Hello community, here is the log from the commit of package ruby20 for openSUSE:13.1 checked in at 2013-10-31 15:45:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/ruby20 (Old) and /work/SRC/openSUSE:13.1/.ruby20.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby20" Changes: -------- --- /work/SRC/openSUSE:13.1/ruby20/ruby20.changes 2013-09-23 11:08:10.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.ruby20.new/ruby20.changes 2013-10-31 15:45:52.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Oct 21 15:14:27 UTC 2013 - jmassaguer...@suse.com + +- fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability (bnc#837457) + The file CVE-2013-4287-4363.patch contains the patch + +------------------------------------------------------------------- New: ---- CVE-2013-4287-4363.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby20.spec ++++++ --- /var/tmp/diff_new_pack.ofvsiC/_old 2013-10-31 15:45:52.000000000 +0100 +++ /var/tmp/diff_new_pack.ofvsiC/_new 2013-10-31 15:45:52.000000000 +0100 @@ -69,6 +69,7 @@ Source6: ruby20.macros Patch0: rubygems-1.5.0_buildroot.patch Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch +Patch2: CVE-2013-4287-4363.patch # Summary: An Interpreted Object-Oriented Scripting Language License: BSD-2-Clause or Ruby @@ -205,6 +206,7 @@ %setup -q -n ruby-%{pkg_version}-%{patch_level} %patch0 %patch1 +%patch2 -p1 find sample -type f -print0 | xargs -r0 chmod a-x grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \ | xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby2.0$1|' ++++++ CVE-2013-4287-4363.patch ++++++ diff -Naur a/lib/rubygems/version.rb b/lib/rubygems/version.rb --- a/lib/rubygems/version.rb 2013-10-21 16:53:11.442939806 +0200 +++ b/lib/rubygems/version.rb 2013-10-21 17:20:41.741034852 +0200 @@ -148,7 +148,7 @@ # FIX: These are only used once, in .correct?. Do they deserve to be # constants? VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc: ## # A string representation of this Version. diff -Naur a/test/rubygems/test_gem_requirement.rb b/test/rubygems/test_gem_requirement.rb --- a/test/rubygems/test_gem_requirement.rb 2013-10-21 16:53:11.412939804 +0200 +++ b/test/rubygems/test_gem_requirement.rb 2013-10-21 17:21:57.796039232 +0200 @@ -47,18 +47,23 @@ end def test_parse_bad - e = assert_raises Gem::Requirement::BadRequirementError do - Gem::Requirement.parse nil + [ + nil, + '', + '! 1', + '= junk', + '1..2', + ].each do |bad| + e = assert_raises Gem::Requirement::BadRequirementError do + Gem::Requirement.parse bad + end + assert_equal 'Illformed requirement [""]', e.message end - assert_equal 'Illformed requirement [nil]', e.message - e = assert_raises Gem::Requirement::BadRequirementError do Gem::Requirement.parse "" end - assert_equal 'Illformed requirement [""]', e.message - assert_equal Gem::Requirement::BadRequirementError.superclass, ArgumentError end diff -Naur a/test/rubygems/test_gem_version.rb b/test/rubygems/test_gem_version.rb --- a/test/rubygems/test_gem_version.rb 2013-10-21 16:53:11.412939804 +0200 +++ b/test/rubygems/test_gem_version.rb 2013-10-21 17:20:41.741034852 +0200 @@ -67,12 +67,17 @@ end def test_initialize_bad - ["junk", "1.0\n2.0"].each do |bad| - e = assert_raises ArgumentError do + %W[ + junk + 1.0\n2.0 + 1..2 + 1.2\ 3.4 + ].each do |bad| + e = assert_raises ArgumentError, bad do Gem::Version.new bad end - assert_equal "Malformed version number string #{bad}", e.message + assert_equal "Malformed version number string #{bad}", e.message, bad end end -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org