1
0
forked from rpms/curl
curl/rpminspect.yaml

3 lines
30 B
YAML
Raw Normal View History

Related: CVE-2022-32207 - rpminspect.yaml: attempt to silence rpminspect No one is interested to read through reports like this upon each update: ``` rpminspect version: 1.11-0.1.202206281908gitc4b3399.el9 (with data package: 1.7-0.1.202206211435git4072215.el9) rpminspect profile: none new build: curl-7.76.1-14.el9_0.5 old build: curl-7.76.1-14.el9_0.4 (found in rhel-9.0.0-z brew tag) Test description: Check for correct RPM dependency metadata. Report incorrect or conflicting findings as well as expected changes when comparing a new build to an older build. Changes are only reported when comparing builds, but this inspection will check for correct RPM dependency metadata when inspecting a single build and report findings. ======================================== Test Output ======================================== rpmdeps: -------- Result: VERIFY 1) Subpackage curl on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 2) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 3) Subpackage curl-minimal on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 4) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 5) Subpackage libcurl-devel on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 6) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 7) Subpackage curl on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 8) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 9) Subpackage curl-minimal on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 10) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 11) Subpackage libcurl-devel on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 12) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 13) Subpackage libcurl-devel on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 14) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 15) Subpackage curl on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 16) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 17) Subpackage curl-minimal on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 18) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 19) Subpackage curl on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 20) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 21) Subpackage curl-minimal on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 22) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 23) Subpackage libcurl-devel on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 24) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 25) Subpackage libcurl-devel on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 26) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 27) Subpackage curl on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 28) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. Result: VERIFY 29) Subpackage curl-minimal on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement. Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. Waiver Authorization: Anyone Suggested Remedy: Add the indicated explicit Requires to the spec file for the named subpackage. Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file. Result: VERIFY 30) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal Waiver Authorization: Anyone Suggested Remedy: Check subpackage %files sections and explicit Provides statements. Only one subpackage should provide a given shared library. Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question. ```
2022-07-01 15:46:42 +00:00
inspections:
rpmdeps: off