SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby-devel-1.8.7.p357-2.10.1.i586.rpm :

* Mon Mar 25 2013 mrueckertAATTsuse.de- added CVE-2013-1821.patch: (bnc#808137) Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. CVE-2013-1821 (Patch taken from debian (Salvatore Bonaccorso))
* Fri Oct 26 2012 mrueckertAATTsuse.de- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783525) Fixes a SAFE_LEVEL bypass in name_err_to_s. CVE-2012-4466
* Thu Jan 12 2012 mrueckertAATTsuse.de- update to 1.8.7.p357 (bnc#739122) - randomize hash to avoid algorithmic complexity attacks. CVE-2011-4815 - initialization of hash_seed to be at the beginning of the process. - initialize random seed at first. - call OpenSSL::Random.seed at the SecureRandom.random_bytes call. insert separators for array join. patch by Masahiro Tomita. [ruby-dev:44270] - mkconfig.rb: fix for continued lines. based on a patch from Marcus Rueckert at [ruby-core:20420]. - Infinity is greater than any bignum number. [ruby-dev:38672] - initialize store->ex_data.sk. [ruby-core:28907] [ruby-core:23971] [ruby-core:18121]
* Thu Jul 07 2011 mrueckertAATTsuse.de- update to 1.8.7.p352 - support for openssl compiled without SSLv2 - multilib support for tk build - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children - uri route_to fixes - fix race condition with variables and autoload- drop 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch included upstream- drop ruby-1.8.7.p22_tcltk-multilib.patch solved differently upstream
* Fri May 20 2011 mrueckertAATTsuse.de- drop ruby-1.8.7.p299_webrick_error_page_encoding.patch: we will stick to the upstream charset
* Fri Mar 18 2011 mrueckertAATTsuse.de- added ruby-1.8.x_rubylibdir.patch: allows us to also change the path for the stdlib part of the ruby directory tree
* Tue Feb 22 2011 mrueckertAATTsuse.de- update to 1.8.7.p334 (bnc#673740, bnc#673750, bnc#600752) - A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories. CVE-2011-1004 - Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. CVE-2011-1005 - Ruby WEBrick character set issue (XSS) CVE-2010-0541 for all non security changes see /usr/share/doc/packages/ruby/ChangeLog- refreshed ruby-1.8.x_openssl_branch_update.patch- buildrequires openssl to make the last openssl test work- https://github.com/ruby/ruby/commit/1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
* ext/zlib/zlib.c (zstream_append_input2): add RB_GC_GUARD. This caused failure when test/csv is executed with GC.stress = true.- added ruby-1.8.7.p334_remove_zlib_test_params_test.patch: remove the test_params patch from backport in r27917 It doesnt pass atm.- removed ruby-1.8.6.p36_socket_ipv6.patch: included upstream
* Tue Sep 07 2010 mrueckertAATTsuse.de- the testsuite and doc-html package should of course require the main package
* Fri Jul 02 2010 mrueckertAATTsuse.de- add ruby(abi) = 1.8 provides
* Thu Jul 01 2010 mrueckertAATTsuse.de- update to 1.8.7.p299 (bnc#606056 and bnc#603914) - OpenSSL 1.0.0 support - Use OpenSSL engines which exist - Fixed range and chunked support for Net::HTTP - Iconv fixes - Backported pack/unpack from the 1.9 branch (bnc#606056 bnc#603914) - Multiple fixes in the resolver - Fixed Unicode inspection bug. - Escape characters properly for the accesslog (bnc#570616)- cleaned up rpmlintrc- refreshed patches: old: ruby-1.8.7.p22_lib64.patch new: ruby-1.8.7.p299_lib64.patch old: ruby_1.8.6.p36_date_remove_privat.patch new: ruby-1.8.7.p299_date_remove_privat.patch old: ruby-pedantic-headers.diff new: ruby-1.8.7.p299_pedantic-headers.patch- replaced patches ruby-1.8.x_openssl-1.0.patch and ruby-1.8.x_openssl-1.0-tests.patch with ruby-1.8.x_openssl_branch_update.patch
* Wed May 19 2010 mrueckertAATTsuse.de- fix build on ix86: - -target got removed from the %configure macro. add it back locally for now.
* Thu Apr 22 2010 mrueckertAATTsuse.de- added ruby-1.8.x_openssl-1.0.patch and ruby-1.8.x_openssl-1.0-tests.patch: fix building with openssl 1.0.0 (taken from svn)- added ruby-1.8.x_yaml2byte.patch: fix warning about sequence point- remove requires on glibc-devel again
* Sat Mar 13 2010 crrodriguezAATTopensuse.org- ruby-devel requires glibc-devel
* Tue Feb 23 2010 mrueckertAATTsuse.de- added ruby-1.8.x_digest_non_void_return.patch: patch pulled from SVN to fix the warnings about no return in non-void functions.
* Sun Jan 31 2010 meissnerAATTsuse.de- ruby calls \"ppc\" \"powerpc\".
* Fri Jan 29 2010 mrueckertAATTsuse.de- update to 1.8.7p249 small big fix release in the 1.8.7 branch, this includes the fix for: - ruby webrick doesn\'t sanitize non-printable characters in log (bnc#570616) CVE-2009-4492- drop ruby-1.8.6.p36_gc.patch: solution is upstream
* Wed Dec 16 2009 jengelhAATTmedozas.de- package documentation as noarch- adjust ruby.macros to ask the ruby binary for the target plaform. This is because %_host_cpu can expand to sparc64, while ruby is built for the sparcv9 target, and %_target_cpu can expand to noarch.- in ruby.spec, %rb_arch is statically reset to %_target_cpu, as we need the target name. Since it won\'t be noarch in this case, that is good.
* Thu Aug 20 2009 jansimon.moellerAATTopensuse.org- remove s/armv5tel/armv4l/ in macros as it breaks build for armv5tel
  
ICM