Changelog for
ruby-1.8.7.p249-1.7.2.x86_64.rpm :
Thu May 12 14:00:00 2011 mrueckertAATTsuse.de
- added ruby-1.8.x_bigdecimal_memory_corruption.patch:
dont cast parameter to unsigned int in the alloc and later memset
the original value. (bnc#682287) CVE-2011-0188
Fri Mar 4 13:00:00 2011 mrueckertAATTsuse.de
- added ruby-1.8.x_net_http_close_in_rescue.patch
Dont call close on nil in case of on exception. (bnc#655136)
Thu Mar 3 13:00:00 2011 mrueckertAATTsuse.de
- added ruby-1.8.x_exception_tainted_message.patch:
Exception#to_s method can be used to trick $SAFE check, which
makes a untrusted codes to modify arbitrary strings. (bnc#673750)
CVE-2011-1005
- added ruby-1.8.x_fileutils_symlink_race.patch:
A symlink race condition vulnerability was found in
FileUtils.remove_entry_secure. The vulnerability allows local
users to delete arbitrary files and directories. (bnc#673740)
CVE-2011-1004
- added patch ruby-1.8.x_webrick_charset_issue.patch:
fix cross site scripting bug in webrick (bnc#600752)
CVE-2010-0541
Fri Jul 2 14:00:00 2010 mrueckertAATTsuse.de
- add ruby(abi) = 1.8 provides
Wed May 19 14:00:00 2010 mrueckertAATTsuse.de
- fix build on ix86:
- -target got removed from the %configure macro. add it back
locally for now.
Thu Apr 22 14:00:00 2010 mrueckertAATTsuse.de
- added ruby-1.8.x_openssl-1.0.patch and
ruby-1.8.x_openssl-1.0-tests.patch:
fix building with openssl 1.0.0 (taken from svn)
- added ruby-1.8.x_yaml2byte.patch:
fix warning about sequence point
- remove requires on glibc-devel again
Sat Mar 13 13:00:00 2010 crrodriguezAATTopensuse.org
- ruby-devel requires glibc-devel
Tue Feb 23 13:00:00 2010 mrueckertAATTsuse.de
- added ruby-1.8.x_digest_non_void_return.patch:
patch pulled from SVN to fix the warnings about no return in
non-void functions.
Sun Jan 31 13:00:00 2010 meissnerAATTsuse.de
- ruby calls \"ppc\" \"powerpc\".
Fri Jan 29 13:00:00 2010 mrueckertAATTsuse.de
- update to 1.8.7p249
small big fix release in the 1.8.7 branch, this includes the fix
for:
- ruby webrick doesn\'t sanitize non-printable characters in log
(bnc#570616) CVE-2009-4492
- drop ruby-1.8.6.p36_gc.patch: solution is upstream
Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- package documentation as noarch
- adjust ruby.macros to ask the ruby binary for the target plaform.
This is because %_host_cpu can expand to sparc64, while ruby is
built for the sparcv9 target, and %_target_cpu can expand to
noarch.
- in ruby.spec, %rb_arch is statically reset to %_target_cpu, as
we need the target name. Since it won\'t be noarch in this case,
that is good.
Thu Aug 20 14:00:00 2009 jansimon.moellerAATTopensuse.org
- remove s/armv5tel/armv4l/ in macros as it breaks build for armv5tel
Fri Nov 21 13:00:00 2008 mrueckertAATTsuse.de
- add ruby-1.8.7-p72_topdir.patch:
Config::TOPDIR was broken on lib64 systems as the code was
assuming $prefix/lib.
Fri Nov 21 13:00:00 2008 mrueckertAATTsuse.de
- added more ruby macros in /etc/rpm/macros.ruby
Sat Sep 6 14:00:00 2008 mrueckertAATTsuse.de
- update to 1.8.7p72
vendor_ruby support now officially included
for all the changes since 1.8.6 see
/usr/share/doc/packages/ruby/NEWS
- dropped ruby-1.8.6_openssl_verify_host.patch
included in update
- updated patch for new release:
old name: ruby-1.8.6.p36_lib64.patch
new name: ruby-1.8.7.p22_lib64.patch
- updated patch for new release:
old name: ruby-1.8.6.p36_tcltk-multilib.patch
new name: ruby-1.8.7.p22_tcltk-multilib.patch
- dropped ruby-1.8.6.p111_vendor_ruby.patch
only one chunk survived as ruby-1.8.7-p72_vendor_specific.patch
Fri May 16 14:00:00 2008 mrueckertAATTsuse.de
- update to 1.8.6.p114
bugfix release
- Fixes File access vulnerability of WEBrick (CVE-2008-1145)
(bnc#368618)
- ensure that the rss module adds the xml namespace
Thu Dec 6 13:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.6.p111
bugfix release. important changes:
- ssl fixes (see notes on the ssl patch below)
- fixes for the threads support
- various overflow checks
- safe_level improvements
- printf fixes
- imap fixes
for all the details see /usr/share/doc/packages/ruby/ChangeLog
- added ruby-1.8.6.p111_openssl_verify_host.patch: (#329706)
validate the hostname against the CN from the presented SSL
certificicate. This has been enabled for telnets, ftptls, imaps
and https. (CVE-2007-5162,CVE-2007-5770)
For telnets and https the verification is done if the verify mode
is set to anything else than OpenSSL::SSL::VERIFY_NONE.
For ftptls it is always enabled.
For imaps it is checked if you enable verification.
- added support to build with bleak_house to allow better memleak
debugging. (requires additional package ruby-bleakhouse)
- updated ruby-1.8.6.p36_vendor_ruby.patch
new name ruby-1.8.6.p111_vendor_ruby.patch
- dropped ruby-1.8.6.p36_thread_prototype_and_testsuite.patch:
included in update
Thu Oct 11 14:00:00 2007 dmuellerAATTsuse.de
- fix headers to be compileable with -pedantic
Sun Aug 12 14:00:00 2007 mrueckertAATTsuse.de
- added ruby_1.8.6.p36_date_remove_privat.patch:
Time.to_date() and Time.to_datetime() shouldnt be private.
Mon Aug 6 14:00:00 2007 mrueckertAATTsuse.de
- added ruby-1.8.6.p36_thread_prototype_and_testsuite.patch:
pulled two fixes from the 1.8.6 branch:
* avoid executing shell in the testsuite
* moved definition of rb_thread_status() to avoid errors in C++
extensions.
Sun Aug 5 14:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.6.p36:
many bugfixes and library updates. hilights:
=== Library updates (outstanding ones only)
* date
* Updated based on date2 4.0.3.
* digest
* New internal APIs for C and Ruby.
* Support for autoloading.
* See below for new features and compatibility issues.
* nkf
* Updated based on nkf as of 2007-01-28.
* tk
* Tk::X_Scrollable (Y_Scrollable) is renamed to Tk::XScrollable
(YScrollable). Tk::X_Scrollable (Y_Scrollable) is still
available, but it is an alias name.
* Updated Tile extension support based on Tile 0.7.8.
* Support --without-X11 configure option for non-X11 versions
of Tcl/Tk (e.g. Tcl/Tk Aqua).
* New sample script: irbtkw.rbw -- IRB on Ruby/Tk. It has no
trouble about STDIN blocking on Windows.
=== New methods and features
* builtin classes
* New method: Kernel#instance_variable_defined?
* New method: Module#class_variable_defined?
* New feature: Dir::glob() can now take an array of glob
patterns.
* digest
* New digest class methods: file
* New digest instance methods: clone, reset, new,
inspect, digest_length (alias size or length),
block_length()
* New library: digest/bubblebabble
* New function: Digest(name)
* fileutils
* New option for FileUtils.cp_r(): :remove_destination
* thread
* Replaced with much faster mutex implementation in C. The
former implementation is available with a configure option
`--disable-fastthread\'.
* webrick
* New method: WEBrick::Cookie.parse_set_cookies()
=== Compatibility issues (excluding feature bug fixes)
* builtin classes
* String#intern now raises SecurityError when $SAFE level is
greater than zero.
* fileutils
* A minor implementation change breaks Rake <=0.7.1.
Updating Rake to 0.7.2 fixes the problem.
* digest
* The constructor does no longer take an initial string to
feed; digest() and hexdigest() now do, instead.
For all details see the NEWS or ChangeLog file.
- rediffed patch ruby-1.8.2-gc.diff
new name ruby-1.8.6.p36_gc.patch
- rediffed patch ruby-1.8.2-tcltk-multilib.patch
new name ruby-1.8.6.p36_tcltk-multilib.patch
- rediffed patch ruby-socket_ipv6.patch
new name ruby-1.8.6.p36_socket_ipv6.patch
- rediffed patch ruby-1.8.5-vendor_ruby.patch
new name ruby-1.8.6.p36_vendor_ruby.patch
- rediffed patch ruby-1.8.5.p12-lib64.diff
new name ruby-1.8.6.p36_lib64.patch
Fri Mar 30 14:00:00 2007 rguentherAATTsuse.de
- add bison BuildRequires
- add emacs site-lisp directories
Fri Mar 23 13:00:00 2007 rguentherAATTsuse.de
- add gdbm-devel BuildRequires
Mon Feb 12 13:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.5-p12:
* stable version 1.8.5-p12 released.
* ext/tk/tcltklib.c: shouldn\'t run the killed thread at callback.
[ruby-talk: 227408]
* lib/rdoc/ri/ri_options.rb: prevent NameError. [ruby-dev:29597]
* dir.c (glob_helper): get rid of possible memory leak.
* win32/win32.c (cmdglob, rb_w32_cmdvector, rb_w32_opendir,
rb_w32_get_environ): not to use GC before initialization.
* configure.in (SITE_DIR): fixed to emtpy RUBY_SITE_LIB in
config.h on NetBSD. fixed: [ruby-dev:29358]
* parse.y (dyna_init_gen): dvar initialization only if dvar is
assigned inner block. [ruby-talk:227402]
* stable version 1.8.5-p2 released.
* lib/cgi.rb (CGI::QueryExtension::read_multipart): should
quote boundary. JVN#84798830 (BNC #225983) (CVE-2006-6303)
* bignum.c (bignorm): avoid segmentation. a patch from Hiroyuki
Ito
. [ruby-list:43012]
* parse.y (primary): should set NODE even when compstmt is NULL.
merge from trunk. fixed: [ruby-dev:29732]
* lib/cgi.rb (CGI::QueryExtension::read_multipart): CGI content
may be empty. a patch from Jamis Buck .
* ext/dbm/extconf.rb: create makefile according to the result of
check for dbm header. fixed: [ruby-dev:29445]
* hash.c (rb_hash_s_create): fixed memory leak, based on the
patch by Kent Sibilev .
fixed: [ruby-talk:211233]
- rediffed ruby-1.8.1-lib64.diff
new name ruby-1.8.5.p12-lib64.diff
- patches included in the update:
cgi_multipart_eof_fix.patch
ruby-1.8.4-fix-alias-safe-level.patch
ruby-1.8.4-fix-insecure-dir-operation.patch
ruby-1.8.4-fix-insecure-regexp-modification.patch
ruby-1.8.4-no-eaccess.diff
ruby-1.8.4-warnings.patch
ruby-fix-autoconf-magic-code.patch
- added ruby-1.8.x-autoconf_2.61a.patch:
config.status changed to awk in 2.61a. adapt mkconfig.rb to the
new syntax.
Mon Oct 30 13:00:00 2006 mrueckertAATTsuse.de
- added cgi_multipart_eof_fix.patch:
fix for a denial of service condition in cgi.rb CVE-2006-5467
(#214916)
Fri Oct 20 14:00:00 2006 mrueckertAATTsuse.de
- run ldconfig
- add site_ruby and vendor_ruby arch directories to the filelist
Wed Sep 27 14:00:00 2006 mrueckertAATTsuse.de
- added ruby-1.8.5-vendor_ruby.patch, site-specific.rb, vendor-specific.rb:
add vendor_ruby support. This is a small change for packager.
you can now run \'ruby -rvendor-specific extconf.rb\' (or setup.rb)
and it will be automatically installed in
%{_libdir}/ruby/vendor_ruby.
Sat Aug 26 14:00:00 2006 mrueckertAATTsuse.de
- Update to version 1.8.5:
o Non-blocking IO
| - Several methods backported from HEAD have been added:
| - BasicSocket?#recv_nonblock
| - IO#read_nonblock
| - IO#write_nonblock
| - Socket#accept_nonblock
| - Socket#connect_nonblock
| - Socket#recvfrom_nonblock
| - TCPServer#accept_nonblock
| - UDPSocket#recvfrom_nonblock
| - UNIXServer#accept_nonblock
| (see ruby-core:7917, ruby-core:7925).
|
o Process.getrlimit/setrlimit See ruby-dev:28729.
|
o Changes in rdoc/ri
| - lots of documentation added
| - RubyGems support: ri will search gem installation dirs for
| additional documentation
| - new options to limit the search path
|
o RSS
| - added RSS::RootElementMixin?#to_xml (ruby-talk:197284), which
| can be used to convert feeds to a different RSS version as
| follows:
| [[[
| rss10 = RSS::Parser.parse(File.read(\"1.0.rdf\"))
| File.open(\"2.0.rss\", \"w\") {|f| f.print(rss10.to_xml(\"2.0\"))}
| ]]]
| - Support for taxonomies added to the RSS parser and generator.
| - A number of convenience methods added
| - New style API for RSS generation ruby-talk:197284
| [[[
| The recommended style is nowxxx.new_yyy do |yyy|
| yyy.zzz = zzz
| ...
| end
|
|
| This corresponds to the following in pre-1.8.5:
| yyy = xxx.new_yyy
| yyy.zzz = zzz
| ]]]
o Misc
| - added Kernel.Pathname(path)
| - added Kernel#pretty_inspect
| - changes in the GC subsystem that result in better performance
| in some cases
| - added OptionParser?#getopts
| - the per-object overhead went down to 20 bytes on win32
| (from 24) ruby-core:7474
o What breaks (!!!)
| - Binding.of_caller, and therefore breakpoint (including Rails\')
| - several problems in ri reported: the documentation for some
| methods seems to have disappeared, and several methods that
| should not be documented appear in the indices;
| see ruby-core:08709
- removed patches, which are included in 1.8.5:
ruby-1.8.4-fix-insecure-dir-operation.patch
ruby-1.8.4-fix-insecure-regexp-modification.patch
ruby-1.8.4-fix-alias-safe-level.patch
- updated ruby-1.8.4_linkerflags.patch.
new name ruby-1.8.5_linkerflags.patch
Mon Jul 31 14:00:00 2006 mrueckertAATTsuse.de
- added ruby-fix-autoconf-magic-code.patch:
Fix for the latest changes in the autoconf code.
Mon Jul 31 14:00:00 2006 mrueckertAATTsuse.de
- security fixes [CVE-2006-3694] [#193661]
* added ruby-1.8.4-fix-insecure-dir-operation.patch &
ruby-1.8.4-fix-insecure-regexp-modification.patch:
fix the insecure operations in the certain safe-level
restrictions.
* ruby-1.8.4-fix-alias-safe-level.patch: preserve safe level
restrictions when aliasing a function.