Also backport fix for the left part of CVE-2011-1005 (causing the

same issue as CVE-2012-4464)
  (Vít Ondruch <vondruch@redhat.com>)
This commit is contained in:
TASAKA Mamoru 2012-10-05 18:26:21 +09:00
commit f95865cef3
3 changed files with 36 additions and 15 deletions

View file

@ -0,0 +1,29 @@
Backported fix for CVE-2012-4464,4466 on trunk:rev37068 to 1.8.7 branch.
Note that for ruby-1.8 branch, there was a fix for CVE-2011-1005 on rev 30903,
however the fix proved to be incomplete.
Mamoru Tasaka <mtasaka@fedoraproject.org>
--- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900
+++ ruby-1.8.7-p358/error.c 2012-10-04 23:58:12.000000000 +0900
@@ -665,9 +665,11 @@
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
StringValue(str);
+#if 0
if (str != mesg) {
OBJ_INFECT(str, mesg);
}
+#endif
return str;
}
@@ -757,7 +759,6 @@
args[2] = d;
mesg = rb_f_sprintf(3, args);
}
- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg);
return mesg;
}

View file

@ -1,13 +0,0 @@
Backported fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
Mamoru Tasaka <mtasaka@fedoraproject.org>
--- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900
+++ ruby-1.8.7-p358/error.c 2012-10-04 22:32:06.000000000 +0900
@@ -757,7 +757,6 @@ name_err_mesg_to_str(obj)
args[2] = d;
mesg = rb_f_sprintf(3, args);
}
- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg);
return mesg;
}

View file

@ -17,7 +17,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
Release: 3%{?dist}
Release: 4%{?dist}
# Please check if ruby upstream changes this to "Ruby or GPLv2+"
License: Ruby or GPLv2
URL: http://www.ruby-lang.org/
@ -64,7 +64,7 @@ Patch33: ruby-1.8.7-p249-mkmf-use-shared.patch
# bug 718695
Patch34: ruby-1.8.7-p352-path-uniq.patch
# Backported fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
Patch35: ruby-1.8.7-p358-CVE-2012-4466.patch
Patch35: ruby-1.8.7-p358-CVE-2012-4464-4466.patch
# Change ruby load path to conform to Fedora/ruby
# library placement (various 1.8.6 patches consolidated into this)
Patch100: ruby-1.8.7-lib-paths.patch
@ -547,6 +547,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/ri
%changelog
* Fri Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-4
- Also backport fix for the left part of CVE-2011-1005 (causing the
same issue as CVE-2012-4464)
(Vít Ondruch <vondruch@redhat.com>)
* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-3
- Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch