Hello community,
here is the log from the commit of package rubygem-rubyzip for openSUSE:Factory
checked in at 2019-07-08 15:12:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rubyzip (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rubyzip.new.4615 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rubyzip"
Mon Jul 8 15:12:37 2019 rev:15 rq:713997 version:1.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rubyzip/rubygem-rubyzip.changes
2019-03-01 16:46:25.709821761 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-rubyzip.new.4615/rubygem-rubyzip.changes
2019-07-08 16:41:15.268979456 +0200
@@ -1,0 +2,17 @@
+Mon Jul 8 07:53:40 UTC 2019 - Manuel Schnitzer <[email protected]>
+
+- updated to version 1.2.3
+
+ * Allow tilde in zip entry names
[#391](https://github.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2
from [#376](https://github.com/rubyzip/rubyzip/pull/376))
+ * Support frozen string literals in more files
[#390](https://github.com/rubyzip/rubyzip/pull/390)
+ * Require `pathname` explicitly
[#388](https://github.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2
from [#376](https://github.com/rubyzip/rubyzip/pull/376))
+
+ Tooling / Documentation:
+
+ * CI updates [#392](https://github.com/rubyzip/rubyzip/pull/392),
[#394](https://github.com/rubyzip/rubyzip/pull/394)
+ - Bump supported ruby versions and add 2.6
+ - JRuby failures are no longer ignored (reverts
[#375](https://github.com/rubyzip/rubyzip/pull/375) / part of
[#371](https://github.com/rubyzip/rubyzip/pull/371))
+ * Add changelog entry that was missing for last release
[#387](https://github.com/rubyzip/rubyzip/pull/387)
+ * Comment cleanup [#385](https://github.com/rubyzip/rubyzip/pull/385)
+
+-------------------------------------------------------------------
Old:
----
rubyzip-1.2.2.gem
New:
----
rubyzip-1.2.3.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rubyzip.spec ++++++
--- /var/tmp/diff_new_pack.SipHRu/_old 2019-07-08 16:41:15.840980267 +0200
+++ /var/tmp/diff_new_pack.SipHRu/_new 2019-07-08 16:41:15.844980273 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-rubyzip
-Version: 1.2.2
+Version: 1.2.3
Release: 0
%define mod_name rubyzip
%define mod_full_name %{mod_name}-%{version}
++++++ rubyzip-1.2.2.gem -> rubyzip-1.2.3.gem ++++++
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/zip/entry.rb new/lib/zip/entry.rb
--- old/lib/zip/entry.rb 2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/entry.rb 2019-05-23 19:58:25.000000000 +0200
@@ -1,3 +1,4 @@
+require 'pathname'
module Zip
class Entry
STORED = 0
@@ -117,7 +118,7 @@
return false unless cleanpath.relative?
root = ::File::SEPARATOR
naive_expanded_path = ::File.join(root, cleanpath.to_s)
- cleanpath.expand_path(root).to_s == naive_expanded_path
+ ::File.absolute_path(cleanpath.to_s, root) == naive_expanded_path
end
def local_entry_offset #:nodoc:all
@@ -275,10 +276,10 @@
zip64 = @extra['Zip64']
[::Zip::LOCAL_ENTRY_SIGNATURE,
@version_needed_to_extract, # version needed to extract
- @gp_flags, # @gp_flags ,
+ @gp_flags, # @gp_flags
@compression_method,
- @time.to_binary_dos_time, # @last_mod_time ,
- @time.to_binary_dos_date, # @last_mod_date ,
+ @time.to_binary_dos_time, # @last_mod_time
+ @time.to_binary_dos_date, # @last_mod_date
@crc,
zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
@@ -432,11 +433,11 @@
@header_signature,
@version, # version of encoding software
@fstype, # filesystem type
- @version_needed_to_extract, # @versionNeededToExtract ,
- @gp_flags, # @gp_flags ,
+ @version_needed_to_extract, # @versionNeededToExtract
+ @gp_flags, # @gp_flags
@compression_method,
- @time.to_binary_dos_time, # @last_mod_time ,
- @time.to_binary_dos_date, # @last_mod_date ,
+ @time.to_binary_dos_time, # @last_mod_time
+ @time.to_binary_dos_date, # @last_mod_date
@crc,
zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
@@ -602,7 +603,7 @@
get_input_stream do |is|
set_extra_attributes_on_path(dest_path)
- buf = ''
+ buf = ''.dup
while (buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf))
os << buf
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/zip/extra_field.rb new/lib/zip/extra_field.rb
--- old/lib/zip/extra_field.rb 2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/extra_field.rb 2019-05-23 19:58:25.000000000 +0200
@@ -26,7 +26,7 @@
end
def create_unknown_item
- s = ''
+ s = ''.dup
class << s
alias_method :to_c_dir_bin, :to_s
alias_method :to_local_bin, :to_s
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/zip/inflater.rb new/lib/zip/inflater.rb
--- old/lib/zip/inflater.rb 2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/inflater.rb 2019-05-23 19:58:25.000000000 +0200
@@ -3,7 +3,7 @@
def initialize(input_stream, decrypter = NullDecrypter.new)
super(input_stream)
@zlib_inflater = ::Zlib::Inflate.new(-Zlib::MAX_WBITS)
- @output_buffer = ''
+ @output_buffer = ''.dup
@has_returned_empty_string = false
@decrypter = decrypter
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/zip/version.rb new/lib/zip/version.rb
--- old/lib/zip/version.rb 2018-08-31 18:20:18.000000000 +0200
+++ new/lib/zip/version.rb 2019-05-23 19:58:25.000000000 +0200
@@ -1,3 +1,3 @@
module Zip
- VERSION = '1.2.2'
+ VERSION = '1.2.3'
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2018-08-31 18:20:18.000000000 +0200
+++ new/metadata 2019-05-23 19:58:25.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rubyzip
version: !ruby/object:Gem::Version
- version: 1.2.2
+ version: 1.2.3
platform: ruby
authors:
- Alexander Simonov
autorequire:
bindir: bin
cert_chain: []
-date: 2018-08-31 00:00:00.000000000 Z
+date: 2019-05-23 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rake
@@ -164,6 +164,7 @@
- test/data/path_traversal/jwilk/relative2.zip
- test/data/path_traversal/jwilk/symlink.zip
- test/data/path_traversal/relative1.zip
+- test/data/path_traversal/tilde.zip
- test/data/path_traversal/tuzovakaoff/README.md
- test/data/path_traversal/tuzovakaoff/absolutepath.zip
- test/data/path_traversal/tuzovakaoff/symlink.zip
@@ -226,8 +227,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.0.1
signing_key:
specification_version: 4
summary: rubyzip is a ruby module for reading and writing zip files
@@ -280,6 +280,7 @@
- test/data/rubycode2.zip
- test/data/mimetype
- test/data/zipWithEncryption.zip
+- test/data/path_traversal/tilde.zip
- test/data/path_traversal/Makefile
- test/data/path_traversal/relative1.zip
- test/data/path_traversal/jwilk/dirsymlink.zip
Binary files old/test/data/path_traversal/tilde.zip and
new/test/data/path_traversal/tilde.zip differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/path_traversal_test.rb
new/test/path_traversal_test.rb
--- old/test/path_traversal_test.rb 2018-08-31 18:20:18.000000000 +0200
+++ new/test/path_traversal_test.rb 2019-05-23 19:58:25.000000000 +0200
@@ -131,4 +131,11 @@
refute File.exist?('/tmp/file.txt')
end
end
+
+ def test_entry_name_with_tilde
+ in_tmpdir do
+ extract_path_traversal_zip 'tilde.zip'
+ assert File.exist?('~tilde~')
+ end
+ end
end
