Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-tzinfo for openSUSE:Factory
checked in at 2022-08-09 15:26:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-tzinfo (Old)
and /work/SRC/openSUSE:Factory/.rubygem-tzinfo.new.1521 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-tzinfo"
Tue Aug 9 15:26:57 2022 rev:26 rq:993528 version:2.0.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-tzinfo/rubygem-tzinfo.changes
2020-12-21 12:35:27.558972503 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-tzinfo.new.1521/rubygem-tzinfo.changes
2022-08-09 15:27:15.413437380 +0200
@@ -1,0 +2,19 @@
+Thu Aug 4 13:33:15 UTC 2022 - Stephan Kulow <co...@suse.com>
+
+updated to version 2.0.5
+ see installed CHANGES.md
+
+ ## Version 2.0.5 - 19-Jul-2022
+
+ * Changed `DateTime` results to always use the proleptic Gregorian calendar.
+ This affects `DateTime` results prior to 1582-10-15 and any arithmetic
+ performed on the results that would produce a secondary result prior to
+ 1582-10-15.
+ * Added support for eager loading all the time zone and country data by
calling
+ either `TZInfo::DataSource#eager_load!` or `TZInfo.eager_load!`. Compatible
+ with Ruby On Rails' `eager_load_namespaces`. #129.
+ * Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
+
+-------------------------------------------------------------------
Old:
----
tzinfo-2.0.4.gem
New:
----
tzinfo-2.0.5.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-tzinfo.spec ++++++
--- /var/tmp/diff_new_pack.YTy8Uc/_old 2022-08-09 15:27:15.877438706 +0200
+++ /var/tmp/diff_new_pack.YTy8Uc/_new 2022-08-09 15:27:15.885438729 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-tzinfo
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-tzinfo
-Version: 2.0.4
+Version: 2.0.5
Release: 0
%define mod_name tzinfo
%define mod_full_name %{mod_name}-%{version}
++++++ tzinfo-2.0.4.gem -> tzinfo-2.0.5.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGES.md new/CHANGES.md
--- old/CHANGES.md 2020-12-16 21:58:54.000000000 +0100
+++ new/CHANGES.md 2022-07-19 20:52:48.000000000 +0200
@@ -1,8 +1,20 @@
# Changes
+## Version 2.0.5 - 19-Jul-2022
+
+* Changed `DateTime` results to always use the proleptic Gregorian calendar.
+ This affects `DateTime` results prior to 1582-10-15 and any arithmetic
+ performed on the results that would produce a secondary result prior to
+ 1582-10-15.
+* Added support for eager loading all the time zone and country data by calling
+ either `TZInfo::DataSource#eager_load!` or `TZInfo.eager_load!`. Compatible
+ with Ruby On Rails' `eager_load_namespaces`. #129.
+* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
## Version 2.0.4 - 16-Dec-2020
-* Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a
+* Fixed an incorrect `InvalidTimezoneIdentifier` exception raised when loading
a
zoneinfo file that includes rules specifying an additional transition to the
final defined offset (for example, Africa/Casablanca in version 2018e of the
Time Zone Database). #123.
@@ -182,9 +194,18 @@
`TZInfo::Country.get('US').zone_identifiers` should be used instead.
+## Version 1.2.10 - 19-Jul-2022
+
+* Fixed a relative path traversal bug that could cause arbitrary files to be
+ loaded with `require` when used with `RubyDataSource`. Please refer to
+ <https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx>
for
+ details. CVE-2022-31163.
+* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
## Version 1.2.9 - 16-Dec-2020
-* Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a
+* Fixed an incorrect `InvalidTimezoneIdentifier` exception raised when loading
a
zoneinfo file that includes rules specifying an additional transition to the
final defined offset (for example, Africa/Casablanca in version 2018e of the
Time Zone Database). #123.
@@ -340,10 +361,32 @@
use other `TimezonePeriod` instance methods instead (issue #7655).
+## Version 0.3.61 (tzdata v2022a) - 19-Jul-2022
+
+* Fixed a relative path traversal bug that could cause arbitrary files to be
+ loaded with `require` from the Ruby load path. Please refer to
+ <https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx>
for
+ details. CVE-2022-31163.
+* Updated to tzdata version 2022a
+ (<https://mm.icann.org/pipermail/tz-announce/2022-March/000070.html>).
+
+
+## Version 0.3.60 (tzdata v2021a) - 6-Feb-2021
+
+* Updated to tzdata version 2021a
+ (<https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html>).
+
+
+## Version 0.3.59 (tzdata v2020e) - 24-Dec-2020
+
+* Updated to tzdata version 2020e
+ (<https://mm.icann.org/pipermail/tz-announce/2020-December/000063.html>).
+
+
## Version 0.3.58 (tzdata v2020d) - 8-Nov-2020
* Updated to tzdata version 2020d
- (https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html).
+ (<https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html>).
## Version 0.3.57 (tzdata v2020a) - 17-May-2020
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/LICENSE new/LICENSE
--- old/LICENSE 2020-12-16 21:58:54.000000000 +0100
+++ new/LICENSE 2022-07-19 20:52:48.000000000 +0200
@@ -1,4 +1,4 @@
-Copyright (c) 2005-2020 Philip Ross
+Copyright (c) 2005-2022 Philip Ross
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2020-12-16 21:58:54.000000000 +0100
+++ new/README.md 2022-07-19 20:52:48.000000000 +0200
@@ -1,6 +1,6 @@
# TZInfo - Ruby Time Zone Library
-[](https://rubygems.org/gems/tzinfo)
[](https://travis-ci.com/github/tzinfo/tzinfo)
[](https://ci.appveyor.com/project/philr/tzinfo)
+[](https://rubygems.org/gems/tzinfo)
[](https://github.com/tzinfo/tzinfo/actions?query=workflow%3ATests+branch%3Amaster+event%3Apush)
[TZInfo](https://tzinfo.github.io) is a Ruby library that provides access to
time zone data and allows times to be converted using time zone rules.
@@ -36,7 +36,7 @@
## Installation
The TZInfo gem can be installed by running `gem install tzinfo` or by adding
-to `gem 'tzinfo'` to your `Gemfile` and running `bundle install`.
+`gem 'tzinfo'` to your `Gemfile` and running `bundle install`.
To use the Ruby modules as the data source, TZInfo::Data will also need to be
installed by running `gem install tzinfo-data` or by adding `gem 'tzinfo-data'`
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
Binary files old/checksums.yaml.gz.sig and new/checksums.yaml.gz.sig differ
Binary files old/data.tar.gz.sig and new/data.tar.gz.sig differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo/data_source.rb
new/lib/tzinfo/data_source.rb
--- old/lib/tzinfo/data_source.rb 2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_source.rb 2022-07-19 20:52:48.000000000 +0200
@@ -247,6 +247,17 @@
raise_invalid_data_source('country_codes')
end
+ # Loads all timezone and country data into memory.
+ #
+ # This may be desirable in production environments to improve copy-on-write
+ # performance and to avoid flushing the constant cache every time a new
+ # timezone or country is loaded from {DataSources::RubyDataSource}.
+ def eager_load!
+ timezone_identifiers.each {|identifier| load_timezone_info(identifier) }
+ country_codes.each {|code| load_country_info(code) }
+ nil
+ end
+
# @return [String] a description of the {DataSource}.
def to_s
"Default DataSource"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo/data_sources/ruby_data_source.rb
new/lib/tzinfo/data_sources/ruby_data_source.rb
--- old/lib/tzinfo/data_sources/ruby_data_source.rb 2020-12-16
21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_sources/ruby_data_source.rb 2022-07-19
20:52:48.000000000 +0200
@@ -116,14 +116,14 @@
# @param identifier [Array<string>] the component parts of a time zone
# identifier (split on /). This must have already been validated.
def require_definition(identifier)
- require_data(*(['definitions'] + identifier))
+ require_data('definitions', *identifier)
end
# Requires an index by its name.
#
# @param name [String] an index name.
def require_index(name)
- require_data(*['indexes', name])
+ require_data('indexes', name)
end
# Requires a file from tzinfo/data.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo/data_sources/zoneinfo_data_source.rb
new/lib/tzinfo/data_sources/zoneinfo_data_source.rb
--- old/lib/tzinfo/data_sources/zoneinfo_data_source.rb 2020-12-16
21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_sources/zoneinfo_data_source.rb 2022-07-19
20:52:48.000000000 +0200
@@ -78,6 +78,30 @@
DEFAULT_ALTERNATE_ISO3166_TAB_SEARCH_PATH =
['/usr/share/misc/iso3166.tab', '/usr/share/misc/iso3166'].freeze
private_constant :DEFAULT_ALTERNATE_ISO3166_TAB_SEARCH_PATH
+ # Files and directories in the top level zoneinfo directory that will be
+ # excluded from the list of available time zones:
+ #
+ # - +VERSION is included on Mac OS X.
+ # - leapseconds is a list of leap seconds.
+ # - localtime is the current local timezone (may be a link).
+ # - posix, posixrules and right are directories containing other
+ # versions of the zoneinfo files.
+ # - SECURITY is included in the Arch Linux tzdata package.
+ # - src is a directory containing the tzdata source included on
Solaris.
+ # - timeconfig is a symlink included on Slackware.
+ EXCLUDED_FILENAMES = [
+ '+VERSION',
+ 'leapseconds',
+ 'localtime',
+ 'posix',
+ 'posixrules',
+ 'right',
+ 'SECURITY',
+ 'src',
+ 'timeconfig'
+ ].freeze
+ private_constant :EXCLUDED_FILENAMES
+
# Paths to be checked to find the system zoneinfo directory.
#
# @private
@@ -394,15 +418,7 @@
def load_timezone_identifiers
index = []
- # Ignoring particular files:
- # +VERSION is included on Mac OS X.
- # leapseconds is a list of leap seconds.
- # localtime is the current local timezone (may be a link).
- # posix, posixrules and right are directories containing other
versions of the zoneinfo files.
- # src is a directory containing the tzdata source included on Solaris.
- # timeconfig is a symlink included on Slackware.
-
- enum_timezones([], ['+VERSION', 'leapseconds', 'localtime', 'posix',
'posixrules', 'right', 'src', 'timeconfig']) do |identifier|
+ enum_timezones([], EXCLUDED_FILENAMES) do |identifier|
index << identifier.join('/').freeze
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo/timestamp.rb new/lib/tzinfo/timestamp.rb
--- old/lib/tzinfo/timestamp.rb 2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/timestamp.rb 2022-07-19 20:52:48.000000000 +0200
@@ -3,10 +3,11 @@
module TZInfo
# A time represented as an `Integer` number of seconds since 1970-01-01
- # 00:00:00 UTC (ignoring leap seconds), the fraction through the second
- # (sub_second as a `Rational`) and an optional UTC offset. Like Ruby's `Time`
- # class, {Timestamp} can distinguish between a local time with a zero offset
- # and a time specified explicitly as UTC.
+ # 00:00:00 UTC (ignoring leap seconds and using the proleptic Gregorian
+ # calendar), the fraction through the second (sub_second as a `Rational`) and
+ # an optional UTC offset. Like Ruby's `Time` class, {Timestamp} can
+ # distinguish between a local time with a zero offset and a time specified
+ # explicitly as UTC.
class Timestamp
include Comparable
@@ -16,8 +17,8 @@
private_constant :JD_EPOCH
class << self
- # Returns a new {Timestamp} representing the (Gregorian calendar) date
and
- # time specified by the supplied parameters.
+ # Returns a new {Timestamp} representing the (proleptic Gregorian
+ # calendar) date and time specified by the supplied parameters.
#
# If `utc_offset` is `nil`, `:utc` or 0, the date and time parameters
will
# be interpreted as representing a UTC date and time. Otherwise the date
@@ -37,7 +38,7 @@
# specified offset, an offset from UTC specified as an `Integer` number
# of seconds or the `Symbol` `:utc`).
# @return [Timestamp] a new {Timestamp} representing the specified
- # (Gregorian calendar) date and time.
+ # (proleptic Gregorian calendar) date and time.
# @raise [ArgumentError] if either of `year`, `month`, `day`, `hour`,
# `minute`, or `second` is not an `Integer`.
# @raise [ArgumentError] if `sub_second` is not a `Rational`, or the
@@ -84,7 +85,8 @@
# When called with a block, the {Timestamp} representation of `value` is
# passed to the block. The block must then return a {Timestamp}, which
# will be converted back to the type of the initial value. If the initial
- # value was a {Timestamp}, the block result will just be returned.
+ # value was a {Timestamp}, the block result will be returned. If the
+ # initial value was a `DateTime`, a Gregorian `DateTime` will be
returned.
#
# The UTC offset of `value` can either be preserved (the {Timestamp}
# representation will have the same UTC offset as `value`), ignored (the
@@ -396,11 +398,11 @@
end
end
- # Converts this {Timestamp} to a `DateTime`.
+ # Converts this {Timestamp} to a Gregorian `DateTime`.
#
- # @return [DateTime] a DateTime representation of this {Timestamp}. If the
- # UTC offset of this {Timestamp} is not specified, a UTC `DateTime` will
- # be returned.
+ # @return [DateTime] a Gregorian `DateTime` representation of this
+ # {Timestamp}. If the UTC offset of this {Timestamp} is not specified, a
+ # UTC `DateTime` will be returned.
def to_datetime
new_datetime
end
@@ -408,7 +410,7 @@
# Converts this {Timestamp} to an `Integer` number of seconds since
# 1970-01-01 00:00:00 UTC (ignoring leap seconds).
#
- # @return [Integer] an Integer representation of this {Timestamp} (the
+ # @return [Integer] an `Integer` representation of this {Timestamp} (the
# number of seconds since 1970-01-01 00:00:00 UTC ignoring leap seconds).
def to_i
value
@@ -492,7 +494,9 @@
#
# @private
def new_datetime(klass = DateTime)
- datetime = klass.jd(JD_EPOCH + ((@value.to_r + @sub_second) / 86400))
+ # Can't specify the start parameter unless the jd parameter is an exact
number of days.
+ # Use #gregorian instead.
+ datetime = klass.jd(JD_EPOCH + ((@value.to_r + @sub_second) /
86400)).gregorian
@utc_offset && @utc_offset != 0 ?
datetime.new_offset(Rational(@utc_offset, 86400)) : datetime
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo/version.rb new/lib/tzinfo/version.rb
--- old/lib/tzinfo/version.rb 2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/version.rb 2022-07-19 20:52:48.000000000 +0200
@@ -3,5 +3,5 @@
module TZInfo
# The TZInfo version number.
- VERSION = '2.0.4'
+ VERSION = '2.0.5'
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/tzinfo.rb new/lib/tzinfo.rb
--- old/lib/tzinfo.rb 2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo.rb 2022-07-19 20:52:48.000000000 +0200
@@ -3,6 +3,18 @@
# The top level module for TZInfo.
module TZInfo
+ class << self
+ # Instructs the current {DataSource} to load all timezone and country data
+ # into memory (initializing the {DataSource} first if not previously
+ # accessed or set).
+ #
+ # This may be desirable in production environments to improve copy-on-write
+ # performance and to avoid flushing the constant cache every time a new
+ # timezone or country is loaded from {DataSources::RubyDataSource}.
+ def eager_load!
+ DataSource.get.eager_load!
+ end
+ end
end
# Object#untaint is a deprecated no-op in Ruby >= 2.7 and will be removed in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2020-12-16 21:58:54.000000000 +0100
+++ new/metadata 2022-07-19 20:52:48.000000000 +0200
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: tzinfo
version: !ruby/object:Gem::Version
- version: 2.0.4
+ version: 2.0.5
platform: ruby
authors:
- Philip Ross
@@ -29,7 +29,7 @@
J3Zn/kSTjTekiaspyGbczC3PUaeJNxr+yCvR4sk71Xmk/GaKKGOHedJ1uj/LAXrA
MR0mpl7b8zCg0PFC1J73uw==
-----END CERTIFICATE-----
-date: 2020-12-16 00:00:00.000000000 Z
+date: 2022-07-19 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: concurrent-ruby
@@ -114,9 +114,9 @@
metadata:
bug_tracker_uri: https://github.com/tzinfo/tzinfo/issues
changelog_uri: https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md
- documentation_uri: https://rubydoc.info/gems/tzinfo/2.0.4
+ documentation_uri: https://rubydoc.info/gems/tzinfo/2.0.5
homepage_uri: https://tzinfo.github.io
- source_code_uri: https://github.com/tzinfo/tzinfo/tree/v2.0.4
+ source_code_uri: https://github.com/tzinfo/tzinfo/tree/v2.0.5
post_install_message:
rdoc_options:
- "--title"
@@ -136,7 +136,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.3.7
signing_key:
specification_version: 4
summary: Time Zone Library
Binary files old/metadata.gz.sig and new/metadata.gz.sig differ
