- New upstream release.

- Security fixes.
- CVE-2008-3655: Ruby does not properly restrict access to critical
    variables and methods at various safe levels.
- CVE-2008-3656: DoS vulnerability in WEBrick.
- CVE-2008-3657: Lack of taintness check in dl.
- CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine.
- Remove the unnecessary backported patches.

.cvsignore

@@ -20,3 +20,4 @@ ruby-1.8.6-p110.tar.bz2
 ruby-1.8.6-p111.tar.bz2
 ruby-1.8.6-p114.tar.bz2
 ruby-1.8.6-p230.tar.bz2
+ruby-1.8.6-p287.tar.bz2

ruby-1.8.6.230-p238.patch

@@ -1,58 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/class.c ruby-1.8.6-p230/class.c
---- ruby-1.8.6-p230.orig/class.c	2008-06-15 21:06:33.000000000 +0900
-+++ ruby-1.8.6-p230/class.c	2008-06-30 11:21:41.000000000 +0900
-@@ -62,10 +62,7 @@ clone_method(mid, body, data)
-     NODE *fbody = body->nd_body;
- 
-     if (fbody && nd_type(fbody) == NODE_SCOPE) {
--	VALUE cref = data->klass ?
--	    (VALUE)NEW_NODE(NODE_CREF,data->klass,0,fbody->nd_rval) :
--	    fbody->nd_rval;
--	fbody = NEW_NODE(NODE_SCOPE, fbody->nd_tbl, cref, fbody->nd_next);
-+	fbody = rb_copy_node_scope(fbody, ruby_cref);
-     }
-     st_insert(data->tbl, mid, (st_data_t)NEW_METHOD(fbody, body->nd_noex));
-     return ST_CONTINUE;
-diff -pruN ruby-1.8.6-p230.orig/eval.c ruby-1.8.6-p230/eval.c
---- ruby-1.8.6-p230.orig/eval.c	2008-06-16 15:43:48.000000000 +0900
-+++ ruby-1.8.6-p230/eval.c	2008-06-30 11:19:15.000000000 +0900
-@@ -2239,8 +2239,8 @@ rb_mod_alias_method(mod, newname, oldnam
-     return mod;
- }
- 
--static NODE*
--copy_node_scope(node, rval)
-+NODE*
-+rb_copy_node_scope(node, rval)
-     NODE *node;
-     NODE *rval;
- {
-@@ -3948,7 +3948,7 @@ rb_eval(self, n)
- 		noex |= NOEX_NOSUPER;
- 	    }
- 
--	    defn = copy_node_scope(node->nd_defn, ruby_cref);
-+	    defn = rb_copy_node_scope(node->nd_defn, ruby_cref);
- 	    rb_add_method(ruby_class, node->nd_mid, defn, noex);
- 	    if (scope_vmode == SCOPE_MODFUNC) {
- 		rb_add_method(rb_singleton_class(ruby_class),
-@@ -3984,7 +3984,7 @@ rb_eval(self, n)
- 		    rb_warning("redefine %s", rb_id2name(node->nd_mid));
- 		}
- 	    }
--	    defn = copy_node_scope(node->nd_defn, ruby_cref);
-+	    defn = rb_copy_node_scope(node->nd_defn, ruby_cref);
- 	    rb_add_method(klass, node->nd_mid, defn,
- 			  NOEX_PUBLIC|(body?body->nd_noex&NOEX_UNDEF:0));
- 	    result = Qnil;
-diff -pruN ruby-1.8.6-p230.orig/node.h ruby-1.8.6-p230/node.h
---- ruby-1.8.6-p230.orig/node.h	2007-05-23 00:01:22.000000000 +0900
-+++ ruby-1.8.6-p230/node.h	2008-06-30 11:20:06.000000000 +0900
-@@ -371,6 +371,7 @@ typedef unsigned int rb_event_t;
- #define RUBY_EVENT_ALL      0xff
- 
- typedef void (*rb_event_hook_func_t) _((rb_event_t,NODE*,VALUE,ID,VALUE));
-+NODE *rb_copy_node_scope _((NODE *, NODE *));
- void rb_add_event_hook _((rb_event_hook_func_t,rb_event_t));
- int rb_remove_event_hook _((rb_event_hook_func_t));
- 

ruby-1.8.6.230-p248.patch

@@ -1,16 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c
---- ruby-1.8.6-p230.orig/array.c	2008-06-20 15:53:16.000000000 +0900
-+++ ruby-1.8.6-p230/array.c	2008-06-30 11:33:00.000000000 +0900
-@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary)
- 	break;
-     }
-     rb_ary_modify(ary);
--    end = beg + len;
--    if (end < 0) {
-+    if (len > ARY_MAX_SIZE - beg) {
- 	rb_raise(rb_eArgError, "argument too big");
-     }
-+    end = beg + len;
-     if (end > RARRAY(ary)->len) {
- 	if (end >= RARRAY(ary)->aux.capa) {
- 	    REALLOC_N(RARRAY(ary)->ptr, VALUE, end);

ruby-1.8.6.230-p257.patch

@@ -1,12 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c
---- ruby-1.8.6-p230.orig/array.c	2008-07-01 16:32:12.000000000 +0900
-+++ ruby-1.8.6-p230/array.c	2008-07-01 16:34:01.000000000 +0900
-@@ -2272,7 +2272,7 @@ rb_ary_fill(argc, argv, ary)
- 	break;
-     }
-     rb_ary_modify(ary);
--    if (len > ARY_MAX_SIZE - beg) {
-+    if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) {
- 	rb_raise(rb_eArgError, "argument too big");
-     }
-     end = beg + len;

ruby-1.8.6.230-string-str_buf_cat.patch

@@ -1,28 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/string.c ruby-1.8.6-p230/string.c
---- ruby-1.8.6-p230.orig/string.c	2008-06-20 18:24:53.000000000 +0900
-+++ ruby-1.8.6-p230/string.c	2008-06-25 16:10:17.000000000 +0900
-@@ -693,9 +693,13 @@ str_buf_cat(str, ptr, len)
-     const char *ptr;
-     long len;
- {
--    long capa, total;
-+    long capa, total, off = -1;
- 
-     rb_str_modify(str);
-+    if (ptr >= RSTRING(str)->ptr && ptr <= RSTRING(str)->ptr + RSTRING(str)->len) {
-+	off = ptr - RSTRING(str)->ptr;
-+    }
-+    if (len == 0) return 0;
-     if (FL_TEST(str, STR_ASSOC)) {
- 	FL_UNSET(str, STR_ASSOC);
- 	capa = RSTRING(str)->aux.capa = RSTRING(str)->len;
-@@ -717,6 +721,9 @@ str_buf_cat(str, ptr, len)
- 	}
- 	RESIZE_CAPA(str, capa);
-     }
-+    if (off != -1) {
-+	ptr = RSTRING(str)->ptr + off;
-+    }
-     memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
-     RSTRING(str)->len = total;
-     RSTRING(str)->ptr[total] = '\0'; /* sentinel */

ruby-fix-autoconf-magic-code.patch

@@ -1,11 +0,0 @@
-diff -ruN ruby-1.8.4.orig/mkconfig.rb ruby-1.8.4/mkconfig.rb
---- ruby-1.8.4.orig/mkconfig.rb	2006-07-19 20:39:48.000000000 +0900
-+++ ruby-1.8.4/mkconfig.rb	2006-07-19 20:40:12.000000000 +0900
-@@ -37,6 +37,7 @@
- has_version = false
- File.foreach "config.status" do |line|
-   next if /^#/ =~ line
-+  line.gsub!(/\|#_!!_#\|/, '')
-   if /^s[%,]@program_transform_name@[%,]s,(.*)/ =~ line
-     next if $install_name
-     ptn = $1.sub(/\$\$/, '$').split(/,/)	#'

ruby.spec

@@ -1,6 +1,6 @@
 %define	rubyxver	1.8
 %define	rubyver		1.8.6
-%define _patchlevel	230
+%define _patchlevel	287
 %define dotpatchlevel	%{?_patchlevel:.%{_patchlevel}}
 %define patchlevel	%{?_patchlevel:-p%{_patchlevel}}
 %define	arcver		%{rubyver}%{?patchlevel}
@@ -12,7 +12,7 @@
 
 Name:		ruby
 Version:	%{rubyver}%{?dotpatchlevel}
-Release:	4%{?dist}
+Release:	1%{?dist}
 License:	Ruby or GPLv2
 URL:		http://www.ruby-lang.org/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -36,10 +36,6 @@ Patch21:	ruby-deprecated-sitelib-search-path.patch
 Patch22:	ruby-deprecated-search-path.patch
 Patch23:	ruby-multilib.patch
 Patch25:	ruby-1.8.6.111-gcc43.patch
-Patch26:	ruby-1.8.6.230-string-str_buf_cat.patch
-Patch27:	ruby-1.8.6.230-p238.patch
-Patch28:	ruby-1.8.6.230-p248.patch
-Patch29:	ruby-1.8.6.230-p257.patch
 
 Summary:	An interpreter of object-oriented scripting language
 Group:		Development/Languages
@@ -160,10 +156,6 @@ pushd %{name}-%{arcver}
 %patch23 -p1
 %endif
 %patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
 popd
 
 %build
@@ -520,6 +512,17 @@ rm -rf tmp-ruby-docs
 %endif
 
 %changelog
+* Sat Aug 23 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.287-1
+- New upstream release.
+- Security fixes.
+  - CVE-2008-3655: Ruby does not properly restrict access to critical
+                   variables and methods at various safe levels.
+  - CVE-2008-3656: DoS vulnerability in WEBrick.
+  - CVE-2008-3657: Lack of taintness check in dl.
+  - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
+  - CVE-2008-3443: Memory allocation failure in Ruby regex engine.
+- Remove the unnecessary backported patches.
+
 * Tue Jul  1 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.230-4
 - Backported from upstream SVN to fix a segfault issue with Array#fill.
 

sources

@@ -2,4 +2,4 @@
 d65e3a216d6d345a2a6f1aa8758c2f75  ruby-refm-rdp-1.8.1-ja-html.tar.gz
 634c25b14e19925d10af3720d72e8741  rubyfaq-990927.tar.gz
 4fcec898f51d8371cc42d0a013940469  rubyfaq-jp-990927.tar.gz
-3eceb42d4fc56398676c20a49ac7e044  ruby-1.8.6-p230.tar.bz2
+80b5f3db12531d36e6c81fac6d05dda9  ruby-1.8.6-p287.tar.bz2