Changelog for ruby-tk-1.8.7.p357-0.36.1.x86_64.rpm :
Mon Jul 8 14:00:00 2013 johann.luceAATTwanadoo.fr
- fix cve-2013-4073 (bnc#827265)
The fix_cve-2013-4073.patch contains the patch for
cve-2013-4073 (bnc#827265) adapted from
https://build.opensuse.org/package/view_file/openSUSE:Maintenance:1837/ruby19.openSUSE_12.2_Update?expand=1&file=fix_cve-2013-4073.patch

Thu Mar 28 13:00:00 2013 lijewski.stefanAATTgmail.com
- added CVE-2013-1821.patch: (bnc#808137)
Fix entity expansion DoS vulnerability in REXML. When reading
text nodes from an XML document, the REXML parser could be
coerced into allocating extremely large string objects which
could consume all available memory on the system. CVE-2013-1821
(Patch taken from debian (Salvatore Bonaccorso))

Fri Oct 26 14:00:00 2012 mrueckertAATTsuse.de
- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783525)
Fixes a SAFE_LEVEL bypass in name_err_to_s. CVE-2012-4466

Thu Jan 12 13:00:00 2012 mrueckertAATTsuse.de
- update to 1.8.7.p357 (bnc#739122)
- randomize hash to avoid algorithmic complexity attacks.
CVE-2011-4815
- initialization of hash_seed to be at the beginning of the
process.
- initialize random seed at first.
- call OpenSSL::Random.seed at the SecureRandom.random_bytes
call. insert separators for array join. patch by Masahiro
Tomita. [ruby-dev:44270]
- mkconfig.rb: fix for continued lines. based on a patch from
Marcus Rueckert at [ruby-core:20420].
- Infinity is greater than any bignum number. [ruby-dev:38672]
- initialize store->ex_data.sk. [ruby-core:28907]
[ruby-core:23971] [ruby-core:18121]

Wed Dec 21 13:00:00 2011 mrueckertAATTsuse.de
- update to 1.8.7.p352 (Fate #312657) (bnc#704409)
- support for openssl compiled without SSLv2
- multilib support for tk build
- some IPv6 related fixes
- zlib fixes
- reinitialize PRNG when forking children
(CVE-2011-2686/CVE-2011-3009)
- securerandom fixes (CVE-2011-2705)
- uri route_to fixes
- fix race condition with variables and autoload
- switched rb_arch macro to use RUBY_PLATFORM
- dropped patches:
1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
ruby-1.8.7.p22_tcltk-multilib.patch
ruby-1.8.7-p334.tar.bz2
ruby-1.8.x_bigdecimal_memory_corruption.patch
- new patches
ruby-1.8.x_rubylibdir.patch

Thu May 12 14:00:00 2011 mrueckertAATTsuse.de
- added ruby-1.8.x_bigdecimal_memory_corruption.patch:
dont cast parameter to unsigned int in the alloc and later memset
the original value. (bnc#682287) CVE-2011-0188

Tue Feb 22 13:00:00 2011 mrueckertAATTsuse.de
- update to 1.8.7.p334 (bnc#673740, bnc#673750, bnc#600752)
- A symlink race condition vulnerability was found in
FileUtils.remove_entry_secure. The vulnerability allows local
users to delete arbitrary files and directories. CVE-2011-1004
- Exception#to_s method can be used to trick $SAFE check, which
makes a untrusted codes to modify arbitrary strings.
CVE-2011-1005
- Ruby WEBrick character set issue (XSS) CVE-2010-0541
for all non security changes see
/usr/share/doc/packages/ruby/ChangeLog
- refreshed ruby-1.8.x_openssl_branch_update.patch
- buildrequires openssl to make the last openssl test work
- https://github.com/ruby/ruby/commit/1887f60a8540f64f5c7bb14d57c0be70506941b8.patch

* ext/zlib/zlib.c (zstream_append_input2): add RB_GC_GUARD.
This caused failure when test/csv is executed with GC.stress =
true.
- added ruby-1.8.7.p334_remove_zlib_test_params_test.patch:
remove the test_params patch from backport in r27917
It doesnt pass atm.
- removed ruby-1.8.6.p36_socket_ipv6.patch:
included upstream

Tue Sep 7 14:00:00 2010 mrueckertAATTsuse.de
- the testsuite and doc-html package should of course require the
main package

Fri Jul 2 14:00:00 2010 mrueckertAATTsuse.de
- add ruby(abi) = 1.8 provides

Thu Jul 1 14:00:00 2010 mrueckertAATTsuse.de
- update to 1.8.7.p299 (bnc#606056 and bnc#603914)
- OpenSSL 1.0.0 support
- Use OpenSSL engines which exist
- Fixed range and chunked support for Net::HTTP
- Iconv fixes
- Backported pack/unpack from the 1.9 branch (bnc#606056 bnc#603914)
- Multiple fixes in the resolver
- Fixed Unicode inspection bug.
- Escape characters properly for the accesslog (bnc#570616)
- cleaned up rpmlintrc
- refreshed patches:
old: ruby-1.8.7.p22_lib64.patch
new: ruby-1.8.7.p299_lib64.patch
old: ruby_1.8.6.p36_date_remove_privat.patch
new: ruby-1.8.7.p299_date_remove_privat.patch
old: ruby-pedantic-headers.diff
new: ruby-1.8.7.p299_pedantic-headers.patch
- replaced patches ruby-1.8.x_openssl-1.0.patch and
ruby-1.8.x_openssl-1.0-tests.patch with
ruby-1.8.x_openssl_branch_update.patch

Wed May 19 14:00:00 2010 mrueckertAATTsuse.de
- fix build on ix86:
- -target got removed from the %configure macro. add it back
locally for now.

Thu Apr 22 14:00:00 2010 mrueckertAATTsuse.de
- added ruby-1.8.x_openssl-1.0.patch and
ruby-1.8.x_openssl-1.0-tests.patch:
fix building with openssl 1.0.0 (taken from svn)
- added ruby-1.8.x_yaml2byte.patch:
fix warning about sequence point
- remove requires on glibc-devel again

Sat Mar 13 13:00:00 2010 crrodriguezAATTopensuse.org
- ruby-devel requires glibc-devel

Tue Feb 23 13:00:00 2010 mrueckertAATTsuse.de
- added ruby-1.8.x_digest_non_void_return.patch:
patch pulled from SVN to fix the warnings about no return in
non-void functions.

Sun Jan 31 13:00:00 2010 meissnerAATTsuse.de
- ruby calls \"ppc\" \"powerpc\".

Fri Jan 29 13:00:00 2010 mrueckertAATTsuse.de
- update to 1.8.7p249
small big fix release in the 1.8.7 branch, this includes the fix
for:
- ruby webrick doesn\'t sanitize non-printable characters in log
(bnc#570616) CVE-2009-4492
- drop ruby-1.8.6.p36_gc.patch: solution is upstream

Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- package documentation as noarch
- adjust ruby.macros to ask the ruby binary for the target plaform.
This is because %_host_cpu can expand to sparc64, while ruby is
built for the sparcv9 target, and %_target_cpu can expand to
noarch.
- in ruby.spec, %rb_arch is statically reset to %_target_cpu, as
we need the target name. Since it won\'t be noarch in this case,
that is good.

Thu Aug 20 14:00:00 2009 jansimon.moellerAATTopensuse.org
- remove s/armv5tel/armv4l/ in macros as it breaks build for armv5tel