Hello community,
here is the log from the commit of package ruby20 for openSUSE:13.1 checked in
at 2013-10-31 15:45:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1/ruby20 (Old)
and /work/SRC/openSUSE:13.1/.ruby20.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby20"
Changes:
--------
--- /work/SRC/openSUSE:13.1/ruby20/ruby20.changes 2013-09-23
11:08:10.000000000 +0200
+++ /work/SRC/openSUSE:13.1/.ruby20.new/ruby20.changes 2013-10-31
15:45:52.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Oct 21 15:14:27 UTC 2013 - jmassaguer...@suse.com
+
+- fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity
vulnerability (bnc#837457)
+ The file CVE-2013-4287-4363.patch contains the patch
+
+-------------------------------------------------------------------
New:
----
CVE-2013-4287-4363.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ruby20.spec ++++++
--- /var/tmp/diff_new_pack.ofvsiC/_old 2013-10-31 15:45:52.000000000 +0100
+++ /var/tmp/diff_new_pack.ofvsiC/_new 2013-10-31 15:45:52.000000000 +0100
@@ -69,6 +69,7 @@
Source6: ruby20.macros
Patch0: rubygems-1.5.0_buildroot.patch
Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch
+Patch2: CVE-2013-4287-4363.patch
#
Summary: An Interpreted Object-Oriented Scripting Language
License: BSD-2-Clause or Ruby
@@ -205,6 +206,7 @@
%setup -q -n ruby-%{pkg_version}-%{patch_level}
%patch0
%patch1
+%patch2 -p1
find sample -type f -print0 | xargs -r0 chmod a-x
grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
| xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby2.0$1|'
++++++ CVE-2013-4287-4363.patch ++++++
diff -Naur a/lib/rubygems/version.rb b/lib/rubygems/version.rb
--- a/lib/rubygems/version.rb 2013-10-21 16:53:11.442939806 +0200
+++ b/lib/rubygems/version.rb 2013-10-21 17:20:41.741034852 +0200
@@ -148,7 +148,7 @@
# FIX: These are only used once, in .correct?. Do they deserve to be
# constants?
VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc:
##
# A string representation of this Version.
diff -Naur a/test/rubygems/test_gem_requirement.rb
b/test/rubygems/test_gem_requirement.rb
--- a/test/rubygems/test_gem_requirement.rb 2013-10-21 16:53:11.412939804
+0200
+++ b/test/rubygems/test_gem_requirement.rb 2013-10-21 17:21:57.796039232
+0200
@@ -47,18 +47,23 @@
end
def test_parse_bad
- e = assert_raises Gem::Requirement::BadRequirementError do
- Gem::Requirement.parse nil
+ [
+ nil,
+ '',
+ '! 1',
+ '= junk',
+ '1..2',
+ ].each do |bad|
+ e = assert_raises Gem::Requirement::BadRequirementError do
+ Gem::Requirement.parse bad
+ end
+ assert_equal 'Illformed requirement [""]', e.message
end
- assert_equal 'Illformed requirement [nil]', e.message
-
e = assert_raises Gem::Requirement::BadRequirementError do
Gem::Requirement.parse ""
end
- assert_equal 'Illformed requirement [""]', e.message
-
assert_equal Gem::Requirement::BadRequirementError.superclass,
ArgumentError
end
diff -Naur a/test/rubygems/test_gem_version.rb
b/test/rubygems/test_gem_version.rb
--- a/test/rubygems/test_gem_version.rb 2013-10-21 16:53:11.412939804 +0200
+++ b/test/rubygems/test_gem_version.rb 2013-10-21 17:20:41.741034852 +0200
@@ -67,12 +67,17 @@
end
def test_initialize_bad
- ["junk", "1.0\n2.0"].each do |bad|
- e = assert_raises ArgumentError do
+ %W[
+ junk
+ 1.0\n2.0
+ 1..2
+ 1.2\ 3.4
+ ].each do |bad|
+ e = assert_raises ArgumentError, bad do
Gem::Version.new bad
end
- assert_equal "Malformed version number string #{bad}", e.message
+ assert_equal "Malformed version number string #{bad}", e.message, bad
end
end
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
