diff --git a/.cvsignore b/.cvsignore index dd58fe3..abc7fa1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,4 +1,4 @@ ruby-refm-rdp-1.8.2-ja-html.tar.gz rubyfaq-990927.tar.gz rubyfaq-jp-990927.tar.gz -ruby-1.8.6-p383.tar.bz2 +ruby-1.8.6-p388.tar.bz2 diff --git a/import.log b/import.log index a105239..85f601f 100644 --- a/import.log +++ b/import.log @@ -5,3 +5,4 @@ ruby-1_8_6_368-1_fc11:F-11:ruby-1.8.6.368-1.fc11.src.rpm:1243759224 ruby-1_8_6_368-2_fc11:F-11:ruby-1.8.6.368-2.fc11.src.rpm:1245520335 ruby-1_8_6_369-1_fc11:F-11:ruby-1.8.6.369-1.fc11.src.rpm:1245760801 ruby-1_8_6_383-1_fc11:F-11:ruby-1.8.6.383-1.fc11.src.rpm:1256225647 +ruby-1_8_6_388-6_fc12:F-11:ruby-1.8.6.388-6.fc12.src.rpm:1264032783 diff --git a/ruby-1.8.6.x-CVE-2009-4492.patch b/ruby-1.8.6.x-CVE-2009-4492.patch deleted file mode 100644 index 00fa053..0000000 --- a/ruby-1.8.6.x-CVE-2009-4492.patch +++ /dev/null @@ -1,134 +0,0 @@ -Index: lib/webrick/httpstatus.rb -=================================================================== ---- lib/webrick/httpstatus.rb (revision 26273) -+++ lib/webrick/httpstatus.rb (revision 26274) -@@ -12,7 +12,17 @@ - - module HTTPStatus - -- class Status < StandardError; end -+ class Status < StandardError -+ def initialize(message=self.class, *rest) -+ super(AccessLog.escape(message), *rest) -+ end -+ class << self -+ attr_reader :code, :reason_phrase -+ end -+ def code() self::class::code end -+ def reason_phrase() self::class::reason_phrase end -+ alias to_i code -+ end - class Info < Status; end - class Success < Status; end - class Redirect < Status; end -@@ -68,6 +78,7 @@ - CodeToError = {} - - StatusMessage.each{|code, message| -+ message.freeze - var_name = message.gsub(/[ \-]/,'_').upcase - err_name = message.gsub(/[ \-]/,'') - -@@ -79,18 +90,12 @@ - when 500...600; parent = ServerError - end - -- eval %- -- RC_#{var_name} = #{code} -- class #{err_name} < #{parent} -- def self.code() RC_#{var_name} end -- def self.reason_phrase() StatusMessage[code] end -- def code() self::class::code end -- def reason_phrase() self::class::reason_phrase end -- alias to_i code -- end -- - -- -- CodeToError[code] = const_get(err_name) -+ const_set("RC_#{var_name}", code) -+ err_class = Class.new(parent) -+ err_class.instance_variable_set(:@code, code) -+ err_class.instance_variable_set(:@reason_phrase, message) -+ const_set(err_name, err_class) -+ CodeToError[code] = err_class - } - - def reason_phrase(code) -Index: lib/webrick/httprequest.rb -=================================================================== ---- lib/webrick/httprequest.rb (revision 26273) -+++ lib/webrick/httprequest.rb (revision 26274) -@@ -242,11 +242,7 @@ - @raw_header << line - end - end -- begin -- @header = HTTPUtils::parse_header(@raw_header) -- rescue => ex -- raise HTTPStatus::BadRequest, ex.message -- end -+ @header = HTTPUtils::parse_header(@raw_header.join) - end - - def parse_uri(str, scheme="http") -Index: lib/webrick/httpresponse.rb -=================================================================== ---- lib/webrick/httpresponse.rb (revision 26273) -+++ lib/webrick/httpresponse.rb (revision 26274) -@@ -132,7 +132,7 @@ - end - end - -- # Determin the message length (RFC2616 -- 4.4 Message Length) -+ # Determine the message length (RFC2616 -- 4.4 Message Length) - if @status == 304 || @status == 204 || HTTPStatus::info?(@status) - @header.delete('content-length') - @body = "" -Index: lib/webrick/httputils.rb -=================================================================== ---- lib/webrick/httputils.rb (revision 26273) -+++ lib/webrick/httputils.rb (revision 26274) -@@ -128,11 +128,11 @@ - when /^\s+(.*?)\s*\z/om - value = $1 - unless field -- raise "bad header '#{line.inspect}'." -+ raise HTTPStatus::BadRequest, "bad header '#{line}'." - end - header[field][-1] << " " << value - else -- raise "bad header '#{line.inspect}'." -+ raise HTTPStatus::BadRequest, "bad header '#{line}'." - end - } - header.each{|key, values| -Index: lib/webrick/accesslog.rb -=================================================================== ---- lib/webrick/accesslog.rb (revision 26273) -+++ lib/webrick/accesslog.rb (revision 26274) -@@ -53,15 +53,23 @@ - when ?e, ?i, ?n, ?o - raise AccessLogError, - "parameter is required for \"#{spec}\"" unless param -- params[spec][param] || "-" -+ param = params[spec][param] ? escape(param) : "-" - when ?t - params[spec].strftime(param || CLF_TIME_FORMAT) - when ?% - "%" - else -- params[spec] -+ escape(params[spec].to_s) - end - } - end -+ -+ def escape(data) -+ if data.tainted? -+ data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint -+ else -+ data -+ end -+ end - end - end diff --git a/ruby-openssl-1.0.patch b/ruby-openssl-1.0.patch new file mode 100644 index 0000000..508fd75 --- /dev/null +++ b/ruby-openssl-1.0.patch @@ -0,0 +1,176 @@ +diff -up ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl.c.ossl10 ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl.c +--- ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl.c.ossl10 2007-02-13 00:01:19.000000000 +0100 ++++ ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl.c 2009-08-26 12:29:41.000000000 +0200 +@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary) + + #define OSSL_IMPL_SK2ARY(name, type) \ + VALUE \ +-ossl_##name##_sk2ary(STACK *sk) \ ++ossl_##name##_sk2ary(STACK_OF(type) *sk) \ + { \ + type *t; \ + int i, num; \ +@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + OSSL_Debug("empty sk!"); \ + return Qnil; \ + } \ +- num = sk_num(sk); \ ++ num = sk_##type##_num(sk); \ + if (num < 0) { \ + OSSL_Debug("items in sk < -1???"); \ + return rb_ary_new(); \ +@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + ary = rb_ary_new2(num); \ + \ + for (i=0; id.sign->cert; +- crls = pkcs7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs = pkcs7->d.signed_and_enveloped->cert; ++ break; ++ default: ++ certs = NULL; ++ } ++ ++ return certs; ++} ++ ++static STACK_OF(X509_CRL) * ++pkcs7_get_crls(VALUE self) ++{ ++ PKCS7 *pkcs7; ++ STACK_OF(X509_CRL) *crls; ++ int i; ++ ++ GetPKCS7(self, pkcs7); ++ i = OBJ_obj2nid(pkcs7->type); ++ switch(i){ ++ case NID_pkcs7_signed: ++ crls = pkcs7->d.sign->crl; ++ break; ++ case NID_pkcs7_signedAndEnveloped: + crls = pkcs7->d.signed_and_enveloped->crl; + break; + default: +- certs = crls = NULL; ++ crls = NULL; + } + +- return want_certs ? certs : crls; ++ return crls; + } + + static VALUE +@@ -581,7 +601,7 @@ ossl_pkcs7_set_certificates(VALUE self, + STACK_OF(X509) *certs; + X509 *cert; + +- certs = pkcs7_get_certs_or_crls(self, 1); ++ certs = pkcs7_get_certs(self); + while((cert = sk_X509_pop(certs))) X509_free(cert); + rb_iterate(rb_each, ary, ossl_pkcs7_set_certs_i, self); + +@@ -591,7 +611,7 @@ ossl_pkcs7_set_certificates(VALUE self, + static VALUE + ossl_pkcs7_get_certificates(VALUE self) + { +- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1)); ++ return ossl_x509_sk2ary(pkcs7_get_certs(self)); + } + + static VALUE +@@ -621,7 +641,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar + STACK_OF(X509_CRL) *crls; + X509_CRL *crl; + +- crls = pkcs7_get_certs_or_crls(self, 0); ++ crls = pkcs7_get_crls(self); + while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl); + rb_iterate(rb_each, ary, ossl_pkcs7_set_crls_i, self); + +@@ -631,7 +651,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar + static VALUE + ossl_pkcs7_get_crls(VALUE self) + { +- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0)); ++ return ossl_x509crl_sk2ary(pkcs7_get_crls(self)); + } + + static VALUE +diff -up ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl_ssl.c.ossl10 ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl_ssl.c +--- ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl_ssl.c.ossl10 2007-03-12 05:12:32.000000000 +0100 ++++ ruby-1.8.6.369/ruby-1.8.6-p369/ext/openssl/ossl_ssl.c 2009-08-26 12:08:48.000000000 +0200 +@@ -89,12 +89,18 @@ static char *ossl_sslctx_attrs[] = { + static char *ossl_ssl_attr_readers[] = { "io", "context", }; + static char *ossl_ssl_attrs[] = { "sync_close", }; + ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#define OSSL_MORE_CONST const ++#define STACK _STACK ++#else ++#define OSSL_MORE_CONST ++#endif + /* + * SSLContext class + */ + struct { + const char *name; +- SSL_METHOD *(*func)(void); ++ OSSL_MORE_CONST SSL_METHOD *(*func)(void); + } ossl_ssl_method_tab[] = { + #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method } + OSSL_SSL_METHOD_ENTRY(TLSv1), +@@ -144,7 +150,7 @@ static VALUE + ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) + { + VALUE ssl_method; +- SSL_METHOD *method = NULL; ++ OSSL_MORE_CONST SSL_METHOD *method = NULL; + SSL_CTX *ctx; + int i; + char *s; +@@ -407,7 +413,7 @@ ossl_sslctx_setup(VALUE self) + } + + static VALUE +-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) ++ossl_ssl_cipher_to_ary(OSSL_MORE_CONST SSL_CIPHER *cipher) + { + VALUE ary; + int bits, alg_bits; +@@ -805,7 +811,7 @@ static VALUE + ossl_ssl_get_cipher(VALUE self) + { + SSL *ssl; +- SSL_CIPHER *cipher; ++ OSSL_MORE_CONST SSL_CIPHER *cipher; + + Data_Get_Struct(self, SSL, ssl); + if (!ssl) { diff --git a/ruby.spec b/ruby.spec index ab64ef8..e947c4c 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %define rubyxver 1.8 %define rubyver 1.8.6 -%define _patchlevel 383 +%define _patchlevel 388 %define dotpatchlevel %{?_patchlevel:.%{_patchlevel}} %define patchlevel %{?_patchlevel:-p%{_patchlevel}} %define arcver %{rubyver}%{?patchlevel} @@ -20,7 +20,12 @@ Release: 6%{?dist} License: Ruby or GPLv2 URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: readline readline-devel ncurses ncurses-devel gdbm gdbm-devel glibc-devel tcl-devel tk-devel libX11-devel autoconf gcc unzip openssl-devel db4-devel byacc +%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +BuildRequires: compat-readline5-devel +%else +BuildRequires: readline readline-devel +%endif +BuildRequires: ncurses ncurses-devel gdbm gdbm-devel glibc-devel tcl-devel tk-devel libX11-devel autoconf gcc unzip openssl-devel db4-devel byacc # Use bison to recreate parse.c (ref: bug 530275 comment 4) BuildRequires: bison BuildRequires: emacs @@ -46,12 +51,11 @@ Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch Patch27: ruby-1.8.6-p287-CVE-2008-5189.patch Patch28: ruby-1.8.6-p287-remove-ssl-rand-range.patch Patch29: ruby-always-use-i386.patch +Patch30: ruby-openssl-1.0.patch Patch31: ruby-1.8.6-p369-ri-gem_multipath.patch # Patch32 from ruby_1_8 branch Patch32: ruby-1.8head-irb-save-history.patch Patch33: ruby-1.8.6-p383-mkmf-use-shared.patch -# Patch34 already applied in 1.8.6p388 -Patch34: ruby-1.8.6.x-CVE-2009-4492.patch Summary: An interpreter of object-oriented scripting language Group: Development/Languages @@ -189,10 +193,10 @@ pushd %{name}-%{arcver} %patch27 -p0 %patch28 -p1 %patch29 -p1 +%patch30 -p2 %patch31 -p1 %patch32 -p0 %patch33 -p1 -%patch34 -p0 popd %build @@ -217,6 +221,10 @@ export CFLAGS --enable-pthread \ --with-lookup-order-hack=INET \ --disable-rpath \ +%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 + --with-readline-include=%{_includedir}/readline5 \ + --with-readline-lib=%{_libdir}/readline5 \ +%endif --with-ruby-prefix=%{_prefix}/lib # For example ext/socket/extconf.rb uses try_run (for getaddrinfo test), @@ -564,6 +572,9 @@ rm -rf $RPM_BUILD_ROOT %{_emacs_sitestartdir}/ruby-mode-init.el %changelog +* Mon Jan 18 2010 Akira TAGOH +- Add conditional for RHEL. + * Wed Jan 13 2010 Mamoru Tasaka - 1.8.6.383-6 - CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) @@ -580,18 +591,22 @@ rm -rf $RPM_BUILD_ROOT - Patch so that irb saves its history (bug 518584, ruby issue 1556) * Sat Oct 24 2009 Mamoru Tasaka - 1.8.6.383-2 -- Restore the previous changes - -* Sat Oct 24 2009 Jeroen van Meeuwen - 1.8.6.383-1 - Update to 1.8.6 patchlevel 383 (bug 520063) -* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-3 +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-5 - Much better idea for Patch31 provided by Akira TAGOH -* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-2 +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-4 - Fix the search path of ri command for ri manuals installed with gem (bug 528787) +* Wed Aug 26 2009 Tomas Mraz - 1.8.6.369-3 +- Rebuild against new openssl + +* Thu Jul 23 2009 Mamoru Tasaka - 1.8.6.369-2 +- Make sure that readline.so is linked against readline 5 because + Ruby is under GPLv2 + * Sat Jun 20 2009 Jeroen van Meeuwen - 1.8.6.369-1 - New patchlevel fixing CVE-2009-1904 - Fix directory on ARM (#506233, Kedar Sovani) diff --git a/sources b/sources index a667a08..d9a2f79 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ b6dd396f513efeb7864685c840f9643a ruby-refm-rdp-1.8.2-ja-html.tar.gz 634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz 4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz -a48703cd982b9f0e3002700a50b0e88e ruby-1.8.6-p383.tar.bz2 +f26cefbc8ab6728650ab9ae773d22bcb ruby-1.8.6-p388.tar.bz2