Hello community, here is the log from the commit of package ruby for openSUSE:11.3 checked in at Mon Jan 16 01:18:38 CET 2012.
-------- --- old-versions/11.3/UPDATES/all/ruby/ruby.changes 2011-05-12 18:36:28.000000000 +0200 +++ 11.3/ruby/ruby.changes 2012-01-12 16:53:17.000000000 +0100 @@ -1,0 +2,59 @@ +Thu Jan 12 15:46:36 UTC 2012 - [email protected] + +- update to 1.8.7.p357 (bnc#739122) + - randomize hash to avoid algorithmic complexity attacks. + CVE-2011-4815 + - initialization of hash_seed to be at the beginning of the + process. + - initialize random seed at first. + - call OpenSSL::Random.seed at the SecureRandom.random_bytes + call. insert separators for array join. patch by Masahiro + Tomita. [ruby-dev:44270] + - mkconfig.rb: fix for continued lines. based on a patch from + Marcus Rueckert <darix AT opensu.se> at [ruby-core:20420]. + - Infinity is greater than any bignum number. [ruby-dev:38672] + - initialize store->ex_data.sk. [ruby-core:28907] + [ruby-core:23971] [ruby-core:18121] + +------------------------------------------------------------------- +Wed Dec 21 16:51:11 UTC 2011 - [email protected] + +- update to 1.8.7.p352 (Fate #312657) (bnc#704409) + - support for openssl compiled without SSLv2 + - multilib support for tk build + - some IPv6 related fixes + - zlib fixes + - reinitialize PRNG when forking children + (CVE-2011-2686/CVE-2011-3009) + - securerandom fixes (CVE-2011-2705) + - uri route_to fixes + - fix race condition with variables and autoload +- drop 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch + included upstream +- drop ruby-1.8.7.p22_tcltk-multilib.patch + solved differently upstream +- switched rb_arch macro to use RUBY_PLATFORM +- dropped patches: + ruby_1.8.6.p36_date_remove_privat.patch + ruby-1.8.6.p36_socket_ipv6.patch + ruby-1.8.7.p22_lib64.patch + ruby-1.8.7.p22_tcltk-multilib.patch + ruby-1.8.x_bigdecimal_memory_corruption.patch + ruby-1.8.x_exception_tainted_message.patch + ruby-1.8.x_fileutils_symlink_race.patch + ruby-1.8.x_net_http_close_in_rescue.patch + ruby-1.8.x_openssl-1.0.patch + ruby-1.8.x_openssl-1.0-tests.patch + ruby-1.8.x_webrick_charset_issue.patch + ruby-pedantic-headers.diff +- new patches + ruby-1.8.7.p299_lib64.patch + ruby-1.8.7.p299_date_remove_privat.patch + ruby-1.8.7.p299_pedantic-headers.patch + ruby-1.8.x_digest_non_void_return.patch + ruby-1.8.x_openssl_branch_update.patch + ruby-1.8.x_yaml2byte.patch + ruby-1.8.7.p334_remove_zlib_test_params_test.patch + ruby-1.8.x_rubylibdir.patch + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 Old: ---- ruby-1.8.6.p36_socket_ipv6.patch ruby-1.8.7-p249.tar.bz2 ruby-1.8.7-p72_topdir.patch ruby-1.8.7-p72_vendor_specific.patch ruby-1.8.7.p22_lib64.patch ruby-1.8.7.p22_tcltk-multilib.patch ruby-1.8.x_bigdecimal_memory_corruption.patch ruby-1.8.x_exception_tainted_message.patch ruby-1.8.x_fileutils_symlink_race.patch ruby-1.8.x_net_http_close_in_rescue.patch ruby-1.8.x_openssl-1.0-tests.patch ruby-1.8.x_openssl-1.0.patch ruby-1.8.x_webrick_charset_issue.patch ruby-pedantic-headers.diff ruby_1.8.6.p36_date_remove_privat.patch New: ---- ruby-1.8.7-p357.tar.bz2 ruby-1.8.7.p299_date_remove_privat.patch ruby-1.8.7.p299_lib64.patch ruby-1.8.7.p299_pedantic-headers.patch ruby-1.8.7.p334_remove_zlib_test_params_test.patch ruby-1.8.7.p72_topdir.patch ruby-1.8.7.p72_vendor_specific.patch ruby-1.8.x_openssl_branch_update.patch ruby-1.8.x_rubylibdir.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby.spec ++++++ --- /var/tmp/diff_new_pack.icJ3Mi/_old 2012-01-16 01:18:18.000000000 +0100 +++ /var/tmp/diff_new_pack.icJ3Mi/_new 2012-01-16 01:18:18.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package ruby # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,11 +19,11 @@ Name: ruby -Version: 1.8.7.p249 -Release: 8.<RELEASE3> +Version: 1.8.7.p357 +Release: 0.<RELEASE2> # %define pkg_version 1.8.7 -%define patch_level p249 +%define patch_level p357 %define rb_arch %(echo %{_target_cpu}-linux | sed -e "s/i686/i586/" -e "s/hppa2.0/hppa/" -e "s/ppc/powerpc/") %define rb_ver %(echo %{pkg_version} | sed -e 's/\\\.[0-9]\\\+$//') # @@ -32,6 +32,8 @@ # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison gdbm-devel gperf graphviz libjpeg-devel openssl-devel readline-devel tk-devel +# for openssl testsuite +BuildRequires: openssl #define with_bleak_house 1 %if 0%{suse_version} >= 1030 %define use_fdupes 1 @@ -56,23 +58,17 @@ Source: ftp://ftp.ruby-lang.org/pub/ruby/ruby-%{pkg_version}-%{patch_level}.tar.bz2 Source1: irb.1 Source2: ruby-doc-bundle.tar.bz2 -Patch1: ruby-1.8.7.p22_lib64.patch -Patch2: ruby-1.8.7.p22_tcltk-multilib.patch -Patch3: ruby-1.8.6.p36_socket_ipv6.patch -Patch5: ruby_1.8.6.p36_date_remove_privat.patch -Patch6: ruby-pedantic-headers.diff -Patch7: ruby-1.8.7-p72_vendor_specific.patch -Patch8: ruby-1.8.7-p72_topdir.patch -# can be removed on next version update. pulled from svn +Patch1: ruby-1.8.7.p299_lib64.patch +Patch5: ruby-1.8.7.p299_date_remove_privat.patch +Patch6: ruby-1.8.7.p299_pedantic-headers.patch +Patch7: ruby-1.8.7.p72_vendor_specific.patch +Patch8: ruby-1.8.7.p72_topdir.patch Patch9: ruby-1.8.x_digest_non_void_return.patch -Patch10: ruby-1.8.x_openssl-1.0.patch -Patch11: ruby-1.8.x_openssl-1.0-tests.patch -Patch12: ruby-1.8.x_yaml2byte.patch -Patch13: ruby-1.8.x_exception_tainted_message.patch -Patch14: ruby-1.8.x_webrick_charset_issue.patch -Patch15: ruby-1.8.x_fileutils_symlink_race.patch -Patch16: ruby-1.8.x_net_http_close_in_rescue.patch -Patch17: ruby-1.8.x_bigdecimal_memory_corruption.patch +# can be removed on next version update. pulled from svn +Patch10: ruby-1.8.x_openssl_branch_update.patch +Patch11: ruby-1.8.x_yaml2byte.patch +Patch13: ruby-1.8.7.p334_remove_zlib_test_params_test.patch +Patch14: ruby-1.8.x_rubylibdir.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Source3: site-specific.rb @@ -177,6 +173,7 @@ License: GPLv2+ Group: Development/Languages/Ruby Summary: This package contains the HTML docs for ruby +Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif @@ -193,8 +190,8 @@ %package examples License: GPLv2+ Group: Development/Languages/Ruby -Summary: Example scripts for ruby Requires: %{name} = %{version} +Summary: Example scripts for ruby %description examples Example scripts for ruby @@ -208,6 +205,7 @@ %package test-suite License: GPLv2+ Group: Development/Languages/Ruby +Requires: %{name} = %{version} Summary: An Interpreted Object-Oriented Scripting Language %description test-suite @@ -248,8 +246,6 @@ %prep %setup -q -n ruby-%{pkg_version}-%{patch_level} -a2 %{?with_bleak_house:-a6} %patch1 -%patch2 -%patch3 %patch5 %patch6 %patch7 @@ -257,12 +253,8 @@ %patch9 %patch10 %patch11 -%patch12 %patch13 %patch14 -%patch15 -%patch16 -%patch17 %if 0%{?with_bleak_house} for patch in valgrind configure gc ; do patch -p0 < bleak_house-%{bleak_house_version}/ruby/${patch}.patch ++++++ ruby-1.8.7-p249.tar.bz2 -> ruby-1.8.7-p357.tar.bz2 ++++++ ++++ 43691 lines of diff (skipped) ++++++ ruby-1.8.7.p299_date_remove_privat.patch ++++++ === lib/date.rb ================================================================== Index: lib/date.rb =================================================================== --- lib/date.rb.orig 2010-06-08 06:45:42.000000000 +0200 +++ lib/date.rb 2010-07-01 14:07:25.065690840 +0200 @@ -1648,8 +1648,6 @@ class Time DateTime.new!(DateTime.jd_to_ajd(jd, fr, of), of, DateTime::ITALY) end - private :to_date, :to_datetime - end class Date ++++++ ruby-1.8.7.p22_lib64.patch -> ruby-1.8.7.p299_lib64.patch ++++++ --- old-versions/11.3/UPDATES/all/ruby/ruby-1.8.7.p22_lib64.patch 2008-09-06 07:06:38.000000000 +0200 +++ 11.3/ruby/ruby-1.8.7.p299_lib64.patch 2011-12-21 17:54:26.000000000 +0100 @@ -1,8 +1,8 @@ Index: configure.in =================================================================== ---- configure.in.orig 2008-06-15 12:28:47.000000000 +0200 -+++ configure.in 2008-06-21 04:19:24.713590544 +0200 -@@ -1366,7 +1366,7 @@ rb_cv_missing_fconvert=yes, rb_cv_missin +--- configure.in.orig 2010-06-08 11:26:34.000000000 +0200 ++++ configure.in 2010-07-01 14:07:03.849193105 +0200 +@@ -1433,7 +1433,7 @@ rb_cv_missing_fconvert=yes, rb_cv_missin if test "$rb_cv_missing_fconvert" = yes; then AC_DEFINE(MISSING_FCONVERT) fi ++++++ ruby-1.8.7.p299_pedantic-headers.patch ++++++ Index: node.h =================================================================== --- node.h.orig 2009-02-25 07:15:55.000000000 +0100 +++ node.h 2010-07-01 14:07:38.645191446 +0200 @@ -395,7 +395,7 @@ enum rb_thread_status { THREAD_TO_KILL, THREAD_RUNNABLE, THREAD_STOPPED, - THREAD_KILLED, + THREAD_KILLED }; typedef struct rb_thread *rb_thread_t; ++++++ ruby-1.8.7.p334_remove_zlib_test_params_test.patch ++++++ Index: test/zlib/test_zlib.rb =================================================================== --- test/zlib/test_zlib.rb.orig +++ test/zlib/test_zlib.rb @@ -113,36 +113,36 @@ if defined? Zlib assert_equal(true, z.closed?) end - def test_params - z = Zlib::Deflate.new - z << "foo" - z.params(Zlib::DEFAULT_COMPRESSION, Zlib::DEFAULT_STRATEGY) - z << "bar" - s = z.finish - assert_equal("foobar", Zlib::Inflate.inflate(s)) - - data = ('a'..'z').to_a.join - z = Zlib::Deflate.new(Zlib::NO_COMPRESSION, Zlib::MAX_WBITS, - Zlib::DEF_MEM_LEVEL, Zlib::DEFAULT_STRATEGY) - z << data[0, 10] - z.params(Zlib::BEST_COMPRESSION, Zlib::DEFAULT_STRATEGY) - z << data[10 .. -1] - assert_equal(data, Zlib::Inflate.inflate(z.finish)) - - z = Zlib::Deflate.new - s = z.deflate("foo", Zlib::FULL_FLUSH) - z.avail_out = 0 - z.params(Zlib::NO_COMPRESSION, Zlib::FILTERED) - s << z.deflate("bar", Zlib::FULL_FLUSH) - z.avail_out = 0 - z.params(Zlib::BEST_COMPRESSION, Zlib::HUFFMAN_ONLY) - s << z.deflate("baz", Zlib::FINISH) - assert_equal("foobarbaz", Zlib::Inflate.inflate(s)) - - z = Zlib::Deflate.new - assert_raise(Zlib::StreamError) { z.params(10000, 10000) } - z.close # without this, outputs `zlib(finalizer): the stream was freed prematurely.' - end +# def test_params +# z = Zlib::Deflate.new +# z << "foo" +# z.params(Zlib::DEFAULT_COMPRESSION, Zlib::DEFAULT_STRATEGY) +# z << "bar" +# s = z.finish +# assert_equal("foobar", Zlib::Inflate.inflate(s)) +# +# data = ('a'..'z').to_a.join +# z = Zlib::Deflate.new(Zlib::NO_COMPRESSION, Zlib::MAX_WBITS, +# Zlib::DEF_MEM_LEVEL, Zlib::DEFAULT_STRATEGY) +# z << data[0, 10] +# z.params(Zlib::BEST_COMPRESSION, Zlib::DEFAULT_STRATEGY) +# z << data[10 .. -1] +# assert_equal(data, Zlib::Inflate.inflate(z.finish)) +# +# z = Zlib::Deflate.new +# s = z.deflate("foo", Zlib::FULL_FLUSH) +# z.avail_out = 0 +# z.params(Zlib::NO_COMPRESSION, Zlib::FILTERED) +# s << z.deflate("bar", Zlib::FULL_FLUSH) +# z.avail_out = 0 +# z.params(Zlib::BEST_COMPRESSION, Zlib::HUFFMAN_ONLY) +# s << z.deflate("baz", Zlib::FINISH) +# assert_equal("foobarbaz", Zlib::Inflate.inflate(s)) +# +# z = Zlib::Deflate.new +# assert_raise(Zlib::StreamError) { z.params(10000, 10000) } +# z.close # without this, outputs `zlib(finalizer): the stream was freed prematurely.' +# end def test_set_dictionary z = Zlib::Deflate.new ++++++ ruby-1.8.7-p72_topdir.patch -> ruby-1.8.7.p72_topdir.patch ++++++ ++++++ ruby-1.8.7-p72_vendor_specific.patch -> ruby-1.8.7.p72_vendor_specific.patch ++++++ ++++++ ruby-1.8.x_openssl_branch_update.patch ++++++ ++++ 1675 lines (skipped) ++++++ ruby-1.8.x_rubylibdir.patch ++++++ Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -1757,7 +1757,12 @@ case "$target_os" in rubyw_install_name="$RUBYW_INSTALL_NAME" ;; esac -RUBY_LIB_PREFIX=`eval echo \\"${libdir}/ruby\\"` + +AC_ARG_WITH(rubylibdir, + [ --with-rubylibdir=DIR stdlib libraries in DIR [[LIBDIR/ruby]]], + [rubylibdir=$withval], + [rubylibdir='${libdir}/ruby']) +RUBY_LIB_PREFIX=`eval echo \\"${rubylibdir}\\"` AC_ARG_WITH(sitedir, [ --with-sitedir=DIR site libraries in DIR [[LIBDIR/ruby/site_ruby]]], ++++++ ruby-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.icJ3Mi/_old 2012-01-16 01:18:24.000000000 +0100 +++ /var/tmp/diff_new_pack.icJ3Mi/_new 2012-01-16 01:18:24.000000000 +0100 @@ -1,4 +1,5 @@ -addFilter("ruby-test-suite spurious-executable-perm.*/usr/share/doc/packages/ruby-test-suite/runruby.rb") -addFilter("ruby non-executable-script /usr/lib.*/ruby/.*") -addFilter("ruby-doc-html wrong-file-end-of-line-encoding /usr/share/doc/packages/ruby/.*") -addFilter("ruby-test-suite zero-length /usr/share/doc/packages/ruby-test-suite/.*") +addFilter("spurious-executable-perm.*/usr/share/doc/packages/ruby-test-suite/runruby.rb") +addFilter("non-executable-script /usr/lib.*/ruby/.*") +addFilter("wrong-file-end-of-line-encoding /usr/share/doc/packages/ruby/.*") +addFilter("zero-length /usr/share/doc/packages/ruby-test-suite/.*") +addFilter("unexpanded-macro.*/usr/share/ri/.*") continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
