- New upstream release.
- Security fixes. (#452293) - CVE-2008-1891: WEBrick CGI source disclosure. - CVE-2008-2662: Integer overflow in rb_str_buf_append(). - CVE-2008-2663: Integer overflow in rb_ary_store(). - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). - CVE-2008-2725: Integer overflow in rb_ary_splice(). - CVE-2008-2726: Integer overflow in rb_ary_splice(). - ruby-1.8.6.111-CVE-2007-5162.patch: removed.
This commit is contained in:
parent
847867517b
commit
762e6cbf33
@ -17,3 +17,4 @@ ruby-1.8.6-p36.tar.bz2
|
|||||||
ruby-1.8.6-p110.tar.bz2
|
ruby-1.8.6-p110.tar.bz2
|
||||||
ruby-1.8.6-p111.tar.bz2
|
ruby-1.8.6-p111.tar.bz2
|
||||||
ruby-1.8.6-p114.tar.bz2
|
ruby-1.8.6-p114.tar.bz2
|
||||||
|
ruby-1.8.6-p230.tar.bz2
|
||||||
|
@ -1,97 +0,0 @@
|
|||||||
diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb
|
|
||||||
--- ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb 2007-02-13 08:01:19.000000000 +0900
|
|
||||||
+++ ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb 2007-10-29 21:10:24.000000000 +0900
|
|
||||||
@@ -29,13 +29,23 @@ require 'net/ftp'
|
|
||||||
|
|
||||||
module Net
|
|
||||||
class FTPTLS < FTP
|
|
||||||
+ def connect(host, port=FTP_PORT)
|
|
||||||
+ @hostname = host
|
|
||||||
+ super
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
def login(user = "anonymous", passwd = nil, acct = nil)
|
|
||||||
+ store = OpenSSL::X509::Store.new
|
|
||||||
+ store.set_default_paths
|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
|
|
||||||
+ ctx.cert_store = store
|
|
||||||
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
||||||
ctx.key = nil
|
|
||||||
ctx.cert = nil
|
|
||||||
voidcmd("AUTH TLS")
|
|
||||||
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
|
|
||||||
@sock.connect
|
|
||||||
+ @sock.post_connection_check(@hostname)
|
|
||||||
super(user, passwd, acct)
|
|
||||||
voidcmd("PBSZ 0")
|
|
||||||
end
|
|
||||||
diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb
|
|
||||||
--- ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb 2007-02-13 08:01:19.000000000 +0900
|
|
||||||
+++ ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb 2007-10-29 21:13:03.000000000 +0900
|
|
||||||
@@ -134,6 +134,9 @@ module Net
|
|
||||||
@sock.verify_callback = @options['VerifyCallback']
|
|
||||||
@sock.verify_depth = @options['VerifyDepth']
|
|
||||||
@sock.connect
|
|
||||||
+ if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE
|
|
||||||
+ @sock.post_connection_check(@options['Host'])
|
|
||||||
+ end
|
|
||||||
@ssl = true
|
|
||||||
end
|
|
||||||
''
|
|
||||||
diff -pruN ruby-1.8.6-p111.orig/lib/net/http.rb ruby-1.8.6-p111/lib/net/http.rb
|
|
||||||
--- ruby-1.8.6-p111.orig/lib/net/http.rb 2007-09-24 17:12:24.000000000 +0900
|
|
||||||
+++ ruby-1.8.6-p111/lib/net/http.rb 2007-10-29 21:12:12.000000000 +0900
|
|
||||||
@@ -470,7 +470,6 @@ module Net #:nodoc:
|
|
||||||
@debug_output = nil
|
|
||||||
@use_ssl = false
|
|
||||||
@ssl_context = nil
|
|
||||||
- @enable_post_connection_check = false
|
|
||||||
end
|
|
||||||
|
|
||||||
def inspect
|
|
||||||
@@ -527,9 +526,6 @@ module Net #:nodoc:
|
|
||||||
false # redefined in net/https
|
|
||||||
end
|
|
||||||
|
|
||||||
- # specify enabling SSL server certificate and hostname checking.
|
|
||||||
- attr_accessor :enable_post_connection_check
|
|
||||||
-
|
|
||||||
# Opens TCP connection and HTTP session.
|
|
||||||
#
|
|
||||||
# When this method is called with block, gives a HTTP object
|
|
||||||
@@ -589,12 +585,7 @@ module Net #:nodoc:
|
|
||||||
end
|
|
||||||
s.connect
|
|
||||||
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
|
||||||
- begin
|
|
||||||
- s.post_connection_check(@address)
|
|
||||||
- rescue OpenSSL::SSL::SSLError => ex
|
|
||||||
- raise ex if @enable_post_connection_check
|
|
||||||
- warn ex.message
|
|
||||||
- end
|
|
||||||
+ s.post_connection_check(@address)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
on_connect
|
|
||||||
diff -pruN ruby-1.8.6-p111.orig/lib/net/imap.rb ruby-1.8.6-p111/lib/net/imap.rb
|
|
||||||
--- ruby-1.8.6-p111.orig/lib/net/imap.rb 2007-08-22 08:28:09.000000000 +0900
|
|
||||||
+++ ruby-1.8.6-p111/lib/net/imap.rb 2007-10-29 21:14:38.000000000 +0900
|
|
||||||
@@ -900,6 +900,7 @@ module Net
|
|
||||||
end
|
|
||||||
@sock = SSLSocket.new(@sock, context)
|
|
||||||
@sock.connect # start ssl session.
|
|
||||||
+ @sock.post_connection_check(@host) if verify
|
|
||||||
else
|
|
||||||
@usessl = false
|
|
||||||
end
|
|
||||||
diff -pruN ruby-1.8.6-p111.orig/lib/open-uri.rb ruby-1.8.6-p111/lib/open-uri.rb
|
|
||||||
--- ruby-1.8.6-p111.orig/lib/open-uri.rb 2007-09-24 17:12:24.000000000 +0900
|
|
||||||
+++ ruby-1.8.6-p111/lib/open-uri.rb 2007-10-29 21:16:03.000000000 +0900
|
|
||||||
@@ -229,7 +229,6 @@ module OpenURI
|
|
||||||
if target.class == URI::HTTPS
|
|
||||||
require 'net/https'
|
|
||||||
http.use_ssl = true
|
|
||||||
- http.enable_post_connection_check = true
|
|
||||||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
||||||
store = OpenSSL::X509::Store.new
|
|
||||||
store.set_default_paths
|
|
15
ruby.spec
15
ruby.spec
@ -1,6 +1,6 @@
|
|||||||
%define rubyxver 1.8
|
%define rubyxver 1.8
|
||||||
%define rubyver 1.8.6
|
%define rubyver 1.8.6
|
||||||
%define _patchlevel 114
|
%define _patchlevel 230
|
||||||
%define dotpatchlevel %{?_patchlevel:.%{_patchlevel}}
|
%define dotpatchlevel %{?_patchlevel:.%{_patchlevel}}
|
||||||
%define patchlevel %{?_patchlevel:-p%{_patchlevel}}
|
%define patchlevel %{?_patchlevel:-p%{_patchlevel}}
|
||||||
%define arcver %{rubyver}%{?patchlevel}
|
%define arcver %{rubyver}%{?patchlevel}
|
||||||
@ -35,7 +35,6 @@ Patch20: ruby-rubyprefix.patch
|
|||||||
Patch21: ruby-deprecated-sitelib-search-path.patch
|
Patch21: ruby-deprecated-sitelib-search-path.patch
|
||||||
Patch22: ruby-deprecated-search-path.patch
|
Patch22: ruby-deprecated-search-path.patch
|
||||||
Patch23: ruby-multilib.patch
|
Patch23: ruby-multilib.patch
|
||||||
Patch24: ruby-1.8.6.111-CVE-2007-5162.patch
|
|
||||||
Patch25: ruby-1.8.6.111-gcc43.patch
|
Patch25: ruby-1.8.6.111-gcc43.patch
|
||||||
|
|
||||||
Summary: An interpreter of object-oriented scripting language
|
Summary: An interpreter of object-oriented scripting language
|
||||||
@ -156,7 +155,6 @@ pushd %{name}-%{arcver}
|
|||||||
%patch22 -p1
|
%patch22 -p1
|
||||||
%patch23 -p1
|
%patch23 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch24 -p1
|
|
||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
popd
|
popd
|
||||||
|
|
||||||
@ -514,6 +512,17 @@ rm -rf tmp-ruby-docs
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 24 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.230-1
|
||||||
|
- New upstream release.
|
||||||
|
- Security fixes. (#452293)
|
||||||
|
- CVE-2008-1891: WEBrick CGI source disclosure.
|
||||||
|
- CVE-2008-2662: Integer overflow in rb_str_buf_append().
|
||||||
|
- CVE-2008-2663: Integer overflow in rb_ary_store().
|
||||||
|
- CVE-2008-2664: Unsafe use of alloca in rb_str_format().
|
||||||
|
- CVE-2008-2725: Integer overflow in rb_ary_splice().
|
||||||
|
- CVE-2008-2726: Integer overflow in rb_ary_splice().
|
||||||
|
- ruby-1.8.6.111-CVE-2007-5162.patch: removed.
|
||||||
|
|
||||||
* Tue Mar 4 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.114-1
|
* Tue Mar 4 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.114-1
|
||||||
- Security fix for CVE-2008-1145.
|
- Security fix for CVE-2008-1145.
|
||||||
- Improve a spec file. (#226381)
|
- Improve a spec file. (#226381)
|
||||||
|
2
sources
2
sources
@ -2,4 +2,4 @@
|
|||||||
d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz
|
d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz
|
||||||
634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz
|
634c25b14e19925d10af3720d72e8741 rubyfaq-990927.tar.gz
|
||||||
4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz
|
4fcec898f51d8371cc42d0a013940469 rubyfaq-jp-990927.tar.gz
|
||||||
b4d0c74497f684814bcfbb41b7384a71 ruby-1.8.6-p114.tar.bz2
|
3eceb42d4fc56398676c20a49ac7e044 ruby-1.8.6-p230.tar.bz2
|
||||||
|
Loading…
Reference in New Issue
Block a user