rpms/ruby/devel import.log, NONE, 1.1 ruby-1.8.6-p287-CVE-2008-5189.patch, NONE, 1.1 ruby-1.8.6-p287-remove-ssl-rand-range.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 ruby.spec, 1.127, 1.128 sources, 1.26, 1.27 ruby-1.8.6-ossl-rand-range.patch, 1.1, NONE
Jeroen van Meeuwen
kanarip at fedoraproject.org
Sun Mar 15 05:56:49 UTC 2009
Author: kanarip
Update of /cvs/pkgs/rpms/ruby/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9463/devel
Modified Files:
.cvsignore ruby.spec sources
Added Files:
import.log ruby-1.8.6-p287-CVE-2008-5189.patch
ruby-1.8.6-p287-remove-ssl-rand-range.patch
Removed Files:
ruby-1.8.6-ossl-rand-range.patch
Log Message:
1.8.6.287-4
--- NEW FILE import.log ---
ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558
ruby-1.8.6-p287-CVE-2008-5189.patch:
--- NEW FILE ruby-1.8.6-p287-CVE-2008-5189.patch ---
--- lib/cgi.rb (revision 19665)
+++ lib/cgi.rb (working copy)
@@ -546,6 +546,11 @@
when Hash
options = options.dup
end
+ options.each_value do |value|
+ if /\n(?![ \t])/ === value
+ raise ArgumentError, "potential HTTP header injection detected"
+ end
+ end
unless options.has_key?("type")
options["type"] = "text/html"
ruby-1.8.6-p287-remove-ssl-rand-range.patch:
--- NEW FILE ruby-1.8.6-p287-remove-ssl-rand-range.patch ---
diff -ur ruby-1.8.6-p287.orig/ext/openssl/openssl_missing.c ruby-1.8.6-p287/ext/openssl/openssl_missing.c
--- ruby-1.8.6-p287.orig/ext/openssl/openssl_missing.c 2007-02-13 00:01:19.000000000 +0100
+++ ruby-1.8.6-p287/ext/openssl/openssl_missing.c 2009-03-15 05:32:31.000000000 +0100
@@ -43,7 +43,7 @@
{
return CRYPTO_set_ex_data(&str->ex_data, idx, data);
}
-
+
void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
{
return CRYPTO_get_ex_data(&str->ex_data, idx);
@@ -113,7 +113,7 @@
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-/*
+/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
* tested on 0.9.7d.
@@ -182,12 +182,12 @@
(ASN1_STRING *)(*a)->serialNumber,
(ASN1_STRING *)(*b)->serialNumber));
}
-
+
int
X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
{
X509_CRL_INFO *inf;
-
+
inf = crl->crl;
if (!inf->revoked)
inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
@@ -233,54 +233,6 @@
}
#endif
-#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-static int
-bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
-{
- int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
- int n;
-
- if (range->neg || BN_is_zero(range)) return 0;
-
- n = BN_num_bits(range);
-
- if (n == 1) {
- if (!BN_zero(r)) return 0;
- } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
- do {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
- if (BN_cmp(r ,range) >= 0) {
- if (!BN_sub(r, r, range)) return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
- } while (BN_cmp(r, range) >= 0);
- } else {
- do {
- if (!bn_rand(r, n, -1, 0)) return 0;
- } while (BN_cmp(r, range) >= 0);
- }
-
- return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int
-BN_rand_range(BIGNUM *r, BIGNUM *range)
-{
- return bn_rand_range(0, r, range);
-}
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int
-BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
-{
- return bn_rand_range(1, r, range);
-}
-#endif
-
#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
#define OPENSSL_CONF "openssl.cnf"
char *
@@ -315,7 +267,7 @@
{
int i,j;
const char *prompt;
-
+
if (key) {
i = strlen(key);
i = (i > num) ? num : i;
diff -ur ruby-1.8.6-p287.orig/ext/openssl/openssl_missing.h ruby-1.8.6-p287/ext/openssl/openssl_missing.h
--- ruby-1.8.6-p287.orig/ext/openssl/openssl_missing.h 2008-08-04 06:43:34.000000000 +0200
+++ ruby-1.8.6-p287/ext/openssl/openssl_missing.h 2009-03-15 05:33:56.000000000 +0100
@@ -120,8 +120,6 @@
int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int BN_rand_range(BIGNUM *r, BIGNUM *range);
-int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
char *CONF_get1_default_config_file(void);
int PEM_def_callback(char *buf, int num, int w, void *key);
Only in ruby-1.8.6-p287/ext/openssl: .openssl_missing.h.swp
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- .cvsignore 23 Aug 2008 08:58:47 -0000 1.27
+++ .cvsignore 15 Mar 2009 05:56:17 -0000 1.28
@@ -1,25 +1,4 @@
-ruby-1.8.1.tar.gz
-ruby-man-1.4.6.tar.bz2
+ruby-1.8.6-p287.tar.bz2
ruby-refm-rdp-1.8.1-ja-html.tar.gz
-rubyfaq-990927.tar.bz2
-rubyfaq-jp-990927.tar.bz2
-*.rpm
-*.gz
-*.bz2
-ruby-1.8.2.tar.gz
-ruby-1.8.3.tar.gz
-ruby-1.8.4-preview1.tar.gz
-ruby-1.8.4-preview2.tar.gz
-ruby-1.8.4.tar.gz
-ruby-1.8.5.tar.gz
-ruby-1.8.5-p2.tar.gz
-ruby-1.8.5-p12.tar.gz
-ruby-1.8.6.tar.bz2
-ruby-1.8.6-p36.tar.bz2
-ruby-1.8.6-p110.tar.bz2
-ruby-1.8.6-p111.tar.bz2
rubyfaq-990927.tar.gz
rubyfaq-jp-990927.tar.gz
-ruby-1.8.6-p114.tar.bz2
-ruby-1.8.6-p230.tar.bz2
-ruby-1.8.6-p287.tar.bz2
Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/ruby.spec,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -r1.127 -r1.128
--- ruby.spec 25 Feb 2009 21:15:53 -0000 1.127
+++ ruby.spec 15 Mar 2009 05:56:18 -0000 1.128
@@ -34,8 +34,9 @@
Patch22: ruby-deprecated-search-path.patch
Patch23: ruby-multilib.patch
Patch25: ruby-1.8.6.111-gcc43.patch
-Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch
-Patch27: ruby-1.8.6-ossl-rand-range.patch
+Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch
+Patch27: ruby-1.8.6-p287-CVE-2008-5189.patch
+Patch28: ruby-1.8.6-p287-remove-ssl-rand-range.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -155,7 +156,8 @@
%endif
%patch25 -p1
%patch26 -p1
-%patch27 -p1
+%patch27 -p0
+%patch28 -p1
popd
%build
@@ -167,7 +169,7 @@
rb_cv_func_strtod=no
export rb_cv_func_strtod
-CFLAGS="$RPM_OPT_FLAGS -Wall"
+CFLAGS="$RPM_OPT_FLAGS -Wall -O0 -fno-strict-aliasing"
export CFLAGS
%configure \
--with-sitedir='%{sitedir}' \
@@ -281,11 +283,11 @@
find -type f | xargs chmod 0644
# convert to utf-8
-for i in `find -type f`; do
- iconv -f utf-8 -t utf-8 $i > /dev/null 2>&1 || (iconv -f euc-jp -t utf-8 $i > $i.new && mv $i.new $i || exit 1)
- if [ $? != 0 ]; then
- iconv -f iso8859-1 -t utf-8 $i > $.new && mv $i.new $i || exit 1
- fi
+for i in `find -type f ! -name "*.gif"`; do
+ sh -c "iconv -f utf-8 -t utf-8 $i > /dev/null 2>&1 || (iconv -f euc-jp -t utf-8 $i > $i.new && mv $i.new $i || exit 1)
+ if [ $? != 0 ]; then
+ iconv -f iso8859-1 -t utf-8 $i > $.new && mv $i.new $i || exit 1
+ fi"
done
# done
@@ -328,6 +330,8 @@
sed -i -e '/^#!.*/,1D' $i
done
+find $RPM_BUILD_ROOT/ -name "*.so" -exec chmod 755 {} \;
+
%clean
rm -rf $RPM_BUILD_ROOT
rm -rf tmp-ruby-docs
@@ -343,10 +347,10 @@
%doc %{name}-%{arcver}/GPL
%doc %{name}-%{arcver}/LEGAL
%doc %{name}-%{arcver}/LGPL
-%doc %{name}-%{arcver}/NEWS
+%doc %{name}-%{arcver}/NEWS
%doc %{name}-%{arcver}/README
%lang(ja) %doc %{name}-%{arcver}/README.ja
-%doc %{name}-%{arcver}/ToDo
+%doc %{name}-%{arcver}/ToDo
%doc %{name}-%{arcver}/doc/ChangeLog-1.8.0
%doc %{name}-%{arcver}/doc/NEWS-1.8.0
%doc tmp-ruby-docs/ruby/*
@@ -506,12 +510,11 @@
%{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el
%changelog
-* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.6.287-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+* Thu Mar 05 2009 Jeroen van Meeuwen <kanarip at fedoraproject.org> - 1.8.6.287-4
+- Rebuild for gcc4.4
-* Mon Jan 26 2009 Tomas Mraz <tmraz at redhat.com> - 1.8.6.287-3
-- rebuild with new openssl
-- BN_rand_range functions are now constified
+* Fri Feb 27 2009 Jeroen van Meeuwen <kanarip at fedoraproject.org> - 1.8.6.287-3
+- CVE-2008-5189: CGI header injection.
* Wed Oct 8 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.287-2
- CVE-2008-3790: DoS vulnerability in the REXML module.
@@ -891,8 +894,8 @@
* Mon Dec 16 2002 Elliot Lee <sopwith at redhat.com> 1.6.7-13
- Remove ExcludeArch: x86_64
-- Fix x86_64 ruby with long2int.patch (ruby was assuming that sizeof(long)
- == sizeof(int). The patch does not fix the source of the problem, just
+- Fix x86_64 ruby with long2int.patch (ruby was assuming that sizeof(long)
+ == sizeof(int). The patch does not fix the source of the problem, just
makes it a non-issue.)
- _smp_mflags
@@ -949,7 +952,7 @@
removed.
- ruby-1.6.7-100.patch: applied a bug fix patch.
(ruby-dev#16274: patch for 'wm state')
- (PR#206ja: SEGV handle EXIT)
+ (PR#206ja: SEGV handle EXIT)
- ruby-1.6.7-101.patch: applied a bug fix patch.
(ruby-list#34313: singleton should not be Marshal.dump'ed)
(ruby-dev#16411: block local var)
@@ -1050,7 +1053,7 @@
* Thu Dec 14 2000 akira yamada <akira at vinelinux.org>
- Removed ruby_cvs.2000101901.patch, added ruby_cvs.2000121413.patch
(upgraded ruby to latest cvs version).
-- Removed ruby-dev.11262.patch, ruby-dev.11265.patch,
+- Removed ruby-dev.11262.patch, ruby-dev.11265.patch,
and ruby-dev.11268.patch (included into above patch).
* Sun Nov 12 2000 MACHINO, Satoshi <machino at vinelinux.org> 1.6.1-0vl9
@@ -1064,7 +1067,7 @@
(upgraded ruby to latest cvs version).
- Added ruby-dev.11262.patch.
- Added ruby-dev.11265.patch.
-
+
* Wed Oct 11 2000 akira yamada <akira at vinelinux.org>
- Removed ruby_cvs.2000100313.patch and added ruby_cvs.2000101117.patch
(upgraded ruby to latest cvs version).
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/sources,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- sources 23 Aug 2008 08:58:47 -0000 1.26
+++ sources 15 Mar 2009 05:56:18 -0000 1.27
@@ -1,5 +1,4 @@
-8336b859400795ec51d05878c1a658b7 ruby-man-1.4.6.tar.bz2
+80b5f3db12531d36e6c81fac6d05dda9 ruby-1.8.6-p287.tar.bz2
d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz
634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz
4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz
-80b5f3db12531d36e6c81fac6d05dda9 ruby-1.8.6-p287.tar.bz2
--- ruby-1.8.6-ossl-rand-range.patch DELETED ---
More information about the fedora-extras-commits
mailing list