commit ruby for openSUSE:11.4
Hello community,
here is the log from the commit of package ruby for openSUSE:11.4
checked in at Mon Jan 16 01:19:04 CET 2012.
--- old-versions/11.4/UPDATES/all/ruby/ruby.changes 2011-05-17
18:43:20.0 +0200
+++ 11.4/ruby/ruby.changes 2012-01-12 16:53:36.0 +0100
@@ -1,0 +2,40 @@
+Thu Jan 12 15:49:10 UTC 2012 - mrueck...@suse.de
+
+- update to 1.8.7.p357 (bnc#739122)
+ - randomize hash to avoid algorithmic complexity attacks.
+CVE-2011-4815
+ - initialization of hash_seed to be at the beginning of the
+process.
+ - initialize random seed at first.
+ - call OpenSSL::Random.seed at the SecureRandom.random_bytes
+call. insert separators for array join. patch by Masahiro
+Tomita. [ruby-dev:44270]
+ - mkconfig.rb: fix for continued lines. based on a patch from
+Marcus Rueckert darix AT opensu.se at [ruby-core:20420].
+ - Infinity is greater than any bignum number. [ruby-dev:38672]
+ - initialize store-ex_data.sk. [ruby-core:28907]
+[ruby-core:23971] [ruby-core:18121]
+
+---
+Wed Dec 21 16:54:50 UTC 2011 - mrueck...@suse.de
+
+- update to 1.8.7.p352 (Fate #312657) (bnc#704409)
+ - support for openssl compiled without SSLv2
+ - multilib support for tk build
+ - some IPv6 related fixes
+ - zlib fixes
+ - reinitialize PRNG when forking children
+(CVE-2011-2686/CVE-2011-3009)
+ - securerandom fixes (CVE-2011-2705)
+ - uri route_to fixes
+ - fix race condition with variables and autoload
+- switched rb_arch macro to use RUBY_PLATFORM
+- dropped patches:
+ 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
+ ruby-1.8.7.p22_tcltk-multilib.patch
+ ruby-1.8.7-p334.tar.bz2
+ ruby-1.8.x_bigdecimal_memory_corruption.patch
+- new patches
+ ruby-1.8.x_rubylibdir.patch
+
+---
calling whatdependson for 11.4-i586
Old:
1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
ruby-1.8.7-p334.tar.bz2
ruby-1.8.7.p22_tcltk-multilib.patch
ruby-1.8.x_bigdecimal_memory_corruption.patch
New:
ruby-1.8.7-p357.tar.bz2
ruby-1.8.x_rubylibdir.patch
Other differences:
--
++ ruby.spec ++
--- /var/tmp/diff_new_pack.RptKHM/_old 2012-01-16 01:18:44.0 +0100
+++ /var/tmp/diff_new_pack.RptKHM/_new 2012-01-16 01:18:44.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ruby
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,11 +19,11 @@
Name: ruby
-Version:1.8.7.p334
-Release:1.RELEASE4
+Version:1.8.7.p357
+Release:0.RELEASE2
#
%define pkg_version 1.8.7
-%define patch_level p334
+%define patch_level p357
%define rb_arch %(echo %{_target_cpu}-linux | sed -e s/i686/i586/ -e
s/hppa2.0/hppa/ -e s/ppc/powerpc/)
%define rb_ver %(echo %{pkg_version} | sed -e 's/\\\.[0-9]\\\+$//')
#
@@ -59,7 +59,6 @@
Source1:irb.1
Source2:ruby-doc-bundle.tar.bz2
Patch1: ruby-1.8.7.p299_lib64.patch
-Patch2: ruby-1.8.7.p22_tcltk-multilib.patch
Patch5: ruby-1.8.7.p299_date_remove_privat.patch
Patch6: ruby-1.8.7.p299_pedantic-headers.patch
Patch7: ruby-1.8.7.p72_vendor_specific.patch
@@ -68,9 +67,8 @@
# can be removed on next version update. pulled from svn
Patch10:ruby-1.8.x_openssl_branch_update.patch
Patch11:ruby-1.8.x_yaml2byte.patch
-Patch12:1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
Patch13:ruby-1.8.7.p334_remove_zlib_test_params_test.patch
-Patch14:ruby-1.8.x_bigdecimal_memory_corruption.patch
+Patch14:ruby-1.8.x_rubylibdir.patch
# vendor ruby files taken from:
# http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/
Source3:site-specific.rb
@@ -248,7 +246,6 @@
%prep
%setup -q -n ruby-%{pkg_version}-%{patch_level} -a2 %{?with_bleak_house:-a6}
%patch1
-%patch2
%patch5
%patch6
%patch7
@@ -256,7 +253,6 @@
%patch9
%patch10
%patch11
-%patch12
%patch13
%patch14
%if 0%{?with_bleak_house}
@@ -269,7 +265,7 @@
old parse.c
%build
-# autoreconf -fi
+autoreconf -fi
export CFLAGS=%{optflags} -g -fno-strict-aliasing
%configure \
--target=%{_target_platform} \
++ ruby-1.8.7-p334.tar.bz2 - ruby-1.8.7-p357.tar.bz2 ++
4263 lines of diff (skipped)
++ ruby-1.8.x_rubylibdir.patch ++
Index: configure.in
===
--- configure.in.orig
+++ configure.in
@@ -1757,7 +1757,12 @@ case $target_os in
rubyw_install_name=$RUBYW_INSTALL_NAME
;;
esac
commit ruby for openSUSE:11.4
Hello community,
here is the log from the commit of package ruby for openSUSE:11.4
checked in at Tue May 17 18:53:53 CEST 2011.
--- old-versions/11.4/all/ruby/ruby.changes 2011-02-22 17:58:56.0
+0100
+++ 11.4/ruby/ruby.changes 2011-05-17 18:43:20.0 +0200
@@ -1,0 +2,7 @@
+Thu May 12 16:24:34 UTC 2011 - mrueck...@suse.de
+
+- added ruby-1.8.x_bigdecimal_memory_corruption.patch:
+ dont cast parameter to unsigned int in the alloc and later memset
+ the original value. (bnc#682287) CVE-2011-0188
+
+---
Package does not exist at destination yet. Using Fallback
old-versions/11.4/all/ruby
Destination is old-versions/11.4/UPDATES/all/ruby
calling whatdependson for 11.4-i586
Old:
ruby-1.8.7.p299_webrick_error_page_encoding.patch
New:
ruby-1.8.x_bigdecimal_memory_corruption.patch
Other differences:
--
++ ruby.spec ++
--- /var/tmp/diff_new_pack.v6usU3/_old 2011-05-17 18:53:32.0 +0200
+++ /var/tmp/diff_new_pack.v6usU3/_new 2011-05-17 18:53:32.0 +0200
@@ -20,7 +20,7 @@
Name: ruby
Version:1.8.7.p334
-Release:1.RELEASE2
+Release:1.RELEASE4
#
%define pkg_version 1.8.7
%define patch_level p334
@@ -70,8 +70,7 @@
Patch11:ruby-1.8.x_yaml2byte.patch
Patch12:1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
Patch13:ruby-1.8.7.p334_remove_zlib_test_params_test.patch
-# need to discuss with sec team which encoding is better
-Patch14:ruby-1.8.7.p299_webrick_error_page_encoding.patch
+Patch14:ruby-1.8.x_bigdecimal_memory_corruption.patch
# vendor ruby files taken from:
# http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/
Source3:site-specific.rb
@@ -259,6 +258,7 @@
%patch11
%patch12
%patch13
+%patch14
%if 0%{?with_bleak_house}
for patch in valgrind configure gc ; do
patch -p0 bleak_house-%{bleak_house_version}/ruby/${patch}.patch
++ ruby-1.8.x_bigdecimal_memory_corruption.patch ++
Index: ext/bigdecimal/bigdecimal.c
===
--- ext/bigdecimal/bigdecimal.c.orig2011-05-10 14:14:48.0 +0200
+++ ext/bigdecimal/bigdecimal.c 2011-05-10 14:18:53.602468960 +0200
@@ -2026,11 +2026,11 @@ static int gnAlloc=0; /* Memory allocati
VP_EXPORT void *
VpMemAlloc(U_LONG mb)
{
-void *p = xmalloc((unsigned int)mb);
+void *p = xmalloc(mb);
if(!p) {
VpException(VP_EXCEPTION_MEMORY,failed to allocate memory,1);
}
-memset(p,0,mb);
+memset(p, 0, mb);
#ifdef _DEBUG
gnAlloc++; /* Count allocation call */
#endif /* _DEBUG */
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ruby for openSUSE:11.4
Hello community,
here is the log from the commit of package ruby for openSUSE:11.4
checked in at Tue Feb 22 21:49:57 CET 2011.
Login failed, 500 SSL negotiation failed: at
/work/abuild/lib/abuild/modules/SUSE/BugzillaClient.pm line 99.
--- old-versions/11.4/all/ruby/ruby.changes 2010-07-02 11:50:18.0
+0200
+++ 11.4/ruby/ruby.changes 2011-02-22 17:58:56.0 +0100
@@ -1,0 +2,33 @@
+Tue Feb 22 16:38:09 UTC 2011 - mrueck...@suse.de
+
+- update to 1.8.7.p334 (bnc#673740, bnc#673750, bnc#600752)
+ - A symlink race condition vulnerability was found in
+FileUtils.remove_entry_secure. The vulnerability allows local
+users to delete arbitrary files and directories. CVE-2011-1004
+ - Exception#to_s method can be used to trick $SAFE check, which
+makes a untrusted codes to modify arbitrary strings.
+CVE-2011-1005
+ - Ruby WEBrick character set issue (XSS) CVE-2010-0541
+
+ for all non security changes see
+/usr/share/doc/packages/ruby/ChangeLog
+
+- refreshed ruby-1.8.x_openssl_branch_update.patch
+- buildrequires openssl to make the last openssl test work
+-
https://github.com/ruby/ruby/commit/1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
+ * ext/zlib/zlib.c (zstream_append_input2): add RB_GC_GUARD.
+This caused failure when test/csv is executed with GC.stress =
+true.
+- added ruby-1.8.7.p334_remove_zlib_test_params_test.patch:
+ remove the test_params patch from backport in r27917
+ It doesnt pass atm.
+- removed ruby-1.8.6.p36_socket_ipv6.patch:
+ included upstream
+
+---
+Tue Sep 7 14:38:54 UTC 2010 - mrueck...@suse.de
+
+- the testsuite and doc-html package should of course require the
+ main package
+
+---
@@ -4,0 +38,24 @@
+
+---
+Thu Jul 1 15:27:17 UTC 2010 - mrueck...@suse.de
+
+- update to 1.8.7.p299 (bnc#606056 and bnc#603914)
+ - OpenSSL 1.0.0 support
+ - Use OpenSSL engines which exist
+ - Fixed range and chunked support for Net::HTTP
+ - Iconv fixes
+ - Backported pack/unpack from the 1.9 branch (bnc#606056 bnc#603914)
+ - Multiple fixes in the resolver
+ - Fixed Unicode inspection bug.
+ - Escape characters properly for the accesslog (bnc#570616)
+- cleaned up rpmlintrc
+- refreshed patches:
+ old: ruby-1.8.7.p22_lib64.patch
+ new: ruby-1.8.7.p299_lib64.patch
+ old: ruby_1.8.6.p36_date_remove_privat.patch
+ new: ruby-1.8.7.p299_date_remove_privat.patch
+ old: ruby-pedantic-headers.diff
+ new: ruby-1.8.7.p299_pedantic-headers.patch
+- replaced patches ruby-1.8.x_openssl-1.0.patch and
+ ruby-1.8.x_openssl-1.0-tests.patch with
+ ruby-1.8.x_openssl_branch_update.patch
calling whatdependson for 11.4-i586
Old:
ruby-1.8.6.p36_socket_ipv6.patch
ruby-1.8.7-p249.tar.bz2
ruby-1.8.7-p72_topdir.patch
ruby-1.8.7-p72_vendor_specific.patch
ruby-1.8.7.p22_lib64.patch
ruby-1.8.x_openssl-1.0-tests.patch
ruby-1.8.x_openssl-1.0.patch
ruby-pedantic-headers.diff
ruby_1.8.6.p36_date_remove_privat.patch
New:
1887f60a8540f64f5c7bb14d57c0be70506941b8.patch
ruby-1.8.7-p334.tar.bz2
ruby-1.8.7.p299_date_remove_privat.patch
ruby-1.8.7.p299_lib64.patch
ruby-1.8.7.p299_pedantic-headers.patch
ruby-1.8.7.p299_webrick_error_page_encoding.patch
ruby-1.8.7.p334_remove_zlib_test_params_test.patch
ruby-1.8.7.p72_topdir.patch
ruby-1.8.7.p72_vendor_specific.patch
ruby-1.8.x_openssl_branch_update.patch
Other differences:
--
++ ruby.spec ++
--- /var/tmp/diff_new_pack.FWOjj2/_old 2011-02-22 21:48:17.0 +0100
+++ /var/tmp/diff_new_pack.FWOjj2/_new 2011-02-22 21:48:17.0 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package ruby (Version 1.8.7.p249)
+# spec file for package ruby
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,11 +19,11 @@
Name: ruby
-Version:1.8.7.p249
-Release:4
+Version:1.8.7.p334
+Release:1.RELEASE2
#
%define pkg_version 1.8.7
-%define patch_level p249
+%define patch_level p334
%define rb_arch %(echo %{_target_cpu}-linux | sed -e s/i686/i586/ -e
s/hppa2.0/hppa/ -e s/ppc/powerpc/)
%define rb_ver %(echo %{pkg_version} | sed -e 's/\\\.[0-9]\\\+$//')
#
@@ -32,6 +32,8 @@
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison gdbm-devel gperf graphviz libjpeg-devel openssl-devel
readline-devel tk-devel
+# for openssl testsuite
+BuildRequires: openssl
#define with_bleak_house 1
%if 0%{suse_version} = 1030
%define use_fdupes 1
@@ -56,18 +58,20 @@
Source:
