Hello community,
here is the log from the commit of package ruby2.5 for openSUSE:Leap:15.2
checked in at 2020-03-23 17:26:30
Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.5 (Old)
and /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160 (New)
Package is "ruby2.5"
Mon Mar 23 17:26:30 2020 rev:43 rq:787296 version:2.5.7
Changes:
--- /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby2.5.changes2020-01-15
15:58:18.747763028 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160/ruby2.5.changes
2020-03-23 17:26:33.858155945 +0100
@@ -1,0 +2,37 @@
+Fri Mar 6 14:40:34 UTC 2020 - Marcus Rueckert
+
+- Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake:
+ - add CVE-2020-8130.patch and rake-12.3.0.gem
+
+---
+Thu Feb 6 12:35:53 UTC 2020 - Marcus Rueckert
+
+- remove test files which are not needed at runtime (boo#1162396)
+ - adds remove-unneeded-files.patch and did_you_mean-1.2.0.gem
+
+---
+Tue Oct 8 09:40:27 UTC 2019 - Marcus Rueckert
+
+- update to 2.5.7
+ - https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/
+- CVE-2019-16255: A code injection vulnerability of Shell#[]
+ and Shell#test (boo#1152990)
+- CVE-2019-16254: HTTP response splitting in WEBrick
+ (Additional fix) (boo#1152992)
+- CVE-2019-15845: A NUL injection vulnerability of File.fnmatch
+ and File.fnmatch? (boo#1152994)
+- CVE-2019-16201: Regular Expression Denial of Service
+ vulnerability of WEBrickâs Digest access authentication
+ (boo#1152995)
+ - https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/
+- Multiple jQuery vulnerabilities in RDoc (CVE-2012-6708
+ CVE-2015-9251)
+
+---
+Tue Jul 9 14:16:36 UTC 2019 - Marcus Rueckert
+
+- fix running tests (boo#1140844)
+ just passing the DISABLED_TESTS variable is wrong. probably a
+ relict from calling the test scripts directly. use TESTOPTS now.
+
+---
Old:
ruby-2.5.5.tar.xz
New:
CVE-2020-8130.patch
did_you_mean-1.2.0.gem
rake-12.3.0.gem
remove-unneeded-files.patch
ruby-2.5.7.tar.xz
Other differences:
--
++ ruby2.5.spec ++
--- /var/tmp/diff_new_pack.sSPXmG/_old 2020-03-23 17:26:35.294157076 +0100
+++ /var/tmp/diff_new_pack.sSPXmG/_new 2020-03-23 17:26:35.298157079 +0100
@@ -25,7 +25,7 @@
%define patch_level p0
-Version:2.5.5
+Version:2.5.7
Release:0
%define pkg_version %{version}
# make the exported API version explicit
@@ -125,6 +125,9 @@
#
Url:https://www.ruby-lang.org/
Source:
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{pkg_version}.tar.xz
+# the file was created by applying all patches and then running gem build in
the gems/did_you_mean-1.2.0 directory
+Source1:did_you_mean-1.2.0.gem
+Source2:rake-12.3.0.gem
#
Source3:%{name}.macros
Source4:%{name}-default.macros
@@ -138,6 +141,10 @@
Patch05:0005-Include-the-alternative-malloc-header-instead-of-mal.patch
Patch06:0006-Use-PIE-for-the-binaries.patch
Patch07:0007-date-support-for-Reiwa-new-Japanese-era.patch
+# this can not be in our backports git as the files are not there yet
+Patch08:remove-unneeded-files.patch
+Patch09:CVE-2020-8130.patch
+
#
Summary:An Interpreted Object-Oriented Scripting Language
License:BSD-2-Clause OR Ruby
@@ -294,11 +301,15 @@
%patch05 -p1
%patch06 -p1
%patch07 -p1
+%patch08 -p1
+%patch09 -p1
find sample -type f -print0 | xargs -r0 chmod a-x
grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
| xargs -r perl -p -i -e
's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|'
%build
+rm -rv gems/did_you_mean-1.2.0/evaluation
+cp %{SOURCE1} %{SOURCE2} gems/
# iseq.c needs -fno-strict-aliasing
export LANG="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
@@ -388,7 +399,7 @@
%if %{with run_tests}
%check
-DISABLE_TESTS="-x resolv/test_mdns.rb"
+DISABLE_TESTS=""
%ifarch armv7l armv7hl armv7hnl
# test_call_double(DL::TestDL) fails on ARM HardFP
# http://bugs.ruby-lang.org/issues/6592
@@ -403,7 +414,7 @@
export OPENSSL_ENABLE_MD5_VERIFY=1
export LD_LIBRARY_PATH="$PWD"
# we know some tests will fail when they do not find a /usr/bin/ruby
-make check V=1 $DISABLE_TESTS ||:
+make check V=1 TESTOPTS="$DISABLE_TESTS" ||:
%endif
%post -n %{libname} -p /sbin/ldconfig
++ CVE-2020-8130.patch ++
Index: ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb