Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mruby for openSUSE:Factory checked in at 2023-02-16 16:56:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mruby (Old) and /work/SRC/openSUSE:Factory/.mruby.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mruby" Thu Feb 16 16:56:21 2023 rev:7 rq:1066033 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mruby/mruby.changes 2022-04-26 21:34:59.608200036 +0200 +++ /work/SRC/openSUSE:Factory/.mruby.new.22824/mruby.changes 2023-02-16 16:56:36.282881166 +0100 @@ -1,0 +2,36 @@ +Wed Feb 15 18:26:15 UTC 2023 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to 3.1.0 + * New features: + * CRuby3.0 compatible keyword arguments are introduced. + * Keyword arguments are basically separated from ordinal arguments. + * Implement endless-def + * Replace `R-assignment` by `single-line pattern matching` + * Support squiggly heredocs. + * Hash value omission + * New library methods + * New supported directives for `mrbgems/mruby-pack` + * Breaking Changes + * `Kernel#printf` (`mruby-sprintf`) Format specifiers `%a` and `%A` are removed. + * `Kernel#puts` (`mruby-print`) Now expand Array arguments. + * mruby binaries are no longer backward compatible. + * Upgrade mruby VM version `RITE_VM_VER` to `0300` (means mruby 3.0 or after). + * Upgrade mruby binary version `RITE_BINARY_FORMAT_VER` to `0300`. + * `mruby3.0` removed `OP_EXT1`, `OP_EXT2`, `OP_EXT3` for operand extension. + But the operand size limitations was too tight for real-world application. + `mruby3.1` reintroduces those extension instructions. + * Some instructions are removed and some new are added, + see full changelog https://github.com/mruby/mruby/blob/3.1.0/doc/mruby3.1.md + * Fixed CVEs: + CVE-2021-4110, CVE-2021-4188, CVE-2022-0080, CVE-2022-0240, + CVE-2022-0326, CVE-2022-0481, CVE-2022-0631, CVE-2022-0632, + CVE-2022-0890, CVE-2022-1071, CVE-2022-1106, CVE-2022-1201, + CVE-2022-1427 +- Drop upstream fixed: + * CVE-2021-4110.patch + * CVE-2022-0240.patch + * CVE-2022-0080.patch + * CVE-2022-0481.patch +- Replaced b1d0296a.patch with CVE-2022-1286.patch + +------------------------------------------------------------------- Old: ---- CVE-2021-4110.patch CVE-2022-0080.patch CVE-2022-0240.patch CVE-2022-0481.patch b1d0296a.patch mruby-3.0.0.tar.gz New: ---- CVE-2022-1286.patch mruby-3.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mruby.spec ++++++ --- /var/tmp/diff_new_pack.4DBkFa/_old 2023-02-16 16:56:36.930883755 +0100 +++ /var/tmp/diff_new_pack.4DBkFa/_new 2023-02-16 16:56:36.938883787 +0100 @@ -2,7 +2,7 @@ # # spec file for package mruby # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # Copyright (c) 2012 Pascal Bleser <pascal.ble...@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -19,9 +19,9 @@ %global _lto_cflags %{_lto_cflags} -ffat-lto-objects -%define sover 3_0_0 +%define sover 3_1_0 Name: mruby -Version: 3.0.0 +Version: 3.1.0 Release: 0 Summary: Lightweight Ruby License: MIT @@ -30,18 +30,10 @@ Source: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz # PATCH-FIX-OPENSUSE PATCH-FEATURE-UPSTREAM link-with-soname.patch -- Add SONAME to library Patch0: link-with-soname.patch -# PATCH-FIX-UPSTREAM CVE-2021-4110.patch -- https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34 -Patch1: CVE-2021-4110.patch -# PATCH-FIX-UPSTREAM CVE-2022-0240.patch -- https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca -Patch2: CVE-2022-0240.patch -# PATCH-FIX-UPSTREAM CVE-2022-0080.patch -- https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 -Patch3: CVE-2022-0080.patch -# PATCH-FIX-UPSTREAM CVE-2022-0481.patch -- https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e -Patch4: CVE-2022-0481.patch -# PATCH-FIX-UPSTREAM b1d0296a.patch -- CVE-2022-1286 boo#1198289 -Patch5: https://github.com/mruby/mruby/commit/b1d0296a.patch +# PATCH-FIX-UPSTREAM CVE-2022-1286.patch -- boo#1198289 https://github.com/mruby/mruby/commit/b1d0296a +Patch2: CVE-2022-1286.patch # PATCH-FIX-UPSTREAM CVE-2022-1212.patch -- https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6 -Patch6: CVE-2022-1212.patch +Patch3: CVE-2022-1212.patch BuildRequires: bison BuildRequires: cmake BuildRequires: pkgconfig ++++++ CVE-2022-1212.patch ++++++ --- /var/tmp/diff_new_pack.4DBkFa/_old 2023-02-16 16:56:36.962883884 +0100 +++ /var/tmp/diff_new_pack.4DBkFa/_new 2023-02-16 16:56:36.966883899 +0100 @@ -1,9 +1,9 @@ -diff -Nur mruby-3.0.0/src/vm.c new/src/vm.c ---- mruby-3.0.0/src/vm.c 2021-03-05 09:07:35.000000000 +0100 -+++ new/src/vm.c 2022-04-26 21:03:08.112400307 +0200 -@@ -2109,9 +2109,9 @@ +diff -Nur old/src/vm.c new/src/vm.c +--- old/src/vm.c 2023-02-15 19:48:53.507676314 +0100 ++++ new/src/vm.c 2023-02-15 19:49:00.159805055 +0100 +@@ -2280,9 +2280,9 @@ } - if (ci->acc < 0) { + if (ci->cci > CINFO_NONE) { ci = cipop(mrb); + mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb_gc_arena_restore(mrb, ai); ++++++ CVE-2021-4110.patch -> CVE-2022-1286.patch ++++++ --- /work/SRC/openSUSE:Factory/mruby/CVE-2021-4110.patch 2021-12-16 21:20:59.458559565 +0100 +++ /work/SRC/openSUSE:Factory/.mruby.new.22824/CVE-2022-1286.patch 2023-02-16 16:56:36.246881021 +0100 @@ -1,76 +1,15 @@ -diff -Nur mruby-3.0.0/include/mruby/proc.h new/include/mruby/proc.h ---- mruby-3.0.0/include/mruby/proc.h 2021-03-05 09:07:35.000000000 +0100 -+++ new/include/mruby/proc.h 2021-12-16 13:05:19.456367294 +0100 -@@ -90,7 +90,7 @@ - struct RProc *mrb_closure_new(mrb_state*, const mrb_irep*); - MRB_API struct RProc *mrb_proc_new_cfunc(mrb_state*, mrb_func_t); - MRB_API struct RProc *mrb_closure_new_cfunc(mrb_state *mrb, mrb_func_t func, int nlocals); --void mrb_proc_copy(struct RProc *a, struct RProc *b); -+void mrb_proc_copy(mrb_state *mrb, struct RProc *a, struct RProc *b); - mrb_int mrb_proc_arity(const struct RProc *p); +diff -Nur old/src/class.c new/src/class.c +--- old/src/class.c 2023-02-15 19:48:06.910773088 +0100 ++++ new/src/class.c 2023-02-15 19:48:22.539076311 +0100 +@@ -2363,7 +2363,10 @@ + MRB_CLASS_ORIGIN(c); + h = c->mt; - /* following functions are defined in mruby-proc-ext so please include it when using */ -diff -Nur mruby-3.0.0/src/class.c new/src/class.c ---- mruby-3.0.0/src/class.c 2021-03-05 09:07:35.000000000 +0100 -+++ new/src/class.c 2021-12-16 13:07:55.280492289 +0100 -@@ -2511,7 +2511,7 @@ - mrb_raise(mrb, E_ARGUMENT_ERROR, "no block given"); - } - p = (struct RProc*)mrb_obj_alloc(mrb, MRB_TT_PROC, mrb->proc_class); -- mrb_proc_copy(p, mrb_proc_ptr(blk)); -+ mrb_proc_copy(mrb, p, mrb_proc_ptr(blk)); - p->flags |= MRB_PROC_STRICT; - MRB_METHOD_FROM_PROC(m, p); - mrb_define_method_raw(mrb, c, mid, m); -diff -Nur mruby-3.0.0/src/proc.c new/src/proc.c ---- mruby-3.0.0/src/proc.c 2021-03-05 09:07:35.000000000 +0100 -+++ new/src/proc.c 2021-12-16 13:07:17.312462000 +0100 -@@ -184,7 +184,7 @@ +- if (h && mt_del(mrb, h, mid)) return; ++ if (h && mt_del(mrb, h, mid)) { ++ mrb_mc_clear_by_class(mrb, c); ++ return; ++ } + mrb_name_error(mrb, mid, "method '%n' not defined in %C", mid, c); } - void --mrb_proc_copy(struct RProc *a, struct RProc *b) -+mrb_proc_copy(mrb_state *mrb, struct RProc *a, struct RProc *b) - { - if (a->body.irep) { - /* already initialized proc */ -@@ -192,10 +192,10 @@ - } - a->flags = b->flags; - a->body = b->body; -+ a->upper = b->upper; - if (!MRB_PROC_CFUNC_P(a) && a->body.irep) { -- mrb_irep_incref(NULL, (mrb_irep*)a->body.irep); -+ mrb_irep_incref(mrb, (mrb_irep*)a->body.irep); - } -- a->upper = b->upper; - a->e.env = b->e.env; - /* a->e.target_class = a->e.target_class; */ - } -@@ -210,7 +210,7 @@ - /* Calling Proc.new without a block is not implemented yet */ - mrb_get_args(mrb, "&!", &blk); - p = (struct RProc *)mrb_obj_alloc(mrb, MRB_TT_PROC, mrb_class_ptr(proc_class)); -- mrb_proc_copy(p, mrb_proc_ptr(blk)); -+ mrb_proc_copy(mrb, p, mrb_proc_ptr(blk)); - proc = mrb_obj_value(p); - mrb_funcall_with_block(mrb, proc, MRB_SYM(initialize), 0, NULL, proc); - if (!MRB_PROC_STRICT_P(p) && -@@ -228,7 +228,7 @@ - if (!mrb_proc_p(proc)) { - mrb_raise(mrb, E_ARGUMENT_ERROR, "not a proc"); - } -- mrb_proc_copy(mrb_proc_ptr(self), mrb_proc_ptr(proc)); -+ mrb_proc_copy(mrb, mrb_proc_ptr(self), mrb_proc_ptr(proc)); - return self; - } - -@@ -264,7 +264,7 @@ - p = mrb_proc_ptr(blk); - if (!MRB_PROC_STRICT_P(p)) { - struct RProc *p2 = (struct RProc*)mrb_obj_alloc(mrb, MRB_TT_PROC, p->c); -- mrb_proc_copy(p2, p); -+ mrb_proc_copy(mrb, p2, p); - p2->flags |= MRB_PROC_STRICT; - return mrb_obj_value(p2); - } ++++++ link-with-soname.patch ++++++ --- /var/tmp/diff_new_pack.4DBkFa/_old 2023-02-16 16:56:36.994884012 +0100 +++ /var/tmp/diff_new_pack.4DBkFa/_new 2023-02-16 16:56:36.998884027 +0100 @@ -1,6 +1,6 @@ -diff -Nur mruby-3.0.0/build_config/host-shared.rb new/build_config/host-shared.rb ---- mruby-3.0.0/build_config/host-shared.rb 2021-03-05 09:07:35.000000000 +0100 -+++ new/build_config/host-shared.rb 2022-02-21 12:59:46.926385435 +0100 +diff -Nur mruby-3.1.0/build_config/host-shared.rb new/build_config/host-shared.rb +--- mruby-3.1.0/build_config/host-shared.rb 2022-05-12 05:19:10.000000000 +0200 ++++ new/build_config/host-shared.rb 2023-02-15 19:40:18.649494310 +0100 @@ -18,12 +18,12 @@ conf.archiver do |archiver| @@ -11,14 +11,14 @@ # file extensions conf.exts do |exts| -- exts.library = '.so' -+ exts.library = '.so.%{version}' +- exts.library = '.so' ++ exts.library = '.so.%{version}' end # file separator -diff -Nur mruby-3.0.0/lib/mruby/build/command.rb new/lib/mruby/build/command.rb ---- mruby-3.0.0/lib/mruby/build/command.rb 2021-03-05 09:07:35.000000000 +0100 -+++ new/lib/mruby/build/command.rb 2022-02-21 13:10:29.627639126 +0100 +diff -Nur mruby-3.1.0/lib/mruby/build/command.rb new/lib/mruby/build/command.rb +--- mruby-3.1.0/lib/mruby/build/command.rb 2022-05-12 05:19:10.000000000 +0200 ++++ new/lib/mruby/build/command.rb 2023-02-15 19:39:00.763898579 +0100 @@ -4,7 +4,7 @@ class Command include Rake::DSL @@ -37,9 +37,9 @@ end end -diff -Nur mruby-3.0.0/lib/mruby/build.rb new/lib/mruby/build.rb ---- mruby-3.0.0/lib/mruby/build.rb 2021-03-05 09:07:35.000000000 +0100 -+++ new/lib/mruby/build.rb 2022-02-21 12:59:29.906251522 +0100 +diff -Nur mruby-3.1.0/lib/mruby/build.rb new/lib/mruby/build.rb +--- mruby-3.1.0/lib/mruby/build.rb 2022-05-12 05:19:10.000000000 +0200 ++++ new/lib/mruby/build.rb 2023-02-15 19:39:00.763898579 +0100 @@ -6,6 +6,7 @@ autoload :Gem, "mruby/gem" autoload :Lockfile, "mruby/lockfile" @@ -48,7 +48,7 @@ class << self def targets -@@ -380,6 +381,10 @@ +@@ -382,6 +383,10 @@ end end @@ -59,7 +59,7 @@ def exefile(name) if name.is_a?(Array) name.flatten.map { |n| exefile(n) } -@@ -403,7 +408,7 @@ +@@ -405,7 +410,7 @@ if name.is_a?(Array) name.flatten.map { |n| libfile(n) } else ++++++ mruby-3.0.0.tar.gz -> mruby-3.1.0.tar.gz ++++++ ++++ 49982 lines of diff (skipped)
