commit ruby for openSUSE:11.4
Hello community, here is the log from the commit of package ruby for openSUSE:11.4 checked in at Mon Jan 16 01:19:04 CET 2012. --- old-versions/11.4/UPDATES/all/ruby/ruby.changes 2011-05-17 18:43:20.0 +0200 +++ 11.4/ruby/ruby.changes 2012-01-12 16:53:36.0 +0100 @@ -1,0 +2,40 @@ +Thu Jan 12 15:49:10 UTC 2012 - mrueck...@suse.de + +- update to 1.8.7.p357 (bnc#739122) + - randomize hash to avoid algorithmic complexity attacks. +CVE-2011-4815 + - initialization of hash_seed to be at the beginning of the +process. + - initialize random seed at first. + - call OpenSSL::Random.seed at the SecureRandom.random_bytes +call. insert separators for array join. patch by Masahiro +Tomita. [ruby-dev:44270] + - mkconfig.rb: fix for continued lines. based on a patch from +Marcus Rueckert darix AT opensu.se at [ruby-core:20420]. + - Infinity is greater than any bignum number. [ruby-dev:38672] + - initialize store-ex_data.sk. [ruby-core:28907] +[ruby-core:23971] [ruby-core:18121] + +--- +Wed Dec 21 16:54:50 UTC 2011 - mrueck...@suse.de + +- update to 1.8.7.p352 (Fate #312657) (bnc#704409) + - support for openssl compiled without SSLv2 + - multilib support for tk build + - some IPv6 related fixes + - zlib fixes + - reinitialize PRNG when forking children +(CVE-2011-2686/CVE-2011-3009) + - securerandom fixes (CVE-2011-2705) + - uri route_to fixes + - fix race condition with variables and autoload +- switched rb_arch macro to use RUBY_PLATFORM +- dropped patches: + 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch + ruby-1.8.7.p22_tcltk-multilib.patch + ruby-1.8.7-p334.tar.bz2 + ruby-1.8.x_bigdecimal_memory_corruption.patch +- new patches + ruby-1.8.x_rubylibdir.patch + +--- calling whatdependson for 11.4-i586 Old: 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch ruby-1.8.7-p334.tar.bz2 ruby-1.8.7.p22_tcltk-multilib.patch ruby-1.8.x_bigdecimal_memory_corruption.patch New: ruby-1.8.7-p357.tar.bz2 ruby-1.8.x_rubylibdir.patch Other differences: -- ++ ruby.spec ++ --- /var/tmp/diff_new_pack.RptKHM/_old 2012-01-16 01:18:44.0 +0100 +++ /var/tmp/diff_new_pack.RptKHM/_new 2012-01-16 01:18:44.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ruby # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,11 +19,11 @@ Name: ruby -Version:1.8.7.p334 -Release:1.RELEASE4 +Version:1.8.7.p357 +Release:0.RELEASE2 # %define pkg_version 1.8.7 -%define patch_level p334 +%define patch_level p357 %define rb_arch %(echo %{_target_cpu}-linux | sed -e s/i686/i586/ -e s/hppa2.0/hppa/ -e s/ppc/powerpc/) %define rb_ver %(echo %{pkg_version} | sed -e 's/\\\.[0-9]\\\+$//') # @@ -59,7 +59,6 @@ Source1:irb.1 Source2:ruby-doc-bundle.tar.bz2 Patch1: ruby-1.8.7.p299_lib64.patch -Patch2: ruby-1.8.7.p22_tcltk-multilib.patch Patch5: ruby-1.8.7.p299_date_remove_privat.patch Patch6: ruby-1.8.7.p299_pedantic-headers.patch Patch7: ruby-1.8.7.p72_vendor_specific.patch @@ -68,9 +67,8 @@ # can be removed on next version update. pulled from svn Patch10:ruby-1.8.x_openssl_branch_update.patch Patch11:ruby-1.8.x_yaml2byte.patch -Patch12:1887f60a8540f64f5c7bb14d57c0be70506941b8.patch Patch13:ruby-1.8.7.p334_remove_zlib_test_params_test.patch -Patch14:ruby-1.8.x_bigdecimal_memory_corruption.patch +Patch14:ruby-1.8.x_rubylibdir.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Source3:site-specific.rb @@ -248,7 +246,6 @@ %prep %setup -q -n ruby-%{pkg_version}-%{patch_level} -a2 %{?with_bleak_house:-a6} %patch1 -%patch2 %patch5 %patch6 %patch7 @@ -256,7 +253,6 @@ %patch9 %patch10 %patch11 -%patch12 %patch13 %patch14 %if 0%{?with_bleak_house} @@ -269,7 +265,7 @@ old parse.c %build -# autoreconf -fi +autoreconf -fi export CFLAGS=%{optflags} -g -fno-strict-aliasing %configure \ --target=%{_target_platform} \ ++ ruby-1.8.7-p334.tar.bz2 - ruby-1.8.7-p357.tar.bz2 ++ 4263 lines of diff (skipped) ++ ruby-1.8.x_rubylibdir.patch ++ Index: configure.in === --- configure.in.orig +++ configure.in @@ -1757,7 +1757,12 @@ case $target_os in rubyw_install_name=$RUBYW_INSTALL_NAME ;; esac
commit ruby for openSUSE:11.4
Hello community, here is the log from the commit of package ruby for openSUSE:11.4 checked in at Tue May 17 18:53:53 CEST 2011. --- old-versions/11.4/all/ruby/ruby.changes 2011-02-22 17:58:56.0 +0100 +++ 11.4/ruby/ruby.changes 2011-05-17 18:43:20.0 +0200 @@ -1,0 +2,7 @@ +Thu May 12 16:24:34 UTC 2011 - mrueck...@suse.de + +- added ruby-1.8.x_bigdecimal_memory_corruption.patch: + dont cast parameter to unsigned int in the alloc and later memset + the original value. (bnc#682287) CVE-2011-0188 + +--- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/ruby Destination is old-versions/11.4/UPDATES/all/ruby calling whatdependson for 11.4-i586 Old: ruby-1.8.7.p299_webrick_error_page_encoding.patch New: ruby-1.8.x_bigdecimal_memory_corruption.patch Other differences: -- ++ ruby.spec ++ --- /var/tmp/diff_new_pack.v6usU3/_old 2011-05-17 18:53:32.0 +0200 +++ /var/tmp/diff_new_pack.v6usU3/_new 2011-05-17 18:53:32.0 +0200 @@ -20,7 +20,7 @@ Name: ruby Version:1.8.7.p334 -Release:1.RELEASE2 +Release:1.RELEASE4 # %define pkg_version 1.8.7 %define patch_level p334 @@ -70,8 +70,7 @@ Patch11:ruby-1.8.x_yaml2byte.patch Patch12:1887f60a8540f64f5c7bb14d57c0be70506941b8.patch Patch13:ruby-1.8.7.p334_remove_zlib_test_params_test.patch -# need to discuss with sec team which encoding is better -Patch14:ruby-1.8.7.p299_webrick_error_page_encoding.patch +Patch14:ruby-1.8.x_bigdecimal_memory_corruption.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Source3:site-specific.rb @@ -259,6 +258,7 @@ %patch11 %patch12 %patch13 +%patch14 %if 0%{?with_bleak_house} for patch in valgrind configure gc ; do patch -p0 bleak_house-%{bleak_house_version}/ruby/${patch}.patch ++ ruby-1.8.x_bigdecimal_memory_corruption.patch ++ Index: ext/bigdecimal/bigdecimal.c === --- ext/bigdecimal/bigdecimal.c.orig2011-05-10 14:14:48.0 +0200 +++ ext/bigdecimal/bigdecimal.c 2011-05-10 14:18:53.602468960 +0200 @@ -2026,11 +2026,11 @@ static int gnAlloc=0; /* Memory allocati VP_EXPORT void * VpMemAlloc(U_LONG mb) { -void *p = xmalloc((unsigned int)mb); +void *p = xmalloc(mb); if(!p) { VpException(VP_EXCEPTION_MEMORY,failed to allocate memory,1); } -memset(p,0,mb); +memset(p, 0, mb); #ifdef _DEBUG gnAlloc++; /* Count allocation call */ #endif /* _DEBUG */ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ruby for openSUSE:11.4
Hello community, here is the log from the commit of package ruby for openSUSE:11.4 checked in at Tue Feb 22 21:49:57 CET 2011. Login failed, 500 SSL negotiation failed: at /work/abuild/lib/abuild/modules/SUSE/BugzillaClient.pm line 99. --- old-versions/11.4/all/ruby/ruby.changes 2010-07-02 11:50:18.0 +0200 +++ 11.4/ruby/ruby.changes 2011-02-22 17:58:56.0 +0100 @@ -1,0 +2,33 @@ +Tue Feb 22 16:38:09 UTC 2011 - mrueck...@suse.de + +- update to 1.8.7.p334 (bnc#673740, bnc#673750, bnc#600752) + - A symlink race condition vulnerability was found in +FileUtils.remove_entry_secure. The vulnerability allows local +users to delete arbitrary files and directories. CVE-2011-1004 + - Exception#to_s method can be used to trick $SAFE check, which +makes a untrusted codes to modify arbitrary strings. +CVE-2011-1005 + - Ruby WEBrick character set issue (XSS) CVE-2010-0541 + + for all non security changes see +/usr/share/doc/packages/ruby/ChangeLog + +- refreshed ruby-1.8.x_openssl_branch_update.patch +- buildrequires openssl to make the last openssl test work +- https://github.com/ruby/ruby/commit/1887f60a8540f64f5c7bb14d57c0be70506941b8.patch + * ext/zlib/zlib.c (zstream_append_input2): add RB_GC_GUARD. +This caused failure when test/csv is executed with GC.stress = +true. +- added ruby-1.8.7.p334_remove_zlib_test_params_test.patch: + remove the test_params patch from backport in r27917 + It doesnt pass atm. +- removed ruby-1.8.6.p36_socket_ipv6.patch: + included upstream + +--- +Tue Sep 7 14:38:54 UTC 2010 - mrueck...@suse.de + +- the testsuite and doc-html package should of course require the + main package + +--- @@ -4,0 +38,24 @@ + +--- +Thu Jul 1 15:27:17 UTC 2010 - mrueck...@suse.de + +- update to 1.8.7.p299 (bnc#606056 and bnc#603914) + - OpenSSL 1.0.0 support + - Use OpenSSL engines which exist + - Fixed range and chunked support for Net::HTTP + - Iconv fixes + - Backported pack/unpack from the 1.9 branch (bnc#606056 bnc#603914) + - Multiple fixes in the resolver + - Fixed Unicode inspection bug. + - Escape characters properly for the accesslog (bnc#570616) +- cleaned up rpmlintrc +- refreshed patches: + old: ruby-1.8.7.p22_lib64.patch + new: ruby-1.8.7.p299_lib64.patch + old: ruby_1.8.6.p36_date_remove_privat.patch + new: ruby-1.8.7.p299_date_remove_privat.patch + old: ruby-pedantic-headers.diff + new: ruby-1.8.7.p299_pedantic-headers.patch +- replaced patches ruby-1.8.x_openssl-1.0.patch and + ruby-1.8.x_openssl-1.0-tests.patch with + ruby-1.8.x_openssl_branch_update.patch calling whatdependson for 11.4-i586 Old: ruby-1.8.6.p36_socket_ipv6.patch ruby-1.8.7-p249.tar.bz2 ruby-1.8.7-p72_topdir.patch ruby-1.8.7-p72_vendor_specific.patch ruby-1.8.7.p22_lib64.patch ruby-1.8.x_openssl-1.0-tests.patch ruby-1.8.x_openssl-1.0.patch ruby-pedantic-headers.diff ruby_1.8.6.p36_date_remove_privat.patch New: 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch ruby-1.8.7-p334.tar.bz2 ruby-1.8.7.p299_date_remove_privat.patch ruby-1.8.7.p299_lib64.patch ruby-1.8.7.p299_pedantic-headers.patch ruby-1.8.7.p299_webrick_error_page_encoding.patch ruby-1.8.7.p334_remove_zlib_test_params_test.patch ruby-1.8.7.p72_topdir.patch ruby-1.8.7.p72_vendor_specific.patch ruby-1.8.x_openssl_branch_update.patch Other differences: -- ++ ruby.spec ++ --- /var/tmp/diff_new_pack.FWOjj2/_old 2011-02-22 21:48:17.0 +0100 +++ /var/tmp/diff_new_pack.FWOjj2/_new 2011-02-22 21:48:17.0 +0100 @@ -1,7 +1,7 @@ # -# spec file for package ruby (Version 1.8.7.p249) +# spec file for package ruby # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,11 +19,11 @@ Name: ruby -Version:1.8.7.p249 -Release:4 +Version:1.8.7.p334 +Release:1.RELEASE2 # %define pkg_version 1.8.7 -%define patch_level p249 +%define patch_level p334 %define rb_arch %(echo %{_target_cpu}-linux | sed -e s/i686/i586/ -e s/hppa2.0/hppa/ -e s/ppc/powerpc/) %define rb_ver %(echo %{pkg_version} | sed -e 's/\\\.[0-9]\\\+$//') # @@ -32,6 +32,8 @@ # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison gdbm-devel gperf graphviz libjpeg-devel openssl-devel readline-devel tk-devel +# for openssl testsuite +BuildRequires: openssl #define with_bleak_house 1 %if 0%{suse_version} = 1030 %define use_fdupes 1 @@ -56,18 +58,20 @@ Source: