Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-activesupport-7.0 for
openSUSE:Factory checked in at 2023-03-08 14:52:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-activesupport-7.0 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-activesupport-7.0.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activesupport-7.0"
Wed Mar 8 14:52:19 2023 rev:7 rq:1067314 version:7.0.4.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-activesupport-7.0/rubygem-activesupport-7.0.changes
2022-10-12 18:26:46.437964903 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-activesupport-7.0.new.31432/rubygem-activesupport-7.0.changes
2023-03-08 14:52:23.742618252 +0100
@@ -1,0 +2,13 @@
+Fri Jan 27 13:33:07 UTC 2023 - Valentin Lefebvre <valentin.lefeb...@suse.com>
+
+- update to version 7.0.4.1
+ see installed CHANGELOG.md
+ fix CVE-2023-22796 (bsc#1207454)
+
+ ## Rails 7.0.4.1 (January 17, 2023) ##
+
+ * Avoid regex backtracking in Inflector.underscore
+
+ [CVE-2023-22796]
+
+-------------------------------------------------------------------
Old:
----
activesupport-7.0.4.gem
New:
----
activesupport-7.0.4.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-activesupport-7.0.spec ++++++
--- /var/tmp/diff_new_pack.2LRluV/_old 2023-03-08 14:52:24.326621432 +0100
+++ /var/tmp/diff_new_pack.2LRluV/_new 2023-03-08 14:52:24.330621454 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-activesupport-7.0
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-activesupport-7.0
-Version: 7.0.4
+Version: 7.0.4.1
Release: 0
%define mod_name activesupport
%define mod_full_name %{mod_name}-%{version}
++++++ activesupport-7.0.4.gem -> activesupport-7.0.4.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2022-09-09 20:42:15.000000000 +0200
+++ new/CHANGELOG.md 2023-01-17 19:54:53.000000000 +0100
@@ -1,3 +1,10 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+* Avoid regex backtracking in Inflector.underscore
+
+ [CVE-2023-22796]
+
+
## Rails 7.0.4 (September 09, 2022) ##
* Redis cache store is now compatible with redis-rb 5.0.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_support/gem_version.rb
new/lib/active_support/gem_version.rb
--- old/lib/active_support/gem_version.rb 2022-09-09 20:42:15.000000000
+0200
+++ new/lib/active_support/gem_version.rb 2023-01-17 19:54:53.000000000
+0100
@@ -10,7 +10,7 @@
MAJOR = 7
MINOR = 0
TINY = 4
- PRE = nil
+ PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_support/inflector/methods.rb
new/lib/active_support/inflector/methods.rb
--- old/lib/active_support/inflector/methods.rb 2022-09-09 20:42:15.000000000
+0200
+++ new/lib/active_support/inflector/methods.rb 2023-01-17 19:54:53.000000000
+0100
@@ -97,7 +97,7 @@
return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word)
word = camel_cased_word.to_s.gsub("::", "/")
word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_'
}#{$2.downcase}" }
- word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) <<
"_" }
+ word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) <<
"_" }
word.tr!("-", "_")
word.downcase!
word
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2022-09-09 20:42:15.000000000 +0200
+++ new/metadata 2023-01-17 19:54:53.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: activesupport
version: !ruby/object:Gem::Version
- version: 7.0.4
+ version: 7.0.4.1
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2022-09-09 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: i18n
@@ -359,10 +359,10 @@
- MIT
metadata:
bug_tracker_uri: https://github.com/rails/rails/issues
- changelog_uri:
https://github.com/rails/rails/blob/v7.0.4/activesupport/CHANGELOG.md
- documentation_uri: https://api.rubyonrails.org/v7.0.4/
+ changelog_uri:
https://github.com/rails/rails/blob/v7.0.4.1/activesupport/CHANGELOG.md
+ documentation_uri: https://api.rubyonrails.org/v7.0.4.1/
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
- source_code_uri: https://github.com/rails/rails/tree/v7.0.4/activesupport
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.4.1/activesupport
rubygems_mfa_required: 'true'
post_install_message:
rdoc_options:
@@ -381,7 +381,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.3
signing_key:
specification_version: 4
summary: A toolkit of support libraries and Ruby core extensions extracted
from the
