diff --git a/.cvsignore b/.gitignore similarity index 90% rename from .cvsignore rename to .gitignore index d31c9b8..8b4ee53 100644 --- a/.cvsignore +++ b/.gitignore @@ -21,3 +21,5 @@ ruby-1.8.6-p111.tar.bz2 rubyfaq-990927.tar.gz rubyfaq-jp-990927.tar.gz ruby-1.8.6-p114.tar.bz2 +ruby-1.8.6-p230.tar.bz2 +ruby-1.8.6-p287.tar.bz2 diff --git a/Makefile b/Makefile deleted file mode 100644 index d363f5c..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: ruby -# $Id: Makefile,v 1.1 2004/09/09 11:54:27 cvsdist Exp $ -NAME := ruby -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/ruby-1.8.6-rexml-CVE-2008-3790.patch b/ruby-1.8.6-rexml-CVE-2008-3790.patch new file mode 100644 index 0000000..2ce6e1f --- /dev/null +++ b/ruby-1.8.6-rexml-CVE-2008-3790.patch @@ -0,0 +1,96 @@ +diff -pruN ruby-1.8.6-p287.orig/lib/rexml/document.rb ruby-1.8.6-p287/lib/rexml/document.rb +--- ruby-1.8.6-p287.orig/lib/rexml/document.rb 2007-11-04 13:50:15.000000000 +0900 ++++ ruby-1.8.6-p287/lib/rexml/document.rb 2008-10-08 22:25:14.000000000 +0900 +@@ -32,6 +32,7 @@ module REXML + # @param context if supplied, contains the context of the document; + # this should be a Hash. + def initialize( source = nil, context = {} ) ++ @entity_expansion_count = 0 + super() + @context = context + return if source.nil? +@@ -200,6 +201,27 @@ module REXML + Parsers::StreamParser.new( source, listener ).parse + end + ++ @@entity_expansion_limit = 10_000 ++ ++ # Set the entity expansion limit. By defualt the limit is set to 10000. ++ def Document::entity_expansion_limit=( val ) ++ @@entity_expansion_limit = val ++ end ++ ++ # Get the entity expansion limit. By defualt the limit is set to 10000. ++ def Document::entity_expansion_limit ++ return @@entity_expansion_limit ++ end ++ ++ attr_reader :entity_expansion_count ++ ++ def record_entity_expansion ++ @entity_expansion_count += 1 ++ if @entity_expansion_count > @@entity_expansion_limit ++ raise "number of entity expansions exceeded, processing aborted." ++ end ++ end ++ + private + def build( source ) + Parsers::TreeParser.new( source, self ).parse +diff -pruN ruby-1.8.6-p287.orig/lib/rexml/entity.rb ruby-1.8.6-p287/lib/rexml/entity.rb +--- ruby-1.8.6-p287.orig/lib/rexml/entity.rb 2007-07-28 11:46:08.000000000 +0900 ++++ ruby-1.8.6-p287/lib/rexml/entity.rb 2008-10-08 22:25:14.000000000 +0900 +@@ -73,6 +73,7 @@ module REXML + # all entities -- both %ent; and &ent; entities. This differs from + # +value()+ in that +value+ only replaces %ent; entities. + def unnormalized ++ document.record_entity_expansion + v = value() + return nil if v.nil? + @unnormalized = Text::unnormalize(v, parent) +diff -pruN ruby-1.8.6-p287.orig/test/rexml/test_document.rb ruby-1.8.6-p287/test/rexml/test_document.rb +--- ruby-1.8.6-p287.orig/test/rexml/test_document.rb 1970-01-01 09:00:00.000000000 +0900 ++++ ruby-1.8.6-p287/test/rexml/test_document.rb 2008-10-08 22:25:14.000000000 +0900 +@@ -0,0 +1,42 @@ ++require "rexml/document" ++require "test/unit" ++ ++class REXML::TestDocument < Test::Unit::TestCase ++ def test_new ++ doc = REXML::Document.new(< ++Hello world! ++EOF ++ assert_equal("Hello world!", doc.root.children.first.value) ++ end ++ ++ XML_WITH_NESTED_ENTITY = < ++ ++ ++ ++ ++ ++ ++ ++]> ++ ++&a; ++ ++EOF ++ ++ def test_entity_expansion_limit ++ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) ++ assert_raise(RuntimeError) do ++ doc.root.children.first.value ++ end ++ REXML::Document.entity_expansion_limit = 100 ++ assert_equal(100, REXML::Document.entity_expansion_limit) ++ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) ++ assert_raise(RuntimeError) do ++ doc.root.children.first.value ++ end ++ assert_equal(101, doc.entity_expansion_count) ++ end ++end diff --git a/ruby-1.8.6.111-CVE-2007-5162.patch b/ruby-1.8.6.111-CVE-2007-5162.patch deleted file mode 100644 index 5ed628d..0000000 --- a/ruby-1.8.6.111-CVE-2007-5162.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb ---- ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb 2007-02-13 08:01:19.000000000 +0900 -+++ ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb 2007-10-29 21:10:24.000000000 +0900 -@@ -29,13 +29,23 @@ require 'net/ftp' - - module Net - class FTPTLS < FTP -+ def connect(host, port=FTP_PORT) -+ @hostname = host -+ super -+ end -+ - def login(user = "anonymous", passwd = nil, acct = nil) -+ store = OpenSSL::X509::Store.new -+ store.set_default_paths - ctx = OpenSSL::SSL::SSLContext.new('SSLv23') -+ ctx.cert_store = store -+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER - ctx.key = nil - ctx.cert = nil - voidcmd("AUTH TLS") - @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx) - @sock.connect -+ @sock.post_connection_check(@hostname) - super(user, passwd, acct) - voidcmd("PBSZ 0") - end -diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb ---- ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb 2007-02-13 08:01:19.000000000 +0900 -+++ ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb 2007-10-29 21:13:03.000000000 +0900 -@@ -134,6 +134,9 @@ module Net - @sock.verify_callback = @options['VerifyCallback'] - @sock.verify_depth = @options['VerifyDepth'] - @sock.connect -+ if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE -+ @sock.post_connection_check(@options['Host']) -+ end - @ssl = true - end - '' -diff -pruN ruby-1.8.6-p111.orig/lib/net/http.rb ruby-1.8.6-p111/lib/net/http.rb ---- ruby-1.8.6-p111.orig/lib/net/http.rb 2007-09-24 17:12:24.000000000 +0900 -+++ ruby-1.8.6-p111/lib/net/http.rb 2007-10-29 21:12:12.000000000 +0900 -@@ -470,7 +470,6 @@ module Net #:nodoc: - @debug_output = nil - @use_ssl = false - @ssl_context = nil -- @enable_post_connection_check = false - end - - def inspect -@@ -527,9 +526,6 @@ module Net #:nodoc: - false # redefined in net/https - end - -- # specify enabling SSL server certificate and hostname checking. -- attr_accessor :enable_post_connection_check -- - # Opens TCP connection and HTTP session. - # - # When this method is called with block, gives a HTTP object -@@ -589,12 +585,7 @@ module Net #:nodoc: - end - s.connect - if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE -- begin -- s.post_connection_check(@address) -- rescue OpenSSL::SSL::SSLError => ex -- raise ex if @enable_post_connection_check -- warn ex.message -- end -+ s.post_connection_check(@address) - end - end - on_connect -diff -pruN ruby-1.8.6-p111.orig/lib/net/imap.rb ruby-1.8.6-p111/lib/net/imap.rb ---- ruby-1.8.6-p111.orig/lib/net/imap.rb 2007-08-22 08:28:09.000000000 +0900 -+++ ruby-1.8.6-p111/lib/net/imap.rb 2007-10-29 21:14:38.000000000 +0900 -@@ -900,6 +900,7 @@ module Net - end - @sock = SSLSocket.new(@sock, context) - @sock.connect # start ssl session. -+ @sock.post_connection_check(@host) if verify - else - @usessl = false - end -diff -pruN ruby-1.8.6-p111.orig/lib/open-uri.rb ruby-1.8.6-p111/lib/open-uri.rb ---- ruby-1.8.6-p111.orig/lib/open-uri.rb 2007-09-24 17:12:24.000000000 +0900 -+++ ruby-1.8.6-p111/lib/open-uri.rb 2007-10-29 21:16:03.000000000 +0900 -@@ -229,7 +229,6 @@ module OpenURI - if target.class == URI::HTTPS - require 'net/https' - http.use_ssl = true -- http.enable_post_connection_check = true - http.verify_mode = OpenSSL::SSL::VERIFY_PEER - store = OpenSSL::X509::Store.new - store.set_default_paths diff --git a/ruby-fix-autoconf-magic-code.patch b/ruby-fix-autoconf-magic-code.patch deleted file mode 100644 index 58ac75f..0000000 --- a/ruby-fix-autoconf-magic-code.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ruN ruby-1.8.4.orig/mkconfig.rb ruby-1.8.4/mkconfig.rb ---- ruby-1.8.4.orig/mkconfig.rb 2006-07-19 20:39:48.000000000 +0900 -+++ ruby-1.8.4/mkconfig.rb 2006-07-19 20:40:12.000000000 +0900 -@@ -37,6 +37,7 @@ - has_version = false - File.foreach "config.status" do |line| - next if /^#/ =~ line -+ line.gsub!(/\|#_!!_#\|/, '') - if /^s[%,]@program_transform_name@[%,]s,(.*)/ =~ line - next if $install_name - ptn = $1.sub(/\$\$/, '$').split(/,/) #' diff --git a/ruby.spec b/ruby.spec index 4d0e325..f1f4628 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %define rubyxver 1.8 %define rubyver 1.8.6 -%define _patchlevel 114 +%define _patchlevel 287 %define dotpatchlevel %{?_patchlevel:.%{_patchlevel}} %define patchlevel %{?_patchlevel:-p%{_patchlevel}} %define arcver %{rubyver}%{?patchlevel} @@ -12,7 +12,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 1%{?dist} +Release: 2%{?dist} License: Ruby or GPLv2 URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -35,8 +35,8 @@ Patch20: ruby-rubyprefix.patch Patch21: ruby-deprecated-sitelib-search-path.patch Patch22: ruby-deprecated-search-path.patch Patch23: ruby-multilib.patch -Patch24: ruby-1.8.6.111-CVE-2007-5162.patch Patch25: ruby-1.8.6.111-gcc43.patch +Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch Summary: An interpreter of object-oriented scripting language Group: Development/Languages @@ -156,8 +156,8 @@ pushd %{name}-%{arcver} %patch22 -p1 %patch23 -p1 %endif -%patch24 -p1 %patch25 -p1 +%patch26 -p1 popd %build @@ -514,6 +514,41 @@ rm -rf tmp-ruby-docs %endif %changelog +* Wed Oct 8 2008 Akira TAGOH - 1.8.6.287-2 +- CVE-2008-3790: DoS vulnerability in the REXML module. + +* Sat Aug 23 2008 Akira TAGOH - 1.8.6.287-1 +- New upstream release. +- Security fixes. + - CVE-2008-3655: Ruby does not properly restrict access to critical + variables and methods at various safe levels. + - CVE-2008-3656: DoS vulnerability in WEBrick. + - CVE-2008-3657: Lack of taintness check in dl. + - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb. + - CVE-2008-3443: Memory allocation failure in Ruby regex engine. +- Remove the unnecessary backported patches. + +* Tue Jul 1 2008 Akira TAGOH - 1.8.6.230-4 +- Backported from upstream SVN to fix a segfault issue with Array#fill. + +* Mon Jun 30 2008 Akira TAGOH - 1.8.6.230-3 +- Backported from upstream SVN to fix a segfault issue. (#452825) +- Backported from upstream SVN to fix an integer overflow in rb_ary_fill. + +* Wed Jun 25 2008 Akira TAGOH - 1.8.6.230-2 +- Fix a segfault issue. (#452809) + +* Tue Jun 24 2008 Akira TAGOH - 1.8.6.230-1 +- New upstream release. +- Security fixes. (#452294). + - CVE-2008-1891: WEBrick CGI source disclosure. + - CVE-2008-2662: Integer overflow in rb_str_buf_append(). + - CVE-2008-2663: Integer overflow in rb_ary_store(). + - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). + - CVE-2008-2725: Integer overflow in rb_ary_splice(). + - CVE-2008-2726: Integer overflow in rb_ary_splice(). +- ruby-1.8.6.111-CVE-2007-5162.patch: removed. + * Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) diff --git a/sources b/sources index 1dcdc28..881802a 100644 --- a/sources +++ b/sources @@ -3,4 +3,4 @@ d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz e1d38b7d4f1be55726d6927a3395ce3b ruby-1.8.6-p111.tar.bz2 634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz 4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz -b4d0c74497f684814bcfbb41b7384a71 ruby-1.8.6-p114.tar.bz2 +80b5f3db12531d36e6c81fac6d05dda9 ruby-1.8.6-p287.tar.bz2