Hello community, here is the log from the commit of package facter for openSUSE:Factory checked in at 2014-06-27 06:53:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/facter (Old) and /work/SRC/openSUSE:Factory/.facter.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "facter" Changes: -------- --- /work/SRC/openSUSE:Factory/facter/facter.changes 2014-05-17 21:43:38.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.facter.new/facter.changes 2014-06-27 06:53:21.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Jun 26 13:47:03 UTC 2014 - vdziewiecki@suse.com + +- Update to 2.0.2: fix CVE-2014-3248 (An attacker could convince +an administrator to unknowingly execute malicious code on platforms +with Ruby 1.9.1 and earlier) + +------------------------------------------------------------------- Old: ---- facter-2.0.1.tar.gz New: ---- facter-2.0.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ facter.spec ++++++ --- /var/tmp/diff_new_pack.B9jL32/_old 2014-06-27 06:53:22.000000000 +0200 +++ /var/tmp/diff_new_pack.B9jL32/_new 2014-06-27 06:53:22.000000000 +0200 @@ -17,7 +17,7 @@ Name: facter -Version: 2.0.1 +Version: 2.0.2 Release: 0 Summary: A cross-platform Ruby library for retrieving facts from operating systems License: Apache-2.0 ++++++ facter-2.0.1.tar.gz -> facter-2.0.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/bin/facter new/facter-2.0.2/bin/facter --- old/facter-2.0.1/bin/facter 2014-04-01 19:23:03.000000000 +0200 +++ new/facter-2.0.2/bin/facter 2014-06-06 20:02:18.000000000 +0200 @@ -1,5 +1,9 @@ #!/usr/bin/env ruby +# For security reasons, ensure that '.' is not on the load path +# This is primarily for 1.8.7 since 1.9.2+ doesn't put '.' on the load path +$LOAD_PATH.delete '.' + # Bundler and rubygems maintain a set of directories from which to # load gems. If Bundler is loaded, let it determine what can be # loaded. If it's not loaded, then use rubygems. But do this before diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/build_defaults.yaml new/facter-2.0.2/ext/build_defaults.yaml --- old/facter-2.0.1/ext/build_defaults.yaml 2014-04-01 19:23:03.000000000 +0200 +++ new/facter-2.0.2/ext/build_defaults.yaml 2014-06-06 20:02:18.000000000 +0200 @@ -2,7 +2,7 @@ packaging_url: 'git://github.com/puppetlabs/packaging.git --branch=master' packaging_repo: 'packaging' default_cow: 'base-squeeze-i386.cow' -cows: 'base-lucid-i386.cow base-lucid-amd64.cow base-precise-i386.cow base-precise-amd64.cow base-quantal-i386.cow base-quantal-amd64.cow base-raring-i386.cow base-raring-amd64.cow base-saucy-i386.cow base-saucy-amd64.cow base-sid-i386.cow base-sid-amd64.cow base-squeeze-i386.cow base-squeeze-amd64.cow base-stable-i386.cow base-stable-amd64.cow base-testing-i386.cow base-testing-amd64.cow base-trusty-i386.cow base-trusty-amd64.cow base-unstable-i386.cow base-unstable-amd64.cow base-wheezy-i386.cow base-wheezy-amd64.cow' +cows: 'base-lucid-i386.cow base-lucid-amd64.cow base-precise-i386.cow base-precise-amd64.cow base-quantal-i386.cow base-quantal-amd64.cow base-saucy-i386.cow base-saucy-amd64.cow base-sid-i386.cow base-sid-amd64.cow base-squeeze-i386.cow base-squeeze-amd64.cow base-stable-i386.cow base-stable-amd64.cow base-testing-i386.cow base-testing-amd64.cow base-trusty-i386.cow base-trusty-amd64.cow base-unstable-i386.cow base-unstable-amd64.cow base-wheezy-i386.cow base-wheezy-amd64.cow' pbuild_conf: '/etc/pbuilderrc' packager: 'puppetlabs' gpg_name: 'info@puppetlabs.com' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/debian/changelog new/facter-2.0.2/ext/debian/changelog --- old/facter-2.0.1/ext/debian/changelog 2014-04-01 19:23:07.000000000 +0200 +++ new/facter-2.0.2/ext/debian/changelog 2014-06-06 20:02:21.000000000 +0200 @@ -1,8 +1,8 @@ -facter (2.0.1-1puppetlabs1) lucid unstable sid wheezy lucid squeeze precise quantal raring; urgency=low +facter (2.0.2-1puppetlabs1) lucid unstable sid wheezy lucid squeeze precise quantal raring; urgency=low * Update to version - -- Puppet Labs Release <info@puppetlabs.com> Tue, 01 Apr 2014 10:23:07 -0700 + -- Puppet Labs Release <info@puppetlabs.com> Fri, 06 Jun 2014 11:02:21 -0700 facter (1.7.2-1puppetlabs2) lucid unstable sid wheezy lucid squeeze precise; urgency=low diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/ips/facter.p5m new/facter-2.0.2/ext/ips/facter.p5m --- old/facter-2.0.1/ext/ips/facter.p5m 2014-04-01 19:23:07.000000000 +0200 +++ new/facter-2.0.2/ext/ips/facter.p5m 2014-06-06 20:02:21.000000000 +0200 @@ -1,6 +1,6 @@ -set name=pkg.fmri value=pkg://puppetlabs.com/application/@2.0.1,13.1.0-0 +set name=pkg.fmri value=pkg://puppetlabs.com/application/@2.0.2,13.2.0-0 set name=pkg.summary value="Facter, a system inventory tool" -set name=pkg.human-version value="2.0.1" +set name=pkg.human-version value="2.0.2" set name=pkg.description value="You can prove anything with facts!" set name=info.classification value="org.opensolaris.category.2008:Applications/System Utilities" set name=org.opensolaris.consolidation value="puppet" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/redhat/facter.spec new/facter-2.0.2/ext/redhat/facter.spec --- old/facter-2.0.1/ext/redhat/facter.spec 2014-04-01 19:23:07.000000000 +0200 +++ new/facter-2.0.2/ext/redhat/facter.spec 2014-06-06 20:02:21.000000000 +0200 @@ -7,8 +7,8 @@ %endif # VERSION is subbed out during rake srpm process -%global realversion 2.0.1 -%global rpmversion 2.0.1 +%global realversion 2.0.2 +%global rpmversion 2.0.2 Summary: Ruby module for collecting simple facts about a host operating system Name: facter @@ -70,8 +70,8 @@ %changelog -* Tue Apr 01 2014 Puppet Labs Release <info@puppetlabs.com> - 1:2.0.1-1 -- Build for 2.0.1 +* Fri Jun 06 2014 Puppet Labs Release <info@puppetlabs.com> - 1:2.0.2-1 +- Build for 2.0.2 * Mon Apr 01 2013 Matthaus Owens <matthaus@puppetlabs.com> - 1:1.7.0-0.1rc1 - Add dependency on virt-what to facter for better virutalization detection diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/lib/facter/version.rb new/facter-2.0.2/lib/facter/version.rb --- old/facter-2.0.1/lib/facter/version.rb 2014-04-01 19:23:03.000000000 +0200 +++ new/facter-2.0.2/lib/facter/version.rb 2014-06-06 20:02:18.000000000 +0200 @@ -1,6 +1,6 @@ module Facter if not defined? FACTERVERSION then - FACTERVERSION = '2.0.1' + FACTERVERSION = '2.0.2' end # Returns the running version of Facter. -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org