commit ruby2.5 for openSUSE:Leap:15.2

root Mon, 23 Mar 2020 09:26:47 -0700

Hello community,

here is the log from the commit of package ruby2.5 for openSUSE:Leap:15.2 
checked in at 2020-03-23 17:26:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/ruby2.5 (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ruby2.5"

Mon Mar 23 17:26:30 2020 rev:43 rq:787296 version:2.5.7

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby2.5.changes        2020-01-15 
15:58:18.747763028 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160/ruby2.5.changes      
2020-03-23 17:26:33.858155945 +0100
@@ -1,0 +2,37 @@
+Fri Mar  6 14:40:34 UTC 2020 - Marcus Rueckert <mrueck...@suse.de>
+
+- Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake:
+  - add CVE-2020-8130.patch and rake-12.3.0.gem
+
+-------------------------------------------------------------------
+Thu Feb  6 12:35:53 UTC 2020 - Marcus Rueckert <mrueck...@suse.de>
+
+- remove test files which are not needed at runtime (boo#1162396)
+  - adds remove-unneeded-files.patch and did_you_mean-1.2.0.gem
+
+-------------------------------------------------------------------
+Tue Oct  8 09:40:27 UTC 2019 - Marcus Rueckert <mrueck...@suse.de>
+
+- update to 2.5.7
+  - https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/
+    - CVE-2019-16255: A code injection vulnerability of Shell#[]
+      and Shell#test (boo#1152990)
+    - CVE-2019-16254: HTTP response splitting in WEBrick
+      (Additional fix) (boo#1152992)
+    - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch
+      and File.fnmatch? (boo#1152994)
+    - CVE-2019-16201: Regular Expression Denial of Service
+      vulnerability of WEBrick’s Digest access authentication
+      (boo#1152995)
+  - https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/
+    - Multiple jQuery vulnerabilities in RDoc (CVE-2012-6708
+      CVE-2015-9251)
+
+-------------------------------------------------------------------
+Tue Jul  9 14:16:36 UTC 2019 - Marcus Rueckert <mrueck...@suse.de>
+
+- fix running tests (boo#1140844)
+  just passing the DISABLED_TESTS variable is wrong. probably a
+  relict from calling the test scripts directly. use TESTOPTS now.
+
+-------------------------------------------------------------------

Old:
----
  ruby-2.5.5.tar.xz

New:
----
  CVE-2020-8130.patch
  did_you_mean-1.2.0.gem
  rake-12.3.0.gem
  remove-unneeded-files.patch
  ruby-2.5.7.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ruby2.5.spec ++++++
--- /var/tmp/diff_new_pack.sSPXmG/_old  2020-03-23 17:26:35.294157076 +0100
+++ /var/tmp/diff_new_pack.sSPXmG/_new  2020-03-23 17:26:35.298157079 +0100
@@ -25,7 +25,7 @@
 ####
 
 %define patch_level p0
-Version:        2.5.5
+Version:        2.5.7
 Release:        0
 %define pkg_version %{version}
 # make the exported API version explicit
@@ -125,6 +125,9 @@
 #
 Url:            https://www.ruby-lang.org/
 Source:         
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-%{pkg_version}.tar.xz
+# the file was created by applying all patches and then running gem build in 
the gems/did_you_mean-1.2.0 directory
+Source1:        did_you_mean-1.2.0.gem
+Source2:        rake-12.3.0.gem
 #
 Source3:        %{name}.macros
 Source4:        %{name}-default.macros
@@ -138,6 +141,10 @@
 Patch05:        0005-Include-the-alternative-malloc-header-instead-of-mal.patch
 Patch06:        0006-Use-PIE-for-the-binaries.patch
 Patch07:        0007-date-support-for-Reiwa-new-Japanese-era.patch
+# this can not be in our backports git as the files are not there yet
+Patch08:        remove-unneeded-files.patch
+Patch09:        CVE-2020-8130.patch
+
 #
 Summary:        An Interpreted Object-Oriented Scripting Language
 License:        BSD-2-Clause OR Ruby
@@ -294,11 +301,15 @@
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
+%patch08 -p1
+%patch09 -p1
 find sample -type f -print0 | xargs -r0 chmod a-x
 grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
   | xargs -r perl -p -i -e 
's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby%{rb_binary_suffix} $1|'
 
 %build
+rm -rv gems/did_you_mean-1.2.0/evaluation
+cp %{SOURCE1} %{SOURCE2} gems/ 
 # iseq.c needs -fno-strict-aliasing
 export LANG="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"
@@ -388,7 +399,7 @@
 
 %if %{with run_tests}
 %check
-DISABLE_TESTS="-x resolv/test_mdns.rb"
+DISABLE_TESTS=""
 %ifarch armv7l armv7hl armv7hnl
 # test_call_double(DL::TestDL) fails on ARM HardFP
 # http://bugs.ruby-lang.org/issues/6592
@@ -403,7 +414,7 @@
 export OPENSSL_ENABLE_MD5_VERIFY=1
 export LD_LIBRARY_PATH="$PWD"
 # we know some tests will fail when they do not find a /usr/bin/ruby
-make check V=1 $DISABLE_TESTS ||:
+make check V=1 TESTOPTS="$DISABLE_TESTS" ||:
 %endif
 
 %post   -n %{libname} -p /sbin/ldconfig

++++++ CVE-2020-8130.patch ++++++
Index: ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb
===================================================================
--- ruby-2.5.7.orig/gems/rake-12.3.0/lib/rake/file_list.rb
+++ ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb
@@ -294,7 +294,7 @@ module Rake
       matched = 0
       each do |fn|
         begin
-          open(fn, "r", *options) do |inf|
+          File.open(fn, "r", *options) do |inf|
             count = 0
             inf.each do |line|
               count += 1
++++++ remove-unneeded-files.patch ++++++
Index: ruby-2.5.7/gems/did_you_mean-1.2.0/did_you_mean.gemspec
===================================================================
--- ruby-2.5.7.orig/gems/did_you_mean-1.2.0/did_you_mean.gemspec
+++ ruby-2.5.7/gems/did_you_mean-1.2.0/did_you_mean.gemspec
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
   s.date = "2017-12-13"
   s.description = "The gem that has been saving people from typos since 
2014.".freeze
   s.email = ["m...@yukinishijima.net".freeze]
-  s.files = [".gitignore".freeze, ".ruby-version".freeze, 
".travis.yml".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, 
"LICENSE.txt".freeze, "README.md".freeze, "Rakefile".freeze, 
"benchmark/jaro_winkler/memory_usage.rb".freeze, 
"benchmark/jaro_winkler/speed.rb".freeze, 
"benchmark/levenshtein/memory_usage.rb".freeze, 
"benchmark/levenshtein/speed.rb".freeze, "benchmark/memory_usage.rb".freeze, 
"did_you_mean.gemspec".freeze, "doc/CHANGELOG.md.erb".freeze, 
"doc/changelog_generator.rb".freeze, "evaluation/calculator.rb".freeze, 
"evaluation/dictionary_generator.rb".freeze, 
"evaluation/incorrect_words.yaml".freeze, "lib/did_you_mean.rb".freeze, 
"lib/did_you_mean/core_ext/name_error.rb".freeze, 
"lib/did_you_mean/experimental.rb".freeze, 
"lib/did_you_mean/experimental/initializer_name_correction.rb".freeze, 
"lib/did_you_mean/experimental/ivar_name_correction.rb".freeze, 
"lib/did_you_mean/formatters/plain_formatter.rb".freeze, 
"lib/did_you_mean/formatters/verbose_formatter.rb".freeze, 
"lib/did_you_mean/jaro_winkler.rb".freeze, 
"lib/did_you_mean/levenshtein.rb".freeze, 
"lib/did_you_mean/spell_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/key_error_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/method_name_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/name_error_checkers.rb".freeze, 
"lib/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb".freeze,
 
"lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb".freeze,
 "lib/did_you_mean/spell_checkers/null_checker.rb".freeze, 
"lib/did_you_mean/verbose.rb".freeze, 
"lib/did_you_mean/verbose_formatter.rb".freeze, 
"lib/did_you_mean/version.rb".freeze, 
"test/core_ext/name_error_extension_test.rb".freeze, 
"test/edit_distance/jaro_winkler_test.rb".freeze, 
"test/experimental/initializer_name_correction_test.rb".freeze, 
"test/experimental/method_name_checker_test.rb".freeze, 
"test/spell_checker_test.rb".freeze, 
"test/spell_checking/class_name_check_test.rb".freeze, 
"test/spell_checking/key_name_check_test.rb".freeze, 
"test/spell_checking/method_name_check_test.rb".freeze, 
"test/spell_checking/uncorrectable_name_check_test.rb".freeze, 
"test/spell_checking/variable_name_check_test.rb".freeze, 
"test/test_helper.rb".freeze, "test/verbose_formatter_test.rb".freeze]
+  s.files = [".gitignore".freeze, ".ruby-version".freeze, 
".travis.yml".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, 
"LICENSE.txt".freeze, "README.md".freeze, "Rakefile".freeze, 
"benchmark/jaro_winkler/memory_usage.rb".freeze, 
"benchmark/jaro_winkler/speed.rb".freeze, 
"benchmark/levenshtein/memory_usage.rb".freeze, 
"benchmark/levenshtein/speed.rb".freeze, "benchmark/memory_usage.rb".freeze, 
"did_you_mean.gemspec".freeze, "doc/CHANGELOG.md.erb".freeze, 
"doc/changelog_generator.rb".freeze, "evaluation/calculator.rb".freeze, 
"evaluation/dictionary_generator.rb".freeze, 
"evaluation/incorrect_words.yaml".freeze, "lib/did_you_mean.rb".freeze, 
"lib/did_you_mean/core_ext/name_error.rb".freeze, 
"lib/did_you_mean/experimental.rb".freeze, 
"lib/did_you_mean/experimental/initializer_name_correction.rb".freeze, 
"lib/did_you_mean/experimental/ivar_name_correction.rb".freeze, 
"lib/did_you_mean/formatters/plain_formatter.rb".freeze, 
"lib/did_you_mean/formatters/verbose_formatter.rb".freeze, 
"lib/did_you_mean/jaro_winkler.rb".freeze, 
"lib/did_you_mean/levenshtein.rb".freeze, 
"lib/did_you_mean/spell_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/key_error_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/method_name_checker.rb".freeze, 
"lib/did_you_mean/spell_checkers/name_error_checkers.rb".freeze, 
"lib/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb".freeze,
 
"lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb".freeze,
 "lib/did_you_mean/spell_checkers/null_checker.rb".freeze, 
"lib/did_you_mean/verbose.rb".freeze, 
"lib/did_you_mean/verbose_formatter.rb".freeze, 
"lib/did_you_mean/version.rb".freeze, 
"test/core_ext/name_error_extension_test.rb".freeze, 
"test/edit_distance/jaro_winkler_test.rb".freeze, 
"test/experimental/initializer_name_correction_test.rb".freeze, 
"test/experimental/method_name_checker_test.rb".freeze, 
"test/spell_checker_test.rb".freeze, 
"test/spell_checking/class_name_check_test.rb".freeze, 
"test/spell_checking/key_name_check_test.rb".freeze, 
"test/spell_checking/method_name_check_test.rb".freeze, 
"test/spell_checking/uncorrectable_name_check_test.rb".freeze, 
"test/spell_checking/variable_name_check_test.rb".freeze, 
"test/test_helper.rb".freeze, 
"test/verbose_formatter_test.rb".freeze].reject{|path| 
path.start_with?('evaluation/') }
   s.homepage = "https://github.com/yuki24/did_you_mean".freeze
   s.licenses = ["MIT".freeze]
   s.required_ruby_version = Gem::Requirement.new(">= 2.5.0dev".freeze)
++++++ ruby-2.5.5.tar.xz -> ruby-2.5.7.tar.xz ++++++
/work/SRC/openSUSE:Leap:15.2/ruby2.5/ruby-2.5.5.tar.xz 
/work/SRC/openSUSE:Leap:15.2/.ruby2.5.new.3160/ruby-2.5.7.tar.xz differ: char 
26, line 1

commit ruby2.5 for openSUSE:Leap:15.2

Reply via email to