Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nim for openSUSE:Factory checked in at 2022-08-11 18:31:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nim (Old) and /work/SRC/openSUSE:Factory/.nim.new.1521 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nim" Thu Aug 11 18:31:53 2022 rev:19 rq:994348 version:1.6.6 Changes: -------- --- /work/SRC/openSUSE:Factory/nim/nim.changes 2022-07-19 17:19:35.584385130 +0200 +++ /work/SRC/openSUSE:Factory/.nim.new.1521/nim.changes 2022-08-11 18:32:00.718218675 +0200 @@ -1,0 +2,12 @@ +Mon Aug 8 17:16:41 UTC 2022 - David Anes <[email protected]> + +- Disable some tests for some platforms: + * SFML tests/buildrequires are removed to simplify having the same + version in all repositories (SLE, backports, etc.). + * Disable test "tests/arc/tasyncorc.nim", which is failing in + ppc64le (backports). + +- Require/recommend NodeJS 12 only where it is provided, so the + package is buildable on more codestreams. + +------------------------------------------------------------------- @@ -14,0 +27,20 @@ + +- Includes upstream fixes for: + * (bsc#1175333, CVE-2020-15693) httpClient is vulnerable to a + CR-LF injection + * (bsc#1175334, CVE-2020-15692) mishandle of argument to + browsers.openDefaultBrowser + * (bsc#1175332, CVE-2020-15694) httpClient.get().contentLength() + fails to properly validate the server response + * (bsc#1192712, CVE-2021-41259) null byte accepted in getContent + function, leading to URI validation bypass + * (bsc#1185948, CVE-2021-29495) stdlib httpClient does not + validate peer certificates by default + * (bsc#1185085, CVE-2021-21374) Improper verification of the + SSL/TLS certificate + * (bsc#1185084, CVE-2021-21373) "nimble refresh" falls back to a + non-TLS URL in case of error + * (bsc#1185083, CVE-2021-21372) doCmd can be leveraged to execute + arbitrary commands + * (bsc#1181705, CVE-2020-15690) Standard library asyncftpclient + lacks a check for newline character ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nim.spec ++++++ --- /var/tmp/diff_new_pack.O7WX0d/_old 2022-08-11 18:32:01.310220061 +0200 +++ /var/tmp/diff_new_pack.O7WX0d/_new 2022-08-11 18:32:01.314220070 +0200 @@ -56,16 +56,11 @@ # Needs node 12 for flag --unhandled-rejections=strict, but it's not # strictly needed (it's used to test the Nim JS compiler, so we can # skip it and run tests without this compiler target afterwards) -%if 0%{?suse_version} >= 150100 || 0%{?is_backports} +%if 0%{?suse_version} >= 150100 || (0%{?suse_version} >= 150100 && 0%{?is_backports}) BuildRequires: nodejs >= 12 Recommends: nodejs %endif -%if 0%{?is_opensuse} || 0%{?is_backports} -# sfml2 is not avaialable in SLE -BuildRequires: sfml2-devel -%endif - Recommends: git ExclusiveArch: %{ix86} x86_64 armv7l armv7hl aarch64 ppc64le @@ -150,14 +145,9 @@ tests/nimdoc/trunnableexamples.nim # broken in Leap 15.3 tests/exception/t13115.nim -EOT - -%if 0%{?sle_version} && !0%{?is_opensuse} && !0%{?is_backports} -cat << EOT >> tests_to_skip - # no SFML in plain SLE + # no SFML in plain SLE and missing in sin backport repos tests/niminaction/Chapter8/sfml/sfml_test.nim EOT -%endif %ifarch aarch64 armv7l armv7hl ppc64le cat << EOT >> tests_to_skip @@ -175,6 +165,9 @@ #aarch64 and ppc64l tests/range/tcompiletime_range_checks.nim tests/dll/nimhcr_unit.nim + + #ppc64le + tests/arc/tasyncorc.nim EOT %endif
