Hello community, here is the log from the commit of package ack for openSUSE:Factory checked in at 2014-01-20 11:41:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ack (Old) and /work/SRC/openSUSE:Factory/.ack.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ack" Changes: -------- --- /work/SRC/openSUSE:Factory/ack/ack.changes 2013-12-04 19:48:53.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ack.new/ack.changes 2014-01-23 15:39:28.000000000 +0100 @@ -1,0 +2,21 @@ +Fri Jan 17 22:57:14 UTC 2014 - [email protected] + +- update to ack 2.12: + fixes potential remote code execution via per-project .ackrc files + [bnc#855340] [CVE-2013-7069] + * prevents the --pager, --regex and --output options from being + used from project-level ackrc files, preventing possible code + execution when using ack through malicious files + * --pager, --regex and --output options may still be used from + the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS + environment variable, and of course from the command line. + * Now ignores Eclipse .metadata directory. +- includes changes form 2.11_02: + * upstream source mispackaging fix +- includes changes from 2.11_01 + * Fixed a race condition in t/file-permission.t that was causing + failures if tests were run in parallel. +- modified patches: + * ack-ignore-osc.patch adjust for upstream source changes + +------------------------------------------------------------------- Old: ---- ack-2.10.tar.gz New: ---- ack-2.12.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ack.spec ++++++ --- /var/tmp/diff_new_pack.7tdmQl/_old 2014-01-23 15:39:28.000000000 +0100 +++ /var/tmp/diff_new_pack.7tdmQl/_new 2014-01-23 15:39:28.000000000 +0100 @@ -2,7 +2,7 @@ # # spec file for package ack # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ %define run_tests 0%{?suse_version} >= 1210 Name: ack -Version: 2.10 +Version: 2.12 Release: 0 Summary: Grep-Like Text Finder License: Artistic-2.0 ++++++ ack-2.10.tar.gz -> ack-2.12.tar.gz ++++++ ++++ 2017 lines of diff (skipped) ++++++ ack-ignore-osc.patch ++++++ --- /var/tmp/diff_new_pack.7tdmQl/_old 2014-01-23 15:39:28.000000000 +0100 +++ /var/tmp/diff_new_pack.7tdmQl/_new 2014-01-23 15:39:28.000000000 +0100 @@ -3,10 +3,10 @@ t/ack-dump.t | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) -Index: ack-2.10/ConfigDefault.pm +Index: ack-2.12/ConfigDefault.pm =================================================================== ---- ack-2.10.orig/ConfigDefault.pm 2013-09-24 22:35:57.000000000 +0100 -+++ ack-2.10/ConfigDefault.pm 2013-10-17 20:18:20.000000000 +0100 +--- ack-2.12.orig/ConfigDefault.pm 2013-11-30 18:34:00.000000000 +0000 ++++ ack-2.12/ConfigDefault.pm 2014-01-17 22:56:49.000000000 +0000 @@ -47,6 +47,9 @@ sub _options_block { # Mercurial --ignore-directory=is:.hg @@ -17,14 +17,14 @@ # quilt --ignore-directory=is:.pc -Index: ack-2.10/t/ack-dump.t +Index: ack-2.12/t/ack-dump.t =================================================================== ---- ack-2.10.orig/t/ack-dump.t 2013-09-24 22:35:57.000000000 +0100 -+++ ack-2.10/t/ack-dump.t 2013-10-17 20:18:58.000000000 +0100 +--- ack-2.12.orig/t/ack-dump.t 2013-11-30 18:34:00.000000000 +0000 ++++ ack-2.12/t/ack-dump.t 2014-01-17 22:56:35.000000000 +0000 @@ -32,5 +32,5 @@ DUMP: { is( scalar @perl, 2, 'Two specs for Perl' ); my @ignore_dir = grep { /ignore-dir/ } @results; -- is( scalar @ignore_dir, 22, 'Twenty-two specs for ignoring directories' ); -+ is( scalar @ignore_dir, 23, 'Twenty-three specs for ignoring directories' ); +- is( scalar @ignore_dir, 23, 'Twenty-three specs for ignoring directories' ); ++ is( scalar @ignore_dir, 24, 'Twenty-four specs for ignoring directories' ); } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
