Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ruby4.0 for openSUSE:Factory checked in at 2026-04-23 17:03:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ruby4.0 (Old) and /work/SRC/openSUSE:Factory/.ruby4.0.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby4.0" Thu Apr 23 17:03:10 2026 rev:6 rq:1348486 version:4.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ruby4.0/ruby4.0.changes 2026-03-17 19:04:53.453649766 +0100 +++ /work/SRC/openSUSE:Factory/.ruby4.0.new.11940/ruby4.0.changes 2026-04-23 17:03:16.589444601 +0200 @@ -1,0 +2,14 @@ +Tue Apr 21 10:05:13 UTC 2026 - Marcus Rueckert <[email protected]> + +- Update to 4.0.3 (boo#1262441) + This release only contains ERB 6.0.1.1, which fixes CVE-2026-41316. + + If your application calls Marshal.load on untrusted data AND has + both erb and activesupport loaded, please update your ERB to + 4.0.3.1, 4.0.4.1, 6.0.1.1, 6.0.4 or later. You may use this Ruby + 4.0.3 release to do so. + + https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/ + https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/ + +------------------------------------------------------------------- Old: ---- ruby-4.0.2.tar.xz New: ---- ruby-4.0.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby4.0.spec ++++++ --- /var/tmp/diff_new_pack.ImV1Yy/_old 2026-04-23 17:03:18.113507389 +0200 +++ /var/tmp/diff_new_pack.ImV1Yy/_new 2026-04-23 17:03:18.113507389 +0200 @@ -36,7 +36,7 @@ %global patch_level p0 Name: ruby4.0%{psuffix} -Version: 4.0.2 +Version: 4.0.3 Release: 0 %global pkg_version %{version} # make the exported API version explicit @@ -392,7 +392,7 @@ for man in %{buildroot}%{_mandir}/man1/*%{rb_binary_suffix}.1* ; do # yes really hard links # TODO: this is dangerous as we cant anc - ln $man ${man%%%{rb_binary_suffix}.1}.1 + ln $man ${man//%{rb_binary_suffix}/} done ln -s lib%{rb_soname}.so %{buildroot}%{_libdir}/libruby.so %endif @@ -492,7 +492,7 @@ %{_bindir}/typeprof* %{_mandir}/man1/erb*.1%{?ext_man} %{_mandir}/man1/ruby*.1%{?ext_man} -%doc ChangeLog KNOWNBUGS.rb NEWS.md README.EXT README.EXT.ja README.ja.md README.md CONTRIBUTING.md +%doc KNOWNBUGS.rb NEWS.md README.EXT README.EXT.ja README.ja.md README.md CONTRIBUTING.md %license COPYING COPYING.ja GPL LEGAL BSDL %{_rpmmacrodir}/macros.suse-ruby4.0* ++++++ ruby-4.0.2.tar.xz -> ruby-4.0.3.tar.xz ++++++ /work/SRC/openSUSE:Factory/ruby4.0/ruby-4.0.2.tar.xz /work/SRC/openSUSE:Factory/.ruby4.0.new.11940/ruby-4.0.3.tar.xz differ: char 27, line 1
