Your message dated Wed, 19 Aug 2009 13:17:29 +0000
with message-id <[email protected]>
and subject line Bug#534241: fixed in ruby1.8 1.8.7.174-2
has caused the Debian Bug report #534241,
regarding libruby1.8: [regression] tempfiles are no longer removed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
534241: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534241
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libruby1.8
Version: 1.8.7.174-1
Severity: normal
Tags: security
Hi!
After the following upgrade:
[UPGRADE] libruby1.8 1.8.7.72-3.1 -> 1.8.7.174-1
temporary files created with /usr/lib/ruby/1.8/tempfile.rb
are no longer removed.
Steps to reproduce the bug:
$ irb1.8
irb(main):001:0> require 'tempfile'
=> true
irb(main):002:0> tf = Tempfile.new('foo_')
=> #<File:/tmp/foo_20090622-31369-hsfufm-0>
irb(main):003:0> tf.puts 'hello'
=> nil
irb(main):004:0> tf.flush
=> #<File:/tmp/foo_20090622-31369-hsfufm-0>
irb(main):005:0> tf.path
=> "/tmp/foo_20090622-31369-hsfufm-0"
irb(main):006:0> exit
$ ls /tmp/foo*
/tmp/foo_20090622-31369-hsfufm-0
$ cat /tmp/foo*
hello
If I remember libruby1.8/1.8.7.72-3.1 behavior correctly,
the temporary file should have been removed on exit.
It's still there, though.
I think this is a problematic regression and may have
a security impact.
Please note that the temporary file is indeed removed if the
method close!() is explicitly called, as in:
irb(main):006:0> tf.close!
Nonetheless, the temporary file should be removed even without an
explicit close!() invocation, when the tf object is finalized
(which happens on exit, right?), but unfortunately this no longer
seems to work, since I upgraded to libruby1.8/1.8.7.174-1
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libruby1.8 depends on:
ii libc6 2.9-12 GNU C Library: Shared libraries
ii libncurses5 5.7+20090523-1 shared libraries for terminal hand
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
libruby1.8 recommends no packages.
libruby1.8 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ruby1.8
Source-Version: 1.8.7.174-2
We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:
irb1.8_1.8.7.174-2_all.deb
to pool/main/r/ruby1.8/irb1.8_1.8.7.174-2_all.deb
libdbm-ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.174-2_amd64.deb
libgdbm-ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.174-2_amd64.deb
libopenssl-ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.174-2_amd64.deb
libreadline-ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.174-2_amd64.deb
libruby1.8-dbg_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.7.174-2_amd64.deb
libruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libruby1.8_1.8.7.174-2_amd64.deb
libtcltk-ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.174-2_amd64.deb
rdoc1.8_1.8.7.174-2_all.deb
to pool/main/r/ruby1.8/rdoc1.8_1.8.7.174-2_all.deb
ri1.8_1.8.7.174-2_all.deb
to pool/main/r/ruby1.8/ri1.8_1.8.7.174-2_all.deb
ruby1.8-dev_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/ruby1.8-dev_1.8.7.174-2_amd64.deb
ruby1.8-elisp_1.8.7.174-2_all.deb
to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.7.174-2_all.deb
ruby1.8-examples_1.8.7.174-2_all.deb
to pool/main/r/ruby1.8/ruby1.8-examples_1.8.7.174-2_all.deb
ruby1.8_1.8.7.174-2.diff.gz
to pool/main/r/ruby1.8/ruby1.8_1.8.7.174-2.diff.gz
ruby1.8_1.8.7.174-2.dsc
to pool/main/r/ruby1.8/ruby1.8_1.8.7.174-2.dsc
ruby1.8_1.8.7.174-2_amd64.deb
to pool/main/r/ruby1.8/ruby1.8_1.8.7.174-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daigo Moriwaki <[email protected]> (supplier of updated ruby1.8 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 19 Aug 2009 20:24:37 +0900
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8
libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8
ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8
Architecture: source all amd64
Version: 1.8.7.174-2
Distribution: unstable
Urgency: medium
Maintainer: akira yamada <[email protected]>
Changed-By: Daigo Moriwaki <[email protected]>
Description:
irb1.8 - Interactive Ruby (for Ruby 1.8)
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Closes: 489443 510561 533329 534241 541037
Changes:
ruby1.8 (1.8.7.174-2) unstable; urgency=medium
.
[ akira yamada ]
* Added debian/patches/090811_thread_and_select.dpatch: threads may hangup
when IO.select called from two or more threads.
* Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should be
run at exit (Closes: #534241)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
object cloned. (Closes: #533329)
* Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval
a long expression. (Closes: #510561)
* Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning
from OpenSSL::X509::ExtensionFactory. (Closes: #489443)
.
[ Lucas Nussbaum ]
* Removed Fumitoshi UKAI <[email protected]> from Uploaders. Thanks a
lot for the past help! Closes: #541037
.
[ Daigo Moriwaki ]
* debian/fixshebang.sh: skip non-text files, which works around hanging of
sed on scanning gif images.
* Bumped up Standards-Version to 3.8.2.
Checksums-Sha1:
f59d909c99bc8c0931f650a22201617eb0656ad9 1602 ruby1.8_1.8.7.174-2.dsc
babd8ed89f42e32a4515fa2749b3cc7e013df424 51200 ruby1.8_1.8.7.174-2.diff.gz
af872bae640696f3ad816b5d6f7797b90d185783 317178
ruby1.8-examples_1.8.7.174-2_all.deb
24f1163845f88694c5c241994570d892bb0c297f 284302
ruby1.8-elisp_1.8.7.174-2_all.deb
1e2a2e1a185c24fd3a5d27c6a1e5c9006ef3af80 1398126 ri1.8_1.8.7.174-2_all.deb
9b545ad493534d4892ac10cc2a7f456e2292bd12 385436 rdoc1.8_1.8.7.174-2_all.deb
c731063c5376515ca3b7a9d2150ef7f7313ebe76 311146 irb1.8_1.8.7.174-2_all.deb
4488ffc8a71e41dd84d3a12fafaff9c51940cdfc 291056 ruby1.8_1.8.7.174-2_amd64.deb
934c52a70b583f599bc4cb5df41a01a6c7cc5dd1 1744894
libruby1.8_1.8.7.174-2_amd64.deb
c8764a381e6d0cc4954e278bee3ecce6969ad8cd 1551368
libruby1.8-dbg_1.8.7.174-2_amd64.deb
f914fb008b33437ab574fbd5b5154d92f331dc1d 872854
ruby1.8-dev_1.8.7.174-2_amd64.deb
48e2ea3e2627781685eac53ed805903d989a79ee 272900
libdbm-ruby1.8_1.8.7.174-2_amd64.deb
792a3f7afe75b035af2b2631bc002fc461e7976d 272108
libgdbm-ruby1.8_1.8.7.174-2_amd64.deb
33b781942370c8300c2f5121f8964c1bd5b848d7 271678
libreadline-ruby1.8_1.8.7.174-2_amd64.deb
000bc23aebe7635c665bd8187dd0f4267ba40f29 1997952
libtcltk-ruby1.8_1.8.7.174-2_amd64.deb
a43c96541bd3754b7409d214dc437eaefb772e47 399070
libopenssl-ruby1.8_1.8.7.174-2_amd64.deb
Checksums-Sha256:
2268f1084b98c559872db418b009f4d68c7e11503d8861788a5046899cae6ebd 1602
ruby1.8_1.8.7.174-2.dsc
f4b86b20fe58861997d33fd62e75368ef0bd50776ccf32c6cd42b7125c5dcb64 51200
ruby1.8_1.8.7.174-2.diff.gz
8365e1c761dd2bd601120583e1b05f30667b6e9fc1d86d42664b8398e4dff1db 317178
ruby1.8-examples_1.8.7.174-2_all.deb
17c20941f0084ff5321a10373ffd0b88e353c03f58de64d7b799130e937c34d4 284302
ruby1.8-elisp_1.8.7.174-2_all.deb
2da2680e40f4388cb549e832cdf093cbf483bf086de9264bd1b52cc8860f8e16 1398126
ri1.8_1.8.7.174-2_all.deb
2374db299ea9398d24d733be8ceff2606d5848bd659a6b702bbec967ba6fdec7 385436
rdoc1.8_1.8.7.174-2_all.deb
00390e21d83010a708cd962e6fcd21fb84f8f84eebc71dfbd2110bd9fe2bf255 311146
irb1.8_1.8.7.174-2_all.deb
52201f9ffd575932118c5847e28e8b1ff25c1f40ccc66036e461ec3719499991 291056
ruby1.8_1.8.7.174-2_amd64.deb
1dabff3004f251060043607ca54f06edab485fb974191ca1f7475b9bcd6f7218 1744894
libruby1.8_1.8.7.174-2_amd64.deb
4ad264f8df07a98b82df45a7f894030064f8ff4e818012e1bd7f6dafce07a8b9 1551368
libruby1.8-dbg_1.8.7.174-2_amd64.deb
d6acf97286e658a0969ddf86515b9aa5d6d255b77eca1853742ddad87fcaa9f2 872854
ruby1.8-dev_1.8.7.174-2_amd64.deb
a2587982dc1b835796e4b2b3d03d168851eef3073d515c60ea720325e98dd92e 272900
libdbm-ruby1.8_1.8.7.174-2_amd64.deb
711d91717115b1b75db9450e1118502b00a898d6759fa02f3cf6d87053c7be63 272108
libgdbm-ruby1.8_1.8.7.174-2_amd64.deb
4bd393b06ef7dfdc91f0376a4214f336b7a380c78b5ca882bbedb4406d8c9a7c 271678
libreadline-ruby1.8_1.8.7.174-2_amd64.deb
ae18fd22c70e2789a42026c25bba35a4633fe5dc9cf896e97d1948ce05ada2f7 1997952
libtcltk-ruby1.8_1.8.7.174-2_amd64.deb
23e749cde47bb7eac0f57b96c98bde5095bc10e8190bcddef28457f8c9d82304 399070
libopenssl-ruby1.8_1.8.7.174-2_amd64.deb
Files:
77b435de7ae842c4d0bec926b9cf624b 1602 ruby optional ruby1.8_1.8.7.174-2.dsc
3ed685fa3227d525a14e02008dc6f9e7 51200 ruby optional
ruby1.8_1.8.7.174-2.diff.gz
271ccffe81e411463e915d29888344c4 317178 ruby optional
ruby1.8-examples_1.8.7.174-2_all.deb
9fb285937640ae181846e263b4348314 284302 lisp optional
ruby1.8-elisp_1.8.7.174-2_all.deb
bc43c126ddce10fcf1c92dfabdd79bea 1398126 doc optional ri1.8_1.8.7.174-2_all.deb
52c8f7e952ebf25964b6b8d9838c0b7f 385436 doc optional
rdoc1.8_1.8.7.174-2_all.deb
b345f327a63fefa19a0b2aecbe62ca61 311146 ruby optional
irb1.8_1.8.7.174-2_all.deb
c2aaf6cdbc404e2ded0146728fa89f35 291056 ruby optional
ruby1.8_1.8.7.174-2_amd64.deb
ba4a0a4e424226ccacc979b5ac6d51fe 1744894 ruby optional
libruby1.8_1.8.7.174-2_amd64.deb
636ef99efa4463c89782ae40c38b8c1d 1551368 debug extra
libruby1.8-dbg_1.8.7.174-2_amd64.deb
2608563fd44574452eeebd10737fecd1 872854 ruby optional
ruby1.8-dev_1.8.7.174-2_amd64.deb
712b681fc91a4ab67e6f940a12e346e3 272900 ruby optional
libdbm-ruby1.8_1.8.7.174-2_amd64.deb
7d9db4ad4392e4edc6d909e66abc34f1 272108 ruby optional
libgdbm-ruby1.8_1.8.7.174-2_amd64.deb
ec1484556da4c5594de4235c2d281094 271678 ruby optional
libreadline-ruby1.8_1.8.7.174-2_amd64.deb
c55dfe4763e1777c10c75d64729e4572 1997952 ruby optional
libtcltk-ruby1.8_1.8.7.174-2_amd64.deb
ed2f35ebd4467e7d44ce76089b983353 399070 ruby optional
libopenssl-ruby1.8_1.8.7.174-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqL+hEACgkQNcPj+ukc0lC+MwCghagT+hfikclUUOWimXzdOYaT
ecoAnjBKh5DJbhm+5+6QDliAeJDljsyo
=17Fi
-----END PGP SIGNATURE-----
--- End Message ---
