Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rubygem-tzinfo for openSUSE:Factory 
checked in at 2022-08-09 15:26:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-tzinfo (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-tzinfo.new.1521 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-tzinfo"

Tue Aug  9 15:26:57 2022 rev:26 rq:993528 version:2.0.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-tzinfo/rubygem-tzinfo.changes    
2020-12-21 12:35:27.558972503 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-tzinfo.new.1521/rubygem-tzinfo.changes  
2022-08-09 15:27:15.413437380 +0200
@@ -1,0 +2,19 @@
+Thu Aug  4 13:33:15 UTC 2022 - Stephan Kulow <co...@suse.com>
+
+updated to version 2.0.5
+ see installed CHANGES.md
+
+  ## Version 2.0.5 - 19-Jul-2022
+  
+  * Changed `DateTime` results to always use the proleptic Gregorian calendar.
+    This affects `DateTime` results prior to 1582-10-15 and any arithmetic
+    performed on the results that would produce a secondary result prior to
+    1582-10-15.
+  * Added support for eager loading all the time zone and country data by 
calling
+    either `TZInfo::DataSource#eager_load!` or `TZInfo.eager_load!`. Compatible
+    with Ruby On Rails' `eager_load_namespaces`. #129.
+  * Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+  
+  
+
+-------------------------------------------------------------------

Old:
----
  tzinfo-2.0.4.gem

New:
----
  tzinfo-2.0.5.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-tzinfo.spec ++++++
--- /var/tmp/diff_new_pack.YTy8Uc/_old  2022-08-09 15:27:15.877438706 +0200
+++ /var/tmp/diff_new_pack.YTy8Uc/_new  2022-08-09 15:27:15.885438729 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package rubygem-tzinfo
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-tzinfo
-Version:        2.0.4
+Version:        2.0.5
 Release:        0
 %define mod_name tzinfo
 %define mod_full_name %{mod_name}-%{version}

++++++ tzinfo-2.0.4.gem -> tzinfo-2.0.5.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/CHANGES.md new/CHANGES.md
--- old/CHANGES.md      2020-12-16 21:58:54.000000000 +0100
+++ new/CHANGES.md      2022-07-19 20:52:48.000000000 +0200
@@ -1,8 +1,20 @@
 # Changes
 
+## Version 2.0.5 - 19-Jul-2022
+
+* Changed `DateTime` results to always use the proleptic Gregorian calendar.
+  This affects `DateTime` results prior to 1582-10-15 and any arithmetic
+  performed on the results that would produce a secondary result prior to
+  1582-10-15.
+* Added support for eager loading all the time zone and country data by calling
+  either `TZInfo::DataSource#eager_load!` or `TZInfo.eager_load!`. Compatible
+  with Ruby On Rails' `eager_load_namespaces`. #129.
+* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
 ## Version 2.0.4 - 16-Dec-2020
 
-* Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a
+* Fixed an incorrect `InvalidTimezoneIdentifier` exception raised when loading 
a
   zoneinfo file that includes rules specifying an additional transition to the
   final defined offset (for example, Africa/Casablanca in version 2018e of the
   Time Zone Database). #123.
@@ -182,9 +194,18 @@
   `TZInfo::Country.get('US').zone_identifiers` should be used instead.
 
 
+## Version 1.2.10 - 19-Jul-2022
+
+* Fixed a relative path traversal bug that could cause arbitrary files to be
+  loaded with `require` when used with `RubyDataSource`. Please refer to
+  <https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx> 
for
+  details. CVE-2022-31163.
+* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
 ## Version 1.2.9 - 16-Dec-2020
 
-* Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a
+* Fixed an incorrect `InvalidTimezoneIdentifier` exception raised when loading 
a
   zoneinfo file that includes rules specifying an additional transition to the
   final defined offset (for example, Africa/Casablanca in version 2018e of the
   Time Zone Database). #123.
@@ -340,10 +361,32 @@
   use other `TimezonePeriod` instance methods instead (issue #7655).
 
 
+## Version 0.3.61 (tzdata v2022a) - 19-Jul-2022
+
+* Fixed a relative path traversal bug that could cause arbitrary files to be
+  loaded with `require` from the Ruby load path. Please refer to
+  <https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx> 
for
+  details. CVE-2022-31163.
+* Updated to tzdata version 2022a
+  (<https://mm.icann.org/pipermail/tz-announce/2022-March/000070.html>).
+
+
+## Version 0.3.60 (tzdata v2021a) - 6-Feb-2021
+
+* Updated to tzdata version 2021a
+  (<https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html>).
+
+
+## Version 0.3.59 (tzdata v2020e) - 24-Dec-2020
+
+* Updated to tzdata version 2020e
+  (<https://mm.icann.org/pipermail/tz-announce/2020-December/000063.html>).
+
+
 ## Version 0.3.58 (tzdata v2020d) - 8-Nov-2020
 
 * Updated to tzdata version 2020d
-  (https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html).
+  (<https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html>).
 
 
 ## Version 0.3.57 (tzdata v2020a) - 17-May-2020
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/LICENSE new/LICENSE
--- old/LICENSE 2020-12-16 21:58:54.000000000 +0100
+++ new/LICENSE 2022-07-19 20:52:48.000000000 +0200
@@ -1,4 +1,4 @@
-Copyright (c) 2005-2020 Philip Ross
+Copyright (c) 2005-2022 Philip Ross
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md       2020-12-16 21:58:54.000000000 +0100
+++ new/README.md       2022-07-19 20:52:48.000000000 +0200
@@ -1,6 +1,6 @@
 # TZInfo - Ruby Time Zone Library
 
-[![RubyGems](https://img.shields.io/gem/v/tzinfo)](https://rubygems.org/gems/tzinfo)
 [![Travis CI 
Build](https://img.shields.io/travis/com/tzinfo/tzinfo?logo=travis)](https://travis-ci.com/github/tzinfo/tzinfo)
 [![AppVeyor 
Build](https://img.shields.io/appveyor/build/philr/tzinfo?logo=appveyor)](https://ci.appveyor.com/project/philr/tzinfo)
+[![RubyGems](https://img.shields.io/gem/v/tzinfo?logo=rubygems&label=Gem)](https://rubygems.org/gems/tzinfo)
 
[![Tests](https://github.com/tzinfo/tzinfo/workflows/Tests/badge.svg?branch=master&event=push)](https://github.com/tzinfo/tzinfo/actions?query=workflow%3ATests+branch%3Amaster+event%3Apush)
 
 [TZInfo](https://tzinfo.github.io) is a Ruby library that provides access to
 time zone data and allows times to be converted using time zone rules.
@@ -36,7 +36,7 @@
 ## Installation
 
 The TZInfo gem can be installed by running `gem install tzinfo` or by adding
-to `gem 'tzinfo'` to your `Gemfile` and running `bundle install`.
+`gem 'tzinfo'` to your `Gemfile` and running `bundle install`.
 
 To use the Ruby modules as the data source, TZInfo::Data will also need to be
 installed by running `gem install tzinfo-data` or by adding `gem 'tzinfo-data'`
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
Binary files old/checksums.yaml.gz.sig and new/checksums.yaml.gz.sig differ
Binary files old/data.tar.gz.sig and new/data.tar.gz.sig differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo/data_source.rb 
new/lib/tzinfo/data_source.rb
--- old/lib/tzinfo/data_source.rb       2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_source.rb       2022-07-19 20:52:48.000000000 +0200
@@ -247,6 +247,17 @@
       raise_invalid_data_source('country_codes')
     end
 
+    # Loads all timezone and country data into memory.
+    #
+    # This may be desirable in production environments to improve copy-on-write
+    # performance and to avoid flushing the constant cache every time a new
+    # timezone or country is loaded from {DataSources::RubyDataSource}.
+    def eager_load!
+      timezone_identifiers.each {|identifier| load_timezone_info(identifier) }
+      country_codes.each {|code| load_country_info(code) }
+      nil
+    end
+
     # @return [String] a description of the {DataSource}.
     def to_s
       "Default DataSource"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo/data_sources/ruby_data_source.rb 
new/lib/tzinfo/data_sources/ruby_data_source.rb
--- old/lib/tzinfo/data_sources/ruby_data_source.rb     2020-12-16 
21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_sources/ruby_data_source.rb     2022-07-19 
20:52:48.000000000 +0200
@@ -116,14 +116,14 @@
       # @param identifier [Array<string>] the component parts of a time zone
       #   identifier (split on /). This must have already been validated.
       def require_definition(identifier)
-        require_data(*(['definitions'] + identifier))
+        require_data('definitions', *identifier)
       end
 
       # Requires an index by its name.
       #
       # @param name [String] an index name.
       def require_index(name)
-        require_data(*['indexes', name])
+        require_data('indexes', name)
       end
 
       # Requires a file from tzinfo/data.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo/data_sources/zoneinfo_data_source.rb 
new/lib/tzinfo/data_sources/zoneinfo_data_source.rb
--- old/lib/tzinfo/data_sources/zoneinfo_data_source.rb 2020-12-16 
21:58:54.000000000 +0100
+++ new/lib/tzinfo/data_sources/zoneinfo_data_source.rb 2022-07-19 
20:52:48.000000000 +0200
@@ -78,6 +78,30 @@
       DEFAULT_ALTERNATE_ISO3166_TAB_SEARCH_PATH = 
['/usr/share/misc/iso3166.tab', '/usr/share/misc/iso3166'].freeze
       private_constant :DEFAULT_ALTERNATE_ISO3166_TAB_SEARCH_PATH
 
+      # Files and directories in the top level zoneinfo directory that will be
+      # excluded from the list of available time zones:
+      #
+      #   - +VERSION is included on Mac OS X.
+      #   - leapseconds is a list of leap seconds.
+      #   - localtime is the current local timezone (may be a link).
+      #   - posix, posixrules and right are directories containing other
+      #     versions of the zoneinfo files.
+      #   - SECURITY is included in the Arch Linux tzdata package.
+      #   - src is a directory containing the tzdata source included on 
Solaris.
+      #   - timeconfig is a symlink included on Slackware.
+      EXCLUDED_FILENAMES = [
+        '+VERSION',
+        'leapseconds',
+        'localtime',
+        'posix',
+        'posixrules',
+        'right',
+        'SECURITY',
+        'src',
+        'timeconfig'
+      ].freeze
+      private_constant :EXCLUDED_FILENAMES
+
       # Paths to be checked to find the system zoneinfo directory.
       #
       # @private
@@ -394,15 +418,7 @@
       def load_timezone_identifiers
         index = []
 
-        # Ignoring particular files:
-        # +VERSION is included on Mac OS X.
-        # leapseconds is a list of leap seconds.
-        # localtime is the current local timezone (may be a link).
-        # posix, posixrules and right are directories containing other 
versions of the zoneinfo files.
-        # src is a directory containing the tzdata source included on Solaris.
-        # timeconfig is a symlink included on Slackware.
-
-        enum_timezones([], ['+VERSION', 'leapseconds', 'localtime', 'posix', 
'posixrules', 'right', 'src', 'timeconfig']) do |identifier|
+        enum_timezones([], EXCLUDED_FILENAMES) do |identifier|
           index << identifier.join('/').freeze
         end
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo/timestamp.rb new/lib/tzinfo/timestamp.rb
--- old/lib/tzinfo/timestamp.rb 2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/timestamp.rb 2022-07-19 20:52:48.000000000 +0200
@@ -3,10 +3,11 @@
 
 module TZInfo
   # A time represented as an `Integer` number of seconds since 1970-01-01
-  # 00:00:00 UTC (ignoring leap seconds), the fraction through the second
-  # (sub_second as a `Rational`) and an optional UTC offset. Like Ruby's `Time`
-  # class, {Timestamp} can distinguish between a local time with a zero offset
-  # and a time specified explicitly as UTC.
+  # 00:00:00 UTC (ignoring leap seconds and using the proleptic Gregorian
+  # calendar), the fraction through the second (sub_second as a `Rational`) and
+  # an optional UTC offset. Like Ruby's `Time` class, {Timestamp} can
+  # distinguish between a local time with a zero offset and a time specified
+  # explicitly as UTC.
   class Timestamp
     include Comparable
 
@@ -16,8 +17,8 @@
     private_constant :JD_EPOCH
 
     class << self
-      # Returns a new {Timestamp} representing the (Gregorian calendar) date 
and
-      # time specified by the supplied parameters.
+      # Returns a new {Timestamp} representing the (proleptic Gregorian
+      # calendar) date and time specified by the supplied parameters.
       #
       # If `utc_offset` is `nil`, `:utc` or 0, the date and time parameters 
will
       # be interpreted as representing a UTC date and time. Otherwise the date
@@ -37,7 +38,7 @@
       #   specified offset, an offset from UTC specified as an `Integer` number
       #   of seconds or the `Symbol` `:utc`).
       # @return [Timestamp] a new {Timestamp} representing the specified
-      #   (Gregorian calendar) date and time.
+      #   (proleptic Gregorian calendar) date and time.
       # @raise [ArgumentError] if either of `year`, `month`, `day`, `hour`,
       #   `minute`, or `second` is not an `Integer`.
       # @raise [ArgumentError] if `sub_second` is not a `Rational`, or the
@@ -84,7 +85,8 @@
       # When called with a block, the {Timestamp} representation of `value` is
       # passed to the block. The block must then return a {Timestamp}, which
       # will be converted back to the type of the initial value. If the initial
-      # value was a {Timestamp}, the block result will just be returned.
+      # value was a {Timestamp}, the block result will be returned. If the
+      # initial value was a `DateTime`, a Gregorian `DateTime` will be 
returned.
       #
       # The UTC offset of `value` can either be preserved (the {Timestamp}
       # representation will have the same UTC offset as `value`), ignored (the
@@ -396,11 +398,11 @@
       end
     end
 
-    # Converts this {Timestamp} to a `DateTime`.
+    # Converts this {Timestamp} to a Gregorian `DateTime`.
     #
-    # @return [DateTime] a DateTime representation of this {Timestamp}. If the
-    #   UTC offset of this {Timestamp} is not specified, a UTC `DateTime` will
-    #   be returned.
+    # @return [DateTime] a Gregorian `DateTime` representation of this
+    #   {Timestamp}. If the UTC offset of this {Timestamp} is not specified, a
+    #   UTC `DateTime` will be returned.
     def to_datetime
       new_datetime
     end
@@ -408,7 +410,7 @@
     # Converts this {Timestamp} to an `Integer` number of seconds since
     # 1970-01-01 00:00:00 UTC (ignoring leap seconds).
     #
-    # @return [Integer] an Integer representation of this {Timestamp} (the
+    # @return [Integer] an `Integer` representation of this {Timestamp} (the
     #   number of seconds since 1970-01-01 00:00:00 UTC ignoring leap seconds).
     def to_i
       value
@@ -492,7 +494,9 @@
     #
     # @private
     def new_datetime(klass = DateTime)
-      datetime = klass.jd(JD_EPOCH + ((@value.to_r + @sub_second) / 86400))
+      # Can't specify the start parameter unless the jd parameter is an exact 
number of days.
+      # Use #gregorian instead.
+      datetime = klass.jd(JD_EPOCH + ((@value.to_r + @sub_second) / 
86400)).gregorian
       @utc_offset && @utc_offset != 0 ? 
datetime.new_offset(Rational(@utc_offset, 86400)) : datetime
     end
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo/version.rb new/lib/tzinfo/version.rb
--- old/lib/tzinfo/version.rb   2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo/version.rb   2022-07-19 20:52:48.000000000 +0200
@@ -3,5 +3,5 @@
 
 module TZInfo
   # The TZInfo version number.
-  VERSION = '2.0.4'
+  VERSION = '2.0.5'
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/tzinfo.rb new/lib/tzinfo.rb
--- old/lib/tzinfo.rb   2020-12-16 21:58:54.000000000 +0100
+++ new/lib/tzinfo.rb   2022-07-19 20:52:48.000000000 +0200
@@ -3,6 +3,18 @@
 
 # The top level module for TZInfo.
 module TZInfo
+  class << self
+    # Instructs the current {DataSource} to load all timezone and country data
+    # into memory (initializing the {DataSource} first if not previously
+    # accessed or set).
+    #
+    # This may be desirable in production environments to improve copy-on-write
+    # performance and to avoid flushing the constant cache every time a new
+    # timezone or country is loaded from {DataSources::RubyDataSource}.
+    def eager_load!
+      DataSource.get.eager_load!
+    end
+  end
 end
 
 # Object#untaint is a deprecated no-op in Ruby >= 2.7 and will be removed in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata        2020-12-16 21:58:54.000000000 +0100
+++ new/metadata        2022-07-19 20:52:48.000000000 +0200
@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tzinfo
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.0.5
 platform: ruby
 authors:
 - Philip Ross
@@ -29,7 +29,7 @@
   J3Zn/kSTjTekiaspyGbczC3PUaeJNxr+yCvR4sk71Xmk/GaKKGOHedJ1uj/LAXrA
   MR0mpl7b8zCg0PFC1J73uw==
   -----END CERTIFICATE-----
-date: 2020-12-16 00:00:00.000000000 Z
+date: 2022-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -114,9 +114,9 @@
 metadata:
   bug_tracker_uri: https://github.com/tzinfo/tzinfo/issues
   changelog_uri: https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md
-  documentation_uri: https://rubydoc.info/gems/tzinfo/2.0.4
+  documentation_uri: https://rubydoc.info/gems/tzinfo/2.0.5
   homepage_uri: https://tzinfo.github.io
-  source_code_uri: https://github.com/tzinfo/tzinfo/tree/v2.0.4
+  source_code_uri: https://github.com/tzinfo/tzinfo/tree/v2.0.5
 post_install_message: 
 rdoc_options:
 - "--title"
@@ -136,7 +136,7 @@
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Time Zone Library
Binary files old/metadata.gz.sig and new/metadata.gz.sig differ

Reply via email to