Hello community, here is the log from the commit of package ruby for openSUSE:11.4 checked in at Tue May 17 18:53:53 CEST 2011.
-------- --- old-versions/11.4/all/ruby/ruby.changes 2011-02-22 17:58:56.000000000 +0100 +++ 11.4/ruby/ruby.changes 2011-05-17 18:43:20.000000000 +0200 @@ -1,0 +2,7 @@ +Thu May 12 16:24:34 UTC 2011 - [email protected] + +- added ruby-1.8.x_bigdecimal_memory_corruption.patch: + dont cast parameter to unsigned int in the alloc and later memset + the original value. (bnc#682287) CVE-2011-0188 + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/ruby Destination is old-versions/11.4/UPDATES/all/ruby calling whatdependson for 11.4-i586 Old: ---- ruby-1.8.7.p299_webrick_error_page_encoding.patch New: ---- ruby-1.8.x_bigdecimal_memory_corruption.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby.spec ++++++ --- /var/tmp/diff_new_pack.v6usU3/_old 2011-05-17 18:53:32.000000000 +0200 +++ /var/tmp/diff_new_pack.v6usU3/_new 2011-05-17 18:53:32.000000000 +0200 @@ -20,7 +20,7 @@ Name: ruby Version: 1.8.7.p334 -Release: 1.<RELEASE2> +Release: 1.<RELEASE4> # %define pkg_version 1.8.7 %define patch_level p334 @@ -70,8 +70,7 @@ Patch11: ruby-1.8.x_yaml2byte.patch Patch12: 1887f60a8540f64f5c7bb14d57c0be70506941b8.patch Patch13: ruby-1.8.7.p334_remove_zlib_test_params_test.patch -# need to discuss with sec team which encoding is better -Patch14: ruby-1.8.7.p299_webrick_error_page_encoding.patch +Patch14: ruby-1.8.x_bigdecimal_memory_corruption.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Source3: site-specific.rb @@ -259,6 +258,7 @@ %patch11 %patch12 %patch13 +%patch14 %if 0%{?with_bleak_house} for patch in valgrind configure gc ; do patch -p0 < bleak_house-%{bleak_house_version}/ruby/${patch}.patch ++++++ ruby-1.8.x_bigdecimal_memory_corruption.patch ++++++ Index: ext/bigdecimal/bigdecimal.c =================================================================== --- ext/bigdecimal/bigdecimal.c.orig 2011-05-10 14:14:48.000000000 +0200 +++ ext/bigdecimal/bigdecimal.c 2011-05-10 14:18:53.602468960 +0200 @@ -2026,11 +2026,11 @@ static int gnAlloc=0; /* Memory allocati VP_EXPORT void * VpMemAlloc(U_LONG mb) { - void *p = xmalloc((unsigned int)mb); + void *p = xmalloc(mb); if(!p) { VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1); } - memset(p,0,mb); + memset(p, 0, mb); #ifdef _DEBUG gnAlloc++; /* Count allocation call */ #endif /* _DEBUG */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
