Accepting request 214382 from utilities

ack 2.12 [bnc#855340] [CVE-2013-7069] (forwarded request 214327 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/214382
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ack?expand=0&rev=15

ack-2.10.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c14ba1c49e172013f4097328b5cdda595fe02e69af7abaa045e9f9f23b27863c
-size 215820

ack-2.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52f2d37bc2570d947171f10059d6ed4f0f23413849a546ca202b6e17debb7d2b
+size 219614

ack-ignore-osc.patch

@@ -3,10 +3,10 @@
  t/ack-dump.t     |    2 +-
  2 files changed, 4 insertions(+), 1 deletion(-)
 
-Index: ack-2.10/ConfigDefault.pm
+Index: ack-2.12/ConfigDefault.pm
 ===================================================================
---- ack-2.10.orig/ConfigDefault.pm	2013-09-24 22:35:57.000000000 +0100
-+++ ack-2.10/ConfigDefault.pm	2013-10-17 20:18:20.000000000 +0100
+--- ack-2.12.orig/ConfigDefault.pm	2013-11-30 18:34:00.000000000 +0000
++++ ack-2.12/ConfigDefault.pm	2014-01-17 22:56:49.000000000 +0000
 @@ -47,6 +47,9 @@ sub _options_block {
  # Mercurial
  --ignore-directory=is:.hg
@@ -17,14 +17,14 @@ Index: ack-2.10/ConfigDefault.pm
  # quilt
  --ignore-directory=is:.pc
  
-Index: ack-2.10/t/ack-dump.t
+Index: ack-2.12/t/ack-dump.t
 ===================================================================
---- ack-2.10.orig/t/ack-dump.t	2013-09-24 22:35:57.000000000 +0100
-+++ ack-2.10/t/ack-dump.t	2013-10-17 20:18:58.000000000 +0100
+--- ack-2.12.orig/t/ack-dump.t	2013-11-30 18:34:00.000000000 +0000
++++ ack-2.12/t/ack-dump.t	2014-01-17 22:56:35.000000000 +0000
 @@ -32,5 +32,5 @@ DUMP: {
      is( scalar @perl, 2, 'Two specs for Perl' );
  
      my @ignore_dir = grep { /ignore-dir/ } @results;
--    is( scalar @ignore_dir, 22, 'Twenty-two specs for ignoring directories' );
-+    is( scalar @ignore_dir, 23, 'Twenty-three specs for ignoring directories' );
+-    is( scalar @ignore_dir, 23, 'Twenty-three specs for ignoring directories' );
++    is( scalar @ignore_dir, 24, 'Twenty-four specs for ignoring directories' );
  }

ack.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Fri Jan 17 22:57:14 UTC 2014 - andreas.stieger@gmx.de
+
+- update to ack 2.12:
+  fixes potential remote code execution via per-project .ackrc files
+   [bnc#855340] [CVE-2013-7069]
+  * prevents the --pager, --regex and --output options from being
+    used from project-level ackrc files, preventing possible code
+    execution when using ack through malicious files
+  * --pager, --regex and --output options may still be used from
+    the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS
+    environment variable, and of course from the command line.
+  * Now ignores Eclipse .metadata directory.
+- includes changes form 2.11_02:
+  * upstream source mispackaging fix
+- includes changes from 2.11_01
+  * Fixed a race condition in t/file-permission.t that was causing
+    failures if tests were run in parallel.
+- modified patches:
+  * ack-ignore-osc.patch adjust for upstream source changes
+
 -------------------------------------------------------------------
 Tue Oct 29 20:46:34 UTC 2013 - andreas.stieger@gmx.de
 

ack.spec

@@ -2,7 +2,7 @@
 #
 # spec file for package ack
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,7 +28,7 @@
 %define	run_tests 0%{?suse_version} >= 1210
 
 Name:           ack
-Version:        2.10
+Version:        2.12
 Release:        0
 Summary:        Grep-Like Text Finder
 License:        Artistic-2.0