libruby2_5-2_5-2.5.9-lp152.2.9.1<>,E@aZ/=„?voo찳"ቀ>nQí1MB{  8A[plOg-[iQXEBiOJi6Rzz>мzYFk0tI*?}4Kdn]..y@څZK%SƊ#15Kt#΍To:s;ό ?۳':YX֯W=%Py#3k!¦nUڼ2c)/:H!ڕ>!&Z &>C<?9@9.F9=G9TH9\I9dX9hY9t\9]9^9b9c:d;e;f;l; u;4v;<w;x;y;z<<(<,<2Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Martin Liška Martin Liška Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert mrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dejdelvare@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dejengelh@inai.demrueckert@suse.demrueckert@suse.demrueckert@suse.deAdd patches to fix the following CVE's: - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping vulnerability in Net:IMAP (bsc#1188160) - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161) - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection vulnerability in RDoc (bsc#1190375)- Update to 2.5.9 (boo#1184644) https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/ - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick - CVE-2021-28965: XML round-trip vulnerability in REXML Complete list of changes at https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9 - Update suse.patch: Remove fix for CVE-2020-25613 as it is included in the update- Update suse.patch: (boo#1177125) Backport fix CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick- replace all patches with suse.patch (v2_5_8..2.5-suse) (we keep remove-unneeded-files.patch as it can not be done in our backports branch) - backport patch to enable optimizations also on ARM64 (boo#1177222)- make sure that update-alternative weight for the default distribution is always greater than our normal weight- make the update-alternative weight based on the ruby version- Update to 2.5.8 (boo#1167244 boo#1168938) - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix) - CVE-2020-10933: Heap exposure vulnerability in the socket library https://github.com/ruby/ruby/compare/v2_5_7...v2_5_8 - drop CVE-2020-8130.patch and rake-12.3.0.gem: included upstream- Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake: - add CVE-2020-8130.patch and rake-12.3.0.gem- remove test files which are not needed at runtime (boo#1162396) - adds remove-unneeded-files.patch and did_you_mean-1.2.0.gem- update to 2.5.7 - https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/ - CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test (boo#1152990) - CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix) (boo#1152992) - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch? (boo#1152994) - CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication (boo#1152995) - https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/ - Multiple jQuery vulnerabilities in RDoc (CVE-2012-6708 CVE-2015-9251)- fix running tests (boo#1140844) just passing the DISABLED_TESTS variable is wrong. probably a relict from calling the test scripts directly. use TESTOPTS now.- refreshed patches with new patch series: 0001-make-gem-build-reproducible.patch 0002-gc.c-tick-for-POWER-arch.patch 0003-Mark-Gemspec-reproducible-change-fixing-784225-too.patch 0004-Make-gemspecs-reproducible.patch - rename patch now that it is generated from git: old: 450160263aed8c446ce5b142d71f921ab4118f3a.patch new: 0005-Include-the-alternative-malloc-header-instead-of-mal.patch old: use-pie.patch new: 0006-Use-PIE-for-the-binaries.patch - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (boo#1133790) 0007-date-support-for-Reiwa-new-Japanese-era.patch- for some reason the --enable-pie option does not work as expected. Fix this for now with a patch that just injects the - pie flag in the Makefile (adds use-pie.patch) (boo#1130028)- update to 2.5.5 https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ - CVE-2019-8320: Delete directory using symlink when decompressing tar (boo#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (boo#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (boo#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (boo#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (boo#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (boo#1130611) https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/- replace the awk based provides generation with the new file-attr handler in ruby-bundled-gems-rpmhelper This kills one provides rubygem-name = version But this should not have be used since a while anymore. - add option to build without docs for testing - provide support to undo the split of the stdlib: pass --without=separate_stdlib to "osc build"- Use parallel make.- Disable compressed sections as they are not supported by rpm (https://bugs.ruby-lang.org/issues/12934).- update to 2.5.3 This release includes some bug fixes and some security fixes. - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (boo#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (boo#1112530) https://github.com/ruby/ruby/compare/v2_5_1...v2_5_3 - drop frozen-pop3.patch- backport 450160263aed8c446ce5b142d71f921ab4118f3a.patch: Include the alternative malloc header instead of malloc.h- update to 2.5.1 This release includes some bug fixes and some security fixes. - CVE-2017-17742: HTTP response splitting in WEBrick (boo#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (boo#1087441) - CVE-2018-8777: DoS by large request in WEBrick (boo#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (boo#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (boo#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (boo#1087437) - Multiple vulnerabilities in RubyGems CVE-2018-1000079 (boo#1082058) CVE-2018-1000075 (boo#1082014) CVE-2018-1000078 (boo#1082011) CVE-2018-1000077 (boo#1082010) CVE-2018-1000076 (boo#1082009) CVE-2018-1000074 (boo#1082008) CVE-2018-1000073 (boo#1082007) https://github.com/ruby/ruby/compare/v2_5_0...v2_5_1- added frozen-pop3.patch: Net::POPMail methods modify frozen literal when using default arg https://redmine.ruby-lang.org/issues/14416- wrong files where installed from the macro files after adding dump-version.rb- fix dump-versions.rb: it was picking up system rdoc versions on some source dirs- add reproducible build patches from debian 0003-Mark-Gemspec-reproducible-change-fixing-784225-too.patch 0004-Make-gemspecs-reproducible.patch- drop 316f58076d29dcff053256992d9ec19fed7e698f.patch - no longer bundling bundler- update to 2.5.0 final Ruby 2.5.0 is the first stable release of the Ruby 2.5 series. It introduces many new features and performance improvements. The notable changes are as follows: - New Features - rescue/else/ensure are now allowed to be used directly with do/end blocks. [Feature #12906] - Add yield_self to yield given block in its context. Unlike tap, it returns the result of the block. [Feature #6721] - Support branch coverage and method coverage measurement. The branch coverage indicates which branches are executed and which are not. The method coverage indicates which methods are invoked and which are not. By running the test suite with these new features, you will know which branches and methods are executed, and evaluate total coverage of the test suite more strictly. [Feature #13901] - Hash#slice [Feature #8499] and Hash#transform_keys [Feature [#13583]] - Struct.new can create classes that accept keyword arguments. [Feature #11925] - Enumerable#any?,all?,none? and one? accept a pattern argument [Feature #11286] - Top-level constant look-up is no longer available. [Feature [#11547]] - One of our most loved libraries, pp.rb, is now automatically loaded. You no longer have to write require "pp". [Feature [#14123]] - Print backtrace and error message in reverse order (oldest call first, most recent call last). When a long backtrace appears on your terminal (TTY), you can easily find the cause line at the bottom of the backtrace. Note that the order is reversed only when backtrace is printed out to the terminal directly. [Feature #8661] [experimental] - Performance improvements - About 5-10% performance improvement by removing all trace instructions from overall bytecode (instruction sequences). The trace instruction was added to support the TracePoint. However, in most cases, TracePoint is not used and trace instructions are pure overhead. Instead, now we use a dynamic instrumentation technique. See [Feature #14104] for more details. - Block passing by a block parameter (e.g. def foo(&b); bar(&b); end) is about 3 times faster than Ruby 2.4 by “Lazy Proc allocation” technique. [Feature #14045] - Mutex is rewritten to be smaller and faster. [Feature #13517] - ERB now generates code from a template which runs twice as fast as Ruby 2.4. - Improve performance of some built-in methods including Array#concat, Enumerable#sort_by, String#concat, String#index, Time#+ and more. - IO.copy_stream uses copy_file_range(2) to copy offload [Feature #13867] - Other notable changes since 2.4 - SecureRandom now prefers OS-provided sources over OpenSSL. [Bug #9569] - Promote cmath, csv, date, dbm, etc, fcntl, fiddle, fileutils, gdbm, ipaddr, scanf, sdbm, stringio, strscan, webrick, zlib from standard libraries to default gems. - Update to Onigmo 6.1.3. - It adds the absence operator. - Note that Ruby 2.4.1 also includes this change. - Update to Psych 3.0.2. - Update to RubyGems 2.7.3. - Update to RDoc 6.0.1. - Switch the lexer from IRB based one to Ripper. This dramatically improves the performance of document generation. - Fix a significant amount of bugs that existed over ten years. - Add support for new Ruby syntax from the latest versions. - Update supported Unicode version to 10.0.0. - Thread.report_on_exception is now set to true by default. This change helps debugging of multi-threaded programs. [Feature #14143] - IO#write now receives multiple arguments [Feature #9323] For details see: https://github.com/ruby/ruby/blob/v2_5_0/NEWS https://github.com/ruby/ruby/compare/v2_4_0...v2_5_0- switch to https urls- update to 2.5.0~rc1 https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-5-0-rc1-released/ - added 316f58076d29dcff053256992d9ec19fed7e698f.patch to fix building rbtrace and ruby-prof- disable jemalloc again because of: (boo#1068883) https://github.com/jemalloc/jemalloc/issues/937- update to 60813 see installed /usr/share/doc/packages/ruby2.5/ChangeLog- update to 60739 see installed /usr/share/doc/packages/ruby2.5/ChangeLog- make the whole u-a handling less error prone by having the list in variable ua-binaries- Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072.)- exclude all testsuites for the stdlib gems- build jemalloc- update to 60568 see installed /usr/share/doc/packages/ruby2.5/ChangeLog - this fixes the "ruby -rubygems" on 2.5- update intree gem list - bundler is now part of core too!- update to r60035: see installed /usr/share/doc/packages/ruby2.5/ChangeLog - revert some of the wrong Group changes - drop autoreconf -fi and the buildrequires for the related packages- make it easier to sync the versions from the gemspec with the spec file: ruby dump-versions.rb $unpacked_tarball_dir- add conflicts for all intree gems- Fix RPM groups. Replace old RPM macros by modern ones. - Ensure neutrality of descriptions.- update to 59623- fix gem provides - install macro files with 2.5 version- initial package (Fate#324013) - port 2 patches we still need from the 2.4 package: 0001-make-gem-build-reproducible.patch 0002-gc.c-tick-for-POWER-arch.patch/sbin/ldconfig/sbin/ldconfigobs-arm-8 16384231862.5.9-lp152.2.9.12.5.9-lp152.2.9.1libruby2.5.so.2.5libruby2.5.so.2.5.9/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:17209/openSUSE_Leap_15.2_Update_ports/37afa04bdf30feb6b7fdddbf3754ee03-ruby2.5.openSUSE_Leap_15.2_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=245e93d395fc97e6561e52b3d0f6cbb35edb907d, strippedPRRR R RRRR R RR RRbh]utf-8e0d304b1c688ae88f143c9f616fc36e8db0077b07570c2bd4be1656692faae49?7zXZ !t/e ]"k%{PxW"d&kv]-ED_(-b!NUo,٩EW8x4) '3 l%w&unqjsޟ‘54]5 6|Gn2 gB$tjXƮ}05;Rnœm-3lpkfqx%A.ɱίoh~hZ9!Ur"~8wnNՓji,CYNfPUkTanʊloze*\*&Sҋ]Gi Mx3ٺnqG<郧%RPx;2?NM#O90_A`]oNM}X}5AZlyXWww(`CJc>.l1xcO6uVpr߸k^75(֛S9%}=&آgIeH3ieXO!f@+&4YF\r/c".Υ,Pj9V(bTY+1 pNˬ"tʁtL[v*LQWl96ceڋ>+#$Y 2 ݗthq8*G;4Pvp/ݵ3Ǯ?*' 1%F.+M YZ