Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
ruby2.1.36279
ruby2.1.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ruby2.1.changes of Package ruby2.1.36279
------------------------------------------------------------------- Tue Oct 29 12:54:44 UTC 2024 - Steven Baker <steven.baker@suse.com> - Add CVE-2024-47220.patch (CVE-2024-47220) Fix HTTP request smuggling (boo#1230930) ------------------------------------------------------------------- Thu Nov 11 09:00:04 UTC 2021 - Ali Abdallah <ali.abdallah@suse.com> Add patches to fix the following CVE's: - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping vulnerability in Net:IMAP (bsc#1188160) - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161) - CVE-2020-25613.patch (CVE-2020-25613): Fix potential HTTP request smuggling in WEBrick (bsc#1177125) - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection vulnerability in RDoc (bsc#1190375) ------------------------------------------------------------------- Tue May 26 17:49:31 UTC 2020 - Marcus Rueckert <mrueckert@suse.de> - we dropped the reproducible build patch completely as it breaks the testsuite ------------------------------------------------------------------- Tue May 26 17:21:55 UTC 2020 - Marcus Rueckert <mrueckert@suse.de> - added suse.patch which is a git diff v2_1_9..2.1.9-suse - included in suse.patch are the following security fixes: Rubygems was updated to 2.7.10 as part of those. - VUL-1: CVE-2020-10663: ruby2.1,ruby2.5: Unsafe Object Creation Vulnerability in JSON (boo#1171517) - VUL-0: CVE-2019-16201: ruby2.5,ruby,ruby2.1: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication (boo#1152995) - VUL-0: CVE-2019-15845: ruby2.5,ruby,ruby2.1: A NUL injection vulnerability of File.fnmatch and File.fnmatch? (boo#1152994) - VUL-0: CVE-2019-16254: ruby2.5,ruby,ruby2.1: HTTP response splitting in WEBrick (Additional fix) (boo#1152992) - VUL-0: CVE-2019-16255: ruby2.5,ruby,ruby2.1: code injection vulnerability of Shell#[] and Shell#test (boo#1152990) - VUL-0: CVE-2019-8320: rubygems,ruby19,ruby2.1: rubygems: Delete directory using symlink when decompressing tar (boo#1130627) - VUL-0: CVE-2019-8321: rubygems,ruby19,ruby2.1: rubygems: Escape sequence injection vulnerability in verbose (boo#1130623) - VUL-0: CVE-2019-8322: rubygems,ruby19,ruby2.1: rubygems: Escape sequence injection vulnerability in gem owner (boo#1130622) - VUL-0: CVE-2019-8323: rubygems,ruby19,ruby2.1: rubygems: Escape sequence injection vulnerability in API response handling (boo#1130620) - VUL-0: CVE-2019-8324: rubygems,ruby2.1: rubygems: Installing a malicious gem may lead to arbitrary code execution (boo#1130617) - VUL-0: CVE-2019-8325: rubygems,ruby,ruby2.1: rubygems: Escape sequence injection vulnerability in errors (boo#1130611) - VUL-0: CVE-2018-16396: ruby,ruby2.1: Tainted flags are not propagated in Array#pack and String#unpack with some directives (boo#1112532) - VUL-0: CVE-2018-16395: ruby19,ruby,ruby2.1: OpenSSL::X509::Name equality check does not work correctly (boo#1112530) - VUL-1: CVE-2018-6914: ruby19,ruby,ruby2.1: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (boo#1087441) - VUL-1: CVE-2018-8779: ruby19,ruby,ruby2.1: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (boo#1087440) - VUL-1: CVE-2018-8780: ruby19,ruby,ruby2.1: Unintentional directory traversal by poisoned NUL byte in Dir (boo#1087437) - VUL-1: CVE-2018-8777: ruby19,ruby,ruby2.1: DoS by large request in WEBrick (boo#1087436) - VUL-1: CVE-2017-17742: ruby19,ruby,ruby2.1: HTTP response splitting in WEBrick (boo#1087434) - VUL-1: CVE-2018-8778: ruby19,ruby,ruby2.1: Buffer under-read in String#unpack (boo#1087433) - VUL-0: CVE-2018-1000079: ruby2.1: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (boo#1082058) - VUL-1: CVE-2018-1000075: ruby,rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (boo#1082014) - VUL-0: CVE-2018-1000078: ruby,rubygems: XSS vulnerability in homepage attribute when displayed via gem server (boo#1082011) - VUL-1: CVE-2018-1000077: ruby,rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (boo#1082010) - VUL-1: CVE-2018-1000076: ruby,rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (boo#1082009) - VUL-1: CVE-2018-1000074: ruby,rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (boo#1082008) - VUL-1: CVE-2018-1000073: ruby,rubygems: Path traversal when writing to a symlinked basedir outside of the root (boo#1082007) - VUL-0: CVE-2017-17790: ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (boo#1078782) - VUL-0: CVE-2017-17405: ruby19,ruby,ruby2.1: Command injection vulnerability in Net::FTP (boo#1073002) - VUL-0: CVE-2017-9229: ruby19,ruby2.1,ruby,ruby2: oniguruma: Invalid pointer dereference in left_adjust_char_head() (boo#1069632) - VUL-0: CVE-2017-9228: ruby19,ruby2.1: heap out-of-bounds write occurs in bitset_set_range() during regex compilation (boo#1069607) - VUL-0: CVE-2017-0903: rubygems,ruby2.1: Unsafe Object Deserialization Vulnerability (boo#1062452) - VUL-0: CVE-2017-14033: ruby19,ruby,ruby2.1: Buffer underrun vulnerability in OpenSSL ASN1 decode (boo#1058757) - VUL-0: CVE-2017-0898: ruby19,ruby,ruby2.1: Buffer underrun vulnerability in Kernel.sprintf (boo#1058755) - VUL-0: CVE-2017-10784: ruby19,ruby,ruby2.1: Escape sequence injection vulnerability in the Basic authentication of WEBrick (boo#1058754) - VUL-0: CVE-2017-14064: ruby: arbitrary memory exposure during a JSON.generate call (boo#1056782) - VUL-0: CVE-2016-7798: ruby,ruby19,ruby2.1: IV Reuse in GCM Mode (boo#1055265) - VUL-0: CVE-2015-9096: ruby,ruby19,ruby2.1: Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (boo#1043983) - VUL-0: CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902: rubygems,ruby19,ruby2.1: multiple vulnerabilities fixed in 2.6.13 (boo#1056286) - dropped old patches 0001-rubygems-1.5.0-buildroot.patch 0002-ruby-1.9.2p290-tcl-no-stupid-rpaths.patch 0003-gc.c-tick-for-POWER-arch.patch 0004-vm-exec.c-improve-performance-in-ppc64-arch.patch 0005-Manual-cherry-pick-of-423d042.patch 0006-CIDR-in-no_proxy.patch 0007-Fix-segmentation-fault-after-pack-ioctl-unpack.patch 0008-A-Request-Line-must-not-contain-CR-or-LF.patch 0009-manual-backport-for-CVE-2016-2339.patch 0010-rubygems-testsuite-handle-Gem-LoadError.patch 0011-make-gem-build-reproducible.patch 0012-mkmf-verbose-Makefile.patch 0013-fix-exception-on-non-IP-format.patch - port the default ruby code from newer ruby versions in the spec file - fixed the code to disable tests ------------------------------------------------------------------- Tue Sep 5 14:22:49 CEST 2017 - jdelvare@suse.de - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072.) ------------------------------------------------------------------- Fri Mar 24 10:59:34 UTC 2017 - mrueckert@suse.de - added 0013-fix-exception-on-non-IP-format.patch: fix for boo#1014863#c23 ------------------------------------------------------------------- Thu Mar 16 14:56:28 UTC 2017 - mrueckert@suse.de - switched to git branch based patching. we replace all patches in this round: removed: - make-gem-build-reproducible.patch - ruby-1.9.2p290_tcl_no_stupid_rpaths.patch - ruby-1.9.3-mkmf-verbose.patch - rubygems-1.5.0_buildroot.patch - rubygems-testsuite-handle_gem_loaderror.patch - 0001-gc.c-tick-for-POWER-arch.patch - 0001-vm_exec.c-improve-performance-in-ppc64-arch.patch added: - 0001-rubygems-1.5.0-buildroot.patch - 0002-ruby-1.9.2p290-tcl-no-stupid-rpaths.patch - 0003-gc.c-tick-for-POWER-arch.patch - 0004-vm-exec.c-improve-performance-in-ppc64-arch.patch - 0010-rubygems-testsuite-handle-Gem-LoadError.patch - 0011-make-gem-build-reproducible.patch - 0012-mkmf-verbose-Makefile.patch - added 0005-Manual-cherry-pick-of-423d042.patch and 0006-CIDR-in-no_proxy.patch: support wget syntax for no proxy config (boo#1014863) - added 0007-Fix-segmentation-fault-after-pack-ioctl-unpack.patch (boo#909695) - added 0008-A-Request-Line-must-not-contain-CR-or-LF.patch (boo#986630) - added 0009-manual-backport-for-CVE-2016-2339.patch CVE-2016-2339 (boo#1018808) ------------------------------------------------------------------- Sun Apr 3 21:23:42 UTC 2016 - mrueckert@suse.de - update to 2.1.9 - test/ruby/test_io.rb: handled rlimit value same as r52277 [Bug #11852][ruby-dev:49446] - ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb function rather than OPENSSL_NPN_NEGOTIATED macro. it exists even if it is disabled by OpenSSL configuration. [ruby-core:74384] [Bug #12182] - ext/openssl/ossl_ssl.c: update #ifdef(s) as above. - test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled. - lib/uri/http.rb (URI::HTTP#initialize): [DOC] fix example, missing mandatory arguments. [ruby-core:74540] [Bug #12215] - thread_pthread.c (reserve_stack): fix reserving position where the stack growing bottom to top. [Bug #12118] - variable.c: Added documentation about order of `Module#constants` [ci skip][Bug #12121][ruby-dev:49505][fix GH-1301] - string.c (enc_succ_alnum_char): try to skip an invalid character gap between GREEK CAPITAL RHO and SIGMA. [ruby-core:74478] [Bug #12204] - enc/trans/JIS: update Unicode's notice. [Bug #11844] - ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe [ruby-core:73803] [Bug #12069] - ext/tk/lib/tkextlib/tcllib/tablelist_tile.rb: fix method name typo. [ruby-core:72513] [Bug #11893] The patch provided by Akira Matsuda. - ext/tk/lib/tkextlib/tcllib/toolbar.rb: fix method name typo. [ruby-core:72511] [Bug #11891] The patch provided by Akira Matsuda. - ext/tk/lib/tkextlib/blt/tree.rb: fix method name typo. [ruby-core:72510] [Bug #11890] The patch provided by Akira Matsuda. - ext/tk/lib/tk/menubar.rb: fix a typo in font name. [ruby-core:72505] [Bug #11886] The patch provided by Akira Matsuda. - ext/tk/sample/*.rb: ditto. - net/ftp.rb: add NullSocket#closed? to fix closing not opened connection. [Fix GH-1232] - parse.y (parse_numvar): NTH_REF must be less than a half of INT_MAX, as it is left-shifted to be ORed with back-ref flag. [ruby-core:74444] [Bug#12192] [Fix GH-1296] - marshal.c (r_object0): raise ArgumentError when linking to undefined object. - marshal.c (r_object0): Fix Marshal crash for corrupt extended object. - cont.c (rb_fiber_struct): keep context.uc_stack.ss_sp and context.uc_stack.ss_size for later use. Patch by Rei Odaira. [ruby-core:62945] [Bug #9905] - test/openssl/utils.rb (start_server, server_loop): Use a pipe to stop server instead of shutdown/close a listening socket. - test/ruby/envutil.rb (assert_join_threads): New assertion to join multiple threads without exceptions. - ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socket if any exception occur. - ext/openssl/ossl_ssl.c (ossl_ssl_close): Fix sync_close to work when SSL is not started. This fix the fd leak by test_https_proxy_authentication in test/net/http/test_https_proxy.rb. - test/openssl: Join threads. - insns.def (opt_mod): show its method name on ZeroDivisionError. [Bug #12158] - test/ruby/test_process.rb (TestProcess#test_setsid): AIX does not allow Process::getsid(pid) when pid is in a different session. - test/ruby/test_process.rb (test_execopts_gid): Skip a test that is known to fail on AIX. AIX allows setgid to a supplementary group, but Ruby does not allow the "-e" option when setgid'ed, so the test does not work as intended. - test/rinda/test_rinda.rb (test_make_socket_ipv4_multicast): The fifth argument to getsockopt(2) should be modified to indicate the actual size of the value on return, but not in AIX. This is a know bug. Skip related tests. - test/rinda/test_rinda.rb (test_ring_server_ipv4_multicast): ditto. - test/rinda/test_rinda.rb (test_make_socket_unicast): ditto. - test/socket/test_basicsocket.rb (test_getsockopt): ditto. - test/socket/test_sockopt.rb (test_bool): ditto. - test/zlib/test_zlib.rb (test_adler32_combine, test_crc32_combine): Skip two tests on AIX because zconf.h in zlib does not correctly recognize _LARGE_FILES in AIX. The problem was already reported to zlib, and skip these tests until it is fixed. - test/socket/test_addrinfo.rb (test_ipv6_address_predicates): IN6_IS_ADDR_V4COMPAT and IN6_IS_ADDR_V4MAPPED are broken on AIX, so skip related tests. - test/gdbm/test_gdbm.rb (TestGDBM#test_s_open_lock): skip this test on AIX. The issue is the same as on Solaris. [ruby-dev:47631] - thread_pthread.c (getstack): __pi_stacksize returned by pthread_getthrds_np() is wrong on AIX. Use __pi_stackend - __pi_stackaddr instead. - lib/irb.rb: avoid to needless truncation when using back_trace_limit option. [fix GH-1205][ruby-core:72773][Bug #11969] - enc/windows_1250.c: Should not use C++ style comments (C99 feature). [Bug #11843] - enc/iso_8859_2.c, enc/windows_1250.c: separate Windows-1250 from ISO-8859-2 to fix 0x80..0x9e range (from Kimihito Matsui) - enc/windows_1252.c: separate from ISO-8859-1 to fix 0x80..0x9e range. [ruby-core:64049] [Bug #10097] - enc/iso_8859_13.c: Added three missing lower/upper-case character pairs (from Kimihito Matsui) - enc/iso_8859_4.c: Added missing lower/upper-case character pair (U+014A and U+014B, LATIN CAPITAL/SMALL LETTER ENG) (from Kimihito Matsui) - string.c (rb_str_scrub): the result should be infected by the original string. - transcode.c (rb_econv_substr_append, econv_primitive_convert): the result should be infected by the original string. - include/ruby/ruby.h: add raw FL macros, which assume always the argument object is not a special constant. - internal.h (STR_EMBED_P, STR_SHARED_P): valid only for T_STRING. - string.c: deal with taint flags directly across String instances. - lib/logger.rb: Remove block from Logger.add as it's not needed patch provided by Daniel Lobato Garcia [fix GH-1240] [Bug #12054] - re.c: Remove deprecated kcode argument from Regexp.new and compile patch provided by Dylan Pulliam [Bug #11495] - ext/socket/socket.c (sock_gethostname): support unlimited size hostname. - lib/xmlrpc/client.rb: Support SSL options in async methods of XMLRPC::Client. [Bug #11489] Reported by Aleksandar Kostadinov. Thanks!!! - marshal.c (r_object0): honor Marshal.load post proc value for TYPE_LINK. by Hiroshi Nakamura <nahi@ruby-lang.org> https://github.com/ruby/ruby/pull/1204 fix GH-1204 - ext/socket/option.c (sockopt_bool): relax boolean size to be one too not only sizeof(int). Winsock getsockopt() returns a single byte as a boolean socket option. [ruby-core:72730] [Bug #11958] - process.c (rb_execarg_parent_start1): need to convert the encoding to ospath's one. - process.c: use rb_w32_uchdir() instead of plain chdir() on Windows. reported by naruse via twitter. - process.c (rb_execarg_addopt): need to convert the encoding to ospath's one. - ext/stringio/stringio.c (strio_binmode): implement to set encoding - test/stringio/test_stringio.rb (test_binmode): new test [ruby-core:72699] [Bug #11945] - io.c (io_getpartial): remove unused kwarg from template - test/ruby/test_io.rb (test_readpartial_bad_args): new [Bug #11885] - compile.c, cont.c, doc, man: fix common misspelling. [ruby-core:72466] [Bug #11870] - ext/socket/init.c (rsock_init_sock): reject reserved FDs [ruby-core:72445] [Bug #11862] - ext/socket/init.c (rsock_init_sock): check FD after validating - test/socket/test_basicsocket.rb (test_for_fd): new [ruby-core:72418] [Bug #11854] - cont.c: fix a double word typo. [Bug #11313][ruby-core:69749] - ext/tk/lib/multi-tk.rb: fix typos. [Bug #11764][ruby-core:71800] - re.c (reg_names_iter): should consider encoding of regexp. [ruby-core:72185] [Bug #11825] ------------------------------------------------------------------- Thu Mar 24 11:06:06 UTC 2016 - dvaleev@suse.com - fate#320684/bsc#973073 0001-gc.c-tick-for-POWER-arch.patch 0001-vm_exec.c-improve-performance-in-ppc64-arch.patch Preformance improvements of Ruby on POWER platform. Commit ids are: a5456a1d8308cec5461846418500f77b69a01e4d and d1075b72c819ee537bde8a302340c4b837402a76 ------------------------------------------------------------------- Mon Jan 4 21:38:49 UTC 2016 - mrueckert@suse.de - update to 2.1.8 (boo# 959495) - ext/fiddle/handle.c: check tainted string arguments. Patch provided by tenderlove and nobu. (CVE-2015-7551) - test/fiddle/test_handle.rb (class TestHandle): add test for above. - ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen with a tainted name of library. Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. - ext/dl/handle.c (rb_dlhandle_sym): ditto - io.c (parse_mode_enc): fix buffer overflow. - insns.def (opt_case_dispatch): avoid converting Infinity - test/ruby/test_optimization.rb (test_opt_case_dispatch_inf): new [ruby-dev:49423] [Bug #11804]' - configure.in: pthread_getattr_np is broken on AIX. More specifically, the stack address and size returned are not correct. - insns.def (opt_case_dispatch): check Float#=== redefinition - test/ruby/test_optimization.rb (test_opt_case_dispatch): new [ruby-core:71920] [Bug #11784] - ruby_atomic.h (ATOMIC_SIZE_CAS): fix the argument order of InterlockedCompareExchange64. new value and then old value is the last. - encoding.c (enc_m_loader): defer finding encoding object not to be infected by marshal source. [ruby-core:71793] [Bug #11760] - marshal.c (r_object0): enable compatible loader on USERDEF class. the loader function is called with the class itself, instead of an allocated object, and the loaded data. - marshal.c (compat_allocator_table): initialize compat_allocator_tbl on demand. - object.c (rb_undefined_alloc): extract from rb_obj_alloc. - range.c (range_to_s): should be infected by the receiver. str2 infects by appending. [ruby-core:71811] [Bug #11767] - ext/readline/extconf.rb: call dir_config("libedit") if --enable-libedit is spcified. [Bug #11751] patched by John Hein - io.c (rb_io_each_codepoint): raise an exception at incomplete character before EOF when conversion takes place. [Bug #11444] - io.c (rb_io_each_codepoint): read more data when read partially. [ruby-core:70379] [Bug #11444] - ext/digest/sha1/sha1ossl.c: fixed build error introduced at r52797. - insns.def (defined): skip respond_to_missing? when a method is available. [Bug #11211] - test/ruby/test_defined.rb: add a test for this fix. - ext/digest/rmd160/rmd160.c: fixed commit mistake at r52797. - io.c (argf_getpartial): should not resize str if the second argument is not given. [ruby-core:71668] [Bug #11738] - lib/net/http.rb: set hostname before call ossl_ssl_set_session. [Bug #11401][ruby-core:70152][fix GH-964] Patch by @mkarnebeek - transcode.c (rb_econv_open0): rb_econv_t::source_encoding_name and rb_econv_t::destination_encoding_name should refer static strings always or NULL. [ruby-core:70247] [Bug #11416] - ext/digest/*/*.[ch]: include ruby.h before digest.h to avoid includeing ext/digest/extconf.h. [Bug #3231] https://msdn.microsoft.com/library/36k2cdd4.aspx - ext/digest/*/extconf.rb: remove ext/digest from include search path to avoid confusion of cl.exe. - ext/digest/*/*.[ch]: explicitly specify def.h's path. - Added missing reference of GitHub - lib/net/http.rb: Fixed regression for Net::HTTP::PUT with "Expect-100" header. [fix GH-949] - test/net/http/test_http.rb: added test. - ext/date/extconf.rb: try_cflags("-std=iso9899:1999") [Bug #10906] ruby itself (including numeric.c) is built with strict compile options including -std=iso9899:1999, but ext/date is not. By the way -std=iso9899:1999 is not only a warning option but also changes behavior like MACRO definitions for example INFINITY. gcc on Solaris affect this. - ext/openssl/ossl_pkey.c: Merge ruby/openssl@b9ea8ef [Bug #10735] - ext/openssl/ossl_ssl.c (ossl_ssl_method_tab): Only add SSLv3 support if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> [Bug #11376] - ext/openssl/extconf.rb: check for SSLv3 support in the SSL implementation. - test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 if there is no support. - vm_trace.c (rb_threadptr_exec_event_hooks_orig): maintain trace_running counter on internal events. This patch is made by Takashi Kokubun <takashikkbn@gmail.com>. [Bug #11603] https://github.com/ruby/ruby/pull/1059 - compile.c (iseq_compile_each): remove duplicated line event. [Bug #10449] - test/ruby/test_settracefunc.rb: add and fix tests. - vm.c (hook_before_rewind): prevent kicking :return event while finishing vm_exec func because invoke_block_from_c() kick a :return event for bmethods. [Bug #11492] - test/ruby/test_settracefunc.rb: add a test. - test/openssl/test_ssl_session.rb: Fix tests so that they take in to account OpenSSL installations that have SSLv3 disabled by default. Thanks Jeremy Evans <code@jeremyevans.net> for the patches. [Bug #11366] [Bug #11367] - test/openssl/test_ssl_session.rb (OpenSSL#test_ctx_client_session_cb): fix test failure with OpenSSL disabled SSLv3 protocol. [ruby-core:63772] [Bug #10046] - string.c (sym_to_proc), proc.c (rb_block_clear_env_self): clear caller's self which is useless, so that it can get collected. [Fixes GH-592] - lib/ipaddr.rb, test/test_ipaddr.rb: Reject invalid address contained EOL string. Patch by @kachick [fix GH-942][Bug #11513] - lib/ipaddr.rb, test/test_ipaddr.rb: split test code from library script and move to test script, just like trunk. - ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error in ext/openssl instead of OpenSSL itself because LibreSSL silently truncate the selected protocol name by casting the length from int to unsigned char. [Bug #11369] Patch by Jeremy Evans <merch-redmine@jeremyevans.net> - configure.in: check for libunwind.h, which is not available in very old OS X SDK. [ruby-core:71080] [Bug #11591] - test/drb/test_drb.rb: Run Rinda/DRb tests on localhost. [Fix GH-1027] patch by voxik. - test/rinda/test_rinda.rb: ditto - parse.y (literal_concat_gen, evstr2dstr_gen): keep literal encoding beginning with an interpolation same as the source file encoding. [ruby-core:70703] [Bug #11519] - lib/rss/rss.rb (Time#w3cdtf): fix zero-trimmed width of fraction digits. [ruby-core:70667] [Bug #11509] - re.c (rb_memsearch_wchar, rb_memsearch_qchar): test matching till the end of string. [ruby-core:70592] [Bug #11488] - test/ruby/test_m17n.rb (test_include?, tet_index): add tests by Tom Stuart. - thread_pthread.c (reserve_stack): ensure the memory is really allocated. [Bug #11457] ------------------------------------------------------------------- Wed Aug 19 14:49:00 UTC 2015 - mrueckert@suse.de - update to 2.1.7 (boo# 936032) - bump version to 2.4.5.1. this version fixed CVE-2015-3900. - many more fixes please see /usr/share/doc/packages/ruby2.1/ChangeLog ------------------------------------------------------------------- Thu Apr 16 23:16:46 UTC 2015 - mrueckert@suse.de - update to 2.1.6 (bsc# 926974) - stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] CVE-2015-1855 - upgrade to RubyGems 2.2.3. [Backport #10515] - lots of documentation updates - a few crash and parser fixes For all the changes see /usr/share/doc/packages/ruby2.1/ChangeLog - drop the SSE2 patches as they are included upstream: ruby-2.1.3-no_sse2_patch_configure_too.patch ruby-no_sse2.patch ------------------------------------------------------------------- Wed Mar 11 20:00:04 UTC 2015 - mrueckert@suse.de - Remove the support to have the shared files from ruby-common intree again. - merged TK conditionals with the 2.2 package ------------------------------------------------------------------- Wed Feb 11 10:27:07 UTC 2015 - coolo@suse.com - add make-gem-build-reproducible.patch to make sure the gems created with gem build don't use the time of the build, but the mtime of the Gemfile ------------------------------------------------------------------- Thu Dec 18 17:22:18 UTC 2014 - jmassaguerpla@suse.com - fix CVE-2014-8090: ruby: Another Denial Of Service XML Expansion (bnc#905326) CVE-2014-8090.patch: contains the patch - fix CVE-2014-8080: ruby: ruby19: Denial Of Service XML Expansion (bnc#902851) CVE-2014-8080.patch: contains the patch - Enable tests to run during the build. This way we can compare the results on different builds. ------------------------------------------------------------------- Thu Nov 13 16:26:18 UTC 2014 - mrueckert@suse.de - explicitely upgrade the libname package so we update libruby when we upgrade the stdlib or main package ------------------------------------------------------------------- Thu Nov 13 16:09:51 UTC 2014 - mrueckert@suse.de - update to 2.1.5: (bsc# 905326) - This release includes a security fix for DoS vulnerability of REXML. It is similar to the fixed vulnerability in the previous release, but new and different from it. (CVE-2014-8090) add REXML::Document#document. - bignum.c (absint_numwords_generic): set an array element after definition of a variable to fix compile error with older version of fcc (Fujitsu C Compiler) 5.6 on Solaris 10 on Sparc. [Bug #10350] [ruby-dev:48608] - compile.c (compile_data_alloc): add padding when strict alignment is required for memory access. Currently, the padding is enabled only when the CPU is 32-bit SPARC and the compiler is GCC. [Bug #9681] [ruby-core:61715] - compile.c (STRICT_ALIGNMENT): defined if strict alignment is required - compile.c (ALIGNMENT_SIZE, ALIGNMENT_SIZE_MASK, PADDING_SIZE_MAX): new macros for alignemnt word size, bit mask, max size of padding. - compile.c (calc_padding): new function to calculate padding size. - configure.in (__builtin_setjmp): disable with gcc/clang earlier than 4.3 on Mac OS X. [ruby-core:65174] [Bug #10272] - bignum.c (bary_mul_balance_with_mulfunc): Fix free work area location. [ruby-dev:48723] [Bug #10464] [ruby-core:66044] [Bug #10465] Reported by Kohji Nishihama. ------------------------------------------------------------------- Tue Oct 28 00:30:05 UTC 2014 - mrueckert@suse.de - update to 2.1.4: - Denial of Service XML Expansion CVE-2014-8080 (bsc# 902851) - keep the entity size within the limitation. - Changed default settings of ext/openssl related to CVE-2014-3566 - Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. (bsc# CVE-2014-3566) - test/ruby/test_time_tz.rb: Fix test error with tzdata-2014g. [ruby-core:65058] [Bug #10245] Reported by Vit Ondruch. - vm_method.c (rb_method_entry_make): warn redefinition only for already defined methods, but not for undefined methods. [ruby-dev:48691] [Bug #10421] - vm_method.c (rb_method_entry_make): warn redefinition only for already defined methods, but not for undefined methods. [ruby-dev:48691] [Bug #10421] - class.c (unknown_keyword_error): delete expected keywords directly from raw table, so that the given block is not called. [ruby-core:65837] [Bug #10413] - vm_core.h, vm.c, proc.c: fix GC mark miss on bindings. [ruby-dev:48616] [Bug #10368] - test/ruby/test_eval.rb: add a test code. - parse.y (parser_here_document): do not append already appended and disposed code fragment. [ruby-dev:48647] [Bug #10392] - ext/stringio/stringio.c (strio_write): ASCII-8BIT StringIO should be writable any encoding strings, without conversion. [ruby-core:65240] [Bug #10285] - vm_eval.c (eval_string_with_cref): fix super from eval with scope. set klass in the current control frame to the class of the receiver in the context to be evaluated, this class/module must match the actual receiver to call super. [ruby-core:65122] [Bug #10263] - lib/find.rb (Find.find): Call to_path for arguments to obtain strings. [ruby-core:63713] [Bug #10035] Reported by Herwin. - object.c (rb_class_real): do not dereference 0 VALUE - test/ruby/test_module.rb (test_inspect_segfault): Test case and bug report by Thomas Stratmann. [ruby-core:65214] [Bug #10282] - signal.c (rb_f_kill): get rid of deadlock as unhandled and discarded signals do not make interrupt_cond signaled. based on the patch by Kazuki Tsujimoto at [ruby-dev:48606]. [Bug #9820] - signal.c (rb_f_kill): should not ignore signal unless the default handler is registered. [ruby-dev:48592] [Bug #9820] merge r47598 partially. extracted commits are as follows. [Bug #9728] https://github.com/k-takata/Onigmo/commit/15ddec6d18e27fdc1988236764e766fd5892ecf5 - lib/fileutils.rb: handle ENOENT error with symlink targeted to non-exists file. [ruby-dev:45933] [Bug #6716] - configure.in: NetBSD's ksh, used by configure, needs escapes. - array.c (ary_recycle_hash): add RB_GC_GUARD (rb_ary_diff): remove volatile [Bug #10369] - dir.c (dir_s_aref): fix rdoc. `Dir.glob` allows an array but `Dir[]` not. the former accepts an optional parameter `flags`, while the latter accepts arbitrary number of arguments but no `flags`. [ruby-core:65265] [Bug #10294] - configure.in: Fix typo. [Bug #9914] - error.c: update exception tree. [DOC] reported by @hemge via twitter. - parse.y (parse_ident): just after a label, new expression should start, cannot be a modifier. [ruby-core:65211] [Bug #10279] - win32/Makefile.sub (VCSUP): nothing to do if this worktree is not under any VCS (it means that the worktree may be from the release package). - test/ruby/test_time_tz.rb: Fix test error with tzdata-2014g. [ruby-core:65058] [Bug #10245] Reported by Vit Ondruch. - test/minitest/test_minitest_unit.rb: removed obsoleted condition for Ruby 1.8. - test/ruby/test_time_tz.rb: ditto. ------------------------------------------------------------------- Wed Oct 22 05:01:30 UTC 2014 - coolo@suse.com - don't add self conflicts for SLE 11 ------------------------------------------------------------------- Wed Oct 15 10:57:27 UTC 2014 - mrueckert@suse.de - added ruby-2.1.3-no_sse2_patch_configure_too.patch: avoid running autoreconf - drop BR on autoconf and libtool again ------------------------------------------------------------------- Mon Oct 13 16:19:44 UTC 2014 - mrueckert@suse.de - turn on testsuite by default. we dont hard fail anyway. ------------------------------------------------------------------- Mon Oct 13 16:16:40 UTC 2014 - mrueckert@suse.de - added rubygems-testsuite-handle_gem_loaderror.patch This makes more test cases actually run. (backport from trunk) - patch taken from fedora rpm: ruby-1.9.3-mkmf-verbose.patch generate verbose make files by default. - added testsuite workarounds found in fedora's spec file to ours. ------------------------------------------------------------------- Mon Oct 13 14:55:14 UTC 2014 - mrueckert@suse.de - added ruby-no_sse2.patch: (boo# 872908) Dont enable sse2 just because the compiler supports it. we still want to support i586. The code was reverted in trunk as well. - new BR: autoconf and libtool - converted conditional for running the testsuite to a bcond - added BR for procps and timezone for the testsuite - clean up intree certs from the rubygems code base (boo# 900932) ------------------------------------------------------------------- Wed Oct 8 15:46:22 UTC 2014 - mrueckert@suse.de - drop the ruby-stdlib provides in the versioned stdlib and add a conflicts so we can finally upgrade ------------------------------------------------------------------- Wed Oct 8 15:31:39 UTC 2014 - mrueckert@suse.de - update to 2.1.3 (bsc# 887877) CVE-2014-4975 This update fixes among other things - off-by-one stack-based buffer overflow in the encodes() function - change of full GC timing to reduce memory consumption (see Bug #9607) For all the details see /usr/share/doc/packages/ruby2.1/ChangeLog - drop drop_content_size_check_in_xmlrpc.patch: included in update - fixed shebang line fix in %prep ------------------------------------------------------------------- Wed Sep 24 14:39:25 UTC 2014 - mrueckert@suse.de - also make the ghost files match what we generate in the rubygem based packages ------------------------------------------------------------------- Wed Sep 24 13:47:09 UTC 2014 - mrueckert@suse.de - also provide the %{_bindir}/$bin%{rb_binary_suffix} symlinks via u-a to be consistent with what gem based packages do. ------------------------------------------------------------------- Mon Sep 22 12:28:58 UTC 2014 - mrueckert@suse.de - conflict with $interpreter(abi) = %api_version to make the upgrade path easier. ------------------------------------------------------------------- Mon Sep 22 09:44:38 UTC 2014 - mrueckert@suse.de - instead of touch for the files in /etc/alternatives. use the symlink pointing to itself. ------------------------------------------------------------------- Fri Sep 19 09:49:55 UTC 2014 - mrueckert@suse.de - conflict with our own ruby abi ------------------------------------------------------------------- Wed Sep 17 16:44:09 UTC 2014 - mrueckert@suse.de - only provide the rdoc and ri symlink on newer than sle11 ------------------------------------------------------------------- Mon Sep 15 14:35:03 UTC 2014 - mrueckert@suse.de - the ruby(abi) = $interpreter:$abiversion was not a good idea. rpm treats the $interpreter part as epoch. instead we use now: $interpreter(abi) = $abiversion For MRI it means we are basically back to ruby(abi). Examples for alternative ruby interpreters are rubinius(abi) and jruby(abi) (bnc#896658) ------------------------------------------------------------------- Wed Sep 3 14:12:54 UTC 2014 - mrueckert@suse.de - also in the awk generated provides we should add the intererpreter part to the provides. also remove the old package name based provides there. ------------------------------------------------------------------- Wed Sep 3 13:03:04 UTC 2014 - mrueckert@suse.de - use new ruby abi syntax in the macros ------------------------------------------------------------------- Wed Sep 3 12:56:35 UTC 2014 - mrueckert@suse.de - use the new syntax for ruby abi ------------------------------------------------------------------- Wed Jul 16 17:26:18 UTC 2014 - mrueckert@suse.de - added ruby2.1.macros: ruby 2.1 specific macros for the macro based expansion - added ruby2.1-default.macros: if ruby 2.1 is default this file will be installed and sets the rb_default* variables and rb_build_versions accordingly. - no longer conflict with the other versioned ruby packages ------------------------------------------------------------------- Tue Jul 15 18:27:51 UTC 2014 - mrueckert@suse.de - now we can configure the default ruby version in the project config. if the package's rb_soname matches the rb_default_ruby_suffix, the package is default and we create the hardlinks for the important binaries and the libruby.so symlink. ------------------------------------------------------------------- Tue Jul 15 14:23:56 UTC 2014 - mrueckert@suse.de - require ruby-common already in the main package, not every package we build requires ruby-devel - update the rubygems provides to the actual version ------------------------------------------------------------------- Wed Jun 18 21:38:50 UTC 2014 - mrueckert@suse.de - %ix86 architectures are x86 for rubygems ------------------------------------------------------------------- Wed Jun 18 18:45:29 UTC 2014 - mrueckert@suse.de - also package the extensions documentation dir ------------------------------------------------------------------- Wed Jun 18 15:22:27 UTC 2014 - mrueckert@suse.de - no longer share the rb_binary_suffix between the library usage and the binary usage. for the library usage we have now rb_soname. - change rb_binary_suffix to .ruby2.1 ------------------------------------------------------------------- Wed Jun 18 13:31:15 UTC 2014 - mrueckert@suse.de - also provide libruby.so again: too much broken code relies on the existence of it ------------------------------------------------------------------- Wed Jun 18 09:20:50 UTC 2014 - mrueckert@suse.de - also package the extensions dir so we have an owner ------------------------------------------------------------------- Tue Jun 17 12:41:44 UTC 2014 - mrueckert@suse.de - no longer provide the ruby macros ------------------------------------------------------------------- Sun Jun 15 22:23:05 UTC 2014 - mrueckert@suse.de - remove ruby19-export_init_prelude.patch ------------------------------------------------------------------- Sun Jun 15 18:27:42 UTC 2014 - mrueckert@suse.de - dont build ruby-common in here anymore ------------------------------------------------------------------- Fri May 16 20:21:05 UTC 2014 - kkaempf@suse.com - Update to 2.1.2 - fix for a regression of Hash#reject in Ruby 2.1.1 - support for build with Readline-6.3 (see Bug #9578) - updated bundled version of libyaml with psych - some bug fixes. ------------------------------------------------------------------- Sun Mar 2 09:07:57 UTC 2014 - kkaempf@suse.com - make api_version explicit in spec - adapt versions of embedded gems ------------------------------------------------------------------- Fri Feb 28 14:14:00 UTC 2014 - adrian@suse.de - use api version 2.1.0 again to avoid dependency breakages ------------------------------------------------------------------- Fri Feb 28 09:03:07 UTC 2014 - kkaempf@suse.com - Update to 2.1.1 Speedup and bugfixes (upstream bug ids): - rubygems 2.2.2 (#9489) - fix segfault at unpacking modified String (#9478) - Struct#send(:setter=, rhs) does not return rhs (#9470) - Array#uniq behavior change (#9470) - Timeout behavior change (#9470) - Hash lookup with #hash and #eql broken (#9470) - bigdecimal division issue (#9470) - SizedQueue not working (#9470) - BidDecimal division (#9316) - fix 'gem install --ignore-dependencies' for remote gems (#9282) - Array#to_h should not ignore badly formed elements (#9270) - Method#arity for keyword arguments (#8072) ------------------------------------------------------------------- Sat Feb 15 21:05:19 UTC 2014 - kkaempf@suse.com - add internal.h to ruby-devel-extra ------------------------------------------------------------------- Mon Feb 10 11:20:16 UTC 2014 - kkaempf@suse.com - Don't require rpm-with-ruby-provide-hook on SLE11. It's not a runtime requirement but a build-time requirement for rubygems in SLE11. Buildservice will take care of that. ------------------------------------------------------------------- Fri Feb 7 12:05:32 UTC 2014 - coolo@suse.com - reintroduce update-alternatives for rake, rdoc and ri as those can come from more uptodate gems ------------------------------------------------------------------- Sat Feb 1 11:51:30 UTC 2014 - coolo@suse.com - readd old macros - for now at least ------------------------------------------------------------------- Fri Jan 31 10:22:24 UTC 2014 - kkaempf@suse.com - generate provides for embedded rubygems ------------------------------------------------------------------- Thu Jan 30 14:29:36 UTC 2014 - kkaempf@suse.com - merged ruby-common ------------------------------------------------------------------- Sun Jan 19 12:54:46 UTC 2014 - kkaempf@suse.com - new package split - only single Ruby version installable ruby - binary libruby2_1-2_0 - ruby runtime library ruby-stdlib - ruby standard library ruby-doc - ruby documentation ruby-devel - ruby development ------------------------------------------------------------------- Sun Jan 19 12:53:57 UTC 2014 - kkaempf@suse.com - revert the ruby split (ruby - ruby21) rename ruby21 to ruby, integrate 'ruby' and 'ruby-common' ------------------------------------------------------------------- Thu Jan 9 10:37:57 UTC 2014 - jreidinger@suse.com - remove part of rubygems1.5 patch that modify mkmf which is already fixed upstream ------------------------------------------------------------------- Wed Jan 8 20:03:32 UTC 2014 - kkaempf@suse.com - fix rb_arch in spec: append -gnu - fix native gem builds: create gem native extensions dir ------------------------------------------------------------------- Mon Jan 6 08:31:16 UTC 2014 - coolo@suse.com - initial version for ruby 2.1.0 - changes to Ruby 2.0: VM (method cache) RGenGC (See ko1’s RubyKaigi presentation and RubyConf 2013 presentation) refinements #8481 #8571 syntax changes Rational/Complex Literal #8430 def’s return value #3753 Bignum use GMP #8796 String#scrub #8414 Socket.getifaddrs #8368 RDoc 4.1.0 and RubyGems 2.2.0 “literal”.freeze is now optimized #9042 add Exception#cause #8257 update libraries like BigDecimal, JSON, NKF, Rake, RubyGems, and RDoc remove curses #8584 - initial patches: drop_content_size_check_in_xmlrpc.patch ruby-1.9.2p290_tcl_no_stupid_rpaths.patch ruby19-export_init_prelude.patch rubygems-1.5.0_buildroot.patch
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor