Hello community,
here is the log from the commit of package ruby20.3338 for openSUSE:13.1:Update checked in at 2015-01-02 09:32:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/ruby20.3338 (Old)
and /work/SRC/openSUSE:13.1:Update/.ruby20.3338.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby20.3338"
Changes:
--------
New Changes file:
--- /dev/null 2014-12-25 22:38:16.200041506 +0100
+++ /work/SRC/openSUSE:13.1:Update/.ruby20.3338.new/ruby20.changes 2015-01-02 09:32:43.000000000 +0100
@@ -0,0 +1,154 @@
+-------------------------------------------------------------------
+Thu Dec 18 17:34:24 UTC 2014 - jmassaguerpla@suse.com
+
+- fix CVE-2014-8090: ruby: Another Denial Of Service XML Expansion
+ (bnc#905326)
+
+ CVE-2014-8090.patch: contains the patch
+
+- fix CVE-2014-8080: ruby: ruby19: Denial Of Service XML Expansion
+ (bnc#902851)
+
+ CVE-2014-8080.patch: contains the patch
+
+- Enable tests to run during the build. This way we can compare
+ the results on different builds.
+
+-------------------------------------------------------------------
+Thu Mar 27 09:24:05 UTC 2014 - dmajda@suse.com
+
+- pkg_config: Do not replace $LDFLAGS with $libs (bnc#870546)
+ * fixes building of gems with native extensions such as Nokogiri
+ * pkg_config_ldflags_fix.patch
+
+-------------------------------------------------------------------
+Fri Jan 10 09:50:26 UTC 2014 - dmajda@suse.com
+
+- RubyGems: fix build info file location (bnc#858100)
+ * makes "bundle install" work
+ * rubygems_fix_build_info_location.patch
+
+-------------------------------------------------------------------
+Sat Nov 23 18:48:02 UTC 2013 - jmassaguerpla@suse.com
+
+- fix CVE-2013-4164: heap overflow in float point parsing (bnc#851803)
+ The file CVE-2013-4164.patch contains the patch
+
+-------------------------------------------------------------------
+Mon Oct 21 15:14:27 UTC 2013 - jmassaguerpla@suse.com
+
+- fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability (bnc#837457)
+ The file CVE-2013-4287-4363.patch contains the patch
+
+-------------------------------------------------------------------
+Thu Jul 18 08:43:59 UTC 2013 - coolo@suse.com
+
+- adding vm_debug.h to the extra header list (needed for perftools.rb)
+
+-------------------------------------------------------------------
+Sat Jun 29 04:26:18 UTC 2013 - coolo@suse.com
+
+- update to p247
+ * This release includes a security fix about bundled OpenSSL.
+ Hostname check bypassing vulnerability in SSL client (CVE-2013-4073)
+
+ * Updated to rubygems 2.0.3. See
+ http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.3+%...
+ for release notes.
+
+ #8040 change priority between keyword arguments and mandatory arguments.
+ #8416 super does not forward either named or anonymous **
+ #8463 Proc auto-splat bug with named arguments
+ #8424 fix infinite loop when stack overflow with TH_PUSH_TAG()
+ #8436 __dir__ not working in eval with binding
+ #8489 Tracepoint API: B_RETURN_EVENT not triggered when “next” used
+ #8341 block_given? (and the actual block) persist between calls to a proc created from a method (using method().to_proc()).
+ #8531 block_given? (and the actual block) persist between calls to a proc created by Symbol#to_proc.
+
+-------------------------------------------------------------------
+Fri Jun 14 14:40:43 UTC 2013 - coolo@suse.com
+
+- remove vim and ca-certificates from buildrequires again, were removed
+ from ruby19 already before 12.3 and came back
+
+-------------------------------------------------------------------
+Tue Jun 4 05:51:46 UTC 2013 - coolo@suse.com
+
+- update to p195
+ Core - prepend
+
+ #7841 Module#prepend now detect cyclic prepend.
+ #7843 removing prepended methods causes exceptions.
+ #8357 Module#prepend breaks Module's comparison operators.
+ #7983 Module#prepend can't override Fixnum's operator methods.
+ #8005 methods made private/protected after definition become uncallable on prepended class.
+ #8025 Module#included_modules include classes when prepended.
+
+ Core - keyword arguments
+
+ #7922 unnamed keyword rest argument cause SyntaxError.
+ #7942 support define method only receive keyword arguments without paren.
+ #8008 fix a bug in super with keyword arguments.
+ #8236 fix a treatment of rest arguments and keyword arguments through `super'.
+ #8260 non-symbol key should not treated as keyword arguments.
+
+ Core - refinements
+
+ #7925 fix a bug of refinements with a method call super in a block.
+
+ Core - GC
+
+ #8092 improve accuracy of GC.stat[:heap_live_num]
+ #8146 avoid unnecessary heap growth.
+ #8145 fix unlimited memory growth with large values of RUBY_FREE_MIN.
+
+ Core - Regexp
+
+ #7972 Regexp POSIX space class is location sensitive.
+ #7974 Regexp case-insensitive group doesn't work.
+ #8023 Regexp lookbehind assertion fails with /m mode enabled
+ #8001 Regexp \Z matches where it shouldn't
+
+ Core - other
+
+ #8063 fix a potential memory violation and avoid abort on the environment _FORTIFY_SOURCE=2 (ex. Ubuntu).
+ #8175 ARGF#skip doesn't work as documented.
+ #8069 File.expand_path('something', '~') now support home path on Windows.
+ #8220 fix a Segmentation fault when defined? ().
+ #8367 fix a regression in defined?(super).
+ #8283 Dir.glob doesn't recurse hidden directories.
+ #8165 fix a bug of multiple require with non-ascii file path.
+ #8290 fix an incompatible String#inspect behavior with NUL character.
+ #8360 fix a Segmentation fault of Thread#join(Float::INFINITY) on some platforms.
+
+ RubyGems
+
+ Bundled RubyGems version is updated to 2.0.2+
+ #7698 fix an rubygems' incompatibility about installation of extension libraries.
+ #8019 fix a bug of gem list --remote doesn't work.
+
+ Libraries
+
+ #7911 File.fnmatch with US-ASCII pattern and UTF-8 path raise an exception.
+ #8240 fix a bug about OpenSSL::SSL::SSLSocket breaks other connections or files on GC.
+ #8183 CGI.unescapeHTML can't decode Numeric Character References with uppercase (nnnn).
+
+ Build/Platform specific
+
+ #7830 fix build failure with compiler warning.
+ #7950 fix a build failure on mswin/VC with --with-static-linked-ext.
+
+Removed thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch, which is from upstream
+Removed ruby-sort-rdoc-output.patch which was never useful
+
+-------------------------------------------------------------------
+Sat Apr 27 17:02:22 UTC 2013 - coolo@suse.com
+
+- refresh buildroot patch
+
+-------------------------------------------------------------------
+Tue Mar 5 00:14:14 CET 2013 - mhrusecky@suse.cz
+
+- new package forked from ruby19 - update to 2.0.0 p0
+ - patches disabled for now
+
New:
----
CVE-2013-4164.patch
CVE-2013-4287-4363.patch
CVE-2014-8080.patch
CVE-2014-8090.patch
pkg_config_ldflags_fix.patch
ruby-1.9.2p290_tcl_no_stupid_rpaths.patch
ruby-2.0.0-p247.tar.bz2
ruby19-export_init_prelude.patch
ruby20-rpmlintrc
ruby20.changes
ruby20.macros
ruby20.spec
rubygems-1.5.0_buildroot.patch
rubygems_fix_build_info_location.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ruby20.spec ++++++
#
# spec file for package ruby20
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: ruby20
%define patch_level p247
Version: 2.0.0.%{patch_level}
Release: 0
#
%define pkg_version 2.0.0
# keep in sync with macro file!
%define rb_binary_suffix 2.0
%define rb_ver 2.0.0
%define rb_arch %(echo %{_target_cpu}-linux | sed -e "s/ppc/powerpc/")
%define rb_libdir %{_libdir}/ruby/%{rb_ver}/
%define rb_archdir %{_libdir}/ruby/%{rb_ver}/%{rb_arch}
# keep in sync with macro file!
#
# from valgrind.spec
%ifarch %ix86 x86_64 ppc ppc64
%define use_valgrind 1
%endif
%define run_tests 1
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gdbm-devel
BuildRequires: libffi-devel
BuildRequires: libyaml-devel
BuildRequires: ncurses-devel
BuildRequires: openssl-devel
BuildRequires: pkg-config
BuildRequires: readline-devel
BuildRequires: tk-devel
BuildRequires: zlib-devel
# this requires is needed as distros older than 11.3 have a buildignore on freetype2, without this the detection of the tk extension fails
BuildRequires: freetype2-devel
%if 0%{?suse_version} > 1010
BuildRequires: xorg-x11-libX11-devel
%else
BuildRequires: xorg-x11-devel
%endif
%if 0%{?use_valgrind}
%if 0%{?suse_version} > 1020
BuildRequires: valgrind-devel
%else
BuildRequires: valgrind
%endif
%endif
Provides: rubygem-rake = 0.9.2.2
Provides: ruby(abi) = %{rb_ver}
#
Url: http://www.ruby-lang.org/
Source: ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-%{pkg_version}-%{patch_level}.tar.bz2
Source6: ruby20.macros
Patch0: rubygems-1.5.0_buildroot.patch
Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch
Patch2: CVE-2013-4287-4363.patch
Patch3: CVE-2013-4164.patch
Patch4: rubygems_fix_build_info_location.patch
Patch5: pkg_config_ldflags_fix.patch
Patch6: CVE-2014-8080.patch
Patch7: CVE-2014-8090.patch
#
Summary: An Interpreted Object-Oriented Scripting Language
License: BSD-2-Clause or Ruby
Group: Development/Languages/Ruby
%description
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It has many features for processing text
files and performing system management tasks (as in Perl). It is
simple, straight-forward, and extensible.
* Ruby features:
- Simple Syntax
- *Normal* Object-Oriented features (class, method calls, for
example)
- *Advanced* Object-Oriented features(Mix-in, Singleton-method, for
example)
- Operator Overloading
- Exception Handling
- Iterators and Closures
- Garbage Collection
- Dynamic Loading of Object Files (on some architectures)
- Highly Portable (works on many UNIX machines; DOS, Windows, Mac,
BeOS, and more)
%package devel
Summary: Development files to link against Ruby
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
Provides: rubygems20 = 1.3.7
Provides: rubygems20_with_buildroot_patch
Requires: ruby-common
%description devel
Development files to link against Ruby.
%package devel-extra
Summary: Special development files of ruby, normally not installed
Group: Development/Languages/Ruby
Requires: %{name}-devel = %{version}
%description devel-extra
Development files to link against Ruby.
%package tk
Summary: TCL/TK bindings for Ruby
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description tk
TCL/TK bindings for Ruby
%package doc-ri
Summary: Ruby Interactive Documentation
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description doc-ri
This package contains the RI docs for ruby
%package doc-html
Summary: This package contains the HTML docs for ruby
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description doc-html
This package contains the HTML docs for ruby
%package examples
Summary: Example scripts for ruby
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description examples
Example scripts for ruby
%package test-suite
Requires: %{name} = %{version}
Summary: An Interpreted Object-Oriented Scripting Language
Group: Development/Languages/Ruby
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description test-suite
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It has many features for processing text
files and performing system management tasks (as in Perl). It is
simple, straight-forward, and extensible.
* Ruby features:
- Simple Syntax
- *Normal* Object-Oriented features (class, method calls, for
example)
- *Advanced* Object-Oriented features(Mix-in, Singleton-method, for
example)
- Operator Overloading
- Exception Handling
- Iterators and Closures
- Garbage Collection
- Dynamic Loading of Object Files (on some architectures)
- Highly Portable (works on many UNIX machines; DOS, Windows, Mac,
BeOS, and more)
%prep
%setup -q -n ruby-%{pkg_version}-%{patch_level}
%patch0
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
find sample -type f -print0 | xargs -r0 chmod a-x
grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \
| xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby2.0$1|'
%build
%configure \
--program-suffix=%{rb_binary_suffix} \
--with-soname=ruby%{rb_binary_suffix} \
--target=%{_target_platform} \
%if 0%{?use_valgrind}
--with-valgrind \
%endif
--with-mantype=man \
--enable-shared \
--disable-static \
--disable-rpath
%{__make} all V=1
%install
%makeinstall V=1
%{__install} -D -m 0644 %{S:6} %{buildroot}/etc/rpm/macros.ruby20
echo "%defattr(-,root,root,-)" > devel-extra-excludes
echo "%defattr(-,root,root,-)" > devel-extra-list
for i in iseq.h insns.inc insns_info.inc revision.h version.h thread_pthread.h \
ruby_atomic.h method.h id.h vm_core.h vm_opts.h node.h eval_intern.h vm_debug.h; do
install -m 644 $i %{buildroot}%{_includedir}/ruby-%{rb_ver}/
echo "%exclude %{_includedir}/ruby-%{rb_ver}/$i" >> devel-extra-excludes
echo "%{_includedir}/ruby-%{rb_ver}/$i" >> devel-extra-list
done
%if 0%{?run_tests}
%check
export LD_LIBRARY_PATH="$PWD"
# we know some tests will fail when they do not find a /usr/bin/ruby
make check V=1 ||:
%endif
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%config(noreplace) /etc/rpm/macros.ruby20
%{_bindir}/erb%{rb_binary_suffix}
%{_bindir}/gem%{rb_binary_suffix}
%{_bindir}/irb%{rb_binary_suffix}
%{_bindir}/rake%{rb_binary_suffix}
%{_bindir}/rdoc%{rb_binary_suffix}
%{_bindir}/ri%{rb_binary_suffix}
%{_bindir}/ruby%{rb_binary_suffix}
%{_bindir}/testrb%{rb_binary_suffix}
%{_libdir}/libruby%{rb_binary_suffix}.so.2.0*
%{_libdir}/ruby/
%exclude %{rb_libdir}/multi-tk.rb
%exclude %{rb_libdir}/remote-tk.rb
%exclude %{rb_libdir}/tcltk.rb
%exclude %{rb_libdir}/tk*.rb
%exclude %{rb_libdir}/tk/
%exclude %{rb_libdir}/tkextlib/
%exclude %{rb_archdir}/tcltklib.so
%exclude %{rb_archdir}/tkutil.so
%{_mandir}/man1/ri%{rb_binary_suffix}.1*
%{_mandir}/man1/irb%{rb_binary_suffix}.1*
%{_mandir}/man1/erb%{rb_binary_suffix}.1*
%{_mandir}/man1/rake%{rb_binary_suffix}.1*
%{_mandir}/man1/ruby%{rb_binary_suffix}.1*
%doc ChangeLog COPYING COPYING.ja GPL KNOWNBUGS.rb LEGAL NEWS README README.EXT README.EXT.ja README.ja doc/* sample/
%files devel -f devel-extra-excludes
%defattr(-,root,root,-)
%{_includedir}/ruby-%{rb_ver}
%{_libdir}/libruby%{rb_binary_suffix}.so
%{_libdir}/libruby%{rb_binary_suffix}-static.a
%{_libdir}/pkgconfig/ruby-2.0.pc
%files devel-extra -f devel-extra-list
%files tk
%defattr(-,root,root,-)
%{rb_libdir}/multi-tk.rb
%{rb_libdir}/remote-tk.rb
%{rb_libdir}/tcltk.rb
%{rb_libdir}/tk*.rb
%{rb_libdir}/tk/
%{rb_libdir}/tkextlib/
%{rb_archdir}/tcltklib.so
%{rb_archdir}/tkutil.so
%files doc-ri
%defattr(-,root,root,-)
%dir %{_datadir}/ri/
%{_datadir}/ri/%{rb_ver}/
%changelog
++++++ CVE-2013-4164.patch ++++++
diff -Naur a/ChangeLog b/ChangeLog
--- a/ChangeLog 2013-06-27 13:11:11.000000000 +0200
+++ b/ChangeLog 2013-11-23 19:43:53.298338061 +0100
@@ -1,3 +1,8 @@
+Fri Nov 22 12:46:08 2013 Nobuyoshi Nakada