Hello community, here is the log from the commit of package ruby2.5 for openSUSE:Leap:15.2 checked in at 2020-04-17 13:36:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.5 (Old) and /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby2.5" Fri Apr 17 13:36:39 2020 rev:44 rq:794234 version:2.5.8 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby2.5.changes 2020-03-23 17:26:33.858155945 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738/ruby2.5.changes 2020-04-17 13:36:41.428181382 +0200 @@ -1,0 +2,12 @@ +Tue Apr 7 23:03:15 UTC 2020 - Marcus Rueckert <[email protected]> + +- Update to 2.5.8 (boo#1167244 boo#1168938) + - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON + (Additional fix) + - CVE-2020-10933: Heap exposure vulnerability in the socket + library + + https://github.com/ruby/ruby/compare/v2_5_7...v2_5_8 +- drop CVE-2020-8130.patch and rake-12.3.0.gem: included upstream + +------------------------------------------------------------------- Old: ---- CVE-2020-8130.patch rake-12.3.0.gem ruby-2.5.7.tar.xz New: ---- ruby-2.5.8.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby2.5.spec ++++++ --- /var/tmp/diff_new_pack.1r33cj/_old 2020-04-17 13:36:41.996181810 +0200 +++ /var/tmp/diff_new_pack.1r33cj/_new 2020-04-17 13:36:42.000181813 +0200 @@ -25,7 +25,7 @@ #### %define patch_level p0 -Version: 2.5.7 +Version: 2.5.8 Release: 0 %define pkg_version %{version} # make the exported API version explicit @@ -127,7 +127,6 @@ Source: https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{pkg_version}.tar.xz # the file was created by applying all patches and then running gem build in the gems/did_you_mean-1.2.0 directory Source1: did_you_mean-1.2.0.gem -Source2: rake-12.3.0.gem # Source3: %{name}.macros Source4: %{name}-default.macros @@ -143,7 +142,6 @@ Patch07: 0007-date-support-for-Reiwa-new-Japanese-era.patch # this can not be in our backports git as the files are not there yet Patch08: remove-unneeded-files.patch -Patch09: CVE-2020-8130.patch # Summary: An Interpreted Object-Oriented Scripting Language @@ -302,14 +300,13 @@ %patch06 -p1 %patch07 -p1 %patch08 -p1 -%patch09 -p1 find sample -type f -print0 | xargs -r0 chmod a-x grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \ | xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|' %build rm -rv gems/did_you_mean-1.2.0/evaluation -cp %{SOURCE1} %{SOURCE2} gems/ +cp %{SOURCE1} gems/ # iseq.c needs -fno-strict-aliasing export LANG="en_US.UTF-8" export LC_ALL="en_US.UTF-8" ++++++ ruby-2.5.7.tar.xz -> ruby-2.5.8.tar.xz ++++++ /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby-2.5.7.tar.xz /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738/ruby-2.5.8.tar.xz differ: char 26, line 1
