattern="${pattern-}${pattern+|}MIT License and/or X11 License"
pattern="${pattern-}${pattern+|}GNU General Public License"
# The CC0-1.0 license is *not allowed* in Fedora for code, but the
# binary-search dev dependency falls under the following blanket exception:
#
# Existing uses of CC0-1.0 on code files in Fedora packages prior to
# 2022-08-01, and subsequent upstream versions of those files in those
# packages, continue to be allowed. We encourage Fedora package maintainers
# to ask upstreams to relicense such files.
#
# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/91#note_1151947383
#
# This can be verified by checking out commit
# f460573ec4dc41968e600a96aaaf03a167b236bf (2021-12-16) from dist-git for this
# package, obtaining the source llhttp-6.0.6-nm-dev.tgz, and observing that
# llhttp-6.0.6/node_modules_dev/binary-search/package.json shows the CC0-1.0
# license.
pattern="${pattern-}${pattern+|}binary-search/package.json: (\*No copyright\* )?Creative Commons CC0 1\.0"
# The license BSD-3-Clause-Clear appears in sprintf-js/bower.json. This license
# is on the not-allowed list, but it is not real: sprintf-js/package.json and
# sprintf-js/LICENSE have the correct (and allowed) BSD-3-Clause license, and
# upstream confirmed in “Licensing Question”
# https://github.com/alexei/sprintf.js/issues/211 that the appearance of
# BSD-3-Clause-Clear in this file was a mere typo.
pattern="${pattern-}${pattern+|}sprintf-js/bower.json: (\*No copyright\* )?BSD 3-Clause Clear License"
if licensecheck -r node_modules_dev |
grep -vE "(${pattern})( \\[generated file\\])?\$" ||
! askalono crawl node_modules_dev | awk '
$1 == "License:" { license = $0; next }
$1 == "Score:" {
if ( \
license ~ /: (MIT|ISC|0BSD|BSD-[23]-Clause) \(/ || \
license ~ /: (Apache-2\.0|Python-2\.0\.1) \(/ \
) {
next # license is OK
}
# license needs auditing
problem = 1
print file; print license; print $0
next
}
{ file = $0 }
END { exit problem }'
then
cat 1>&2 <<'EOF'
=================================================================
Possible new license(s) found in dev dependency bundle!
While these do not contribute to License, they must appear in:
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
Please audit them and modify the patterns representing expected
licenses in the spec file!
=================================================================
EOF
exit 1
fi
%endif
# http-loose-request.c:7205:20: error: invalid conversion from 'void*' to # http-loose-request.c:7205:20: error: invalid conversion from 'void*' to
# 'const unsigned char*' [-fpermissive] # 'const unsigned char*' [-fpermissive]
# 7205 | start = state->_span_pos0; # 7205 | start = state->_span_pos0;
@ -167,8 +236,10 @@ popd
export CXXFLAGS="${CXXFLAGS-} -fpermissive" export CXXFLAGS="${CXXFLAGS-} -fpermissive"
export CFLAGS="${CFLAGS-} -fpermissive" export CFLAGS="${CFLAGS-} -fpermissive"
export CLANG=gcc export CLANG=gcc
# See scripts.test in package.json: # See scripts.mocha in package.json:
NODE_ENV=test node -r ts-node/register/type-check ./test/md-test.ts NODE_ENV=test ./node_modules/.bin/mocha \
-r ts-node/register/type-check \
test/*-test.ts
%files %files
@ -185,72 +256,92 @@ NODE_ENV=test node -r ts-node/register/type-check ./test/md-test.ts
%changelog %changelog
* Thu May 09 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 9.2.1-1
- Rebuilt for MSVSphere 9.4
## START: Generated by rpmautospec ## START: Generated by rpmautospec
* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.1-1 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 9.1.3-7
- Update to 9.2.1 (close RHBZ#2273352, fix CVE-2024-27982) - Bump release for June 2024 mass rebuild
- Switch from xz to zstd compression for the “dev” bundle archive
* Tue May 28 2024 koncpa <pkoncity@redhat.com> - 9.1.3-6
- Enable RHEL gating for llhttp
* Sun Feb 11 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 9.1.3-5
- Avoid licensecheck dependency in RHEL builds
* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.0-4 * Thu Feb 08 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-4
- Format check-null-licenses with “ruff format” - Better audit (and document auditing of) dev dependency licenses
* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.2.0-1 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1.3-3
- Update to 9.2.0 (close RHBZ#2263250) - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Apr 11 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-2 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1.3-2
- Compress the dev dependency bundle with xz instead of gzip - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-1 * Thu Oct 05 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.3-1
- Update to 9.1.3 (close RHBZ#2242220) - Update to 9.1.3 (close RHBZ#2242220)
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.2-1 * Tue Oct 03 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.2-1
- Update to 9.1.2 - Update to 9.1.2
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.1-1 * Thu Sep 14 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.1-1
- Update to 9.1.1 - Update to 9.1.1
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.0-1 * Thu Sep 14 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1.0-1
- Update to 9.1.0 - Update to 9.1.0
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.1-1 * Mon Aug 21 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.1-1
- Update to 9.0.1 (close RHBZ#2228290) - Update to 9.0.1 (close RHBZ#2228290)
* Thu Nov 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.0-1 * Tue Aug 01 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 9.0.0-1
- Update to 9.0.0 - Update to 9.0.0
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.1-1 * Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.1-1
- Update to 8.1.1 (close RHBZ#2216591) - Update to 8.1.1 (close RHBZ#2216591)
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-3 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jun 03 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-5
- Remove explicit %%set_build_flags, not needed since F36
* Wed Feb 15 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-4
- Fix test compiling/execution - Fix test compiling/execution
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-2 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 20 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-2
- Indicate dirs. in files list with trailing slashes - Indicate dirs. in files list with trailing slashes
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-1 * Sat Oct 15 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.1.0-1
- Update to 8.1.0 (close RHBZ#2131175) - Update to 8.1.0 (close RHBZ#2131175)
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.0-1 * Sat Oct 15 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.0-1
- Update to 8.0.0 (close RHBZ#2131175) - Update to 8.0.0 (close RHBZ#2131175)
* Sat Jul 29 2023 Stephen Gallagher <sgallagh@redhat.com> - 6.0.10-1 * Sat Oct 15 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.10-2
- Drop workarounds for Python 3.10 and older
* Thu Sep 29 2022 Stephen Gallagher <sgallagh@redhat.com> - 6.0.10-1
- Update to v6.0.10 - Update to v6.0.10
* Sat Jul 29 2023 Miro Hrončok <miro@hroncok.cz> - 6.0.9-2 * Thu Aug 25 2022 Miro Hrončok <miro@hroncok.cz> - 6.0.9-2
- Use tomllib/python-tomli instead of dead upstream python-toml - Use tomllib/python-tomli instead of dead upstream python-toml
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.9-1 * Thu Aug 11 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.9-1
- Update to 6.0.9 (close RHBZ#2116231) - Update to 6.0.9 (close RHBZ#2116231)
- Bumped .so version from downstream 0.1 to upstream 6.0 - Bumped .so version from downstream 0.1 to upstream 6.0
- Better upstream support for building and installing a shared library - Better upstream support for building and installing a shared library
- The -devel package now contains a .pc file - The -devel package now contains a .pc file
- Tests are now built with gcc and fully respect distro flags - Tests are now built with gcc and fully respect distro flags
* Sat Jul 29 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-6 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Apr 20 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-7
- Drop “forge” macros, which arent really doing much here - Drop “forge” macros, which arent really doing much here
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-5 * Fri Dec 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 6.0.6-5
- Add a note about LLHTTP_STRICT_MODE to the package description - Add a note about LLHTTP_STRICT_MODE to the package description

Loading…
Cancel
Save