commit rubygem-sprockets for openSUSE:Factory

24 Nov 2014

Hello community,

here is the log from the commit of package rubygem-sprockets for openSUSE:Factory checked in at 2014-11-24 11:12:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-sprockets (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-sprockets.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-sprockets"

Changes:
--------

--- /work/SRC/openSUSE:Factory/rubygem-sprockets/rubygem-sprockets.changes	2014-05-21 16:30:27.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-sprockets.new/rubygem-sprockets.changes	2014-11-24 11:12:49.000000000 +0100
@@ -1,0 +2,10 @@
+Sun Oct 12 16:49:48 UTC 2014 - coolo@suse.com
+
+- updated to version 2.12.2
+ * Ensure internal asset lookups calls are still restricted to load paths within
+   asset compiles. Though, you should not depend on internal asset resolves to be
+   completely restricted for security reasons. Assets themselves should be
+   considered full scripting environments with filesystem access.
+- adapt to new rubygem packaging
+
+-------------------------------------------------------------------

Old:
----
  sprockets-2.12.1.gem

New:
----
  sprockets-2.12.2.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-sprockets.spec ++++++
--- /var/tmp/diff_new_pack.NEZxEX/_old	2014-11-24 11:12:49.000000000 +0100
+++ /var/tmp/diff_new_pack.NEZxEX/_new	2014-11-24 11:12:49.000000000 +0100
@@ -17,15 +17,14 @@
 
 
 Name:           rubygem-sprockets
-Version:        2.12.1
+Version:        2.12.2
 Release:        0
 %define mod_name sprockets
 %define mod_full_name %{mod_name}-%{version}
-%define mod_branch -%{version}
-%define mod_weight 21201
-
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  ruby-macros >= 3
+BuildRequires:  %{rubygem gem2rpm}
+BuildRequires:  %{ruby}
+BuildRequires:  ruby-macros >= 5
 BuildRequires:  update-alternatives
 Url:            http://getsprockets.org/
 Source:         http://rubygems.org/gems/%{mod_full_name}.gem
@@ -38,54 +37,16 @@
 Sprockets is a Rack-based asset packaging system that concatenates and serves
 JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
 
-%package doc
-Summary:        RDoc documentation for %{mod_name}
-Group:          Development/Languages/Ruby
-Requires:       %{name} = %{version}
-
-%description doc
-Documentation generated at gem installation time.
-Usually in RDoc and RI formats.
-
 %prep
-#gem_unpack
-#if you need patches, apply them here and replace the # with a % sign in the surrounding lines
-#gem_build
 
 %build
 
 %install
-%gem_install -f
-mkdir -p %{buildroot}%{_sysconfdir}/alternatives
-mv %{buildroot}%{_bindir}/sprockets{,%{mod_branch}}
-touch %{buildroot}%{_sysconfdir}/alternatives/sprockets
-ln -s %{_sysconfdir}/alternatives/sprockets %{buildroot}%{_bindir}/sprockets
-
-mkdir -p %{buildroot}%{_docdir}/%{name}
-ln -s %{gem_base}/gems/%{mod_full_name}/LICENSE %buildroot/%{_docdir}/%{name}/LICENSE
-ln -s %{gem_base}/gems/%{mod_full_name}/README.md %buildroot/%{_docdir}/%{name}/README.md
-
-%post
-/usr/sbin/update-alternatives --install \
-    %{_bindir}/sprockets sprockets %{_bindir}/sprockets%{mod_branch} %{mod_weight}
-
-%preun
-if [ "$1" = 0 ] ; then
-    /usr/sbin/update-alternatives --remove sprockets %{_bindir}/sprockets%{mod_branch}
-fi
-
-%files
-%defattr(-,root,root,-)
-%{_docdir}/%{name}
-%{_bindir}/sprockets%{mod_branch}
-%{_bindir}/sprockets
-%ghost %{_sysconfdir}/alternatives/sprockets
-%{gem_base}/cache/%{mod_full_name}.gem
-%{gem_base}/gems/%{mod_full_name}/
-%{gem_base}/specifications/%{mod_full_name}.gemspec
-
-%files doc
-%defattr(-,root,root,-)
-%doc %{gem_base}/doc
+%gem_install \
+  --symlink-binaries \
+  --doc-files="LICENSE README.md" \
+  -f
+
+%gem_packages
 
 %changelog

++++++ sprockets-2.12.1.gem -> sprockets-2.12.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md
--- old/README.md	1970-01-01 01:00:00.000000000 +0100
+++ new/README.md	2014-09-06 06:34:57.000000000 +0200
@@ -366,6 +366,13 @@
 
 ## Version History ##
 
+**2.12.2** (September 5, 2014)
+
+* Ensure internal asset lookups calls are still restricted to load paths within
+  asset compiles. Though, you should not depend on internal asset resolves to be
+  completely restricted for security reasons. Assets themselves should be
+  considered full scripting environments with filesystem access.
+
 **2.12.1** (April 17, 2014)
 
 * Fix making manifest target directory when its different than the output directory.
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/base.rb new/lib/sprockets/base.rb
--- old/lib/sprockets/base.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/lib/sprockets/base.rb	2014-09-06 06:34:57.000000000 +0200
@@ -261,7 +261,7 @@
     # Find asset by logical path or expanded path.
     def find_asset(path, options = {})
       logical_path = path
-      pathname     = Pathname.new(path)
+      pathname     = Pathname.new(path).cleanpath
 
       if pathname.absolute?
         return unless stat(pathname)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/sass_functions.rb new/lib/sprockets/sass_functions.rb
--- old/lib/sprockets/sass_functions.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/lib/sprockets/sass_functions.rb	2014-09-06 06:34:57.000000000 +0200
@@ -3,59 +3,59 @@
 module Sprockets
   module SassFunctions
     def asset_path(path)
-      Sass::Script::String.new(sprockets_context.asset_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.asset_path(path.value), :string)
     end
 
     def asset_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.asset_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.asset_path(path.value) + ")")
     end
 
     def image_path(path)
-      Sass::Script::String.new(sprockets_context.image_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.image_path(path.value), :string)
     end
 
     def image_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.image_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.image_path(path.value) + ")")
     end
 
     def video_path(path)
-      Sass::Script::String.new(sprockets_context.video_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.video_path(path.value), :string)
     end
 
     def video_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.video_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.video_path(path.value) + ")")
     end
 
     def audio_path(path)
-      Sass::Script::String.new(sprockets_context.audio_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.audio_path(path.value), :string)
     end
 
     def audio_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.audio_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.audio_path(path.value) + ")")
     end
 
     def font_path(path)
-      Sass::Script::String.new(sprockets_context.font_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.font_path(path.value), :string)
     end
 
     def font_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.font_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.font_path(path.value) + ")")
     end
 
     def javascript_path(path)
-      Sass::Script::String.new(sprockets_context.javascript_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.javascript_path(path.value), :string)
     end
 
     def javascript_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.javascript_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.javascript_path(path.value) + ")")
     end
 
     def stylesheet_path(path)
-      Sass::Script::String.new(sprockets_context.stylesheet_path(path.value), :string)
+      ::Sass::Script::String.new(sprockets_context.stylesheet_path(path.value), :string)
     end
 
     def stylesheet_url(path)
-      Sass::Script::String.new("url(" + sprockets_context.stylesheet_path(path.value) + ")")
+      ::Sass::Script::String.new("url(" + sprockets_context.stylesheet_path(path.value) + ")")
     end
 
     protected
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/sass_importer.rb new/lib/sprockets/sass_importer.rb
--- old/lib/sprockets/sass_importer.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/lib/sprockets/sass_importer.rb	2014-09-06 06:34:57.000000000 +0200
@@ -3,7 +3,7 @@
 module Sprockets
   # This custom importer that tracks all imported filenames during
   # compile.
-  class SassImporter < Sass::Importers::Filesystem
+  class SassImporter < ::Sass::Importers::Filesystem
     attr_reader :imported_filenames
 
     def initialize(*args)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/version.rb new/lib/sprockets/version.rb
--- old/lib/sprockets/version.rb	1970-01-01 01:00:00.000000000 +0100
+++ new/lib/sprockets/version.rb	2014-09-06 06:34:57.000000000 +0200
@@ -1,3 +1,3 @@
 module Sprockets
-  VERSION = "2.12.1"
+  VERSION = "2.12.2"
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata	1970-01-01 01:00:00.000000000 +0100
+++ new/metadata	2014-09-06 06:34:57.000000000 +0200
@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sprockets
 version: !ruby/object:Gem::Version
-  version: 2.12.1
+  version: 2.12.2
 platform: ruby
 authors:
 - Sam Stephenson
@@ -9,236 +9,236 @@
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-17 00:00:00.000000000 Z
+date: 2014-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hike
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - '!='
+    - - "!="
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - '!='
+    - - "!="
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: closure-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coffee-script
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
   name: coffee-script-source
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: eco
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: ejs
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: execjs
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sass
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: uglifier
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yui-compressor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Sprockets is a Rack-based asset packaging system that concatenates and
@@ -251,9 +251,11 @@
 extensions: []
 extra_rdoc_files: []
 files:
-- README.md
 - LICENSE
+- README.md
+- bin/sprockets
 - lib/rake/sprocketstask.rb
+- lib/sprockets.rb
 - lib/sprockets/asset.rb
 - lib/sprockets/asset_attributes.rb
 - lib/sprockets/base.rb
@@ -291,8 +293,6 @@
 - lib/sprockets/utils.rb
 - lib/sprockets/version.rb
 - lib/sprockets/yui_compressor.rb
-- lib/sprockets.rb
-- bin/sprockets
 homepage: http://getsprockets.org/
 licenses:
 - MIT
@@ -303,19 +303,18 @@
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: sprockets
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Rack-based asset packaging system
 test_files: []
-has_rdoc: 

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠hilbert.suse.de

tags

participants (1)