rpms/ruby/F-9 .cvsignore, 1.26, 1.27 ruby.spec, 1.120, 1.121 sources, 1.24, 1.25 ruby-1.8.6.230-p238.patch, 1.1, NONE ruby-1.8.6.230-p248.patch, 1.1, NONE ruby-1.8.6.230-p257.patch, 1.1, NONE ruby-1.8.6.230-string-str_buf_cat.patch, 1.1, NONE ruby-fix-autoconf-magic-code.patch, 1.1, NONE
Akira TAGOH
tagoh at fedoraproject.org
Sat Aug 23 09:05:51 UTC 2008
- Previous message (by thread): rpms/awstats/EL-5 awstats-6.7-CVE-2008-3714.patch, NONE, 1.1 awstats.spec, 1.21, 1.22
- Next message (by thread): rpms/ruby/F-8 .cvsignore, 1.25, 1.26 ruby.spec, 1.109, 1.110 sources, 1.23, 1.24 ruby-1.8.6.230-p238.patch, 1.1, NONE ruby-1.8.6.230-p248.patch, 1.1, NONE ruby-1.8.6.230-p257.patch, 1.1, NONE ruby-1.8.6.230-string-str_buf_cat.patch, 1.1, NONE ruby-fix-autoconf-magic-code.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tagoh
Update of /cvs/pkgs/rpms/ruby/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29572
Modified Files:
.cvsignore ruby.spec sources
Removed Files:
ruby-1.8.6.230-p238.patch ruby-1.8.6.230-p248.patch
ruby-1.8.6.230-p257.patch
ruby-1.8.6.230-string-str_buf_cat.patch
ruby-fix-autoconf-magic-code.patch
Log Message:
* Sat Aug 23 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.287-1
- New upstream release.
- Security fixes.
- CVE-2008-3655: Ruby does not properly restrict access to critical
variables and methods at various safe levels.
- CVE-2008-3656: DoS vulnerability in WEBrick.
- CVE-2008-3657: Lack of taintness check in dl.
- CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine.
- Remove the unnecessary backported patches.
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/.cvsignore,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- .cvsignore 24 Jun 2008 03:19:02 -0000 1.26
+++ .cvsignore 23 Aug 2008 09:05:21 -0000 1.27
@@ -22,3 +22,4 @@
rubyfaq-jp-990927.tar.gz
ruby-1.8.6-p114.tar.bz2
ruby-1.8.6-p230.tar.bz2
+ruby-1.8.6-p287.tar.bz2
Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/ruby.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- ruby.spec 1 Jul 2008 08:15:00 -0000 1.120
+++ ruby.spec 23 Aug 2008 09:05:21 -0000 1.121
@@ -1,6 +1,6 @@
%define rubyxver 1.8
%define rubyver 1.8.6
-%define _patchlevel 230
+%define _patchlevel 287
%define dotpatchlevel %{?_patchlevel:.%{_patchlevel}}
%define patchlevel %{?_patchlevel:-p%{_patchlevel}}
%define arcver %{rubyver}%{?patchlevel}
@@ -12,7 +12,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
-Release: 4%{?dist}
+Release: 1%{?dist}
License: Ruby or GPLv2
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -36,10 +36,6 @@
Patch22: ruby-deprecated-search-path.patch
Patch23: ruby-multilib.patch
Patch25: ruby-1.8.6.111-gcc43.patch
-Patch26: ruby-1.8.6.230-string-str_buf_cat.patch
-Patch27: ruby-1.8.6.230-p238.patch
-Patch28: ruby-1.8.6.230-p248.patch
-Patch29: ruby-1.8.6.230-p257.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -160,10 +156,6 @@
%patch23 -p1
%endif
%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
popd
%build
@@ -520,6 +512,17 @@
%endif
%changelog
+* Sat Aug 23 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.287-1
+- New upstream release.
+- Security fixes.
+ - CVE-2008-3655: Ruby does not properly restrict access to critical
+ variables and methods at various safe levels.
+ - CVE-2008-3656: DoS vulnerability in WEBrick.
+ - CVE-2008-3657: Lack of taintness check in dl.
+ - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
+ - CVE-2008-3443: Memory allocation failure in Ruby regex engine.
+- Remove the unnecessary backported patches.
+
* Tue Jul 1 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-4
- Backported from upstream SVN to fix a segfault issue with Array#fill.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-9/sources,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- sources 24 Jun 2008 03:19:02 -0000 1.24
+++ sources 23 Aug 2008 09:05:21 -0000 1.25
@@ -3,4 +3,4 @@
e1d38b7d4f1be55726d6927a3395ce3b ruby-1.8.6-p111.tar.bz2
634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz
4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz
-3eceb42d4fc56398676c20a49ac7e044 ruby-1.8.6-p230.tar.bz2
+80b5f3db12531d36e6c81fac6d05dda9 ruby-1.8.6-p287.tar.bz2
--- ruby-1.8.6.230-p238.patch DELETED ---
--- ruby-1.8.6.230-p248.patch DELETED ---
--- ruby-1.8.6.230-p257.patch DELETED ---
--- ruby-1.8.6.230-string-str_buf_cat.patch DELETED ---
--- ruby-fix-autoconf-magic-code.patch DELETED ---
- Previous message (by thread): rpms/awstats/EL-5 awstats-6.7-CVE-2008-3714.patch, NONE, 1.1 awstats.spec, 1.21, 1.22
- Next message (by thread): rpms/ruby/F-8 .cvsignore, 1.25, 1.26 ruby.spec, 1.109, 1.110 sources, 1.23, 1.24 ruby-1.8.6.230-p238.patch, 1.1, NONE ruby-1.8.6.230-p248.patch, 1.1, NONE ruby-1.8.6.230-p257.patch, 1.1, NONE ruby-1.8.6.230-string-str_buf_cat.patch, 1.1, NONE ruby-fix-autoconf-magic-code.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list