From 3f68db5077a1b663d00646c851690f48f8d8d30c Mon Sep 17 00:00:00 2001 From: Akira TAGOH Date: Sat, 23 Aug 2008 08:58:47 +0000 Subject: [PATCH] - New upstream release. - Security fixes. - CVE-2008-3655: Ruby does not properly restrict access to critical variables and methods at various safe levels. - CVE-2008-3656: DoS vulnerability in WEBrick. - CVE-2008-3657: Lack of taintness check in dl. - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb. - CVE-2008-3443: Memory allocation failure in Ruby regex engine. - Remove the unnecessary backported patches. --- .cvsignore | 1 + ruby-1.8.6.230-p238.patch | 58 ------------------------- ruby-1.8.6.230-p248.patch | 16 ------- ruby-1.8.6.230-p257.patch | 12 ----- ruby-1.8.6.230-string-str_buf_cat.patch | 28 ------------ ruby-rubyprefix.patch | 26 +++++------ ruby.spec | 23 +++++----- sources | 2 +- 8 files changed, 28 insertions(+), 138 deletions(-) delete mode 100644 ruby-1.8.6.230-p238.patch delete mode 100644 ruby-1.8.6.230-p248.patch delete mode 100644 ruby-1.8.6.230-p257.patch delete mode 100644 ruby-1.8.6.230-string-str_buf_cat.patch diff --git a/.cvsignore b/.cvsignore index 2ecc1d3..8b4ee53 100644 --- a/.cvsignore +++ b/.cvsignore @@ -22,3 +22,4 @@ rubyfaq-990927.tar.gz rubyfaq-jp-990927.tar.gz ruby-1.8.6-p114.tar.bz2 ruby-1.8.6-p230.tar.bz2 +ruby-1.8.6-p287.tar.bz2 diff --git a/ruby-1.8.6.230-p238.patch b/ruby-1.8.6.230-p238.patch deleted file mode 100644 index 1cf26ff..0000000 --- a/ruby-1.8.6.230-p238.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -pruN ruby-1.8.6-p230.orig/class.c ruby-1.8.6-p230/class.c ---- ruby-1.8.6-p230.orig/class.c 2008-06-15 21:06:33.000000000 +0900 -+++ ruby-1.8.6-p230/class.c 2008-06-30 11:21:41.000000000 +0900 -@@ -62,10 +62,7 @@ clone_method(mid, body, data) - NODE *fbody = body->nd_body; - - if (fbody && nd_type(fbody) == NODE_SCOPE) { -- VALUE cref = data->klass ? -- (VALUE)NEW_NODE(NODE_CREF,data->klass,0,fbody->nd_rval) : -- fbody->nd_rval; -- fbody = NEW_NODE(NODE_SCOPE, fbody->nd_tbl, cref, fbody->nd_next); -+ fbody = rb_copy_node_scope(fbody, ruby_cref); - } - st_insert(data->tbl, mid, (st_data_t)NEW_METHOD(fbody, body->nd_noex)); - return ST_CONTINUE; -diff -pruN ruby-1.8.6-p230.orig/eval.c ruby-1.8.6-p230/eval.c ---- ruby-1.8.6-p230.orig/eval.c 2008-06-16 15:43:48.000000000 +0900 -+++ ruby-1.8.6-p230/eval.c 2008-06-30 11:19:15.000000000 +0900 -@@ -2239,8 +2239,8 @@ rb_mod_alias_method(mod, newname, oldnam - return mod; - } - --static NODE* --copy_node_scope(node, rval) -+NODE* -+rb_copy_node_scope(node, rval) - NODE *node; - NODE *rval; - { -@@ -3948,7 +3948,7 @@ rb_eval(self, n) - noex |= NOEX_NOSUPER; - } - -- defn = copy_node_scope(node->nd_defn, ruby_cref); -+ defn = rb_copy_node_scope(node->nd_defn, ruby_cref); - rb_add_method(ruby_class, node->nd_mid, defn, noex); - if (scope_vmode == SCOPE_MODFUNC) { - rb_add_method(rb_singleton_class(ruby_class), -@@ -3984,7 +3984,7 @@ rb_eval(self, n) - rb_warning("redefine %s", rb_id2name(node->nd_mid)); - } - } -- defn = copy_node_scope(node->nd_defn, ruby_cref); -+ defn = rb_copy_node_scope(node->nd_defn, ruby_cref); - rb_add_method(klass, node->nd_mid, defn, - NOEX_PUBLIC|(body?body->nd_noex&NOEX_UNDEF:0)); - result = Qnil; -diff -pruN ruby-1.8.6-p230.orig/node.h ruby-1.8.6-p230/node.h ---- ruby-1.8.6-p230.orig/node.h 2007-05-23 00:01:22.000000000 +0900 -+++ ruby-1.8.6-p230/node.h 2008-06-30 11:20:06.000000000 +0900 -@@ -371,6 +371,7 @@ typedef unsigned int rb_event_t; - #define RUBY_EVENT_ALL 0xff - - typedef void (*rb_event_hook_func_t) _((rb_event_t,NODE*,VALUE,ID,VALUE)); -+NODE *rb_copy_node_scope _((NODE *, NODE *)); - void rb_add_event_hook _((rb_event_hook_func_t,rb_event_t)); - int rb_remove_event_hook _((rb_event_hook_func_t)); - diff --git a/ruby-1.8.6.230-p248.patch b/ruby-1.8.6.230-p248.patch deleted file mode 100644 index 1279c48..0000000 --- a/ruby-1.8.6.230-p248.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c ---- ruby-1.8.6-p230.orig/array.c 2008-06-20 15:53:16.000000000 +0900 -+++ ruby-1.8.6-p230/array.c 2008-06-30 11:33:00.000000000 +0900 -@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary) - break; - } - rb_ary_modify(ary); -- end = beg + len; -- if (end < 0) { -+ if (len > ARY_MAX_SIZE - beg) { - rb_raise(rb_eArgError, "argument too big"); - } -+ end = beg + len; - if (end > RARRAY(ary)->len) { - if (end >= RARRAY(ary)->aux.capa) { - REALLOC_N(RARRAY(ary)->ptr, VALUE, end); diff --git a/ruby-1.8.6.230-p257.patch b/ruby-1.8.6.230-p257.patch deleted file mode 100644 index dbae14a..0000000 --- a/ruby-1.8.6.230-p257.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c ---- ruby-1.8.6-p230.orig/array.c 2008-07-01 16:32:12.000000000 +0900 -+++ ruby-1.8.6-p230/array.c 2008-07-01 16:34:01.000000000 +0900 -@@ -2272,7 +2272,7 @@ rb_ary_fill(argc, argv, ary) - break; - } - rb_ary_modify(ary); -- if (len > ARY_MAX_SIZE - beg) { -+ if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) { - rb_raise(rb_eArgError, "argument too big"); - } - end = beg + len; diff --git a/ruby-1.8.6.230-string-str_buf_cat.patch b/ruby-1.8.6.230-string-str_buf_cat.patch deleted file mode 100644 index 287ddc9..0000000 --- a/ruby-1.8.6.230-string-str_buf_cat.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -pruN ruby-1.8.6-p230.orig/string.c ruby-1.8.6-p230/string.c ---- ruby-1.8.6-p230.orig/string.c 2008-06-20 18:24:53.000000000 +0900 -+++ ruby-1.8.6-p230/string.c 2008-06-25 16:10:17.000000000 +0900 -@@ -693,9 +693,13 @@ str_buf_cat(str, ptr, len) - const char *ptr; - long len; - { -- long capa, total; -+ long capa, total, off = -1; - - rb_str_modify(str); -+ if (ptr >= RSTRING(str)->ptr && ptr <= RSTRING(str)->ptr + RSTRING(str)->len) { -+ off = ptr - RSTRING(str)->ptr; -+ } -+ if (len == 0) return 0; - if (FL_TEST(str, STR_ASSOC)) { - FL_UNSET(str, STR_ASSOC); - capa = RSTRING(str)->aux.capa = RSTRING(str)->len; -@@ -717,6 +721,9 @@ str_buf_cat(str, ptr, len) - } - RESIZE_CAPA(str, capa); - } -+ if (off != -1) { -+ ptr = RSTRING(str)->ptr + off; -+ } - memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len); - RSTRING(str)->len = total; - RSTRING(str)->ptr[total] = '\0'; /* sentinel */ diff --git a/ruby-rubyprefix.patch b/ruby-rubyprefix.patch index 79daf90..8d1bd0c 100644 --- a/ruby-rubyprefix.patch +++ b/ruby-rubyprefix.patch @@ -1,7 +1,7 @@ -diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in ---- ruby-1.8.5-p12.orig/configure.in 2006-12-06 19:58:08.000000000 +0900 -+++ ruby-1.8.5-p12/configure.in 2007-02-05 17:02:43.000000000 +0900 -@@ -1505,6 +1505,13 @@ +diff -pruN ruby-1.8.6-p287.orig/configure.in ruby-1.8.6-p287/configure.in +--- ruby-1.8.6-p287.orig/configure.in 2008-07-13 00:03:28.000000000 +0900 ++++ ruby-1.8.6-p287/configure.in 2008-08-14 01:08:00.000000000 +0900 +@@ -1608,6 +1608,13 @@ case "$target_os" in rubyw_install_name="$RUBYW_INSTALL_NAME" ;; esac @@ -15,7 +15,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in case "$target_os" in cygwin*|mingw*|*djgpp*|os2-emx*) RUBY_LIB_PREFIX="/lib/ruby" -@@ -1513,20 +1520,29 @@ +@@ -1616,20 +1623,29 @@ case "$target_os" in RUBY_LIB_PREFIX="${prefix}/lib/ruby" ;; esac @@ -47,7 +47,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in RUBY_SITE_LIB_PATH2="${RUBY_SITE_LIB_PATH}/${MAJOR}.${MINOR}" AC_DEFINE_UNQUOTED(RUBY_LIB, "${RUBY_LIB_PATH}") -@@ -1536,6 +1552,7 @@ +@@ -1639,6 +1655,7 @@ AC_DEFINE_UNQUOTED(RUBY_SITE_LIB2, "${RU AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(sitedir)dnl @@ -55,7 +55,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in configure_args=$ac_configure_args AC_SUBST(configure_args)dnl -@@ -1544,7 +1561,7 @@ +@@ -1647,7 +1664,7 @@ if test "$fat_binary" != no ; then arch="fat-${target_os}" AC_DEFINE_UNQUOTED(RUBY_THIN_ARCHLIB, @@ -64,7 +64,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in AC_DEFINE_UNQUOTED(RUBY_SITE_THIN_ARCHLIB, "${RUBY_SITE_LIB_PATH}/" __ARCHITECTURE__ "-${target_os}") -@@ -1559,8 +1576,8 @@ +@@ -1662,8 +1679,8 @@ case "$target_os" in *) sitearch="${arch}" ;; esac @@ -75,11 +75,11 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in AC_ARG_WITH(search-path, [ --with-search-path=DIR specify the additional search path], -diff -ruN ruby-1.8.5-p12.orig/mkconfig.rb ruby-1.8.5-p12/mkconfig.rb ---- ruby-1.8.5-p12.orig/mkconfig.rb 2006-06-25 23:03:10.000000000 +0900 -+++ ruby-1.8.5-p12/mkconfig.rb 2007-02-05 16:54:32.000000000 +0900 -@@ -108,10 +108,10 @@ - print v_fast, v_others +diff -pruN ruby-1.8.6-p287.orig/mkconfig.rb ruby-1.8.6-p287/mkconfig.rb +--- ruby-1.8.6-p287.orig/mkconfig.rb 2008-06-08 01:37:10.000000000 +0900 ++++ ruby-1.8.6-p287/mkconfig.rb 2008-08-14 01:08:00.000000000 +0900 +@@ -139,10 +139,10 @@ print(*v_fast) + print(*v_others) print < - 1.8.6.287-1 +- New upstream release. +- Security fixes. + - CVE-2008-3655: Ruby does not properly restrict access to critical + variables and methods at various safe levels. + - CVE-2008-3656: DoS vulnerability in WEBrick. + - CVE-2008-3657: Lack of taintness check in dl. + - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb. + - CVE-2008-3443: Memory allocation failure in Ruby regex engine. +- Remove the unnecessary backported patches. + * Thu Jul 10 2008 Tom "spot" Callaway - 1.8.6.230-5 - rebuild against db4-4.7 diff --git a/sources b/sources index 33ddadd..6e9470f 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz 634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz 4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz -3eceb42d4fc56398676c20a49ac7e044 ruby-1.8.6-p230.tar.bz2 +80b5f3db12531d36e6c81fac6d05dda9 ruby-1.8.6-p287.tar.bz2