upload new-source

- Fix heap overflow in floating point parsing (CVE-2013-4164)

.gitignore

@@ -16,3 +16,7 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
 /ruby-1.9.3-p362.tar.gz
 /ruby-1.9.3-p374.tar.gz
 /ruby-1.9.3-p385.tar.gz
+/ruby-1.9.3-p392.tar.gz
+/ruby-1.9.3-p429.tar.gz
+/ruby-1.9.3-p448.tar.gz
+/ruby-1.9.3-p484.tar.gz

ruby-1.9.3-fix-s390x-build.patch

@@ -1,12 +0,0 @@
-diff -up ruby-1.9.3-p0/ext/tk/extconf.rb.orig ruby-1.9.3-p0/ext/tk/extconf.rb
---- ruby-1.9.3-p0/ext/tk/extconf.rb.orig	2011-06-29 16:11:19.000000000 +0200
-+++ ruby-1.9.3-p0/ext/tk/extconf.rb	2011-10-18 16:15:59.406299659 +0200
-@@ -114,7 +114,7 @@ def is_macosx?
- end
- 
- def maybe_64bit?
--  /64|universal/ =~ RUBY_PLATFORM
-+  /64|universal|s390x/ =~ RUBY_PLATFORM
- end
- 
- def check_tcltk_version(version)

ruby.spec

@@ -1,7 +1,7 @@
 %global major_version 1
 %global minor_version 9
 %global teeny_version 3
-%global patch_level 385
+%global patch_level 484
 
 %global major_minor_version %{major_version}.%{minor_version}
 
@@ -43,7 +43,7 @@
 %global rdoc_version 3.9.5
 %global bigdecimal_version 1.1.0
 %global io_console_version 0.3
-%global json_version 1.5.4
+%global json_version 1.5.5
 %global minitest_version 2.5.1
 
 %global	_normalized_cpu	%(echo %{_target_cpu} | sed 's/^ppc/powerpc/;s/i.86/i386/;s/sparcv./sparc/')
@@ -56,7 +56,7 @@ Version: %{ruby_version_patch_level}
 # we cannot reset the release number to 1 even when the main (ruby) version
 # is updated - because it may be that the versions of sub-components don't
 # change.
-Release: 28%{?dist}
+Release: 32%{?dist}
 Group: Development/Languages
 # Public Domain for example for: include/ruby/st.h, strftime.c, ...
 License: (Ruby or BSD) and Public Domain
@@ -74,13 +74,11 @@ Patch2: ruby-1.9.3-added-site-and-vendor-arch-flags.patch
 # some differencies in build between Fedora and RHEL.
 Patch3: ruby-1.9.3-always-use-i386.patch
 # http://redmine.ruby-lang.org/issues/5465
-Patch4: ruby-1.9.3-fix-s390x-build.patch
+# Fixed in 1.9.3 p448
+#Patch4: ruby-1.9.3-fix-s390x-build.patch
 # Fix the uninstaller, so that it doesn't say that gem doesn't exist
 # when it exists outside of the GEM_HOME (already fixed in the upstream)
 Patch5: ruby-1.9.3-rubygems-1.8.11-uninstaller.patch
-# Already fixed upstream:
-# https://github.com/ruby/ruby/commit/f212df564a4e1025f9fb019ce727022a97bfff53
-Patch7: ruby-1.9.3-bignum-test-fix.patch
 # Allows to install RubyGems into custom directory, outside of Ruby's tree.
 # http://redmine.ruby-lang.org/issues/5617
 Patch8: ruby-1.9.3-custom-rubygems-location.patch
@@ -346,9 +344,8 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
+#%%patch4 -p1
 %patch5 -p1
-%patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
@@ -361,6 +358,7 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
 autoconf
 
 %configure \
+        --disable-werror \
         --with-rubylibprefix='%{ruby_libdir}' \
         --with-archdir='%{ruby_libarchdir}' \
         --with-sitedir='%{ruby_sitelibdir}' \
@@ -778,6 +776,23 @@ make check TESTS="-v $DISABLE_TESTS"
 %{ruby_libdir}/tkextlib
 
 %changelog
+* Mon Nov 25 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.484-32
+- Update to 1.9.3 p484
+- Fix heap overflow in floating point parsing (CVE-2013-4164)
+
+* Mon Jul  1 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.448-31
+- Update to 1.9.3 p448
+- Fix hostname check bypassing vulnerability in SSL client
+  (CVE-2013-4073)
+
+* Thu May 16 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.429-30
+- Update to 1.9.3 p429
+- Fix object taint bypassing in DL and Fiddle (CVE-2013-2065)
+
+* Mon Feb 25 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.392-29
+- Update to 1.9.3 p392
+- Fix entity expansion DoS vulnerability in REXML (bug 914716)
+
 * Mon Feb 11 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.385-28
 - Update to 1.9.3 p385
 

sources

@@ -1 +1 @@
-3e0d7f8512400c1a6732327728a56f1d  ruby-1.9.3-p385.tar.gz
+8ac0dee72fe12d75c8b2d0ef5d0c2968  ruby-1.9.3-p484.tar.gz