SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby-1.8.7.p357-0.9.18.1.x86_64.rpm :
Fri Mar 13 13:00:00 2015 mrueckertAATTsuse.de
- quote the $AATT parameter in the wrapper scripts, it broke
gem_install arguments.

Tue Sep 30 14:00:00 2014 mrueckertAATTsuse.de
- also require rubygems so we have the same base as newer ruby
versions.

Wed Sep 24 14:00:00 2014 mrueckertAATTsuse.de
- also make the ghost files match what we generate in the rubygem
based packages

Wed Sep 24 14:00:00 2014 mrueckertAATTsuse.de
- also provide the %{_bindir}/$bin%{rb_binary_suffix} symlinks via
u-a to be consistent with what gem based packages do.

Mon Sep 22 14:00:00 2014 mrueckertAATTsuse.de
- merged ruby1.8-support directly into our ruby package

Fri Sep 19 14:00:00 2014 mrueckertAATTsuse.de
- make it easier to support the new packaging scheme

Mon Apr 14 14:00:00 2014 jmassaguerplaAATTsuse.com
- CVE-2013-1821: ruby: entity expansion DoS vulnerability in REXML
(bnc#808137)
- added patches:

* CVE-2013-1821.patch

Fri Nov 22 13:00:00 2013 jmassaguerplaAATTsuse.com
- fix CVE-2013-4164: heap overflow in float point parsing (bnc#851803)
The file CVE-2013-4164.patch contains the patch

Fri Jul 5 14:00:00 2013 jmassaguerplaAATTsuse.com
- fix all licenses: In latest commit I just fixed the main package

Thu Jul 4 14:00:00 2013 jmassaguerplaAATTsuse.com
- fix license: ruby

Wed Jul 3 14:00:00 2013 jmassaguerplaAATTsuse.com
- fix CVE-2013-4073: Hostname check bypassing vulnerability in SSL
client (bnc#827265)
CVE-2013-4073.patch contains the fix based on
https://github.com/ruby/ruby/commit/961bf7496ded3acfe847cf56fa90bbdcfd6e614f

Fri Oct 26 14:00:00 2012 mrueckertAATTsuse.de
- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783525)
Fixes a SAFE_LEVEL bypass in name_err_to_s. CVE-2012-4466

Thu Jan 26 13:00:00 2012 dmuellerAATTsuse.de
- readded ruby-1.8.x_bigdecimal_memory_corruption.patch:
dont cast parameter to unsigned int in the alloc and later memset
the original value. (bnc#682287) CVE-2011-0188

Thu Jan 12 13:00:00 2012 mrueckertAATTsuse.de
- update to 1.8.7.p357 (bnc#739122)
- randomize hash to avoid algorithmic complexity attacks.
CVE-2011-4815
- initialization of hash_seed to be at the beginning of the
process.
- initialize random seed at first.
- call OpenSSL::Random.seed at the SecureRandom.random_bytes
call. insert separators for array join. patch by Masahiro
Tomita. [ruby-dev:44270]
- mkconfig.rb: fix for continued lines. based on a patch from
Marcus Rueckert at [ruby-core:20420].
- Infinity is greater than any bignum number. [ruby-dev:38672]
- initialize store->ex_data.sk. [ruby-core:28907]
[ruby-core:23971] [ruby-core:18121]

Mon Aug 15 14:00:00 2011 mrueckertAATTsuse.de
- update to 1.8.7.p352 (Fate #312657) (bnc#704409)
- support for openssl compiled without SSLv2
- multilib support for tk build
- some IPv6 related fixes
- zlib fixes
- reinitialize PRNG when forking children
(CVE-2011-2686/CVE-2011-3009)
- securerandom fixes (CVE-2011-2705)
- uri route_to fixes
- fix race condition with variables and autoload
- drop 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
included upstream
- drop ruby-1.8.7.p22_tcltk-multilib.patch
solved differently upstream
- switched rb_arch macro to use RUBY_PLATFORM
- dropped patches:
ruby-1.8.6.p36_gc.patch
ruby-1.8.7.p22_lib64.patch
ruby-1.8.6.p36_socket_ipv6.patch
ruby_1.8.6.p36_date_remove_privat.patch
ruby-pedantic-headers.diff
ruby-1.8.7-p72_topdir.patch
ruby-1.8.7.x_bigdecimal_segfault.patch
ruby-1.8.7.x_oscp_basic_verify.patch
ruby-1.8.7.x_rexml_entity_expansion_CVE-2008-3790.patch
ruby-1.8.7.x_short_named_constants.patch
ruby-1.8.x_accesslog_escape.patch
ruby-1.8.x_exception_tainted_message.patch
ruby-1.8.x_fileutils_symlink_race.patch
ruby-1.8.x_webrick_charset_issue.patch
ruby-1.8.x_bigdecimal_memory_corruption.patch
ruby-1.8.x-threadfix.patch
ruby-1.8.7-fix_thread_fix.patch
ruby-1.8.7-p72_vendor_specific.patch
bnc603914_string_unpack.patch
- new patches
ruby-1.8.7.p299_lib64.patch
ruby-1.8.7.p299_date_remove_privat.patch
ruby-1.8.7.p299_pedantic-headers.patch
ruby-1.8.7.p72_vendor_specific.patch
ruby-1.8.7.p72_topdir.patch
ruby-1.8.x_digest_non_void_return.patch
ruby-1.8.x_openssl_branch_update.patch
ruby-1.8.x_yaml2byte.patch
ruby-1.8.7.p334_remove_zlib_test_params_test.patch
ruby-1.8.x_rubylibdir.patch

Thu Aug 11 14:00:00 2011 mrueckertAATTsuse.de
- added ruby-1.8.7-fix_thread_fix.patch
fix a small regression introduced by ruby-1.8.x-threadfix.patch
bnc#707659 bnc#697384

Tue May 10 14:00:00 2011 mrueckertAATTsuse.de
- fixed ruby-1.8.x_accesslog_escape.patch:
the prototype didnt handle exception semantics properly. synced
the files with svn 1.8 branch.
- added ruby-1.8.x-threadfix.patch: stops timer thread unless other
threads exist. [ruby-core:18444] (bnc#554178)
- added ruby-1.8.x_bigdecimal_memory_corruption.patch:
dont cast parameter to unsigned int in the alloc and later memset
the original value. (bnc#682287) CVE-2011-0188

Thu Mar 3 13:00:00 2011 mrueckertAATTsuse.de
- added patch ruby-1.8.x_accesslog_escape.patch:
properly escape input from the net (bnc#570616) CVE-2009-4492
- added ruby-1.8.x_exception_tainted_message.patch:
Exception#to_s method can be used to trick $SAFE check, which
makes a untrusted codes to modify arbitrary strings. (bnc#673750)
CVE-2011-1005
- added ruby-1.8.x_fileutils_symlink_race.patch:
A symlink race condition vulnerability was found in
FileUtils.remove_entry_secure. The vulnerability allows local
users to delete arbitrary files and directories. (bnc#673740)
CVE-2011-1004
- added patch ruby-1.8.x_webrick_charset_issue.patch:
fix cross site scripting bug in webrick (bnc#600752)
CVE-2010-0541

Fri May 7 14:00:00 2010 kkaempfAATTnovell.com
- Fix String#unpack on s390x and ppc64 (bnc#603914)

Fri Jun 5 14:00:00 2009 mrueckertAATTsuse.de
- added ruby-1.8.7.x_bigdecimal_segfault.patch:
fix crash with very large numbers (bnc#511568) CVE-2009-1904
- added ruby-1.8.7.x_oscp_basic_verify.patch:
handle the return value of OSCP_basic_verify properly
(bnc#478019) CVE-2009-0642
- added ruby-1.8.7.x_rexml_entity_expansion_CVE-2008-3790.patch:
fix DOS with entity expansion (CVE-2008-3790)
- added ruby-1.8.7.x_short_named_constants.patch:
https://bugs.launchpad.net/bugs/282302

Fri Nov 21 13:00:00 2008 mrueckertAATTsuse.de
- add ruby-1.8.7-p72_topdir.patch:
Config::TOPDIR was broken on lib64 systems as the code was
assuming $prefix/lib.

Fri Nov 21 13:00:00 2008 mrueckertAATTsuse.de
- added more ruby macros in /etc/rpm/macros.ruby

Sat Sep 6 14:00:00 2008 mrueckertAATTsuse.de
- update to 1.8.7p72
vendor_ruby support now officially included
for all the changes since 1.8.6 see
/usr/share/doc/packages/ruby/NEWS
- dropped ruby-1.8.6_openssl_verify_host.patch
included in update
- updated patch for new release:
old name: ruby-1.8.6.p36_lib64.patch
new name: ruby-1.8.7.p22_lib64.patch
- updated patch for new release:
old name: ruby-1.8.6.p36_tcltk-multilib.patch
new name: ruby-1.8.7.p22_tcltk-multilib.patch
- dropped ruby-1.8.6.p111_vendor_ruby.patch
only one chunk survived as ruby-1.8.7-p72_vendor_specific.patch

Fri May 16 14:00:00 2008 mrueckertAATTsuse.de
- update to 1.8.6.p114
bugfix release
- Fixes File access vulnerability of WEBrick (CVE-2008-1145)
(bnc#368618)
- ensure that the rss module adds the xml namespace

Thu Dec 6 13:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.6.p111
bugfix release. important changes:
- ssl fixes (see notes on the ssl patch below)
- fixes for the threads support
- various overflow checks
- safe_level improvements
- printf fixes
- imap fixes
for all the details see /usr/share/doc/packages/ruby/ChangeLog
- added ruby-1.8.6.p111_openssl_verify_host.patch: (#329706)
validate the hostname against the CN from the presented SSL
certificicate. This has been enabled for telnets, ftptls, imaps
and https. (CVE-2007-5162,CVE-2007-5770)
For telnets and https the verification is done if the verify mode
is set to anything else than OpenSSL::SSL::VERIFY_NONE.
For ftptls it is always enabled.
For imaps it is checked if you enable verification.
- added support to build with bleak_house to allow better memleak
debugging. (requires additional package ruby-bleakhouse)
- updated ruby-1.8.6.p36_vendor_ruby.patch
new name ruby-1.8.6.p111_vendor_ruby.patch
- dropped ruby-1.8.6.p36_thread_prototype_and_testsuite.patch:
included in update

Thu Oct 11 14:00:00 2007 dmuellerAATTsuse.de
- fix headers to be compileable with -pedantic

Sun Aug 12 14:00:00 2007 mrueckertAATTsuse.de
- added ruby_1.8.6.p36_date_remove_privat.patch:
Time.to_date() and Time.to_datetime() shouldnt be private.

Mon Aug 6 14:00:00 2007 mrueckertAATTsuse.de
- added ruby-1.8.6.p36_thread_prototype_and_testsuite.patch:
pulled two fixes from the 1.8.6 branch:

* avoid executing shell in the testsuite

* moved definition of rb_thread_status() to avoid errors in C++
extensions.

Sun Aug 5 14:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.6.p36:
many bugfixes and library updates. hilights:
=== Library updates (outstanding ones only)

* date

* Updated based on date2 4.0.3.

* digest

* New internal APIs for C and Ruby.

* Support for autoloading.

* See below for new features and compatibility issues.

* nkf

* Updated based on nkf as of 2007-01-28.

* tk

* Tk::X_Scrollable (Y_Scrollable) is renamed to Tk::XScrollable
(YScrollable). Tk::X_Scrollable (Y_Scrollable) is still
available, but it is an alias name.

* Updated Tile extension support based on Tile 0.7.8.

* Support --without-X11 configure option for non-X11 versions
of Tcl/Tk (e.g. Tcl/Tk Aqua).

* New sample script: irbtkw.rbw -- IRB on Ruby/Tk. It has no
trouble about STDIN blocking on Windows.
=== New methods and features

* builtin classes

* New method: Kernel#instance_variable_defined?

* New method: Module#class_variable_defined?

* New feature: Dir::glob() can now take an array of glob
patterns.

* digest

* New digest class methods: file

* New digest instance methods: clone, reset, new,
inspect, digest_length (alias size or length),
block_length()

* New library: digest/bubblebabble

* New function: Digest(name)

* fileutils

* New option for FileUtils.cp_r(): :remove_destination

* thread

* Replaced with much faster mutex implementation in C. The
former implementation is available with a configure option
`--disable-fastthread\'.

* webrick

* New method: WEBrick::Cookie.parse_set_cookies()
=== Compatibility issues (excluding feature bug fixes)

* builtin classes

* String#intern now raises SecurityError when $SAFE level is
greater than zero.

* fileutils

* A minor implementation change breaks Rake <=0.7.1.
Updating Rake to 0.7.2 fixes the problem.

* digest

* The constructor does no longer take an initial string to
feed; digest() and hexdigest() now do, instead.
For all details see the NEWS or ChangeLog file.
- rediffed patch ruby-1.8.2-gc.diff
new name ruby-1.8.6.p36_gc.patch
- rediffed patch ruby-1.8.2-tcltk-multilib.patch
new name ruby-1.8.6.p36_tcltk-multilib.patch
- rediffed patch ruby-socket_ipv6.patch
new name ruby-1.8.6.p36_socket_ipv6.patch
- rediffed patch ruby-1.8.5-vendor_ruby.patch
new name ruby-1.8.6.p36_vendor_ruby.patch
- rediffed patch ruby-1.8.5.p12-lib64.diff
new name ruby-1.8.6.p36_lib64.patch

Fri Mar 30 14:00:00 2007 rguentherAATTsuse.de
- add bison BuildRequires
- add emacs site-lisp directories

Fri Mar 23 13:00:00 2007 rguentherAATTsuse.de
- add gdbm-devel BuildRequires

Mon Feb 12 13:00:00 2007 mrueckertAATTsuse.de
- update to 1.8.5-p12:

* stable version 1.8.5-p12 released.

* ext/tk/tcltklib.c: shouldn\'t run the killed thread at callback.
[ruby-talk: 227408]

* lib/rdoc/ri/ri_options.rb: prevent NameError. [ruby-dev:29597]

* dir.c (glob_helper): get rid of possible memory leak.

* win32/win32.c (cmdglob, rb_w32_cmdvector, rb_w32_opendir,
rb_w32_get_environ): not to use GC before initialization.

* configure.in (SITE_DIR): fixed to emtpy RUBY_SITE_LIB in
config.h on NetBSD. fixed: [ruby-dev:29358]

* parse.y (dyna_init_gen): dvar initialization only if dvar is
assigned inner block. [ruby-talk:227402]

* stable version 1.8.5-p2 released.

* lib/cgi.rb (CGI::QueryExtension::read_multipart): should
quote boundary. JVN#84798830 (BNC #225983) (CVE-2006-6303)

* bignum.c (bignorm): avoid segmentation. a patch from Hiroyuki
Ito . [ruby-list:43012]

* parse.y (primary): should set NODE even when compstmt is NULL.
merge from trunk. fixed: [ruby-dev:29732]

* lib/cgi.rb (CGI::QueryExtension::read_multipart): CGI content
may be empty. a patch from Jamis Buck .

* ext/dbm/extconf.rb: create makefile according to the result of
check for dbm header. fixed: [ruby-dev:29445]

* hash.c (rb_hash_s_create): fixed memory leak, based on the
patch by Kent Sibilev .
fixed: [ruby-talk:211233]
- rediffed ruby-1.8.1-lib64.diff
new name ruby-1.8.5.p12-lib64.diff
- patches included in the update:
cgi_multipart_eof_fix.patch
ruby-1.8.4-fix-alias-safe-level.patch
ruby-1.8.4-fix-insecure-dir-operation.patch
ruby-1.8.4-fix-insecure-regexp-modification.patch
ruby-1.8.4-no-eaccess.diff
ruby-1.8.4-warnings.patch
ruby-fix-autoconf-magic-code.patch
- added ruby-1.8.x-autoconf_2.61a.patch:
config.status changed to awk in 2.61a. adapt mkconfig.rb to the
new syntax.

Mon Oct 30 13:00:00 2006 mrueckertAATTsuse.de
- added cgi_multipart_eof_fix.patch:
fix for a denial of service condition in cgi.rb CVE-2006-5467
(#214916)

Fri Oct 20 14:00:00 2006 mrueckertAATTsuse.de
- run ldconfig
- add site_ruby and vendor_ruby arch directories to the filelist

Wed Sep 27 14:00:00 2006 mrueckertAATTsuse.de
- added ruby-1.8.5-vendor_ruby.patch, site-specific.rb, vendor-specific.rb:
add vendor_ruby support. This is a small change for packager.
you can now run \'ruby -rvendor-specific extconf.rb\' (or setup.rb)
and it will be automatically installed in
%{_libdir}/ruby/vendor_ruby.

Sat Aug 26 14:00:00 2006 mrueckertAATTsuse.de
- Update to version 1.8.5:
o Non-blocking IO
| - Several methods backported from HEAD have been added:
| - BasicSocket?#recv_nonblock
| - IO#read_nonblock
| - IO#write_nonblock
| - Socket#accept_nonblock
| - Socket#connect_nonblock
| - Socket#recvfrom_nonblock
| - TCPServer#accept_nonblock
| - UDPSocket#recvfrom_nonblock
| - UNIXServer#accept_nonblock
| (see ruby-core:7917, ruby-core:7925).
|
o Process.getrlimit/setrlimit See ruby-dev:28729.
|
o Changes in rdoc/ri
| - lots of documentation added
| - RubyGems support: ri will search gem installation dirs for
| additional documentation
| - new options to limit the search path
|
o RSS
| - added RSS::RootElementMixin?#to_xml (ruby-talk:197284), which
| can be used to convert feeds to a different RSS version as
| follows:
| [[[
| rss10 = RSS::Parser.parse(File.read(\"1.0.rdf\"))
| File.open(\"2.0.rss\", \"w\") {|f| f.print(rss10.to_xml(\"2.0\"))}
| ]]]
| - Support for taxonomies added to the RSS parser and generator.
| - A number of convenience methods added
| - New style API for RSS generation ruby-talk:197284
| [[[
| The recommended style is nowxxx.new_yyy do |yyy|
| yyy.zzz = zzz
| ...
| end
|
|
| This corresponds to the following in pre-1.8.5:
| yyy = xxx.new_yyy
| yyy.zzz = zzz
| ]]]
o Misc
| - added Kernel.Pathname(path)
| - added Kernel#pretty_inspect
| - changes in the GC subsystem that result in better performance
| in some cases
| - added OptionParser?#getopts
| - the per-object overhead went down to 20 bytes on win32
| (from 24) ruby-core:7474
o What breaks (!!!)
| - Binding.of_caller, and therefore breakpoint (including Rails\')
| - several problems in ri reported: the documentation for some
| methods seems to have disappeared, and several methods that
| should not be documented appear in the indices;
| see ruby-core:08709
- removed patches, which are included in 1.8.5:
ruby-1.8.4-fix-insecure-dir-operation.patch
ruby-1.8.4-fix-insecure-regexp-modification.patch
ruby-1.8.4-fix-alias-safe-level.patch
- updated ruby-1.8.4_linkerflags.patch.
new name ruby-1.8.5_linkerflags.patch

Mon Jul 31 14:00:00 2006 mrueckertAATTsuse.de
- added ruby-fix-autoconf-magic-code.patch:
Fix for the latest changes in the autoconf code.

Mon Jul 31 14:00:00 2006 mrueckertAATTsuse.de
- security fixes [CVE-2006-3694] [#193661]

* added ruby-1.8.4-fix-insecure-dir-operation.patch &
ruby-1.8.4-fix-insecure-regexp-modification.patch:
fix the insecure operations in the certain safe-level
restrictions.

* ruby-1.8.4-fix-alias-safe-level.patch: preserve safe level
restrictions when aliasing a function.


 
ICM