Hello community, here is the log from the commit of package ruby19.1837 for openSUSE:12.2:Update checked in at 2013-07-11 07:04:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/ruby19.1837 (Old) and /work/SRC/openSUSE:12.2:Update/.ruby19.1837.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby19.1837" Changes: -------- New Changes file: --- /dev/null 2013-07-10 19:42:08.835707958 +0200 +++ /work/SRC/openSUSE:12.2:Update/.ruby19.1837.new/ruby19.changes 2013-07-11 07:04:38.000000000 +0200 @@ -0,0 +1,310 @@ +------------------------------------------------------------------- +Tue Jul 2 14:24:40 UTC 2013 - [email protected] + +- fix cve-2013-4073 (bnc#827265) + The fix_cve-2013-4073.patch contains the patch for + cve-2013-4073 (bnc#827265) adapted from + https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 + +------------------------------------------------------------------- +Mon Mar 25 17:49:36 UTC 2013 - [email protected] + +- update to 1.9.3 p392 (bnc#808137 bnc#803342) + - update json intree to 1.5.5: + Denial of Service and Unsafe Object Creation Vulnerability in + JSON CVE-2013-0269 + - limit entity expansion text limit to 10kB CVE-2013-1821 + - get rid of a SEGV when calling rb_iter_break() from some + extention libraries. + - some warning suppressed and smaller fixes + +------------------------------------------------------------------- +Fri Feb 8 13:49:33 UTC 2013 - [email protected] + +- restore the old ruby macros and the gem wrapper script + +------------------------------------------------------------------- +Wed Feb 6 16:27:34 UTC 2013 - [email protected] + +- update to 1.9.3 p385 (bnc#802406) + XSS exploit of RDoc documentation generated by rdoc + (CVE-2013-0256) + + for other changes see /usr/share/doc/packages/ruby19/Changelog + +------------------------------------------------------------------- +Mon Feb 4 09:32:50 UTC 2013 - [email protected] + +- Replace bind_stack.patch with upstream patch (bnc#796757) + (thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch) + * thread_pthread.c (ruby_init_stack): ignore `STACK_END_ADDRESS' + if Ruby interpreter is running on co-routine. + +------------------------------------------------------------------- +Tue Jan 8 20:35:50 UTC 2013 - [email protected] + +- readd the private header *atomic.h + +------------------------------------------------------------------- +Fri Jan 4 13:33:09 UTC 2013 - [email protected] + +- added bind_stack.patch: (bnc#796757) + Fixes stack boundary issues when embedding Ruby into + threaded C code (Ruby bug #2294) + +------------------------------------------------------------------- +Sun Dec 30 11:51:20 UTC 2012 - [email protected] + +- update to 1.9.3 p362 + * many bug fixes. + +------------------------------------------------------------------- +Tue Nov 13 14:09:45 UTC 2012 - [email protected] + +- update to 1.9.3 p327 (bnc#789983) + CVE-2012-5371 and plenty of other fixes + +------------------------------------------------------------------- +Tue Nov 6 05:31:47 UTC 2012 - [email protected] + +- make sure the rdoc output is more stable for build-compare + (new patch ruby-sort-rdoc-output.patch) + +------------------------------------------------------------------- +Sat Nov 3 08:12:18 UTC 2012 - [email protected] + +- update to 1.9.3 p286 (bnc#783511, bnc#791199) + This release includes some security fixes, and many other bug fixes. + + $SAFE escaping vulnerability about Exception#to_s / NameError#to_s + (CVE-2012-4464, CVE-2012-4466) + Unintentional file creation caused by inserting an illegal NUL character + many other bug fixes. (CVE-2012-4522) + + See Changelog for the complete set +- remove ruby-1.8.7_safe_level_bypass.patch as it's upstream + +------------------------------------------------------------------- +Fri Oct 26 14:27:36 UTC 2012 - [email protected] + +- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783511) + Fixes a SAFE_LEVEL bypass in name_err_to_s and exc_to_s. + CVE-2012-4464 + +------------------------------------------------------------------- +Thu Oct 18 10:10:55 UTC 2012 - [email protected] + +- remove build depencency on ca certificates - only causing cycles + +------------------------------------------------------------------- +Thu Sep 13 05:04:39 UTC 2012 - [email protected] + +- one more header needed for rubygem-ruby-debug-base19 + +------------------------------------------------------------------- +Fri Sep 7 11:08:42 UTC 2012 - [email protected] + +- install vm_core.h and its dependencies as ruby-devel-extra + +------------------------------------------------------------------- +Wed Aug 1 11:54:11 UTC 2012 - [email protected] + +- move the provides to the ruby package instead + +------------------------------------------------------------------- +Fri Jul 27 07:22:48 UTC 2012 - [email protected] + +- add provides for the internal gems + +------------------------------------------------------------------- +Thu Jul 26 09:52:41 UTC 2012 - [email protected] + +- fix macros + +------------------------------------------------------------------- +Mon Jul 9 05:20:30 UTC 2012 - [email protected] + +- gem_install_wrapper no longer necessary + +------------------------------------------------------------------- +Mon Jun 4 11:03:08 UTC 2012 - [email protected] + +- Add patch to export ruby_init_prelude, ruby bug #5174 + +------------------------------------------------------------------- +Fri May 11 10:03:11 UTC 2012 - [email protected] + +- there is no obvious use for the vim buildrequires and it's causing + a build cycle (because vim really requires ruby) - so remove it + +------------------------------------------------------------------- +Fri May 11 05:02:13 UTC 2012 - [email protected] + +- rubygem-rake is still named like this + +------------------------------------------------------------------- +Thu May 10 18:35:48 UTC 2012 - [email protected] + +- update to 1.9.3 p194 + - update rubygems to 1.8.23 to verify ssl certificates + - other bug fixes + +------------------------------------------------------------------- +Tue May 8 11:37:06 UTC 2012 - [email protected] + +- readd the requires on ruby-common to fix gems suffix + +------------------------------------------------------------------- +Sun Mar 11 18:21:23 UTC 2012 - [email protected] + +- let gems of 1.9 install bins without suffix + +------------------------------------------------------------------- +Fri Mar 9 07:20:21 UTC 2012 - [email protected] + +- remove provides for ruby and ruby-devel, only generates conflicts + with wrapper package + +------------------------------------------------------------------- +Wed Mar 7 15:45:53 UTC 2012 - [email protected] + +- update license: + Ruby is licensed under BSD 2 Clause or Ruby License now. + +------------------------------------------------------------------- +Wed Mar 7 15:09:46 UTC 2012 - [email protected] + +- update to 1.9.3 p125 + - Fix for Ruby OpenSSL module: Allow "0/n splitting" as a + prevention for the TLS BEAST attack + - Fixed: LLVM/clang support [Bug #5076] + - Fixed: GCC 4.7 support [Bug #5851] + - other bug fixes + +------------------------------------------------------------------- +Mon Oct 31 16:27:48 UTC 2011 - [email protected] + +- update to 1.9.3 preview 0 + +------------------------------------------------------------------- +Mon Jul 18 15:36:36 UTC 2011 - [email protected] + +- override rb_arch macro from the rpm in the spec file + rb_arch in rpm is still using host_cpu instead of target_cpu. for + older distros we will need the override anyway. this allows us to + reduce the sed part in the marco to just ppc/powerpc. +- related to the first change: + pass --target={_target_platform} to configure (we used to do that ++++ 113 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.ruby19.1837.new/ruby19.changes New: ---- fix_cve-2013-4073.patch gem_install_wrapper.sh ruby-1.8.7_safe_level_bypass.patch ruby-1.9.2p290_tcl_no_stupid_rpaths.patch ruby-1.9.3-p392.tar.bz2 ruby-sort-rdoc-output.patch ruby19-export_init_prelude.patch ruby19-rpmlintrc ruby19.changes ruby19.macros ruby19.spec rubygems-1.5.0_buildroot.patch thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby19.spec ++++++ # # spec file for package ruby19 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ruby19 Version: 1.9.3.p392 Release: 0 # %define pkg_version 1.9.3 %define patch_level p392 # keep in sync with macro file! %define rb_binary_suffix 1.9 %define rb_ver 1.9.1 %define rb_arch %(echo %{_target_cpu}-linux | sed -e "s/ppc/powerpc/") %define rb_libdir %{_libdir}/ruby/%{rb_ver}/ %define rb_archdir %{_libdir}/ruby/%{rb_ver}/%{rb_arch} # keep in sync with macro file! # %if 0%{?suse_version} == 1100 %define needs_optimization_zero 1 %endif # from valgrind.spec %ifarch %ix86 x86_64 ppc ppc64 %define use_valgrind 1 %endif %define run_tests 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gdbm-devel BuildRequires: libffi-devel BuildRequires: libyaml-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: tk-devel BuildRequires: zlib-devel # this requires is needed as distros older than 11.3 have a buildignore on freetype2, without this the detection of the tk extension fails BuildRequires: freetype2-devel %if 0%{?suse_version} > 1010 BuildRequires: xorg-x11-libX11-devel %else BuildRequires: xorg-x11-devel %endif %if 0%{?use_valgrind} %if 0%{?suse_version} > 1020 BuildRequires: valgrind-devel %else BuildRequires: valgrind %endif %endif # Provides: rubygem-rake = 0.9.2.2 Provides: ruby(abi) = %{rb_ver} # Url: http://www.ruby-lang.org/ Source: ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-%{pkg_version}-%{patch_level}.tar.bz2 Source6: ruby19.macros Source7: gem_install_wrapper.sh Patch: rubygems-1.5.0_buildroot.patch Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch Patch2: ruby19-export_init_prelude.patch Patch3: ruby-sort-rdoc-output.patch # PATCH-KNOWN-UPSTREAM: http://bugs.ruby-lang.org/issues/show/2294, bnc#796757, [email protected] Patch4: thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch Patch5: fix_cve-2013-4073.patch # Summary: An Interpreted Object-Oriented Scripting Language License: BSD-2-Clause or Ruby Group: Development/Languages/Ruby %description Ruby is an interpreted scripting language for quick and easy object-oriented programming. It has many features for processing text files and performing system management tasks (as in Perl). It is simple, straight-forward, and extensible. * Ruby features: - Simple Syntax - *Normal* Object-Oriented features (class, method calls, for example) - *Advanced* Object-Oriented features(Mix-in, Singleton-method, for example) - Operator Overloading - Exception Handling - Iterators and Closures - Garbage Collection - Dynamic Loading of Object Files (on some architectures) - Highly Portable (works on many UNIX machines; DOS, Windows, Mac, BeOS, and more) %package devel Summary: Development files to link against Ruby Group: Development/Languages/Ruby Requires: %{name} = %{version} Provides: rubygems19 = 1.3.7 Provides: rubygems19_with_buildroot_patch Requires: ruby-common %description devel Development files to link against Ruby. %package devel-extra Summary: Special development files of ruby, normally not installed Group: Development/Languages/Ruby Requires: %{name}-devel = %{version} %description devel-extra Development files to link against Ruby. %package tk Summary: TCL/TK bindings for Ruby Group: Development/Languages/Ruby Requires: %{name} = %{version} %description tk TCL/TK bindings for Ruby %package doc-ri Summary: Ruby Interactive Documentation Group: Development/Languages/Ruby Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc-ri This package contains the RI docs for ruby %package doc-html Summary: This package contains the HTML docs for ruby Group: Development/Languages/Ruby Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc-html This package contains the HTML docs for ruby %package examples Summary: Example scripts for ruby Group: Development/Languages/Ruby Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description examples Example scripts for ruby %package test-suite Requires: %{name} = %{version} Summary: An Interpreted Object-Oriented Scripting Language Group: Development/Languages/Ruby %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description test-suite Ruby is an interpreted scripting language for quick and easy object-oriented programming. It has many features for processing text files and performing system management tasks (as in Perl). It is simple, straight-forward, and extensible. * Ruby features: - Simple Syntax - *Normal* Object-Oriented features (class, method calls, for example) - *Advanced* Object-Oriented features(Mix-in, Singleton-method, for example) - Operator Overloading - Exception Handling - Iterators and Closures - Garbage Collection - Dynamic Loading of Object Files (on some architectures) - Highly Portable (works on many UNIX machines; DOS, Windows, Mac, BeOS, and more) %prep %setup -q -n ruby-%{pkg_version}-%{patch_level} %patch %patch1 %patch2 -p1 %patch3 -p1 %patch4 %patch5 -p1 %if 0%{?needs_optimization_zero} touch -r configure configure.timestamp perl -p -i.bak -e 's|-O2|-O0|g' configure diff -urN configure{.bak,} ||: touch -r configure.timestamp configure %endif find sample -type f -print0 | xargs -r0 chmod a-x grep -Erl '^#! */' benchmark bootstraptest ext lib sample test \ | xargs -r perl -p -i -e 's|^#!\s*\S+(\s+.*)?$|#!/usr/bin/ruby1.9$1|' %build %if 0%{?needs_optimization_zero} export CFLAGS="%{optflags}" export CFLAGS="${CFLAGS//-O2/}" export CXXFLAGS="$CFLAGS" export FFLAGS="$CFLAGS" %endif %configure \ --program-suffix=%{rb_binary_suffix} \ --with-soname=ruby%{rb_binary_suffix} \ --target=%{_target_platform} \ %if 0%{?use_valgrind} --with-valgrind \ %endif --with-mantype=man \ --enable-shared \ --disable-static \ --disable-rpath %{__make} all V=1 %install %makeinstall V=1 %{__install} -D -m 0644 %{S:6} %{buildroot}/etc/rpm/macros.ruby19 %{__install} -D -m 0755 %{S:7} %{buildroot}/usr/lib/rpm/gem_install_wrapper.sh echo "%defattr(-,root,root,-)" > devel-extra-excludes echo "%defattr(-,root,root,-)" > devel-extra-list for i in iseq.h insns.inc insns_info.inc revision.h version.h thread_pthread.h \ ruby_atomic.h method.h id.h vm_core.h vm_opts.h node.h debug.h eval_intern.h; do install -m 644 $i %{buildroot}%{_includedir}/ruby-%{rb_ver}/ echo "%exclude %{_includedir}/ruby-%{rb_ver}/$i" >> devel-extra-excludes echo "%{_includedir}/ruby-%{rb_ver}/$i" >> devel-extra-list done %if 0%{?run_tests} %check export LD_LIBRARY_PATH="$PWD" # we know some tests will fail when they do not find a /usr/bin/ruby make check V=1 ||: %endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root,-) %config(noreplace) /etc/rpm/macros.ruby19 %{_bindir}/erb%{rb_binary_suffix} %{_bindir}/gem%{rb_binary_suffix} %{_bindir}/irb%{rb_binary_suffix} %{_bindir}/rake%{rb_binary_suffix} %{_bindir}/rdoc%{rb_binary_suffix} %{_bindir}/ri%{rb_binary_suffix} %{_bindir}/ruby%{rb_binary_suffix} %{_bindir}/testrb%{rb_binary_suffix} %{_libdir}/libruby%{rb_binary_suffix}.so.1.9* %{_libdir}/ruby/ /usr/lib/rpm/gem_install_wrapper.sh %exclude %{rb_libdir}/multi-tk.rb %exclude %{rb_libdir}/remote-tk.rb %exclude %{rb_libdir}/tcltk.rb %exclude %{rb_libdir}/tk*.rb %exclude %{rb_libdir}/tk/ %exclude %{rb_libdir}/tkextlib/ %exclude %{rb_archdir}/tcltklib.so %exclude %{rb_archdir}/tkutil.so %{_mandir}/man1/ri%{rb_binary_suffix}.1* %{_mandir}/man1/irb%{rb_binary_suffix}.1* %{_mandir}/man1/erb%{rb_binary_suffix}.1* %{_mandir}/man1/rake%{rb_binary_suffix}.1* %{_mandir}/man1/ruby%{rb_binary_suffix}.1* %doc ChangeLog COPYING COPYING.ja GPL KNOWNBUGS.rb LEGAL NEWS README README.EXT README.EXT.ja README.ja ToDo doc/* sample/ %files devel -f devel-extra-excludes %defattr(-,root,root,-) %{_includedir}/ruby-%{rb_ver} %{_libdir}/libruby%{rb_binary_suffix}.so %{_libdir}/libruby%{rb_binary_suffix}-static.a %{_libdir}/pkgconfig/ruby-1.9.pc %files devel-extra -f devel-extra-list %files tk %defattr(-,root,root,-) %{rb_libdir}/multi-tk.rb %{rb_libdir}/remote-tk.rb %{rb_libdir}/tcltk.rb %{rb_libdir}/tk*.rb %{rb_libdir}/tk/ %{rb_libdir}/tkextlib/ %{rb_archdir}/tcltklib.so %{rb_archdir}/tkutil.so %files doc-ri %defattr(-,root,root,-) %dir %{_datadir}/ri/ %{_datadir}/ri/%{rb_ver}/ %changelog ++++++ fix_cve-2013-4073.patch ++++++ diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb index c70b5b8..356d4e8 100644 --- a/ext/openssl/lib/openssl/ssl-internal.rb +++ b/ext/openssl/lib/openssl/ssl-internal.rb @@ -88,14 +88,22 @@ module OpenSSL should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name + id, ostr = OpenSSL::ASN1.decode(ext.to_der).value + sequence = OpenSSL::ASN1.decode(ostr.value) + sequence.value.each{|san| + case san.tag + when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+") return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name + when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false - return true if $1 == hostname + # follows GENERAL_NAME_print() in x509v3/v3_alt.c + if san.value.size == 4 + return true if san.value.unpack('C*').join('.') == hostname + elsif san.value.size == 16 + return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname + end end } } diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index cf0f1b7..58493bf 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -351,6 +351,28 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_verify_certificate_identity + # creating NULL byte SAN certificate + ef = OpenSSL::X509::ExtensionFactory.new + cert = OpenSSL::X509::Certificate.new + cert.subject = OpenSSL::X509::Name.parse "/DC=some/DC=site/CN=Some Site" + ext = ef.create_ext('subjectAltName', 'DNS:placeholder,IP:192.168.7.1,IP:13::17') + ext_asn1 = OpenSSL::ASN1.decode(ext.to_der) + san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo } + san_list_asn1 = OpenSSL::ASN1.decode(san_list_der) + san_list_asn1.value[0].value = 'www.example.com\0.evil.com' + ext_asn1.value[1].value = san_list_asn1.to_der + real_ext = OpenSSL::X509::Extension.new ext_asn1 + cert.add_extension(real_ext) + + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17')) + end + def test_tlsext_hostname return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname) ++++++ gem_install_wrapper.sh ++++++ #! /bin/sh set -e /usr/bin/gem1.9 install --verbose --local --build-root=$RPM_BUILD_ROOT "$@" if test -d $RPM_BUILD_ROOT/usr/bin; then cd $RPM_BUILD_ROOT/usr/bin bins=`ls -1 *1.9 2> /dev/null` if test -n "$bins"; then for bin in $bins; do mv -v $bin $(echo "$bin" | sed -e 's,1.9$,,') done fi fi ++++++ ruby-1.8.7_safe_level_bypass.patch ++++++ Index: error.c =================================================================== --- error.c.orig 2012-02-25 13:32:19.000000000 +0100 +++ error.c 2012-10-26 13:03:11.760708214 +0200 @@ -569,7 +569,6 @@ exc_to_s(VALUE exc) if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); r = rb_String(mesg); - OBJ_INFECT(r, exc); return r; } @@ -853,11 +852,7 @@ name_err_to_s(VALUE exc) if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); StringValue(str); - if (str != mesg) { - rb_iv_set(exc, "mesg", mesg = str); - } - OBJ_INFECT(mesg, exc); - return mesg; + return str; } /* @@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj) args[2] = d; mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args); } - OBJ_INFECT(mesg, obj); return mesg; } Index: test/ruby/test_exception.rb =================================================================== --- test/ruby/test_exception.rb.orig 2012-02-08 01:44:05.000000000 +0100 +++ test/ruby/test_exception.rb 2012-10-26 13:03:11.761708215 +0200 @@ -333,4 +333,54 @@ end.join load(t.path) end end + + def test_to_s_taintness_propagation + for exc in [Exception, NameError] + m = "abcdefg" + e = exc.new(m) + e.taint + s = e.to_s + assert_equal(false, m.tainted?, + "#{exc}#to_s should not propagate taintness") + assert_equal(false, s.tainted?, + "#{exc}#to_s should not propagate taintness") + end + + o = Object.new + def o.to_str + "foo" + end + o.taint + e = NameError.new(o) + s = e.to_s + assert_equal(false, s.tainted?) + end + + def test_exception_to_s_should_not_propagate_untrustedness + favorite_lang = "Ruby" + + for exc in [Exception, NameError] + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + exc.new(favorite_lang).to_s + favorite_lang.replace("Python") + }.call + end + end + + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + o = Object.new + o.singleton_class.send(:define_method, :to_str) { + favorite_lang + } + NameError.new(o).to_s + favorite_lang.replace("Python") + }.call + end + + assert_equal("Ruby", favorite_lang) + end end ++++++ ruby-1.9.2p290_tcl_no_stupid_rpaths.patch ++++++ Index: ext/tk/extconf.rb =================================================================== --- ext/tk/extconf.rb.orig +++ ext/tk/extconf.rb @@ -215,9 +215,7 @@ def get_shlib_path_head else [ - '/opt', '/pkg', '/share', - '/usr/local/opt', '/usr/local/pkg', '/usr/local/share', '/usr/local', - '/usr/opt', '/usr/pkg', '/usr/share', '/usr/contrib', '/usr' + '/usr' ].each{|dir| next unless File.directory?(dir) ++++++ ruby-sort-rdoc-output.patch ++++++ Index: ruby-1.9.3-p194/lib/rdoc/generator/template/darkfish/classpage.rhtml =================================================================== --- ruby-1.9.3-p194.orig/lib/rdoc/generator/template/darkfish/classpage.rhtml +++ ruby-1.9.3-p194/lib/rdoc/generator/template/darkfish/classpage.rhtml @@ -33,7 +33,7 @@ <h3 class="section-header">In Files</h3> <div class="section-body"> <ul> - <% klass.in_files.each do |tl| %> + <% klass.in_files.sort.each do |tl| %> <li><a href="<%= rel_prefix %>/<%= h tl.path %>?TB_iframe=true&height=550&width=785" class="thickbox" title="<%= h tl.absolute_name %>"><%= h tl.absolute_name %></a></li> <% end %> Index: ruby-1.9.3-p194/lib/rdoc/stats.rb =================================================================== --- ruby-1.9.3-p194.orig/lib/rdoc/stats.rb +++ ruby-1.9.3-p194/lib/rdoc/stats.rb @@ -288,7 +288,7 @@ class RDoc::Stats else report << '# in files:' - cm.in_files.each do |file| + cm.in_files.sort.each do |file| report << "# #{file.full_name}" end ++++++ ruby19-export_init_prelude.patch ++++++ Index: ruby-1.9.3-p194/include/ruby/ruby.h =================================================================== --- ruby-1.9.3-p194.orig/include/ruby/ruby.h +++ ruby-1.9.3-p194/include/ruby/ruby.h @@ -1225,6 +1225,7 @@ void ruby_init_stack(volatile VALUE*); VALUE variable_in_this_stack_frame; \ ruby_init_stack(&variable_in_this_stack_frame); void ruby_init(void); +void ruby_init_prelude(void); void *ruby_options(int, char**); int ruby_run_node(void *); int ruby_exec_node(void *); Index: ruby-1.9.3-p194/ruby.c =================================================================== --- ruby-1.9.3-p194.orig/ruby.c +++ ruby-1.9.3-p194/ruby.c @@ -1091,7 +1091,7 @@ proc_options(long argc, char **argv, str return argc0 - argc; } -static void +void ruby_init_prelude(void) { Init_prelude(); ++++++ ruby19-rpmlintrc ++++++ addFilter("files-duplicate /usr/share/ri/.*") addFilter("unexpanded-macro /usr/share/ri/.*") ++++++ ruby19.macros ++++++ %rb19_binary /usr/bin/ruby1.9 %gem19_binary /usr/bin/gem1.9 %rb19_arch %(%{rb19_binary} -e 'print RUBY_PLATFORM') %rb19_ver %(%{rb19_binary} -r rbconfig -e 'print RbConfig::CONFIG["ruby_version"]') # #rb19_dir %{_libdir}/ruby/ #rb19_libdir %{_libdir}/ruby/%{rb19_ver}/ #rb19_archdir %{_libdir}/ruby/%{rb19_ver}/%{rb19_arch} # #rb19_sitedir %{_libdir}/ruby/site_ruby #rb19_sitelib %{rb19_sitedir}/%{rb19_ver} #rb19_sitearch %{rb19_sitedir}/%{rb19_ver}/%{rb19_arch} # #rb19_vendordir %{_libdir}/ruby/vendor_ruby #rb19_vendorlib %{rb19_vendordir}/%{rb19_ver} #rb19_vendorarch %{rb19_vendordir}/%{rb19_ver}/%{rb19_arch} ## Base # "rubylibprefix"=>"/usr/lib64/ruby", %rb19_dir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["rubylibprefix"]' ) # "rubylibdir" =>"/usr/lib64/ruby/1.9.1", %rb19_libdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["rubylibdir"]' ) # "archdir" =>"/usr/lib64/ruby/1.9.1/x86_64-linux", %rb19_archdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["archdir"]' ) ## Site # "sitedir" =>"/usr/lib64/ruby/site_ruby", %rb19_sitedir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["sitedir"]' ) # "sitelibdir" =>"/usr/lib64/ruby/site_ruby/1.9.1", %rb19_sitelibdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["sitelibdir"]' ) # "sitearchdir" =>"/usr/lib64/ruby/site_ruby/1.9.1/x86_64-linux", %rb19_sitearchdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["sitearchdir"]' ) ## Vendor # "vendordir" =>"/usr/lib64/ruby/vendor_ruby", %rb19_vendordir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["vendordir"]' ) # "vendorlibdir" =>"/usr/lib64/ruby/vendor_ruby/1.9.1", %rb19_vendorlibdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["vendorlibdir"]' ) # "vendorarchdir" =>"/usr/lib64/ruby/vendor_ruby/1.9.1/x86_64-linux", %rb19_vendorarchdir %(%{rb19_binary} -rrbconfig -e 'puts RbConfig::CONFIG["vendorarchdir"]' ) %gem19_install /usr/lib/rpm/gem_install_wrapper.sh %gem19_cleanup /usr/bin/gem_build_cleanup %{buildroot}%{_libdir}/ruby/gems/%{rb19_ver}/gems/%{mod_name}-%{version}/ %rubygems19_requires() \ %if 0%{?suse_version} > 1100 \ %{requires_ge ruby19} \ %else \ %{requires_eq ruby19} \ %endif ++++++ rubygems-1.5.0_buildroot.patch ++++++ Index: lib/rubygems/dependency_installer.rb =================================================================== --- lib/rubygems/dependency_installer.rb.orig +++ lib/rubygems/dependency_installer.rb @@ -69,6 +69,7 @@ class Gem::DependencyInstaller @installed_gems = [] @install_dir = options[:install_dir] || Gem.dir + @build_root = options[:build_root] @cache_dir = options[:cache_dir] || @install_dir # Set with any errors that SpecFetcher finds while search through @@ -290,6 +291,7 @@ class Gem::DependencyInstaller :format_executable => @format_executable, :ignore_dependencies => @ignore_dependencies, :install_dir => @install_dir, + :build_root => @build_root, :security_policy => @security_policy, :user_install => @user_install, :wrappers => @wrappers Index: lib/rubygems/installer.rb =================================================================== --- lib/rubygems/installer.rb.orig +++ lib/rubygems/installer.rb @@ -427,9 +427,18 @@ class Gem::Installer @wrappers = options[:wrappers] @bin_dir = options[:bin_dir] @development = options[:development] + @build_root = options[:build_root] raise "NOTE: Installer option :source_index is dead" if options[:source_index] + + unless @build_root.nil? + require 'pathname' + @build_root = Pathname.new(@build_root).expand_path + @bin_dir = File.join(@build_root, options[:bin_dir] || Gem.bindir(@gem_home)) + @gem_home = File.join(@build_root,@gem_home) + alert_warning "You build with buildroot.\n Build root: #{@build_root}\n Bin dir: #{@bin_dir}\n Gem home: #{@gem_home}" + end end def check_that_user_bin_dir_is_in_path Index: lib/rubygems/install_update_options.rb =================================================================== --- lib/rubygems/install_update_options.rb.orig +++ lib/rubygems/install_update_options.rb @@ -44,6 +44,12 @@ module Gem::InstallUpdateOptions options[:bin_dir] = File.expand_path(value) end + add_option(:"Install/Update", '--build-root DIR', + 'Temporary installation root. Useful for building', + 'packages. Do not use this when installing remote gems.') do |value, options| + options[:build_root] = File.expand_path(value) + end + add_option(:"Install/Update", '-d', '--[no-]rdoc', 'Generate RDoc documentation for the gem on', 'install') do |value, options| ++++++ thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.patch ++++++ Index: thread_pthread.c =================================================================== --- thread_pthread.c.orig 2013-01-15 08:30:52.000000000 +0100 +++ thread_pthread.c 2013-02-21 15:39:28.075335952 +0100 @@ -594,6 +594,27 @@ ruby_init_stack(volatile VALUE *addr #endif native_main_thread.stack_maxsize = size - space; } + + /* If addr is out of range of main-thread stack range estimation, */ + /* it should be on co-routine (alternative stack). [Feature #2294] */ + { + void *start, *end; + + if (STACK_DIR_UPPER(1,0)) { + start = native_main_thread.stack_start; + end = (char *)native_main_thread.stack_start + native_main_thread.stack_maxsize; + } + else { + start = (char *)native_main_thread.stack_start - native_main_thread.stack_maxsize; + end = native_main_thread.stack_start; + } + + if ((void *)addr < start || (void *)addr > end) { + /* out of range */ + native_main_thread.stack_start = (VALUE *)addr; + native_main_thread.stack_maxsize = 0; /* unknown */ + } + } } #define CHECK_ERR(expr) \ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
