subject:"commit ruby2.5 for openSUSE\:Leap\:15.2"

commit ruby2.5 for openSUSE:Leap:15.2

2020-04-17 Thread root

Hello community,

here is the log from the commit of package ruby2.5 for openSUSE:Leap:15.2 
checked in at 2020-04-17 13:36:39

Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.5 (Old)
 and  /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738 (New)


Package is "ruby2.5"

Fri Apr 17 13:36:39 2020 rev:44 rq:794234 version:2.5.8

Changes:

--- /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby2.5.changes2020-03-23 
17:26:33.858155945 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738/ruby2.5.changes  
2020-04-17 13:36:41.428181382 +0200
@@ -1,0 +2,12 @@
+Tue Apr  7 23:03:15 UTC 2020 - Marcus Rueckert 
+
+- Update to 2.5.8 (boo#1167244 boo#1168938)
+  - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON
+(Additional fix)
+  - CVE-2020-10933: Heap exposure vulnerability in the socket
+library
+
+  https://github.com/ruby/ruby/compare/v2_5_7...v2_5_8
+- drop CVE-2020-8130.patch and rake-12.3.0.gem: included upstream
+
+---

Old:

  CVE-2020-8130.patch
  rake-12.3.0.gem
  ruby-2.5.7.tar.xz

New:

  ruby-2.5.8.tar.xz



Other differences:
--
++ ruby2.5.spec ++
--- /var/tmp/diff_new_pack.1r33cj/_old  2020-04-17 13:36:41.996181810 +0200
+++ /var/tmp/diff_new_pack.1r33cj/_new  2020-04-17 13:36:42.000181813 +0200
@@ -25,7 +25,7 @@
 
 
 %define patch_level p0
-Version:2.5.7
+Version:2.5.8
 Release:0
 %define pkg_version %{version}
 # make the exported API version explicit
@@ -127,7 +127,6 @@
 Source: 
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{pkg_version}.tar.xz
 # the file was created by applying all patches and then running gem build in 
the gems/did_you_mean-1.2.0 directory
 Source1:did_you_mean-1.2.0.gem
-Source2:rake-12.3.0.gem
 #
 Source3:%{name}.macros
 Source4:%{name}-default.macros
@@ -143,7 +142,6 @@
 Patch07:0007-date-support-for-Reiwa-new-Japanese-era.patch
 # this can not be in our backports git as the files are not there yet
 Patch08:remove-unneeded-files.patch
-Patch09:CVE-2020-8130.patch
 
 #
 Summary:An Interpreted Object-Oriented Scripting Language
@@ -302,14 +300,13 @@
 %patch06 -p1
 %patch07 -p1
 %patch08 -p1
-%patch09 -p1
 find sample -type f -print0 | xargs -r0 chmod a-x
 grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
   | xargs -r perl -p -i -e 
's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|'
 
 %build
 rm -rv gems/did_you_mean-1.2.0/evaluation
-cp %{SOURCE1} %{SOURCE2} gems/ 
+cp %{SOURCE1} gems/ 
 # iseq.c needs -fno-strict-aliasing
 export LANG="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"

++ ruby-2.5.7.tar.xz -> ruby-2.5.8.tar.xz ++
/work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby-2.5.7.tar.xz 
/work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.2738/ruby-2.5.8.tar.xz differ: char 
26, line 1

commit ruby2.5 for openSUSE:Leap:15.2

2020-03-23 Thread root

Hello community,

here is the log from the commit of package ruby2.5 for openSUSE:Leap:15.2 
checked in at 2020-03-23 17:26:30

Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.5 (Old)
 and  /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160 (New)


Package is "ruby2.5"

Mon Mar 23 17:26:30 2020 rev:43 rq:787296 version:2.5.7

Changes:

--- /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby2.5.changes2020-01-15 
15:58:18.747763028 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160/ruby2.5.changes  
2020-03-23 17:26:33.858155945 +0100
@@ -1,0 +2,37 @@
+Fri Mar  6 14:40:34 UTC 2020 - Marcus Rueckert 
+
+- Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake:
+  - add CVE-2020-8130.patch and rake-12.3.0.gem
+
+---
+Thu Feb  6 12:35:53 UTC 2020 - Marcus Rueckert 
+
+- remove test files which are not needed at runtime (boo#1162396)
+  - adds remove-unneeded-files.patch and did_you_mean-1.2.0.gem
+
+---
+Tue Oct  8 09:40:27 UTC 2019 - Marcus Rueckert 
+
+- update to 2.5.7
+  - https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/
+- CVE-2019-16255: A code injection vulnerability of Shell#[]
+  and Shell#test (boo#1152990)
+- CVE-2019-16254: HTTP response splitting in WEBrick
+  (Additional fix) (boo#1152992)
+- CVE-2019-15845: A NUL injection vulnerability of File.fnmatch
+  and File.fnmatch? (boo#1152994)
+- CVE-2019-16201: Regular Expression Denial of Service
+  vulnerability of WEBrick’s Digest access authentication
+  (boo#1152995)
+  - https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/
+- Multiple jQuery vulnerabilities in RDoc (CVE-2012-6708
+  CVE-2015-9251)
+
+---
+Tue Jul  9 14:16:36 UTC 2019 - Marcus Rueckert 
+
+- fix running tests (boo#1140844)
+  just passing the DISABLED_TESTS variable is wrong. probably a
+  relict from calling the test scripts directly. use TESTOPTS now.
+
+---

Old:

  ruby-2.5.5.tar.xz

New:

  CVE-2020-8130.patch
  did_you_mean-1.2.0.gem
  rake-12.3.0.gem
  remove-unneeded-files.patch
  ruby-2.5.7.tar.xz



Other differences:
--
++ ruby2.5.spec ++
--- /var/tmp/diff_new_pack.sSPXmG/_old  2020-03-23 17:26:35.294157076 +0100
+++ /var/tmp/diff_new_pack.sSPXmG/_new  2020-03-23 17:26:35.298157079 +0100
@@ -25,7 +25,7 @@
 
 
 %define patch_level p0
-Version:2.5.5
+Version:2.5.7
 Release:0
 %define pkg_version %{version}
 # make the exported API version explicit
@@ -125,6 +125,9 @@
 #
 Url:https://www.ruby-lang.org/
 Source: 
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{pkg_version}.tar.xz
+# the file was created by applying all patches and then running gem build in 
the gems/did_you_mean-1.2.0 directory
+Source1:did_you_mean-1.2.0.gem
+Source2:rake-12.3.0.gem
 #
 Source3:%{name}.macros
 Source4:%{name}-default.macros
@@ -138,6 +141,10 @@
 Patch05:0005-Include-the-alternative-malloc-header-instead-of-mal.patch
 Patch06:0006-Use-PIE-for-the-binaries.patch
 Patch07:0007-date-support-for-Reiwa-new-Japanese-era.patch
+# this can not be in our backports git as the files are not there yet
+Patch08:remove-unneeded-files.patch
+Patch09:CVE-2020-8130.patch
+
 #
 Summary:An Interpreted Object-Oriented Scripting Language
 License:BSD-2-Clause OR Ruby
@@ -294,11 +301,15 @@
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
+%patch08 -p1
+%patch09 -p1
 find sample -type f -print0 | xargs -r0 chmod a-x
 grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
   | xargs -r perl -p -i -e 
's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|'
 
 %build
+rm -rv gems/did_you_mean-1.2.0/evaluation
+cp %{SOURCE1} %{SOURCE2} gems/ 
 # iseq.c needs -fno-strict-aliasing
 export LANG="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"
@@ -388,7 +399,7 @@
 
 %if %{with run_tests}
 %check
-DISABLE_TESTS="-x resolv/test_mdns.rb"
+DISABLE_TESTS=""
 %ifarch armv7l armv7hl armv7hnl
 # test_call_double(DL::TestDL) fails on ARM HardFP
 # http://bugs.ruby-lang.org/issues/6592
@@ -403,7 +414,7 @@
 export OPENSSL_ENABLE_MD5_VERIFY=1
 export LD_LIBRARY_PATH="$PWD"
 # we know some tests will fail when they do not find a /usr/bin/ruby
-make check V=1 $DISABLE_TESTS ||:
+make check V=1 TESTOPTS="$DISABLE_TESTS" ||:
 %endif
 
 %post   -n %{libname} -p /sbin/ldconfig

++ CVE-2020-8130.patch ++
Index: ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb

commit ruby2.5 for openSUSE:Leap:15.2

commit ruby2.5 for openSUSE:Leap:15.2

2 matches

Site Navigation

Mail list logo

Footer information