From f95865cef3d0a40481629ea3233aba84b3eac0ca Mon Sep 17 00:00:00 2001 From: TASAKA Mamoru Date: Fri, 5 Oct 2012 18:26:21 +0900 Subject: [PATCH] Also backport fix for the left part of CVE-2011-1005 (causing the MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit same issue as CVE-2012-4464) (Vít Ondruch ) --- ruby-1.8.7-p358-CVE-2012-4464-4466.patch | 29 ++++++++++++++++++++++++ ruby-1.8.7-p358-CVE-2012-4466.patch | 13 ----------- ruby.spec | 9 ++++++-- 3 files changed, 36 insertions(+), 15 deletions(-) create mode 100644 ruby-1.8.7-p358-CVE-2012-4464-4466.patch delete mode 100644 ruby-1.8.7-p358-CVE-2012-4466.patch diff --git a/ruby-1.8.7-p358-CVE-2012-4464-4466.patch b/ruby-1.8.7-p358-CVE-2012-4464-4466.patch new file mode 100644 index 0000000..6787d6f --- /dev/null +++ b/ruby-1.8.7-p358-CVE-2012-4464-4466.patch @@ -0,0 +1,29 @@ +Backported fix for CVE-2012-4464,4466 on trunk:rev37068 to 1.8.7 branch. +Note that for ruby-1.8 branch, there was a fix for CVE-2011-1005 on rev 30903, +however the fix proved to be incomplete. + +Mamoru Tasaka + + +--- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900 ++++ ruby-1.8.7-p358/error.c 2012-10-04 23:58:12.000000000 +0900 +@@ -665,9 +665,11 @@ + + if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); + StringValue(str); ++#if 0 + if (str != mesg) { + OBJ_INFECT(str, mesg); + } ++#endif + return str; + } + +@@ -757,7 +759,6 @@ + args[2] = d; + mesg = rb_f_sprintf(3, args); + } +- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg); + return mesg; + } + diff --git a/ruby-1.8.7-p358-CVE-2012-4466.patch b/ruby-1.8.7-p358-CVE-2012-4466.patch deleted file mode 100644 index 3bcafa2..0000000 --- a/ruby-1.8.7-p358-CVE-2012-4466.patch +++ /dev/null @@ -1,13 +0,0 @@ -Backported fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch -Mamoru Tasaka - ---- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900 -+++ ruby-1.8.7-p358/error.c 2012-10-04 22:32:06.000000000 +0900 -@@ -757,7 +757,6 @@ name_err_mesg_to_str(obj) - args[2] = d; - mesg = rb_f_sprintf(3, args); - } -- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg); - return mesg; - } - diff --git a/ruby.spec b/ruby.spec index e1c2cdd..b021b11 100644 --- a/ruby.spec +++ b/ruby.spec @@ -17,7 +17,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 3%{?dist} +Release: 4%{?dist} # Please check if ruby upstream changes this to "Ruby or GPLv2+" License: Ruby or GPLv2 URL: http://www.ruby-lang.org/ @@ -64,7 +64,7 @@ Patch33: ruby-1.8.7-p249-mkmf-use-shared.patch # bug 718695 Patch34: ruby-1.8.7-p352-path-uniq.patch # Backported fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch -Patch35: ruby-1.8.7-p358-CVE-2012-4466.patch +Patch35: ruby-1.8.7-p358-CVE-2012-4464-4466.patch # Change ruby load path to conform to Fedora/ruby # library placement (various 1.8.6 patches consolidated into this) Patch100: ruby-1.8.7-lib-paths.patch @@ -547,6 +547,11 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/ri %changelog +* Fri Oct 04 2012 Mamoru Tasaka - 1.8.7.358-4 +- Also backport fix for the left part of CVE-2011-1005 (causing the + same issue as CVE-2012-4464) + (Vít Ondruch ) + * Thu Oct 04 2012 Mamoru Tasaka - 1.8.7.358-3 - Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch