Hello community, here is the log from the commit of package rubygem-bundler.3655 for openSUSE:13.1:Update checked in at 2015-03-30 16:19:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/rubygem-bundler.3655 (Old) and /work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-bundler.3655" Changes: -------- New Changes file: --- /dev/null 2015-03-12 01:14:30.992027505 +0100 +++ /work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new/rubygem-bundler.changes 2015-03-30 16:19:01.000000000 +0200 @@ -0,0 +1,430 @@ +------------------------------------------------------------------- +Tue Mar 17 11:49:40 UTC 2015 - jmassaguerpla@suse.com + +- fix broken link to /usr/bin/bundle + When updating this package, the update-alternatives was not being + called to remove the previous link, resulting into a broken link. + +- Remove CA files. Latest commit included some Certificate + Authority files. For security reasons we don't want to + distribute them, otherwise if the CA gets compromised, revoking it + can be difficult if CA pem files are distributed in different RPMs. + +------------------------------------------------------------------- +Tue Mar 10 14:03:45 UTC 2015 - jmassaguerpla@suse.com + +- Update to 1.8.4 + +See changelog at + +https://github.com/bundler/bundler/blob/1-8-stable/CHANGELOG.md + +it includes fixes for: + +* Hide credentials while warning about gems with ambiguous sources +* Warn when more than one top-level source is present +* Vendor CA chain to validate new rubygems.org HTTPS certificate +* CA certificates that work with all OpenSSLs + +... and other bugfixes + +it includes features: + +* Add config disable_multisource option to ensure sources can't compete +* Add package --cache-path and config cache_path for cache location + +... and other features + +------------------------------------------------------------------- +Tue Mar 10 10:36:37 UTC 2015 - jmassaguerpla@suse.com + +- Update to 1.7.0 in order to fix CVE-2013-0334: installing gems + from an unexpected source (bnc#898205) + +The patch for this security issue couldn't be applied to 1.0.21 thus +we needed to update to 1.7.0 to have this fix. + +Upstream has assured 1.7.0 is backwards compatible with 1.0.21. + +Updating to 1.7.0 has introduced more than the security fix. For +a detailed list see + https://github.com/bundler/bundler/blob/1-7-stable/CHANGELOG.md + +------------------------------------------------------------------- +Fri Jul 12 10:15:25 UTC 2013 - coolo@suse.com + +- fix update-alternatives usage + +------------------------------------------------------------------- +Fri Apr 12 07:49:18 UTC 2013 - coolo@suse.com + +- updated to version 1.3.5 + Features: + + - progress indicator while resolver is running (@chief) + + Bugfixes: + + - update local overrides with orphaned revisions (@jamesferguson) + - revert to working quoting of RUBYOPT on Windows (@ogra) + - use basic auth even when SSL is not available (@jayniz) + - installing git gems without dependencies in deployment now works + +------------------------------------------------------------------- +Mon Mar 18 06:10:25 UTC 2013 - coolo@suse.com + +- updated to version 1.3.4 + Bugfixes: + + - load YAML on Rubygems version that define module YAML + - fix regression that broke --without on ruby 1.8.7 + + ## 1.3.3 (13 March 2013) + + Features: + + - compatible with Rubygems 2.0.2 (higher and lower already work) + - mention skipped groups in bundle install and bundle update output (@simi) + - `gem` creates rake tasks for minitest (@coop) and rspec + + Bugfixes: + + - require rbconfig for standalone mode + - revert to working quoting of RUBYOPT on Windows (@ogra) + + ## 1.3.2 (7 March 2013) + + Features: + + - include rubygems.org CA chain + + Bugfixes: + + - don't store --dry-run as a Bundler setting + +------------------------------------------------------------------- +Sun Mar 3 19:16:07 UTC 2013 - coolo@suse.com + +- updated to version 1.3.1 + Bugfixes: + + - include manpages in gem, restoring many help pages + - handle more SSL certificate verification failures + - check for the full version of SSL, which we need (@alup) + - gem rake task 'install' now depends on task 'build' (@sunaku) + +------------------------------------------------------------------- +Sun Mar 3 09:31:31 UTC 2013 - coolo@suse.com + +- updated to version 1.3.0 + - long feature list, see CHANGELOG.md + +------------------------------------------------------------------- +Fri Nov 30 14:39:22 UTC 2012 - coolo@suse.com + +- updated to version 1.2.3 + - fix exceptions while loading some gemspecs + +------------------------------------------------------------------- +Thu Nov 15 11:05:08 UTC 2012 - coolo@suse.com + +- updated to version 1.2.2 + - support new Psych::SyntaxError for Ruby 2.0.0 (@tenderlove, @sol) + - `bundle viz` works with git gems again (@hirochachacha) + - recognize more cases when OpenSSL is not present + +------------------------------------------------------------------- +Wed Sep 19 14:52:18 UTC 2012 - coolo@suse.com + +- updated to version 1.2.1 + Bugfixes: + - `bundle clean` now works with BUNDLE_WITHOUT groups again + - have a net/http read timeout around the Gemcutter API Endpoint + +------------------------------------------------------------------- +Fri Aug 31 07:18:46 UTC 2012 - coolo@suse.com + +- updated to version 1.2.0 + Bugfixes: + + - raise original error message from LoadError's + + Documentation: + + - `platform` man pages + + ## 1.2.0.rc.2 (Aug 8, 2012) + + Bugfixes: + + - `clean` doesn't remove gems that are included in the lockfile + + ## 1.2.0.rc (Jul 17, 2012) + + Features: + + - `check` now has a `--dry-run` option (@svenfuchs, #1811) + - loosen ruby directive for engines + - prune git/path directories inside vendor/cache (@josevalim, #1988) + - update vendored thor to 0.15.2 (@sferik) + - add .txt to LICENSE (@postmodern, #2001) + - add `config disable_local_branch_check` (@josevalim, #1985) + - fall back on the full index when experiencing syck errors (#1419) + - handle syntax errors in Ruby gemspecs (#1974) + + Bugfixes: + + - fix `pack`/`cache` with `--all` (@josevalim, #1989) + - don't display warning message when `cache_all` is set + - check for `nil` PATH (#2006) + - Always try to keep original GEM_PATH (@drogus, #1920) + +------------------------------------------------------------------- +Tue Jul 31 14:35:25 UTC 2012 - jreidinger@suse.com + +- use new gem2rpm to get new provisions + +------------------------------------------------------------------- +Sun Jul 22 14:18:05 UTC 2012 - coolo@suse.com + +- update to 1.1.5 + - Special case `ruby` directive from 1.2.0, so you can install Gemfiles that use it + +------------------------------------------------------------------- +Mon Jun 25 19:02:52 UTC 2012 - coolo@suse.com + +- update to 1.1.4 + - Use `latest_release` in Capistrano and Vlad integration (#1264) ++++ 233 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.rubygem-bundler.3655.new/rubygem-bundler.changes New: ---- bundler-1.8.4.gem gemspec_remove_pem.patch rubygem-bundler.changes rubygem-bundler.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-bundler.spec ++++++ # # spec file for package rubygem-bundler # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: rubygem-bundler Version: 1.8.4 Release: 0 %define mod_name bundler %define mod_full_name %{mod_name}-%{version} %define mod_branch -%{version} %define mod_weight 10305 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: ruby-macros >= 1 Requires: ruby >= 1.8.7 BuildRequires: ruby-devel >= 1.8.7 BuildRequires: update-alternatives Url: http://gembundler.com Source: http://rubygems.org/gems/%{mod_full_name}.gem Source1: gemspec_remove_pem.patch Summary: The best way to manage your application's dependencies License: MIT Group: Development/Languages/Ruby PreReq: update-alternatives %description Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably %package doc Summary: RDoc documentation for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description doc Documentation generated at gem installation time. Usually in RDoc and RI formats. %package testsuite Summary: Test suite for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description testsuite Test::Unit or RSpec files, useful for developers. %prep gem unpack --verbose %{S:0} pushd %{mod_full_name} chmod -R go-w . gem spec --ruby %{S:0} > %{mod_name}.gemspec rm lib/bundler/ssl_certs/*.pem patch -p1 < %{S:1} gem build %{mod_name}.gemspec popd %build %install %gem_install -f %{mod_full_name}/%{mod_full_name}.gem mv %{buildroot}%{_bindir}/bundle{,%{mod_branch}} mkdir -p %{buildroot}%{_docdir}/%{name} ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/CHANGELOG.md %buildroot/%{_docdir}/%{name}/CHANGELOG.md ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/LICENSE.md %buildroot/%{_docdir}/%{name}/LICENSE.md ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/README.md %buildroot/%{_docdir}/%{name}/README.md %post /usr/sbin/update-alternatives --install \ %{_bindir}/bundle bundle %{_bindir}/bundle%{mod_branch} %{mod_weight} %preun /usr/sbin/update-alternatives --remove bundle %{_bindir}/bundle%{mod_branch} %posttrans if [ -L /etc/alternatives/bundle ] && [ ! -e /etc/alternatives/bundle ];then # this is a broken link # see bnc#898205 /usr/sbin/update-alternatives --install \ %{_bindir}/bundle bundle %{_bindir}/bundle%{mod_branch} %{mod_weight} fi %files %defattr(-,root,root,-) %{_docdir}/%{name} %{_bindir}/bundle%{mod_branch} %{_bindir}/bundler %ghost %{_sysconfdir}/alternatives/bundle %{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/ %{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec %files doc %defattr(-,root,root,-) %doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/ %changelog ++++++ gemspec_remove_pem.patch ++++++ diff -Naur a/bundler.gemspec b/bundler.gemspec --- a/bundler.gemspec 2015-03-10 17:52:09.495903432 +0100 +++ b/bundler.gemspec 2015-03-10 17:52:40.003903890 +0100 @@ -36,5 +36,9 @@ s.add_dependency(%q<ronn>, ["~> 0.7.3"]) s.add_dependency(%q<rspec>, ["~> 3.0.0.beta1"]) end + # remove pem files + s.files -= ["lib/bundler/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem", "lib/bundler/ssl_certs/DigiCertHighAssuranceEVRootCA.pem", "lib/bundler/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem", "lib/bundler/ssl_certs/GeoTrustGlobalCA.pem"] + s.files -= ["lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem", "lib/bundler/ssl_certs/AddTrustExternalCARoot.pem"] + end -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org