1.8.6.287-7

This commit is contained in:
Jeroen van Meeuwen 2009-03-18 04:50:29 +00:00
parent 01a3f0d013
commit 0a0cf58fbb
3 changed files with 8 additions and 4 deletions

View File

@ -1,2 +1,3 @@
ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558 ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558
ruby-1_8_6_287-5_fc10:HEAD:ruby-1.8.6.287-5.fc10.src.rpm:1237096677 ruby-1_8_6_287-5_fc10:HEAD:ruby-1.8.6.287-5.fc10.src.rpm:1237096677
ruby-1_8_6_287-7_fc11:HEAD:ruby-1.8.6.287-7.fc11.src.rpm:1237351812

View File

@ -12,7 +12,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/document.rb ruby-1.8.6-p287/lib/rexml/
@@ -200,6 +201,27 @@ module REXML @@ -200,6 +201,27 @@ module REXML
Parsers::StreamParser.new( source, listener ).parse Parsers::StreamParser.new( source, listener ).parse
end end
+ @@entity_expansion_limit = 10_000 + @@entity_expansion_limit = 10_000
+ +
+ # Set the entity expansion limit. By defualt the limit is set to 10000. + # Set the entity expansion limit. By defualt the limit is set to 10000.
@ -26,7 +26,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/document.rb ruby-1.8.6-p287/lib/rexml/
+ end + end
+ +
+ attr_reader :entity_expansion_count + attr_reader :entity_expansion_count
+ +
+ def record_entity_expansion + def record_entity_expansion
+ @entity_expansion_count += 1 + @entity_expansion_count += 1
+ if @entity_expansion_count > @@entity_expansion_limit + if @entity_expansion_count > @@entity_expansion_limit
@ -44,7 +44,7 @@ diff -pruN ruby-1.8.6-p287.orig/lib/rexml/entity.rb ruby-1.8.6-p287/lib/rexml/en
# all entities -- both %ent; and &ent; entities. This differs from # all entities -- both %ent; and &ent; entities. This differs from
# +value()+ in that +value+ only replaces %ent; entities. # +value()+ in that +value+ only replaces %ent; entities.
def unnormalized def unnormalized
+ document.record_entity_expansion + document.record_entity_expansion unless document.nil?
v = value() v = value()
return nil if v.nil? return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent) @unnormalized = Text::unnormalize(v, parent)

View File

@ -12,7 +12,7 @@
Name: ruby Name: ruby
Version: %{rubyver}%{?dotpatchlevel} Version: %{rubyver}%{?dotpatchlevel}
Release: 6%{?dist} Release: 7%{?dist}
License: Ruby or GPLv2 License: Ruby or GPLv2
URL: http://www.ruby-lang.org/ URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -512,6 +512,9 @@ rm -rf tmp-ruby-docs
%{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el %{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el
%changelog %changelog
* Wed Mar 18 2009 Jeroen van Meeuwen <j.van.meeuwen@ogd.nl> - 1.8.6.287-7
- Fix regression in CVE-2008-3790 (#485383)
* Mon Mar 16 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.287-6 * Mon Mar 16 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.287-6
- Again use -O2 optimization level - Again use -O2 optimization level
- i586 should search i386-linux directory - i586 should search i386-linux directory