SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby-debuginfo-1.8.7.p357-2.10.1.x86_64.rpm :

* Mon Mar 25 2013 mrueckertAATTsuse.de- added CVE-2013-1821.patch: (bnc#808137) Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. CVE-2013-1821 (Patch taken from debian (Salvatore Bonaccorso))
* Fri Oct 26 2012 mrueckertAATTsuse.de- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783525) Fixes a SAFE_LEVEL bypass in name_err_to_s. CVE-2012-4466
* Thu Jan 12 2012 mrueckertAATTsuse.de- update to 1.8.7.p357 (bnc#739122) - randomize hash to avoid algorithmic complexity attacks. CVE-2011-4815 - initialization of hash_seed to be at the beginning of the process. - initialize random seed at first. - call OpenSSL::Random.seed at the SecureRandom.random_bytes call. insert separators for array join. patch by Masahiro Tomita. [ruby-dev:44270] - mkconfig.rb: fix for continued lines. based on a patch from Marcus Rueckert at [ruby-core:20420]. - Infinity is greater than any bignum number. [ruby-dev:38672] - initialize store->ex_data.sk. [ruby-core:28907] [ruby-core:23971] [ruby-core:18121]
* Thu Jul 07 2011 mrueckertAATTsuse.de- update to 1.8.7.p352 - support for openssl compiled without SSLv2 - multilib support for tk build - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children - uri route_to fixes - fix race condition with variables and autoload- drop 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch included upstream- drop ruby-1.8.7.p22_tcltk-multilib.patch solved differently upstream
* Fri May 20 2011 mrueckertAATTsuse.de- drop ruby-1.8.7.p299_webrick_error_page_encoding.patch: we will stick to the upstream charset
* Fri Mar 18 2011 mrueckertAATTsuse.de- added ruby-1.8.x_rubylibdir.patch: allows us to also change the path for the stdlib part of the ruby directory tree
* Tue Feb 22 2011 mrueckertAATTsuse.de- update to 1.8.7.p334 (bnc#673740, bnc#673750, bnc#600752) - A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories. CVE-2011-1004 - Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. CVE-2011-1005 - Ruby WEBrick character set issue (XSS) CVE-2010-0541 for all non security changes see /usr/share/doc/packages/ruby/ChangeLog- refreshed ruby-1.8.x_openssl_branch_update.patch- buildrequires openssl to make the last openssl test work- https://github.com/ruby/ruby/commit/1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
* ext/zlib/zlib.c (zstream_append_input2): add RB_GC_GUARD. This caused failure when test/csv is executed with GC.stress = true.- added ruby-1.8.7.p334_remove_zlib_test_params_test.patch: remove the test_params patch from backport in r27917 It doesnt pass atm.- removed ruby-1.8.6.p36_socket_ipv6.patch: included upstream
* Tue Sep 07 2010 mrueckertAATTsuse.de- the testsuite and doc-html package should of course require the main package
* Fri Jul 02 2010 mrueckertAATTsuse.de- add ruby(abi) = 1.8 provides
* Thu Jul 01 2010 mrueckertAATTsuse.de- update to 1.8.7.p299 (bnc#606056 and bnc#603914) - OpenSSL 1.0.0 support - Use OpenSSL engines which exist - Fixed range and chunked support for Net::HTTP - Iconv fixes - Backported pack/unpack from the 1.9 branch (bnc#606056 bnc#603914) - Multiple fixes in the resolver - Fixed Unicode inspection bug. - Escape characters properly for the accesslog (bnc#570616)- cleaned up rpmlintrc- refreshed patches: old: ruby-1.8.7.p22_lib64.patch new: ruby-1.8.7.p299_lib64.patch old: ruby_1.8.6.p36_date_remove_privat.patch new: ruby-1.8.7.p299_date_remove_privat.patch old: ruby-pedantic-headers.diff new: ruby-1.8.7.p299_pedantic-headers.patch- replaced patches ruby-1.8.x_openssl-1.0.patch and ruby-1.8.x_openssl-1.0-tests.patch with ruby-1.8.x_openssl_branch_update.patch
* Wed May 19 2010 mrueckertAATTsuse.de- fix build on ix86: - -target got removed from the %configure macro. add it back locally for now.
* Thu Apr 22 2010 mrueckertAATTsuse.de- added ruby-1.8.x_openssl-1.0.patch and ruby-1.8.x_openssl-1.0-tests.patch: fix building with openssl 1.0.0 (taken from svn)- added ruby-1.8.x_yaml2byte.patch: fix warning about sequence point- remove requires on glibc-devel again
* Sat Mar 13 2010 crrodriguezAATTopensuse.org- ruby-devel requires glibc-devel
* Tue Feb 23 2010 mrueckertAATTsuse.de- added ruby-1.8.x_digest_non_void_return.patch: patch pulled from SVN to fix the warnings about no return in non-void functions.
* Sun Jan 31 2010 meissnerAATTsuse.de- ruby calls \"ppc\" \"powerpc\".
* Fri Jan 29 2010 mrueckertAATTsuse.de- update to 1.8.7p249 small big fix release in the 1.8.7 branch, this includes the fix for: - ruby webrick doesn\'t sanitize non-printable characters in log (bnc#570616) CVE-2009-4492- drop ruby-1.8.6.p36_gc.patch: solution is upstream
* Wed Dec 16 2009 jengelhAATTmedozas.de- package documentation as noarch- adjust ruby.macros to ask the ruby binary for the target plaform. This is because %_host_cpu can expand to sparc64, while ruby is built for the sparcv9 target, and %_target_cpu can expand to noarch.- in ruby.spec, %rb_arch is statically reset to %_target_cpu, as we need the target name. Since it won\'t be noarch in this case, that is good.
* Thu Aug 20 2009 jansimon.moellerAATTopensuse.org- remove s/armv5tel/armv4l/ in macros as it breaks build for armv5tel
* Fri Nov 21 2008 mrueckertAATTsuse.de- add ruby-1.8.7-p72_topdir.patch: Config::TOPDIR was broken on lib64 systems as the code was assuming $prefix/lib.
* Fri Nov 21 2008 mrueckertAATTsuse.de- added more ruby macros in /etc/rpm/macros.ruby
* Sat Sep 06 2008 mrueckertAATTsuse.de- update to 1.8.7p72 vendor_ruby support now officially included for all the changes since 1.8.6 see /usr/share/doc/packages/ruby/NEWS- dropped ruby-1.8.6_openssl_verify_host.patch included in update- updated patch for new release: old name: ruby-1.8.6.p36_lib64.patch new name: ruby-1.8.7.p22_lib64.patch- updated patch for new release: old name: ruby-1.8.6.p36_tcltk-multilib.patch new name: ruby-1.8.7.p22_tcltk-multilib.patch- dropped ruby-1.8.6.p111_vendor_ruby.patch only one chunk survived as ruby-1.8.7-p72_vendor_specific.patch
* Fri May 16 2008 mrueckertAATTsuse.de- update to 1.8.6.p114 bugfix release - Fixes File access vulnerability of WEBrick (CVE-2008-1145) (bnc#368618) - ensure that the rss module adds the xml namespace
* Thu Dec 06 2007 mrueckertAATTsuse.de- update to 1.8.6.p111 bugfix release. important changes: - ssl fixes (see notes on the ssl patch below) - fixes for the threads support - various overflow checks - safe_level improvements - printf fixes - imap fixes for all the details see /usr/share/doc/packages/ruby/ChangeLog- added ruby-1.8.6.p111_openssl_verify_host.patch: (#329706) validate the hostname against the CN from the presented SSL certificicate. This has been enabled for telnets, ftptls, imaps and https. (CVE-2007-5162,CVE-2007-5770) For telnets and https the verification is done if the verify mode is set to anything else than OpenSSL::SSL::VERIFY_NONE. For ftptls it is always enabled. For imaps it is checked if you enable verification.- added support to build with bleak_house to allow better memleak debugging. (requires additional package ruby-bleakhouse)- updated ruby-1.8.6.p36_vendor_ruby.patch new name ruby-1.8.6.p111_vendor_ruby.patch- dropped ruby-1.8.6.p36_thread_prototype_and_testsuite.patch: included in update
* Thu Oct 11 2007 dmuellerAATTsuse.de- fix headers to be compileable with -pedantic
* Sun Aug 12 2007 mrueckertAATTsuse.de- added ruby_1.8.6.p36_date_remove_privat.patch: Time.to_date() and Time.to_datetime() shouldnt be private.
* Mon Aug 06 2007 mrueckertAATTsuse.de- added ruby-1.8.6.p36_thread_prototype_and_testsuite.patch: pulled two fixes from the 1.8.6 branch:
* avoid executing shell in the testsuite
* moved definition of rb_thread_status() to avoid errors in C++ extensions.
* Sun Aug 05 2007 mrueckertAATTsuse.de- update to 1.8.6.p36: many bugfixes and library updates. hilights: === Library updates (outstanding ones only)
* date
* Updated based on date2 4.0.3.
* digest
* New internal APIs for C and Ruby.
* Support for autoloading.
* See below for new features and compatibility issues.
* nkf
* Updated based on nkf as of 2007-01-28.
* tk
* Tk::X_Scrollable (Y_Scrollable) is renamed to Tk::XScrollable (YScrollable). Tk::X_Scrollable (Y_Scrollable) is still available, but it is an alias name.
* Updated Tile extension support based on Tile 0.7.8.
* Support --without-X11 configure option for non-X11 versions of Tcl/Tk (e.g. Tcl/Tk Aqua).
* New sample script: irbtkw.rbw -- IRB on Ruby/Tk. It has no trouble about STDIN blocking on Windows. === New methods and features
* builtin classes
* New method: Kernel#instance_variable_defined?
* New method: Module#class_variable_defined?
* New feature: Dir::glob() can now take an array of glob patterns.
* digest
* New digest class methods: file
* New digest instance methods: clone, reset, new, inspect, digest_length (alias size or length), block_length()
* New library: digest/bubblebabble
* New function: Digest(name)
* fileutils
* New option for FileUtils.cp_r(): :remove_destination
* thread
* Replaced with much faster mutex implementation in C. The former implementation is available with a configure option `--disable-fastthread\'.
* webrick
* New method: WEBrick::Cookie.parse_set_cookies() === Compatibility issues (excluding feature bug fixes)
* builtin classes
* String#intern now raises SecurityError when $SAFE level is greater than zero.
* fileutils
* A minor implementation change breaks Rake <=0.7.1. Updating Rake to 0.7.2 fixes the problem.
* digest
* The constructor does no longer take an initial string to feed; digest() and hexdigest() now do, instead. For all details see the NEWS or ChangeLog file.- rediffed patch ruby-1.8.2-gc.diff new name ruby-1.8.6.p36_gc.patch- rediffed patch ruby-1.8.2-tcltk-multilib.patch new name ruby-1.8.6.p36_tcltk-multilib.patch- rediffed patch ruby-socket_ipv6.patch new name ruby-1.8.6.p36_socket_ipv6.patch- rediffed patch ruby-1.8.5-vendor_ruby.patch new name ruby-1.8.6.p36_vendor_ruby.patch- rediffed patch ruby-1.8.5.p12-lib64.diff new name ruby-1.8.6.p36_lib64.patch
* Fri Mar 30 2007 rguentherAATTsuse.de- add bison BuildRequires- add emacs site-lisp directories
* Fri Mar 23 2007 rguentherAATTsuse.de- add gdbm-devel BuildRequires
* Mon Feb 12 2007 mrueckertAATTsuse.de- update to 1.8.5-p12:
* stable version 1.8.5-p12 released.
* ext/tk/tcltklib.c: shouldn\'t run the killed thread at callback. [ruby-talk: 227408]
* lib/rdoc/ri/ri_options.rb: prevent NameError. [ruby-dev:29597]
* dir.c (glob_helper): get rid of possible memory leak.
* win32/win32.c (cmdglob, rb_w32_cmdvector, rb_w32_opendir, rb_w32_get_environ): not to use GC before initialization.
* configure.in (SITE_DIR): fixed to emtpy RUBY_SITE_LIB in config.h on NetBSD. fixed: [ruby-dev:29358]
* parse.y (dyna_init_gen): dvar initialization only if dvar is assigned inner block. [ruby-talk:227402]
* stable version 1.8.5-p2 released.
* lib/cgi.rb (CGI::QueryExtension::read_multipart): should quote boundary. JVN#84798830 (BNC #225983) (CVE-2006-6303)
* bignum.c (bignorm): avoid segmentation. a patch from Hiroyuki Ito . [ruby-list:43012]
* parse.y (primary): should set NODE even when compstmt is NULL. merge from trunk. fixed: [ruby-dev:29732]
* lib/cgi.rb (CGI::QueryExtension::read_multipart): CGI content may be empty. a patch from Jamis Buck .
* ext/dbm/extconf.rb: create makefile according to the result of check for dbm header. fixed: [ruby-dev:29445]
* hash.c (rb_hash_s_create): fixed memory leak, based on the patch by Kent Sibilev . fixed: [ruby-talk:211233]- rediffed ruby-1.8.1-lib64.diff new name ruby-1.8.5.p12-lib64.diff- patches included in the update: cgi_multipart_eof_fix.patch ruby-1.8.4-fix-alias-safe-level.patch ruby-1.8.4-fix-insecure-dir-operation.patch ruby-1.8.4-fix-insecure-regexp-modification.patch ruby-1.8.4-no-eaccess.diff ruby-1.8.4-warnings.patch ruby-fix-autoconf-magic-code.patch- added ruby-1.8.x-autoconf_2.61a.patch: config.status changed to awk in 2.61a. adapt mkconfig.rb to the new syntax.
* Mon Oct 30 2006 mrueckertAATTsuse.de- added cgi_multipart_eof_fix.patch: fix for a denial of service condition in cgi.rb CVE-2006-5467 (#214916)
* Fri Oct 20 2006 mrueckertAATTsuse.de- run ldconfig- add site_ruby and vendor_ruby arch directories to the filelist
* Wed Sep 27 2006 mrueckertAATTsuse.de- added ruby-1.8.5-vendor_ruby.patch, site-specific.rb, vendor-specific.rb: add vendor_ruby support. This is a small change for packager. you can now run \'ruby -rvendor-specific extconf.rb\' (or setup.rb) and it will be automatically installed in %{_libdir}/ruby/vendor_ruby.
* Sat Aug 26 2006 mrueckertAATTsuse.de- Update to version 1.8.5: o Non-blocking IO | - Several methods backported from HEAD have been added: | - BasicSocket?#recv_nonblock | - IO#read_nonblock | - IO#write_nonblock | - Socket#accept_nonblock | - Socket#connect_nonblock | - Socket#recvfrom_nonblock | - TCPServer#accept_nonblock | - UDPSocket#recvfrom_nonblock | - UNIXServer#accept_nonblock | (see ruby-core:7917, ruby-core:7925). | o Process.getrlimit/setrlimit See ruby-dev:28729. | o Changes in rdoc/ri | - lots of documentation added | - RubyGems support: ri will search gem installation dirs for | additional documentation | - new options to limit the search path | o RSS | - added RSS::RootElementMixin?#to_xml (ruby-talk:197284), which | can be used to convert feeds to a different RSS version as | follows: | [[[ | rss10 = RSS::Parser.parse(File.read(\"1.0.rdf\")) | File.open(\"2.0.rss\", \"w\") {|f| f.print(rss10.to_xml(\"2.0\"))} | ]]] | - Support for taxonomies added to the RSS parser and generator. | - A number of convenience methods added | - New style API for RSS generation ruby-talk:197284 | [[[ | The recommended style is nowxxx.new_yyy do |yyy| | yyy.zzz = zzz | ... | end | | | This corresponds to the following in pre-1.8.5: | yyy = xxx.new_yyy | yyy.zzz = zzz | ]]] o Misc | - added Kernel.Pathname(path) | - added Kernel#pretty_inspect | - changes in the GC subsystem that result in better performance | in some cases | - added OptionParser?#getopts | - the per-object overhead went down to 20 bytes on win32 | (from 24) ruby-core:7474 o What breaks (!!!) | - Binding.of_caller, and therefore breakpoint (including Rails\') | - several problems in ri reported: the documentation for some | methods seems to have disappeared, and several methods that | should not be documented appear in the indices; | see ruby-core:08709- removed patches, which are included in 1.8.5: ruby-1.8.4-fix-insecure-dir-operation.patch ruby-1.8.4-fix-insecure-regexp-modification.patch ruby-1.8.4-fix-alias-safe-level.patch- updated ruby-1.8.4_linkerflags.patch. new name ruby-1.8.5_linkerflags.patch
* Mon Jul 31 2006 mrueckertAATTsuse.de- added ruby-fix-autoconf-magic-code.patch: Fix for the latest changes in the autoconf code.
* Mon Jul 31 2006 mrueckertAATTsuse.de- security fixes [CVE-2006-3694] [#193661]
* added ruby-1.8.4-fix-insecure-dir-operation.patch & ruby-1.8.4-fix-insecure-regexp-modification.patch: fix the insecure operations in the certain safe-level restrictions.
* ruby-1.8.4-fix-alias-safe-level.patch: preserve safe level restrictions when aliasing a function.
* Mon Apr 10 2006 mrueckertAATTsuse.de- build with -fno-strict-aliasing- enable more tests on ppc- disable drb tests
* Mon Apr 03 2006 mrueckertAATTsuse.de- reworked the ruby-1.8.4-no-eaccess.diff patch it broke when build on old distros
* Thu Jan 26 2006 mrueckertAATTsuse.de- added upstream patch for eaccess- disabled openssl tests on pcc
* Wed Jan 25 2006 mrueckertAATTsuse.de- added ruby-1.8.4_linkerflags.patch patch removes -L. from the linker flags. it seems libtool otherwise expands it to -L$PWD. this leads to trouble with our build system.
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Sun Jan 15 2006 kukukAATTsuse.de- Use eaccess() from glibc [#143291]
* Sun Jan 15 2006 mrueckertAATTsuse.de- disabled the big test suite as we trigger a weird bug in the openssl bindings on ppc64
* Sat Dec 24 2005 mrueckertAATTsuse.de- Update to 1.8.4- dont run with --default-kcode=utf8 triggers a bug in the test suite
* Thu Sep 22 2005 mrueckertAATTsuse.de- update to 1.8.3- updated patches for 1.8.3- ruby-doc tarball now included as tar.bz2
* Mon Sep 12 2005 mrueckertAATTsuse.de- fix path of the RI documentation [Bug #116408]
* Thu Sep 08 2005 mrueckertAATTsuse.de- dont make the irb man page executable. [Bug #114849]
* Tue Aug 23 2005 mrueckertAATTsuse.de- added directory entries for the site ruby dirs
* Mon Aug 22 2005 mrueckertAATTsuse.de- disabled mkmf patch for now. it breaks building the socket extension.
* Sun Aug 21 2005 roAATTsuse.de- added directories to filelist- fix typo in filelist
* Fri Aug 19 2005 mrueckertAATTsuse.de- Build RI and html documentation. Added subpackages for them.- moved samples into a sub packages.- build tcl/tk bindings and move them into their own package. (ruby-1.8.2-tcltk-multilib.patch)- disabled optimization on ia64/x86_x64. needs investigation.- fixed parameter swap in memset call (ruby-1.8.2-strscan-memset.patch)- let mkmf create shared libraries (ruby-mkmf-shared.patch)- splitted of devel files
* Tue Jul 19 2005 mgeAATTsuse.de- make \"make test\" run also on x86_64 by disabling code optimization (-O0), as it is for ia64- enable \"make test\" for ppc64 again
* Tue Jul 19 2005 mgeAATTsuse.de- Fixes #95366, CAN-2005-1992: arbitrary command execution on XMLRPC server
* Wed Jun 01 2005 roAATTsuse.de- update to 1.8.2
* Mon Jan 03 2005 mgeAATTsuse.de- added fixes for lib/cgi.rb and lib/cgi/session.rb from ruby-1.8.2, fixes: #47886 (CAN-2004-0983)
* Thu Nov 18 2004 roAATTsuse.de- fixed file list
* Sat Sep 25 2004 roAATTsuse.de- added cgi_session.diff (from debian, CAN-2004-0755)
* Sun Jul 25 2004 roAATTsuse.de- fix typo in specfile
* Sun Jun 20 2004 roAATTsuse.de- fix find in specfile
* Wed Apr 28 2004 roAATTsuse.de- added missing return value (unreached code)
* Tue Mar 23 2004 mgeAATTsuse.de- make ruby build on ia64 and ppc64
* Sat Feb 28 2004 roAATTsuse.de- fix makefile rule for regenerating lex.c
* Sat Feb 28 2004 roAATTsuse.de- add gperf to neededforbuild
* Sat Feb 28 2004 roAATTsuse.de- fix requirement for /usr/local/bin- use no-strict-aliasing
* Mon Feb 02 2004 mgeAATTsuse.de- update to 1.8.1 also fixes Bug #34226: Readline support missing from ruby
* Sat Jan 10 2004 adrianAATTsuse.de- add %defattr
* Mon Aug 04 2003 mgeAATTsuse.de- update tp 1.8.0
* Mon Jan 06 2003 mgeAATTsuse.de- update to 1.6.8
* Tue May 21 2002 meissnerAATTsuse.de- More %_lib fixes inside package.
* Tue May 21 2002 meissnerAATTsuse.de- %_lib fixes- Added prototype for rb_node_newnode.
* Fri May 17 2002 mgeAATTsuse.de- update to 1.6.7
* Sun Apr 14 2002 bkAATTsuse.de- lib64 and new arch fixes: suse_update_config and use %_libdir
* Fri Apr 05 2002 schwabAATTsuse.de- Remove ia64 workaround.
* Tue Aug 21 2001 mgeAATTsuse.de- update to 1.6.4
* Sun May 20 2001 mgeAATTsuse.de- changes _only_ to spec-file:- make ruby shared libs built- cleanup ruby directory structure (drop /usr/share/lib/ruby/)
* Wed May 09 2001 mfabianAATTsuse.de- bzip2 sources
* Thu Mar 22 2001 mgeAATTsuse.de- update to 1.6.3, merge of rread\'s SPEC patches
* Mon Mar 19 2001 schwabAATTsuse.de- Don\'t use __builtin_frame_address(2) on ia64.- Compile with -O0 on ia64 to work around compiler bug.
* Sun Mar 04 2001 rreadAATTmountainviewdata.com- introduced build-root
* Thu Feb 22 2001 roAATTsuse.de- added readline/readline-devel to neededforbuild (split from bash)
* Fri Jan 12 2001 mgeAATTsuse.de- update to 1.6.2
* Wed Dec 13 2000 schwabAATTsuse.de- Add %suse_update_config.- Fix computation of stack limit.
* Mon Dec 04 2000 mgeAATTsuse.de- update to 1.6.1, manual 1.4.6
* Thu Jul 06 2000 mgeAATTsuse.de- initial SuSE RPM
  
ICM