Hello community,

here is the log from the commit of package rubygem-rubyzip for openSUSE:Factory 
checked in at 2019-07-08 15:12:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rubyzip (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-rubyzip.new.4615 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-rubyzip"

Mon Jul  8 15:12:37 2019 rev:15 rq:713997 version:1.2.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rubyzip/rubygem-rubyzip.changes  
2019-03-01 16:46:25.709821761 +0100
+++ 
/work/SRC/openSUSE:Factory/.rubygem-rubyzip.new.4615/rubygem-rubyzip.changes    
    2019-07-08 16:41:15.268979456 +0200
@@ -1,0 +2,17 @@
+Mon Jul  8 07:53:40 UTC 2019 - Manuel Schnitzer <mschnit...@suse.com>
+
+- updated to version 1.2.3
+
+  * Allow tilde in zip entry names 
[#391](https://github.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 
from [#376](https://github.com/rubyzip/rubyzip/pull/376))
+  * Support frozen string literals in more files 
[#390](https://github.com/rubyzip/rubyzip/pull/390)
+  * Require `pathname` explicitly 
[#388](https://github.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 
from [#376](https://github.com/rubyzip/rubyzip/pull/376))
+
+  Tooling / Documentation:
+
+  * CI updates [#392](https://github.com/rubyzip/rubyzip/pull/392), 
[#394](https://github.com/rubyzip/rubyzip/pull/394)
+    - Bump supported ruby versions and add 2.6
+    - JRuby failures are no longer ignored (reverts 
[#375](https://github.com/rubyzip/rubyzip/pull/375) / part of 
[#371](https://github.com/rubyzip/rubyzip/pull/371))
+  * Add changelog entry that was missing for last release 
[#387](https://github.com/rubyzip/rubyzip/pull/387)
+  * Comment cleanup [#385](https://github.com/rubyzip/rubyzip/pull/385)
+
+-------------------------------------------------------------------

Old:
----
  rubyzip-1.2.2.gem

New:
----
  rubyzip-1.2.3.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-rubyzip.spec ++++++
--- /var/tmp/diff_new_pack.SipHRu/_old  2019-07-08 16:41:15.840980267 +0200
+++ /var/tmp/diff_new_pack.SipHRu/_new  2019-07-08 16:41:15.844980273 +0200
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-rubyzip
-Version:        1.2.2
+Version:        1.2.3
 Release:        0
 %define mod_name rubyzip
 %define mod_full_name %{mod_name}-%{version}

++++++ rubyzip-1.2.2.gem -> rubyzip-1.2.3.gem ++++++
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/zip/entry.rb new/lib/zip/entry.rb
--- old/lib/zip/entry.rb        2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/entry.rb        2019-05-23 19:58:25.000000000 +0200
@@ -1,3 +1,4 @@
+require 'pathname'
 module Zip
   class Entry
     STORED   = 0
@@ -117,7 +118,7 @@
       return false unless cleanpath.relative?
       root = ::File::SEPARATOR
       naive_expanded_path = ::File.join(root, cleanpath.to_s)
-      cleanpath.expand_path(root).to_s == naive_expanded_path
+      ::File.absolute_path(cleanpath.to_s, root) == naive_expanded_path
     end
 
     def local_entry_offset #:nodoc:all
@@ -275,10 +276,10 @@
       zip64 = @extra['Zip64']
       [::Zip::LOCAL_ENTRY_SIGNATURE,
        @version_needed_to_extract, # version needed to extract
-       @gp_flags, # @gp_flags                  ,
+       @gp_flags, # @gp_flags
        @compression_method,
-       @time.to_binary_dos_time, # @last_mod_time              ,
-       @time.to_binary_dos_date, # @last_mod_date              ,
+       @time.to_binary_dos_time, # @last_mod_time
+       @time.to_binary_dos_date, # @last_mod_date
        @crc,
        zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
        zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
@@ -432,11 +433,11 @@
         @header_signature,
         @version, # version of encoding software
         @fstype, # filesystem type
-        @version_needed_to_extract, # @versionNeededToExtract           ,
-        @gp_flags, # @gp_flags                          ,
+        @version_needed_to_extract, # @versionNeededToExtract
+        @gp_flags, # @gp_flags
         @compression_method,
-        @time.to_binary_dos_time, # @last_mod_time                      ,
-        @time.to_binary_dos_date, # @last_mod_date                      ,
+        @time.to_binary_dos_time, # @last_mod_time
+        @time.to_binary_dos_date, # @last_mod_date
         @crc,
         zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
         zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
@@ -602,7 +603,7 @@
         get_input_stream do |is|
           set_extra_attributes_on_path(dest_path)
 
-          buf = ''
+          buf = ''.dup
           while (buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf))
             os << buf
           end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/zip/extra_field.rb new/lib/zip/extra_field.rb
--- old/lib/zip/extra_field.rb  2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/extra_field.rb  2019-05-23 19:58:25.000000000 +0200
@@ -26,7 +26,7 @@
     end
 
     def create_unknown_item
-      s = ''
+      s = ''.dup
       class << s
         alias_method :to_c_dir_bin, :to_s
         alias_method :to_local_bin, :to_s
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/zip/inflater.rb new/lib/zip/inflater.rb
--- old/lib/zip/inflater.rb     2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/inflater.rb     2019-05-23 19:58:25.000000000 +0200
@@ -3,7 +3,7 @@
     def initialize(input_stream, decrypter = NullDecrypter.new)
       super(input_stream)
       @zlib_inflater           = ::Zlib::Inflate.new(-Zlib::MAX_WBITS)
-      @output_buffer           = ''
+      @output_buffer           = ''.dup
       @has_returned_empty_string = false
       @decrypter = decrypter
     end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/zip/version.rb new/lib/zip/version.rb
--- old/lib/zip/version.rb      2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/version.rb      2019-05-23 19:58:25.000000000 +0200
@@ -1,3 +1,3 @@
 module Zip
-  VERSION = '1.2.2'
+  VERSION = '1.2.3'
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata        2018-08-31 18:20:18.000000000 +0200
+++ new/metadata        2019-05-23 19:58:25.000000000 +0200
@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubyzip
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.2.3
 platform: ruby
 authors:
 - Alexander Simonov
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-31 00:00:00.000000000 Z
+date: 2019-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -164,6 +164,7 @@
 - test/data/path_traversal/jwilk/relative2.zip
 - test/data/path_traversal/jwilk/symlink.zip
 - test/data/path_traversal/relative1.zip
+- test/data/path_traversal/tilde.zip
 - test/data/path_traversal/tuzovakaoff/README.md
 - test/data/path_traversal/tuzovakaoff/absolutepath.zip
 - test/data/path_traversal/tuzovakaoff/symlink.zip
@@ -226,8 +227,7 @@
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: rubyzip is a ruby module for reading and writing zip files
@@ -280,6 +280,7 @@
 - test/data/rubycode2.zip
 - test/data/mimetype
 - test/data/zipWithEncryption.zip
+- test/data/path_traversal/tilde.zip
 - test/data/path_traversal/Makefile
 - test/data/path_traversal/relative1.zip
 - test/data/path_traversal/jwilk/dirsymlink.zip
Binary files old/test/data/path_traversal/tilde.zip and 
new/test/data/path_traversal/tilde.zip differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/test/path_traversal_test.rb 
new/test/path_traversal_test.rb
--- old/test/path_traversal_test.rb     2018-08-31 18:20:18.000000000 +0200
+++ new/test/path_traversal_test.rb     2019-05-23 19:58:25.000000000 +0200
@@ -131,4 +131,11 @@
       refute File.exist?('/tmp/file.txt')
     end
   end
+
+  def test_entry_name_with_tilde
+    in_tmpdir do
+      extract_path_traversal_zip 'tilde.zip'
+      assert File.exist?('~tilde~')
+    end
+  end
 end


Reply via email to