Hello community, here is the log from the commit of package ruby2.6 for openSUSE:Leap:15.2 checked in at 2020-04-17 13:38:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.6 (Old) and /work/SRC/openSUSE:Leap:15.2/.ruby2.6.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby2.6" Fri Apr 17 13:38:23 2020 rev:2 rq:794531 version:2.6.6 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/ruby2.6/ruby2.6.changes 2020-02-21 10:49:09.410897823 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ruby2.6.new.2738/ruby2.6.changes 2020-04-17 13:38:48.172276731 +0200 @@ -1,0 +2,18 @@ +Tue Apr 7 22:56:23 UTC 2020 - Marcus Rueckert <[email protected]> + +- Update 2.6.6 (boo#1167244 boo#1168938) + - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON + (Additional fix) + - CVE-2020-10933: Heap exposure vulnerability in the socket + library + + https://github.com/ruby/ruby/compare/v2_6_5...v2_6_6 +- drop CVE-2020-8130.patch and rake-12.3.2.gem again: fix included + +------------------------------------------------------------------- +Fri Mar 6 14:56:41 UTC 2020 - Marcus Rueckert <[email protected]> + +- Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake: + - add CVE-2020-8130.patch and rake-12.3.2.gem + +------------------------------------------------------------------- Old: ---- ruby-2.6.5.tar.xz New: ---- ruby-2.6.6.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby2.6.spec ++++++ --- /var/tmp/diff_new_pack.RU9wcp/_old 2020-04-17 13:38:49.384277642 +0200 +++ /var/tmp/diff_new_pack.RU9wcp/_new 2020-04-17 13:38:49.384277642 +0200 @@ -1,7 +1,7 @@ # # spec file for package ruby2.6 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ #### %define patch_level p0 -Version: 2.6.5 +Version: 2.6.6 Release: 0 %define pkg_version %{version} # make the exported API version explicit @@ -73,7 +73,7 @@ %bcond_with separate_stdlib # -Url: https://www.ruby-lang.org/ +URL: https://www.ruby-lang.org/ Source: https://cache.ruby-lang.org/pub/ruby/2.6/ruby-%{pkg_version}.tar.xz # Source3: %{name}.macros ++++++ ruby-2.6.5.tar.xz -> ruby-2.6.6.tar.xz ++++++ /work/SRC/openSUSE:Leap:15.2/ruby2.6/ruby-2.6.5.tar.xz /work/SRC/openSUSE:Leap:15.2/.ruby2.6.new.2738/ruby-2.6.6.tar.xz differ: char 26, line 1
