Hello community,
here is the log from the commit of package rubygem-bundler.3655 for
openSUSE:13.1:Update checked in at 2015-03-30 16:19:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/rubygem-bundler.3655 (Old)
and /work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-bundler.3655"
Changes:
--------
New Changes file:
--- /dev/null 2015-03-12 01:14:30.992027505 +0100
+++
/work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new/rubygem-bundler.changes
2015-03-30 16:19:01.000000000 +0200
@@ -0,0 +1,430 @@
+-------------------------------------------------------------------
+Tue Mar 17 11:49:40 UTC 2015 - [email protected]
+
+- fix broken link to /usr/bin/bundle
+ When updating this package, the update-alternatives was not being
+ called to remove the previous link, resulting into a broken link.
+
+- Remove CA files. Latest commit included some Certificate
+ Authority files. For security reasons we don't want to
+ distribute them, otherwise if the CA gets compromised, revoking it
+ can be difficult if CA pem files are distributed in different RPMs.
+
+-------------------------------------------------------------------
+Tue Mar 10 14:03:45 UTC 2015 - [email protected]
+
+- Update to 1.8.4
+
+See changelog at
+
+https://github.com/bundler/bundler/blob/1-8-stable/CHANGELOG.md
+
+it includes fixes for:
+
+* Hide credentials while warning about gems with ambiguous sources
+* Warn when more than one top-level source is present
+* Vendor CA chain to validate new rubygems.org HTTPS certificate
+* CA certificates that work with all OpenSSLs
+
+... and other bugfixes
+
+it includes features:
+
+* Add config disable_multisource option to ensure sources can't compete
+* Add package --cache-path and config cache_path for cache location
+
+... and other features
+
+-------------------------------------------------------------------
+Tue Mar 10 10:36:37 UTC 2015 - [email protected]
+
+- Update to 1.7.0 in order to fix CVE-2013-0334: installing gems
+ from an unexpected source (bnc#898205)
+
+The patch for this security issue couldn't be applied to 1.0.21 thus
+we needed to update to 1.7.0 to have this fix.
+
+Upstream has assured 1.7.0 is backwards compatible with 1.0.21.
+
+Updating to 1.7.0 has introduced more than the security fix. For
+a detailed list see
+ https://github.com/bundler/bundler/blob/1-7-stable/CHANGELOG.md
+
+-------------------------------------------------------------------
+Fri Jul 12 10:15:25 UTC 2013 - [email protected]
+
+- fix update-alternatives usage
+
+-------------------------------------------------------------------
+Fri Apr 12 07:49:18 UTC 2013 - [email protected]
+
+- updated to version 1.3.5
+ Features:
+
+ - progress indicator while resolver is running (@chief)
+
+ Bugfixes:
+
+ - update local overrides with orphaned revisions (@jamesferguson)
+ - revert to working quoting of RUBYOPT on Windows (@ogra)
+ - use basic auth even when SSL is not available (@jayniz)
+ - installing git gems without dependencies in deployment now works
+
+-------------------------------------------------------------------
+Mon Mar 18 06:10:25 UTC 2013 - [email protected]
+
+- updated to version 1.3.4
+ Bugfixes:
+
+ - load YAML on Rubygems version that define module YAML
+ - fix regression that broke --without on ruby 1.8.7
+
+ ## 1.3.3 (13 March 2013)
+
+ Features:
+
+ - compatible with Rubygems 2.0.2 (higher and lower already work)
+ - mention skipped groups in bundle install and bundle update output (@simi)
+ - `gem` creates rake tasks for minitest (@coop) and rspec
+
+ Bugfixes:
+
+ - require rbconfig for standalone mode
+ - revert to working quoting of RUBYOPT on Windows (@ogra)
+
+ ## 1.3.2 (7 March 2013)
+
+ Features:
+
+ - include rubygems.org CA chain
+
+ Bugfixes:
+
+ - don't store --dry-run as a Bundler setting
+
+-------------------------------------------------------------------
+Sun Mar 3 19:16:07 UTC 2013 - [email protected]
+
+- updated to version 1.3.1
+ Bugfixes:
+
+ - include manpages in gem, restoring many help pages
+ - handle more SSL certificate verification failures
+ - check for the full version of SSL, which we need (@alup)
+ - gem rake task 'install' now depends on task 'build' (@sunaku)
+
+-------------------------------------------------------------------
+Sun Mar 3 09:31:31 UTC 2013 - [email protected]
+
+- updated to version 1.3.0
+ - long feature list, see CHANGELOG.md
+
+-------------------------------------------------------------------
+Fri Nov 30 14:39:22 UTC 2012 - [email protected]
+
+- updated to version 1.2.3
+ - fix exceptions while loading some gemspecs
+
+-------------------------------------------------------------------
+Thu Nov 15 11:05:08 UTC 2012 - [email protected]
+
+- updated to version 1.2.2
+ - support new Psych::SyntaxError for Ruby 2.0.0 (@tenderlove, @sol)
+ - `bundle viz` works with git gems again (@hirochachacha)
+ - recognize more cases when OpenSSL is not present
+
+-------------------------------------------------------------------
+Wed Sep 19 14:52:18 UTC 2012 - [email protected]
+
+- updated to version 1.2.1
+ Bugfixes:
+ - `bundle clean` now works with BUNDLE_WITHOUT groups again
+ - have a net/http read timeout around the Gemcutter API Endpoint
+
+-------------------------------------------------------------------
+Fri Aug 31 07:18:46 UTC 2012 - [email protected]
+
+- updated to version 1.2.0
+ Bugfixes:
+
+ - raise original error message from LoadError's
+
+ Documentation:
+
+ - `platform` man pages
+
+ ## 1.2.0.rc.2 (Aug 8, 2012)
+
+ Bugfixes:
+
+ - `clean` doesn't remove gems that are included in the lockfile
+
+ ## 1.2.0.rc (Jul 17, 2012)
+
+ Features:
+
+ - `check` now has a `--dry-run` option (@svenfuchs, #1811)
+ - loosen ruby directive for engines
+ - prune git/path directories inside vendor/cache (@josevalim, #1988)
+ - update vendored thor to 0.15.2 (@sferik)
+ - add .txt to LICENSE (@postmodern, #2001)
+ - add `config disable_local_branch_check` (@josevalim, #1985)
+ - fall back on the full index when experiencing syck errors (#1419)
+ - handle syntax errors in Ruby gemspecs (#1974)
+
+ Bugfixes:
+
+ - fix `pack`/`cache` with `--all` (@josevalim, #1989)
+ - don't display warning message when `cache_all` is set
+ - check for `nil` PATH (#2006)
+ - Always try to keep original GEM_PATH (@drogus, #1920)
+
+-------------------------------------------------------------------
+Tue Jul 31 14:35:25 UTC 2012 - [email protected]
+
+- use new gem2rpm to get new provisions
+
+-------------------------------------------------------------------
+Sun Jul 22 14:18:05 UTC 2012 - [email protected]
+
+- update to 1.1.5
+ - Special case `ruby` directive from 1.2.0, so you can install Gemfiles that
use it
+
+-------------------------------------------------------------------
+Mon Jun 25 19:02:52 UTC 2012 - [email protected]
+
+- update to 1.1.4
+ - Use `latest_release` in Capistrano and Vlad integration (#1264)
++++ 233 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new/rubygem-bundler.changes
New:
----
bundler-1.8.4.gem
gemspec_remove_pem.patch
rubygem-bundler.changes
rubygem-bundler.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-bundler.spec ++++++
#
# spec file for package rubygem-bundler
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: rubygem-bundler
Version: 1.8.4
Release: 0
%define mod_name bundler
%define mod_full_name %{mod_name}-%{version}
%define mod_branch -%{version}
%define mod_weight 10305
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: ruby-macros >= 1
Requires: ruby >= 1.8.7
BuildRequires: ruby-devel >= 1.8.7
BuildRequires: update-alternatives
Url: http://gembundler.com
Source: http://rubygems.org/gems/%{mod_full_name}.gem
Source1: gemspec_remove_pem.patch
Summary: The best way to manage your application's dependencies
License: MIT
Group: Development/Languages/Ruby
PreReq: update-alternatives
%description
Bundler manages an application's dependencies through its entire life, across
many machines, systematically and repeatably
%package doc
Summary: RDoc documentation for %{mod_name}
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description doc
Documentation generated at gem installation time.
Usually in RDoc and RI formats.
%package testsuite
Summary: Test suite for %{mod_name}
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description testsuite
Test::Unit or RSpec files, useful for developers.
%prep
gem unpack --verbose %{S:0}
pushd %{mod_full_name}
chmod -R go-w .
gem spec --ruby %{S:0} > %{mod_name}.gemspec
rm lib/bundler/ssl_certs/*.pem
patch -p1 < %{S:1}
gem build %{mod_name}.gemspec
popd
%build
%install
%gem_install -f %{mod_full_name}/%{mod_full_name}.gem
mv %{buildroot}%{_bindir}/bundle{,%{mod_branch}}
mkdir -p %{buildroot}%{_docdir}/%{name}
ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/CHANGELOG.md
%buildroot/%{_docdir}/%{name}/CHANGELOG.md
ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/LICENSE.md
%buildroot/%{_docdir}/%{name}/LICENSE.md
ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/README.md
%buildroot/%{_docdir}/%{name}/README.md
%post
/usr/sbin/update-alternatives --install \
%{_bindir}/bundle bundle %{_bindir}/bundle%{mod_branch} %{mod_weight}
%preun
/usr/sbin/update-alternatives --remove bundle %{_bindir}/bundle%{mod_branch}
%posttrans
if [ -L /etc/alternatives/bundle ] && [ ! -e /etc/alternatives/bundle ];then
# this is a broken link
# see bnc#898205
/usr/sbin/update-alternatives --install \
%{_bindir}/bundle bundle %{_bindir}/bundle%{mod_branch} %{mod_weight}
fi
%files
%defattr(-,root,root,-)
%{_docdir}/%{name}
%{_bindir}/bundle%{mod_branch}
%{_bindir}/bundler
%ghost %{_sysconfdir}/alternatives/bundle
%{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem
%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/
%{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec
%files doc
%defattr(-,root,root,-)
%doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/
%changelog
++++++ gemspec_remove_pem.patch ++++++
diff -Naur a/bundler.gemspec b/bundler.gemspec
--- a/bundler.gemspec 2015-03-10 17:52:09.495903432 +0100
+++ b/bundler.gemspec 2015-03-10 17:52:40.003903890 +0100
@@ -36,5 +36,9 @@
s.add_dependency(%q<ronn>, ["~> 0.7.3"])
s.add_dependency(%q<rspec>, ["~> 3.0.0.beta1"])
end
+ # remove pem files
+ s.files -=
["lib/bundler/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem",
"lib/bundler/ssl_certs/DigiCertHighAssuranceEVRootCA.pem",
"lib/bundler/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem",
"lib/bundler/ssl_certs/GeoTrustGlobalCA.pem"]
+ s.files -= ["lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem",
"lib/bundler/ssl_certs/AddTrustExternalCARoot.pem"]
+
end
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
