From 0a0cf58fbbbed4ff499d50d9576fa7ee03eb94dd Mon Sep 17 00:00:00 2001 From: Jeroen van Meeuwen Date: Wed, 18 Mar 2009 04:50:29 +0000 Subject: [PATCH] 1.8.6.287-7 --- import.log | 1 + ruby-1.8.6-rexml-CVE-2008-3790.patch | 6 +++--- ruby.spec | 5 ++++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/import.log b/import.log index ed81896..a10a94e 100644 --- a/import.log +++ b/import.log @@ -1,2 +1,3 @@ ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558 ruby-1_8_6_287-5_fc10:HEAD:ruby-1.8.6.287-5.fc10.src.rpm:1237096677 +ruby-1_8_6_287-7_fc11:HEAD:ruby-1.8.6.287-7.fc11.src.rpm:1237351812 diff --git a/ruby-1.8.6-rexml-CVE-2008-3790.patch b/ruby-1.8.6-rexml-CVE-2008-3790.patch index 2ce6e1f..2db8dd6 100644 --- a/ruby-1.8.6-rexml-CVE-2008-3790.patch +++ b/ruby-1.8.6-rexml-CVE-2008-3790.patch @@ -12,7 +12,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/document.rb ruby-1.8.6-p287/lib/rexml/ @@ -200,6 +201,27 @@ module REXML Parsers::StreamParser.new( source, listener ).parse end - + + @@entity_expansion_limit = 10_000 + + # Set the entity expansion limit. By defualt the limit is set to 10000. @@ -26,7 +26,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/document.rb ruby-1.8.6-p287/lib/rexml/ + end + + attr_reader :entity_expansion_count -+ ++ + def record_entity_expansion + @entity_expansion_count += 1 + if @entity_expansion_count > @@entity_expansion_limit @@ -44,7 +44,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/entity.rb ruby-1.8.6-p287/lib/rexml/en # all entities -- both %ent; and &ent; entities. This differs from # +value()+ in that +value+ only replaces %ent; entities. def unnormalized -+ document.record_entity_expansion ++ document.record_entity_expansion unless document.nil? v = value() return nil if v.nil? @unnormalized = Text::unnormalize(v, parent) diff --git a/ruby.spec b/ruby.spec index 322d5bb..bd7e080 100644 --- a/ruby.spec +++ b/ruby.spec @@ -12,7 +12,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 6%{?dist} +Release: 7%{?dist} License: Ruby or GPLv2 URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -512,6 +512,9 @@ rm -rf tmp-ruby-docs %{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el %changelog +* Wed Mar 18 2009 Jeroen van Meeuwen - 1.8.6.287-7 +- Fix regression in CVE-2008-3790 (#485383) + * Mon Mar 16 2009 Mamoru Tasaka - 1.8.6.287-6 - Again use -O2 optimization level - i586 should search i386-linux directory