Update to 1.8.7 p371

same issue as CVE-2012-4464)
  (Vít Ondruch <vondruch@redhat.com>)

.gitignore

@@ -7,3 +7,6 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
 /ruby-1.8.7-p334.tar.bz2
 /ruby-1.8.7-p352.tar.bz2
 /ruby-revc2dfaa7d40531aef3706bcc16f38178b0c6633ee-ext_tk.tar.gz
+/ruby-1.8.7-p357.tar.bz2
+/ruby-1.8.7-p358.tar.bz2
+/ruby-1.8.7-p371.tar.bz2

ruby-1.8.7-p358-CVE-2012-4464-4466.patch

@@ -0,0 +1,29 @@
+Backported fix for CVE-2012-4464,4466 on trunk:rev37068 to 1.8.7 branch.
+Note that for ruby-1.8 branch, there was a fix for CVE-2011-1005 on rev 30903,
+however the fix proved to be incomplete.
+
+Mamoru Tasaka <mtasaka@fedoraproject.org>
+
+
+--- ruby-1.8.7-p358/error.c.sec	2011-02-18 21:32:35.000000000 +0900
++++ ruby-1.8.7-p358/error.c	2012-10-04 23:58:12.000000000 +0900
+@@ -665,9 +665,11 @@
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
++#if 0
+     if (str != mesg) {
+ 	OBJ_INFECT(str, mesg);
+     }
++#endif
+     return str;
+ }
+ 
+@@ -757,7 +759,6 @@
+ 	args[2] = d;
+ 	mesg = rb_f_sprintf(3, args);
+     }
+-    if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg);
+     return mesg;
+ }
+ 

ruby.spec

@@ -1,6 +1,6 @@
 %global	rubyxver	1.8
 %global	rubyver	1.8.7
-%global	_patchlevel	352
+%global	_patchlevel	371
 
 %global	dotpatchlevel	%{?_patchlevel:.%{_patchlevel}}
 %global	patchlevel	%{?_patchlevel:-p%{_patchlevel}}
@@ -11,7 +11,7 @@
 %{!?sitelibbase:	%global sitelibbase	%{vendorlibbase}/site_ruby}
 %{!?sitearchbase:	%global sitearchbase	%{vendorarchbase}/site_ruby}
 
-%global	_normalized_cpu	%(echo %{_target_cpu} | sed 's/^ppc/powerpc/;s/i.86/i386/;s/sparcv./sparc/;s/armv.*/arm/')
+%global	_normalized_cpu	%(echo %{_target_cpu} | sed 's/^ppc/powerpc/;s/i.86/i386/;s/sparcv./sparc/')
 # Fri Jul 15 21:28:10 2011 +0000
 %global	ruby_tk_git_revision	c2dfaa7d40531aef3706bcc16f38178b0c6633ee
 
@@ -24,7 +24,9 @@ URL:		http://www.ruby-lang.org/
 
 BuildRequires:	compat-readline5-devel
 BuildRequires:	db4-devel
+%if 0%{?fedora} < 17
 BuildRequires:	gdbm-devel
+%endif
 BuildRequires:	libX11-devel
 BuildRequires:	ncurses-devel
 BuildRequires:	openssl-devel
@@ -61,6 +63,8 @@ Patch33:	ruby-1.8.7-p249-mkmf-use-shared.patch
 # Remove duplicate path entry
 # bug 718695
 Patch34:	ruby-1.8.7-p352-path-uniq.patch
+# Backported fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
+#Patch35:	ruby-1.8.7-p358-CVE-2012-4464-4466.patch
 # Change ruby load path to conform to Fedora/ruby
 # library placement (various 1.8.6 patches consolidated into this)
 Patch100:	ruby-1.8.7-lib-paths.patch
@@ -182,6 +186,7 @@ pushd %{name}-%{arcver}
 %patch29 -p1
 %patch33 -p1
 %patch34 -p1
+#%%patch35 -p1
 %patch100 -p1
 
 ( 
@@ -200,6 +205,11 @@ popd
 # when it is no longer needed.
 sed -i.redirect  -e '\@RUBY@s@\.rb >@\.rb | cat >@' %{name}-%{arcver}/ext/dl/depend
 
+# Disable gdbm support on F-17 for now
+%if 0%{?fedora} >= 17
+sed -i '\@dblib =@s|gdbm[^ ]*||g' %{name}-%{arcver}/ext/dbm/extconf.rb
+%endif
+
 
 %build
 pushd %{name}-%{arcver}
@@ -314,7 +324,7 @@ find -type f | xargs chmod 0644
 grep -rl '#![ \t]*%{_prefix}/local/bin' . | \
 	xargs sed -i -e '1s|\(#![ \t]*\)%{_prefix}/local/bin|\1%{_bindir}|'
 grep -rl '#![ \t]*\./ruby' . | \
-	xargs sed -i -e '1s|\(#![ \t]*\)\./ruby|%{_bindir}/ruby|'
+	xargs sed -i -e '1s|\(#![ \t]*\)\./ruby|\1%{_bindir}/ruby|'
 
 # Fix encoding
 # Suppress message
@@ -537,6 +547,38 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/ri
 
 %changelog
+* Sat Oct 13 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.8.7.371-1
+- Update to 1.8.7 p371
+
+* Fri Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-4
+- Also backport fix for the left part of CVE-2011-1005 (causing the
+  same issue as CVE-2012-4464)
+  (Vít Ondruch <vondruch@redhat.com>)
+
+* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-3
+- Backport fix for CVE-2012-4466 on trunk:rev37068 to 1.8.7 branch
+
+* Sun Jun 16 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-2
+- Fix sed usage wrt shebang modification
+  (Christian Iseli <Christian.Iseli@unil.ch>)
+
+* Fri Apr 13 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.358-1
+- Update to 1.8.7p358
+
+* Thu Dec 29 2011 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.357-1
+- Update to 1.8.7p357
+- Randomize hash on process startup (CVE-2011-4815, bug 750564)
+
+* Fri Dec 23 2011 Dennis Gilmore <dennis@ausil.us> - 1.8.7.352-2
+- dont normalise arm cpus to arm
+- there is something weird about how ruby choses where to put bits
+
+* Thu Nov 16 2011 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.352-3
+- F-17: kill gdbm support for now due to licensing compatibility issue
+
+* Sat Oct  1 2011 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.352-2
+- F-17: rebuild against new gdbm
+
 * Sat Jul 16 2011 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.8.7.352-1
 - Update to 1.8.7 p352
 - CVE-2011-2686 is fixed in this version (bug 722415)

sources

@@ -1,4 +1,2 @@
-fcc35655da3047f64650a526c179ade8  ruby-revf30eca26639ce538339bc488c7ed1fd397b0c13f-ext_tk.tar.gz
-2f14f604bf981bb938ab5fc8b09eb1a6  ruby-1.8.7-p334.tar.bz2
-0c61ea41d1b1183b219b9afe97f18f52  ruby-1.8.7-p352.tar.bz2
 01b1053cf357459349bf74363756ad41  ruby-revc2dfaa7d40531aef3706bcc16f38178b0c6633ee-ext_tk.tar.gz
+c27526b298659a186bdb5107fcec2341  ruby-1.8.7-p371.tar.bz2