------------------------------------------------------------------- Fri May 16 15:06:51 CEST 2008 - mrueckert@suse.de - update to 1.8.6.p114 bugfix release - Fixes File access vulnerability of WEBrick (CVE-2008-1145) (bnc#368618) - ensure that the rss module adds the xml namespace ------------------------------------------------------------------- Thu Dec 6 22:14:44 CET 2007 - mrueckert@suse.de - update to 1.8.6.p111 bugfix release. important changes: - ssl fixes (see notes on the ssl patch below) - fixes for the threads support - various overflow checks - safe_level improvements - printf fixes - imap fixes for all the details see /usr/share/doc/packages/ruby/ChangeLog - added ruby-1.8.6.p111_openssl_verify_host.patch: (#329706) validate the hostname against the CN from the presented SSL certificicate. This has been enabled for telnets, ftptls, imaps and https. (CVE-2007-5162,CVE-2007-5770) For telnets and https the verification is done if the verify mode is set to anything else than OpenSSL::SSL::VERIFY_NONE. For ftptls it is always enabled. For imaps it is checked if you enable verification. - added support to build with bleak_house to allow better memleak debugging. (requires additional package ruby-bleakhouse) - updated ruby-1.8.6.p36_vendor_ruby.patch new name ruby-1.8.6.p111_vendor_ruby.patch - dropped ruby-1.8.6.p36_thread_prototype_and_testsuite.patch: included in update ------------------------------------------------------------------- Thu Oct 11 11:56:16 CEST 2007 - dmueller@suse.de - fix headers to be compileable with -pedantic ------------------------------------------------------------------- Sun Aug 12 04:35:09 CEST 2007 - mrueckert@suse.de - added ruby_1.8.6.p36_date_remove_privat.patch: Time.to_date() and Time.to_datetime() shouldnt be private. ------------------------------------------------------------------- Mon Aug 6 03:11:29 CEST 2007 - mrueckert@suse.de - added ruby-1.8.6.p36_thread_prototype_and_testsuite.patch: pulled two fixes from the 1.8.6 branch: * avoid executing shell in the testsuite * moved definition of rb_thread_status() to avoid errors in C++ extensions. ------------------------------------------------------------------- Sun Aug 5 22:35:36 CEST 2007 - mrueckert@suse.de - update to 1.8.6.p36: many bugfixes and library updates. hilights: === Library updates (outstanding ones only) * date * Updated based on date2 4.0.3. * digest * New internal APIs for C and Ruby. * Support for autoloading. * See below for new features and compatibility issues. * nkf * Updated based on nkf as of 2007-01-28. * tk * Tk::X_Scrollable (Y_Scrollable) is renamed to Tk::XScrollable (YScrollable). Tk::X_Scrollable (Y_Scrollable) is still available, but it is an alias name. * Updated Tile extension support based on Tile 0.7.8. * Support --without-X11 configure option for non-X11 versions of Tcl/Tk (e.g. Tcl/Tk Aqua). * New sample script: irbtkw.rbw -- IRB on Ruby/Tk. It has no trouble about STDIN blocking on Windows. === New methods and features * builtin classes * New method: Kernel#instance_variable_defined? * New method: Module#class_variable_defined? * New feature: Dir::glob() can now take an array of glob patterns. * digest * New digest class methods: file * New digest instance methods: clone, reset, new, inspect, digest_length (alias size or length), block_length() * New library: digest/bubblebabble * New function: Digest(name) * fileutils * New option for FileUtils.cp_r(): :remove_destination * thread * Replaced with much faster mutex implementation in C. The former implementation is available with a configure option `--disable-fastthread'. * webrick * New method: WEBrick::Cookie.parse_set_cookies() === Compatibility issues (excluding feature bug fixes) * builtin classes * String#intern now raises SecurityError when $SAFE level is greater than zero. * fileutils * A minor implementation change breaks Rake <=0.7.1. Updating Rake to 0.7.2 fixes the problem. * digest * The constructor does no longer take an initial string to feed; digest() and hexdigest() now do, instead. For all details see the NEWS or ChangeLog file. - rediffed patch ruby-1.8.2-gc.diff new name ruby-1.8.6.p36_gc.patch - rediffed patch ruby-1.8.2-tcltk-multilib.patch new name ruby-1.8.6.p36_tcltk-multilib.patch - rediffed patch ruby-socket_ipv6.patch new name ruby-1.8.6.p36_socket_ipv6.patch - rediffed patch ruby-1.8.5-vendor_ruby.patch new name ruby-1.8.6.p36_vendor_ruby.patch - rediffed patch ruby-1.8.5.p12-lib64.diff new name ruby-1.8.6.p36_lib64.patch ------------------------------------------------------------------- Fri Mar 30 10:10:10 CEST 2007 - rguenther@suse.de - add bison BuildRequires - add emacs site-lisp directories ------------------------------------------------------------------- Fri Mar 23 15:12:51 CET 2007 - rguenther@suse.de - add gdbm-devel BuildRequires ------------------------------------------------------------------- Mon Feb 12 16:53:19 CET 2007 - mrueckert@suse.de - update to 1.8.5-p12: * stable version 1.8.5-p12 released. * ext/tk/tcltklib.c: shouldn't run the killed thread at callback. [ruby-talk: 227408] * lib/rdoc/ri/ri_options.rb: prevent NameError. [ruby-dev:29597] * dir.c (glob_helper): get rid of possible memory leak. * win32/win32.c (cmdglob, rb_w32_cmdvector, rb_w32_opendir, rb_w32_get_environ): not to use GC before initialization. * configure.in (SITE_DIR): fixed to emtpy RUBY_SITE_LIB in config.h on NetBSD. fixed: [ruby-dev:29358] * parse.y (dyna_init_gen): dvar initialization only if dvar is assigned inner block. [ruby-talk:227402] * stable version 1.8.5-p2 released. * lib/cgi.rb (CGI::QueryExtension::read_multipart): should quote boundary. JVN#84798830 (BNC #225983) (CVE-2006-6303) * bignum.c (bignorm): avoid segmentation. a patch from Hiroyuki Ito . [ruby-list:43012] * parse.y (primary): should set NODE even when compstmt is NULL. merge from trunk. fixed: [ruby-dev:29732] * lib/cgi.rb (CGI::QueryExtension::read_multipart): CGI content may be empty. a patch from Jamis Buck . * ext/dbm/extconf.rb: create makefile according to the result of check for dbm header. fixed: [ruby-dev:29445] * hash.c (rb_hash_s_create): fixed memory leak, based on the patch by Kent Sibilev . fixed: [ruby-talk:211233] - rediffed ruby-1.8.1-lib64.diff new name ruby-1.8.5.p12-lib64.diff - patches included in the update: cgi_multipart_eof_fix.patch ruby-1.8.4-fix-alias-safe-level.patch ruby-1.8.4-fix-insecure-dir-operation.patch ruby-1.8.4-fix-insecure-regexp-modification.patch ruby-1.8.4-no-eaccess.diff ruby-1.8.4-warnings.patch ruby-fix-autoconf-magic-code.patch - added ruby-1.8.x-autoconf_2.61a.patch: config.status changed to awk in 2.61a. adapt mkconfig.rb to the new syntax. ------------------------------------------------------------------- Mon Oct 30 18:37:50 CET 2006 - mrueckert@suse.de - added cgi_multipart_eof_fix.patch: fix for a denial of service condition in cgi.rb CVE-2006-5467 (#214916) ------------------------------------------------------------------- Fri Oct 20 03:30:01 CEST 2006 - mrueckert@suse.de - run ldconfig - add site_ruby and vendor_ruby arch directories to the filelist ------------------------------------------------------------------- Wed Sep 27 17:15:12 CEST 2006 - mrueckert@suse.de - added ruby-1.8.5-vendor_ruby.patch, site-specific.rb, vendor-specific.rb: add vendor_ruby support. This is a small change for packager. you can now run 'ruby -rvendor-specific extconf.rb' (or setup.rb) and it will be automatically installed in %{_libdir}/ruby/vendor_ruby. ------------------------------------------------------------------- Sat Aug 26 04:23:28 CEST 2006 - mrueckert@suse.de - Update to version 1.8.5: o Non-blocking IO | - Several methods backported from HEAD have been added: | - BasicSocket?#recv_nonblock | - IO#read_nonblock | - IO#write_nonblock | - Socket#accept_nonblock | - Socket#connect_nonblock | - Socket#recvfrom_nonblock | - TCPServer#accept_nonblock | - UDPSocket#recvfrom_nonblock | - UNIXServer#accept_nonblock | (see ruby-core:7917, ruby-core:7925). | o Process.getrlimit/setrlimit See ruby-dev:28729. | o Changes in rdoc/ri | - lots of documentation added | - RubyGems support: ri will search gem installation dirs for | additional documentation | - new options to limit the search path | o RSS | - added RSS::RootElementMixin?#to_xml (ruby-talk:197284), which | can be used to convert feeds to a different RSS version as | follows: | [[[ | rss10 = RSS::Parser.parse(File.read("1.0.rdf")) | File.open("2.0.rss", "w") {|f| f.print(rss10.to_xml("2.0"))} | ]]] | - Support for taxonomies added to the RSS parser and generator. | - A number of convenience methods added | - New style API for RSS generation ruby-talk:197284 | [[[ | The recommended style is nowxxx.new_yyy do |yyy| | yyy.zzz = zzz | ... | end | | | This corresponds to the following in pre-1.8.5: | yyy = xxx.new_yyy | yyy.zzz = zzz | ]]] o Misc | - added Kernel.Pathname(path) | - added Kernel#pretty_inspect | - changes in the GC subsystem that result in better performance | in some cases | - added OptionParser?#getopts | - the per-object overhead went down to 20 bytes on win32 | (from 24) ruby-core:7474 o What breaks (!!!) | - Binding.of_caller, and therefore breakpoint (including Rails') | - several problems in ri reported: the documentation for some | methods seems to have disappeared, and several methods that | should not be documented appear in the indices; | see ruby-core:08709 - removed patches, which are included in 1.8.5: ruby-1.8.4-fix-insecure-dir-operation.patch ruby-1.8.4-fix-insecure-regexp-modification.patch ruby-1.8.4-fix-alias-safe-level.patch - updated ruby-1.8.4_linkerflags.patch. new name ruby-1.8.5_linkerflags.patch ------------------------------------------------------------------- Mon Jul 31 15:59:55 CEST 2006 - mrueckert@suse.de - added ruby-fix-autoconf-magic-code.patch: Fix for the latest changes in the autoconf code. ------------------------------------------------------------------- Mon Jul 31 15:43:29 CEST 2006 - mrueckert@suse.de - security fixes [CVE-2006-3694] [#193661] * added ruby-1.8.4-fix-insecure-dir-operation.patch & ruby-1.8.4-fix-insecure-regexp-modification.patch: fix the insecure operations in the certain safe-level restrictions. * ruby-1.8.4-fix-alias-safe-level.patch: preserve safe level restrictions when aliasing a function. ------------------------------------------------------------------- Mon Apr 10 18:19:13 CEST 2006 - mrueckert@suse.de - build with -fno-strict-aliasing - enable more tests on ppc - disable drb tests ------------------------------------------------------------------- Mon Apr 3 16:53:27 CEST 2006 - mrueckert@suse.de - reworked the ruby-1.8.4-no-eaccess.diff patch it broke when build on old distros ------------------------------------------------------------------- Thu Jan 26 14:23:55 CET 2006 - mrueckert@suse.de - added upstream patch for eaccess - disabled openssl tests on pcc ------------------------------------------------------------------- Wed Jan 25 21:43:32 CET 2006 - mrueckert@suse.de - added ruby-1.8.4_linkerflags.patch patch removes -L. from the linker flags. it seems libtool otherwise expands it to -L$PWD. this leads to trouble with our build system. ------------------------------------------------------------------- Wed Jan 25 21:41:14 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Sun Jan 15 23:07:15 CET 2006 - kukuk@suse.de - Use eaccess() from glibc [#143291] ------------------------------------------------------------------- Sun Jan 15 13:43:18 CET 2006 - mrueckert@suse.de - disabled the big test suite as we trigger a weird bug in the openssl bindings on ppc64 ------------------------------------------------------------------- Sat Dec 24 19:56:48 CET 2005 - mrueckert@suse.de - Update to 1.8.4 - dont run with --default-kcode=utf8 triggers a bug in the test suite ------------------------------------------------------------------- Fri Sep 23 00:28:37 CEST 2005 - mrueckert@suse.de - update to 1.8.3 - updated patches for 1.8.3 - ruby-doc tarball now included as tar.bz2 ------------------------------------------------------------------- Mon Sep 12 14:26:36 CEST 2005 - mrueckert@suse.de - fix path of the RI documentation [Bug #116408] ------------------------------------------------------------------- Thu Sep 8 16:05:04 CEST 2005 - mrueckert@suse.de - dont make the irb man page executable. [Bug #114849] ------------------------------------------------------------------- Tue Aug 23 10:47:04 CEST 2005 - mrueckert@suse.de - added directory entries for the site ruby dirs ------------------------------------------------------------------- Mon Aug 22 13:20:53 CEST 2005 - mrueckert@suse.de - disabled mkmf patch for now. it breaks building the socket extension. ------------------------------------------------------------------- Sun Aug 21 19:11:41 CEST 2005 - ro@suse.de - added directories to filelist - fix typo in filelist ------------------------------------------------------------------- Fri Aug 19 17:52:56 CEST 2005 - mrueckert@suse.de - Build RI and html documentation. Added subpackages for them. - moved samples into a sub packages. - build tcl/tk bindings and move them into their own package. (ruby-1.8.2-tcltk-multilib.patch) - disabled optimization on ia64/x86_x64. needs investigation. - fixed parameter swap in memset call (ruby-1.8.2-strscan-memset.patch) - let mkmf create shared libraries (ruby-mkmf-shared.patch) - splitted of devel files ------------------------------------------------------------------- Tue Jul 19 15:49:46 CEST 2005 - mge@suse.de - make "make test" run also on x86_64 by disabling code optimization (-O0), as it is for ia64 - enable "make test" for ppc64 again ------------------------------------------------------------------- Tue Jul 19 07:42:02 CEST 2005 - mge@suse.de - Fixes #95366, CAN-2005-1992: arbitrary command execution on XMLRPC server ------------------------------------------------------------------- Wed Jun 1 17:42:21 CEST 2005 - ro@suse.de - update to 1.8.2 ------------------------------------------------------------------- Mon Jan 3 11:42:28 CET 2005 - mge@suse.de - added fixes for lib/cgi.rb and lib/cgi/session.rb from ruby-1.8.2, fixes: #47886 (CAN-2004-0983) ------------------------------------------------------------------- Thu Nov 18 02:01:24 CET 2004 - ro@suse.de - fixed file list ------------------------------------------------------------------- Sat Sep 25 11:38:02 CEST 2004 - ro@suse.de - added cgi_session.diff (from debian, CAN-2004-0755) ------------------------------------------------------------------- Mon Jul 26 01:29:37 CEST 2004 - ro@suse.de - fix typo in specfile ------------------------------------------------------------------- Sun Jun 20 20:18:15 CEST 2004 - ro@suse.de - fix find in specfile ------------------------------------------------------------------- Thu Apr 29 01:32:40 CEST 2004 - ro@suse.de - added missing return value (unreached code) ------------------------------------------------------------------- Tue Mar 23 14:59:25 CET 2004 - mge@suse.de - make ruby build on ia64 and ppc64 ------------------------------------------------------------------- Sat Feb 28 17:16:10 CET 2004 - ro@suse.de - fix makefile rule for regenerating lex.c ------------------------------------------------------------------- Sat Feb 28 12:05:46 CET 2004 - ro@suse.de - add gperf to neededforbuild ------------------------------------------------------------------- Sat Feb 28 01:07:47 CET 2004 - ro@suse.de - fix requirement for /usr/local/bin - use no-strict-aliasing ------------------------------------------------------------------- Mon Feb 2 12:37:24 CET 2004 - mge@suse.de - update to 1.8.1 also fixes Bug #34226: Readline support missing from ruby ------------------------------------------------------------------- Sat Jan 10 22:03:01 CET 2004 - adrian@suse.de - add %defattr ------------------------------------------------------------------- Mon Aug 4 11:53:49 CEST 2003 - mge@suse.de - update tp 1.8.0 ------------------------------------------------------------------- Mon Jan 6 04:07:50 CET 2003 - mge@suse.de - update to 1.6.8 ------------------------------------------------------------------- Tue May 21 14:03:25 CEST 2002 - meissner@suse.de - More %_lib fixes inside package. ------------------------------------------------------------------- Tue May 21 11:38:41 CEST 2002 - meissner@suse.de - %_lib fixes - Added prototype for rb_node_newnode. ------------------------------------------------------------------- Fri May 17 12:32:52 CEST 2002 - mge@suse.de - update to 1.6.7 ------------------------------------------------------------------- Mon Apr 15 01:44:30 CEST 2002 - bk@suse.de - lib64 and new arch fixes: suse_update_config and use %_libdir ------------------------------------------------------------------- Fri Apr 5 13:29:02 CEST 2002 - schwab@suse.de - Remove ia64 workaround. ------------------------------------------------------------------- Tue Aug 21 03:14:46 MEST 2001 - mge@suse.de - update to 1.6.4 ------------------------------------------------------------------- Sun May 20 21:37:19 MEST 2001 - mge@suse.de - changes _only_ to spec-file: - make ruby shared libs built - cleanup ruby directory structure (drop /usr/share/lib/ruby/) ------------------------------------------------------------------- Wed May 9 21:53:32 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Thu Mar 22 01:49:00 MET 2001 - mge@suse.de - update to 1.6.3, merge of rread's SPEC patches ------------------------------------------------------------------- Mon Mar 19 16:04:24 CET 2001 - schwab@suse.de - Don't use __builtin_frame_address(2) on ia64. - Compile with -O0 on ia64 to work around compiler bug. ------------------------------------------------------------------- Mon Mar 05 00:00:00 CET 2001 - rread@mountainviewdata.com - introduced build-root ------------------------------------------------------------------- Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) ------------------------------------------------------------------- Fri Jan 12 18:22:32 MET 2001 - mge@suse.de - update to 1.6.2 ------------------------------------------------------------------- Wed Dec 13 13:21:15 CET 2000 - schwab@suse.de - Add %suse_update_config. - Fix computation of stack limit. ------------------------------------------------------------------- Mon Dec 4 23:28:15 MET 2000 - mge@suse.de - update to 1.6.1, manual 1.4.6 ------------------------------------------------------------------- Thu Jul 6 13:30:35 MEST 2000 - mge@suse.de - initial SuSE RPM