Hello community, here is the log from the commit of package ruby2.5 for openSUSE:Factory checked in at 2018-11-06 13:49:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ruby2.5 (Old) and /work/SRC/openSUSE:Factory/.ruby2.5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby2.5" Tue Nov 6 13:49:54 2018 rev:12 rq:643605 version:2.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ruby2.5/ruby2.5.changes 2018-03-24 16:10:15.262583931 +0100 +++ /work/SRC/openSUSE:Factory/.ruby2.5.new/ruby2.5.changes 2018-11-06 13:50:43.576551405 +0100 @@ -1,0 +2,32 @@ +Tue Oct 16 21:50:33 UTC 2018 - Marcus Rueckert <mrueck...@suse.de> + +- backport 450160263aed8c446ce5b142d71f921ab4118f3a.patch: + Include the alternative malloc header instead of malloc.h + +------------------------------------------------------------------- +Tue Aug 28 00:29:19 UTC 2018 - Marcus Rueckert <mrueck...@suse.de> + +- update to 2.5.1 + This release includes some bug fixes and some security fixes. + + - CVE-2017-17742: HTTP response splitting in WEBrick + - CVE-2018-6914: Unintentional file and directory creation with + directory traversal in tempfile and tmpdir + - CVE-2018-8777: DoS by large request in WEBrick + - CVE-2018-8778: Buffer under-read in String#unpack + - CVE-2018-8779: Unintentional socket creation by poisoned NUL + byte in UNIXServer and UNIXSocket + - CVE-2018-8780: Unintentional directory traversal by poisoned + NUL byte in Dir + - Multiple vulnerabilities in RubyGems + + https://github.com/ruby/ruby/compare/v2_5_0...v2_5_1 + +------------------------------------------------------------------- +Tue Aug 28 00:28:27 UTC 2018 - Marcus Rueckert <mrueck...@suse.de> + +- added frozen-pop3.patch: + Net::POPMail methods modify frozen literal when using default arg + https://redmine.ruby-lang.org/issues/14416 + +------------------------------------------------------------------- Old: ---- ruby-2.5.0.tar.xz New: ---- 450160263aed8c446ce5b142d71f921ab4118f3a.patch frozen-pop3.patch ruby-2.5.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby2.5.spec ++++++ --- /var/tmp/diff_new_pack.3v5wLR/_old 2018-11-06 13:50:44.456550211 +0100 +++ /var/tmp/diff_new_pack.3v5wLR/_new 2018-11-06 13:50:44.456550211 +0100 @@ -25,13 +25,13 @@ #### %define patch_level p0 -Version: 2.5.0 +Version: 2.5.1 Release: 0 # make the exported API version explicit %define api_version 2.5.0 %define rb_binary_suffix .ruby2.5 %define rb_soname ruby2.5 -%define pkg_version 2.5.0 +%define pkg_version 2.5.1 # ruby-macros and ruby-common version %define rpm_macros_version 3 @@ -129,6 +129,8 @@ Patch02: 0002-gc.c-tick-for-POWER-arch.patch Patch03: 0003-Mark-Gemspec-reproducible-change-fixing-784225-too.patch Patch04: 0004-Make-gemspecs-reproducible.patch +Patch05: frozen-pop3.patch +Patch06: 450160263aed8c446ce5b142d71f921ab4118f3a.patch # Summary: An Interpreted Object-Oriented Scripting Language @@ -324,6 +326,8 @@ %patch02 -p1 %patch03 -p1 %patch04 -p1 +%patch05 -p1 +%patch06 -p1 find sample -type f -print0 | xargs -r0 chmod a-x grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \ | xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|' ++++++ 450160263aed8c446ce5b142d71f921ab4118f3a.patch ++++++ >From 450160263aed8c446ce5b142d71f921ab4118f3a Mon Sep 17 00:00:00 2001 From: tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Tue, 17 Jul 2018 22:27:52 +0000 Subject: [PATCH] Include the alternative malloc header instead of malloc.h This commit fixes a build error on systems that have `malloc_usable_size` but also enable jemalloc via `--with-jemalloc`. For example, Ubuntu Precise defines `malloc_usable_size` in malloc.h, so gc.c will include malloc.h. This definition conflicts with jemalloc's definition, so the following error occurs: ``` compiling gc.c compiling hash.c In file included from gc.c:50:0: /usr/include/malloc.h:152:15: error: conflicting types for 'malloc_usable_size' /usr/include/jemalloc/jemalloc.h:45:8: note: previous declaration of 'malloc_usable_size' was here cc1: warning: unrecognized command line option "-Wno-self-assign" [enabled by default] cc1: warning: unrecognized command line option "-Wno-constant-logical-operand" [enabled by default] cc1: warning: unrecognized command line option "-Wno-parentheses-equality" [enabled by default] cc1: warning: unrecognized command line option "-Wno-tautological-compare" [enabled by default] ``` Since jemalloc always defines `malloc_usable_size`, this patch just includes the jemalloc header instead of malloc.h if it's available. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63992 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- gc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gc.c b/gc.c index 21554eeabf6b..68de7d498509 100644 --- a/gc.c +++ b/gc.c @@ -47,7 +47,9 @@ # endif #endif #ifdef HAVE_MALLOC_USABLE_SIZE -# ifdef HAVE_MALLOC_H +# ifdef RUBY_ALTERNATIVE_MALLOC_HEADER +# include RUBY_ALTERNATIVE_MALLOC_HEADER +# elif HAVE_MALLOC_H # include <malloc.h> # elif defined(HAVE_MALLOC_NP_H) # include <malloc_np.h> ++++++ frozen-pop3.patch ++++++ diff --git a/lib/net/pop.rb b/lib/net/pop.rb index 55597f2fab..92a4fe7303 100644 --- a/lib/net/pop.rb +++ b/lib/net/pop.rb @@ -467,7 +467,7 @@ def disable_ssl # Provide human-readable stringification of class state. def inspect - "#<#{self.class} #{@address}:#{@port} open=#{@started}>" + +"#<#{self.class} #{@address}:#{@port} open=#{@started}>" end # *WARNING*: This method causes a serious security hole. @@ -758,7 +758,7 @@ def initialize(num, len, pop, cmd) #:nodoc: # Provide human-readable stringification of class state. def inspect - "#<#{self.class} #{@number}#{@deleted ? ' deleted' : ''}>" + +"#<#{self.class} #{@number}#{@deleted ? ' deleted' : ''}>" end # @@ -799,7 +799,7 @@ def inspect # # This method raises a POPError if an error occurs. # - def pop( dest = '', &block ) # :yield: message_chunk + def pop( dest = +'', &block ) # :yield: message_chunk if block_given? @command.retr(@number, &block) nil @@ -819,7 +819,7 @@ def pop( dest = '', &block ) # :yield: message_chunk # The optional +dest+ argument is obsolete. # # This method raises a POPError if an error occurs. - def top(lines, dest = '') + def top(lines, dest = +'') @command.top(@number, lines) do |chunk| dest << chunk end @@ -831,7 +831,7 @@ def top(lines, dest = '') # The optional +dest+ argument is obsolete. # # This method raises a POPError if an error occurs. - def header(dest = '') + def header(dest = +'') top(0, dest) end @@ -898,7 +898,7 @@ def initialize(sock) attr_reader :socket def inspect - "#<#{self.class} socket=#{@socket}>" + +"#<#{self.class} socket=#{@socket}>" end def auth(account, password) ++++++ ruby-2.5.0.tar.xz -> ruby-2.5.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/ruby2.5/ruby-2.5.0.tar.xz /work/SRC/openSUSE:Factory/.ruby2.5.new/ruby-2.5.1.tar.xz differ: char 26, line 1