Hello community, here is the log from the commit of package ruby19 for openSUSE:Factory checked in at 2013-11-07 08:44:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ruby19 (Old) and /work/SRC/openSUSE:Factory/.ruby19.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ruby19" Changes: -------- --- /work/SRC/openSUSE:Factory/ruby19/ruby19.changes 2013-07-16 16:15:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ruby19.new/ruby19.changes 2013-11-07 08:44:24.000000000 +0100 @@ -0,0 +1,5 @@ +Mon Oct 21 12:21:32 UTC 2013 - jmassaguerpla@suse.com + +- fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability (bnc#837457) + The file CVE-2013-4287-4363.patch contains the patch + New: ---- CVE-2013-4287-4363.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby19.spec ++++++ --- /var/tmp/diff_new_pack.poISmM/_old 2013-11-07 08:44:25.000000000 +0100 +++ /var/tmp/diff_new_pack.poISmM/_new 2013-11-07 08:44:25.000000000 +0100 @@ -75,6 +75,7 @@ Patch2: ruby19-export_init_prelude.patch Patch3: ruby-sort-rdoc-output.patch Patch4: thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch +Patch5: CVE-2013-4287-4363.patch # Summary: An Interpreted Object-Oriented Scripting Language License: BSD-2-Clause or Ruby @@ -214,6 +215,7 @@ %patch2 -p1 %patch3 -p1 %patch4 +%patch5 -p1 %if 0%{?needs_optimization_zero} touch -r configure configure.timestamp perl -p -i.bak -e 's|-O2|-O0|g' configure ++++++ CVE-2013-4287-4363.patch ++++++ diff -Naur a/lib/rubygems/version.rb b/lib/rubygems/version.rb --- a/lib/rubygems/version.rb 2013-10-18 13:56:08.178585912 +0200 +++ b/lib/rubygems/version.rb 2013-10-18 13:59:37.788597985 +0200 @@ -146,7 +146,7 @@ include Comparable VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc: ## # A string representation of this Version. diff -Naur a/test/rubygems/test_gem_requirement.rb b/test/rubygems/test_gem_requirement.rb --- a/test/rubygems/test_gem_requirement.rb 2013-10-18 13:56:08.150585911 +0200 +++ b/test/rubygems/test_gem_requirement.rb 2013-10-18 14:03:29.201611312 +0200 @@ -37,17 +37,22 @@ end def test_parse_bad - e = assert_raises ArgumentError do - Gem::Requirement.parse nil + [ + nil, + '', + '! 1', + '= junk', + '1..2', + ].each do |bad| + e = assert_raises Gem::Requirement::BadRequirementError do + Gem::Requirement.parse bad + end + assert_equal 'Illformed requirement [""]', e.message end - - assert_equal 'Illformed requirement [nil]', e.message - e = assert_raises ArgumentError do Gem::Requirement.parse "" end - assert_equal 'Illformed requirement [""]', e.message end def test_prerelease_eh diff -Naur a/test/rubygems/test_gem_version.rb b/test/rubygems/test_gem_version.rb --- a/test/rubygems/test_gem_version.rb 2013-10-18 13:56:08.150585911 +0200 +++ b/test/rubygems/test_gem_version.rb 2013-10-18 14:04:42.441615531 +0200 @@ -64,12 +64,17 @@ end def test_initialize_bad - ["junk", "1.0\n2.0"].each do |bad| - e = assert_raises ArgumentError do + %W[ + junk + 1.0\n2.0 + 1..2 + 1.2\ 3.4 + ].each do |bad| + e = assert_raises ArgumentError, bad do Gem::Version.new bad end - assert_equal "Malformed version number string #{bad}", e.message + assert_equal "Malformed version number string #{bad}", e.message, bad end end -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org