Hello community, here is the log from the commit of package ruby2.4 for openSUSE:Factory checked in at 2017-11-23 09:38:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ruby2.4 (Old) and /work/SRC/openSUSE:Factory/.ruby2.4.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby2.4" Thu Nov 23 09:38:05 2017 rev:3 rq:543851 version:2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ruby2.4/ruby2.4.changes 2017-06-04 01:56:43.954447531 +0200 +++ /work/SRC/openSUSE:Factory/.ruby2.4.new/ruby2.4.changes 2017-11-23 09:38:20.709800689 +0100 @@ -1,0 +2,50 @@ +Mon Nov 20 11:10:12 UTC 2017 - mrueck...@suse.de + +- disable jemalloc again because of: (boo#1068883) + https://github.com/jemalloc/jemalloc/issues/937 + +------------------------------------------------------------------- +Thu Nov 9 13:43:41 UTC 2017 - jdelv...@suse.de + +- Add conflicts to libruby to make sure ruby and ruby-stdlib are + also updated when libruby is updated (bsc#1048072.) + +------------------------------------------------------------------- +Tue Nov 7 21:38:07 UTC 2017 - mrueck...@suse.de + +- devel package needs to require jemalloc-devel when building with + it + +------------------------------------------------------------------- +Tue Nov 7 13:19:33 UTC 2017 - mrueck...@suse.de + +- only use jemalloc on opensuse and sle >= 15 + +------------------------------------------------------------------- +Mon Nov 6 14:26:31 UTC 2017 - mrueck...@suse.de + +- update to 2.4.2 + - CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf + (boo#1058755) + - CVE-2017-10784: Escape sequence injection vulnerability in the + Basic authentication of WEBrick (boo#1058754) + - CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 + decode (boo#1058757) + - CVE-2017-14064: Heap exposure in generating JSON + (boo#1056782) + - Multiple vulnerabilities in RubyGems (boo#1056286) + CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 + - Update bundled libyaml to version 0.1.7. + - There are also many bug-fixes. For more details see: + https://github.com/ruby/ruby/compare/v2_4_1...v2_4_2 +- added https://bugs.ruby-lang.org/attachments/download/6735/configure-2.4.2.diff + to allow building with libgmp and libjemalloc again + +------------------------------------------------------------------- +Mon Aug 7 09:46:16 UTC 2017 - mrueck...@suse.de + +- provide a ruby-default symbol and conflict with other providers + of that symbol so we can uninstall older default ruby versions + during zypper dup. + +------------------------------------------------------------------- Old: ---- ruby-2.4.1.tar.xz New: ---- configure-2.4.2.diff ruby-2.4.2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby2.4.spec ++++++ --- /var/tmp/diff_new_pack.qmlDxD/_old 2017-11-23 09:38:21.597768291 +0100 +++ /var/tmp/diff_new_pack.qmlDxD/_new 2017-11-23 09:38:21.597768291 +0100 @@ -25,7 +25,7 @@ #### %define patch_level p0 -Version: 2.4.1 +Version: 2.4.2 Release: 0 # make the exported API version explicit %define api_version 2.4.0 @@ -36,7 +36,7 @@ %define rpm_macros_version 3 # -%define pkg_version 2.4.1 +%define pkg_version 2.4.2 %define libname libruby2_4-2_4 # keep in sync with macro file! %define rb_ver %{api_version} @@ -50,6 +50,10 @@ %define rb_extdocdir %{_libdir}/ruby/gems/%{rb_ver}/doc/extensions %define rb_extarchdocdir %{_libdir}/ruby/gems/%{rb_ver}/doc/extensions/%{rb_arch_short} +%if "%{rb_default_ruby_suffix}" == "%{rb_soname}" +%define is_default_ruby 1 +%endif + # keep in sync with macro file! # # from valgrind.spec @@ -58,11 +62,19 @@ %endif # turn on testsuite by default. we dont hard fail anyway. %bcond_without run_tests +%if 0%{?is_opensuse} || 0%{?sle_version} >= 150000 +%bcond_with jemalloc +%else +%bcond_with jemalloc +%endif # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: awk BuildRequires: gdbm-devel +%if %{with jemalloc} +BuildRequires: jemalloc-devel +%endif BuildRequires: libffi-devel BuildRequires: libyaml-devel BuildRequires: ncurses-devel @@ -91,7 +103,11 @@ %if 0%{?suse_version} > 1130 Conflicts: ruby(abi) = %{rb_ver} %endif -Provides: ruby22 = %{version}-%{release} +Provides: ruby24 = %{version}-%{release} +%if 0%{?is_default_ruby} +Provides: ruby-default = %{version}-%{release} +Conflicts: otherproviders(ruby-default) +%endif Requires: %{libname} = %{version} Requires: %{name}-stdlib = %{version} PreReq: update-alternatives @@ -109,6 +125,7 @@ Patch01: 0001-make-gem-build-reproducible.patch Patch02: 0002-gc.c-tick-for-POWER-arch.patch +Patch03: configure-2.4.2.diff # Summary: An Interpreted Object-Oriented Scripting Language @@ -116,10 +133,9 @@ Group: Development/Languages/Ruby %description -Ruby is an interpreted scripting language for quick and easy -object-oriented programming. It has many features for processing text -files and performing system management tasks (as in Perl). It is -simple, straight-forward, and extensible. +Ruby is an interpreted scripting language for object-oriented programming. It +has many features for processing text files and performing system management +tasks (as in Perl). It is extensible. * Ruby features: @@ -141,15 +157,17 @@ - Dynamic Loading of Object Files (on some architectures) -- Highly Portable (works on many UNIX machines; DOS, Windows, Mac, -BeOS, and more) - %package -n %{libname} Summary: Dynamic runtime library for Ruby Group: System/Libraries +# Both ruby and ruby-stdlib now depend explicitly on libruby by version, +# however it was not always the case, so the conflicts statements below +# are needed to handle updates. +Conflicts: %{name} < %{version}-%{release} +Conflicts: %{name}-stdlib < %{version}-%{release} %description -n %{libname} -Dynamic runtime library libruby2.1.so.2.0.0 for Ruby +Dynamic runtime library for Ruby %package doc Summary: Documentation and samples for Ruby @@ -201,6 +219,9 @@ Requires: %{name} = %{version} Provides: rubygems = 2.5.2 Provides: rubygems_with_buildroot_patch +%if %{with jemalloc} +Requires: jemalloc-devel +%endif %description devel Development files to link against Ruby. @@ -255,10 +276,9 @@ %endif %description test-suite -Ruby is an interpreted scripting language for quick and easy -object-oriented programming. It has many features for processing text -files and performing system management tasks (as in Perl). It is -simple, straight-forward, and extensible. +Ruby is an interpreted scripting language for object-oriented programming. It +has many features for processing text files and performing system management +tasks (as in Perl). It is extensible. * Ruby features: @@ -280,13 +300,11 @@ - Dynamic Loading of Object Files (on some architectures) -- Highly Portable (works on many UNIX machines; DOS, Windows, Mac, -BeOS, and more) - %prep %setup -q -n ruby-%{pkg_version} %patch01 -p1 %patch02 -p1 +%patch03 -p1 find sample -type f -print0 | xargs -r0 chmod a-x grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \ | xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|' @@ -295,6 +313,9 @@ # iseq.c needs -fno-strict-aliasing export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ + %if %{with jemalloc} + --with-jemalloc \ + %endif --program-suffix="%{rb_binary_suffix}" \ --with-soname=%{rb_soname} \ --target=%{_target_platform} \ @@ -305,7 +326,7 @@ --enable-shared \ --disable-static \ --disable-rpath -%{__make} all V=1 +make all V=1 %install %makeinstall V=1 @@ -325,7 +346,7 @@ install -D -m 0644 %{S:2} %{buildroot}/etc/rpm/macros.suse-ruby2.4 mkdir -p %{buildroot}%{_sysconfdir}/alternatives -%if "%{rb_default_ruby_suffix}" == "%{rb_soname}" +%if 0%{?is_default_ruby} install -D -m 0644 %{S:3} %{buildroot}/etc/rpm/macros.suse-ruby2.4-default for bin in %{buildroot}%{_bindir}/{erb,gem,irb,ruby}%{rb_binary_suffix} ; do # yes really hard links @@ -386,11 +407,8 @@ make check V=1 $DISABLE_TESTS ||: %endif -%post -n %{libname} -/sbin/ldconfig - -%postun -n %{libname} -/sbin/ldconfig +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig %files %defattr(-,root,root,-) ++++++ configure-2.4.2.diff ++++++ diff -pU3 a/configure b/configure --- a/configure 2017-09-14 21:52:19.000000000 +0900 +++ b/configure 2017-09-15 07:03:12.000000000 +0900 @@ -10614,6 +10614,7 @@ fi ac_res=$ac_cv_search___gmpz_init if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + $as_echo "#define HAVE_LIBGMP 1" >>confdefs.h fi @@ -10683,6 +10684,7 @@ fi ac_res=$ac_cv_search_malloc_conf if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + $as_echo "#define HAVE_LIBJEMALLOC 1" >>confdefs.h else with_jemalloc=no # diff -pU3 a/configure.in b/configure.in # --- a/configure.in 2017-08-04 23:39:29.000000000 +0900 # +++ b/configure.in 2017-09-15 07:20:40.000000000 +0900 # @@ -1403,13 +1403,15 @@ AC_ARG_WITH([gmp], # AS_IF([test "x$with_gmp" != xno], # [AC_CHECK_HEADERS(gmp.h) # AS_IF([test "x$ac_cv_header_gmp_h" != xno], # - AC_SEARCH_LIBS([__gmpz_init], [gmp]))]) # + AC_SEARCH_LIBS([__gmpz_init], [gmp], # + [AC_DEFINE(HAVE_LIBGMP, 1)]))]) # # AC_ARG_WITH([jemalloc], # [AS_HELP_STRING([--with-jemalloc],[use jemalloc allocator])], # [with_jemalloc=$withval], [with_jemalloc=no]) # AS_IF([test "x$with_jemalloc" = xyes],[ # - AC_SEARCH_LIBS([malloc_conf], [jemalloc], [], [with_jemalloc=no]) # + AC_SEARCH_LIBS([malloc_conf], [jemalloc], # + [AC_DEFINE(HAVE_LIBJEMALLOC, 1)], [with_jemalloc=no]) # AC_CHECK_HEADER(jemalloc/jemalloc.h, [ # AC_DEFINE(RUBY_ALTERNATIVE_MALLOC_HEADER, [<jemalloc/jemalloc.h>]) # ]) ++++++ ruby-2.4.1.tar.xz -> ruby-2.4.2.tar.xz ++++++ /work/SRC/openSUSE:Factory/ruby2.4/ruby-2.4.1.tar.xz /work/SRC/openSUSE:Factory/.ruby2.4.new/ruby-2.4.2.tar.xz differ: char 26, line 1