Source: ruby1.9.1
Version: 1.9.2.180-5
Severity: wishlist
Tags: patch
Hi,
1.9.2.290 was released.
However, CVE-2011-0188 is not corrected in this version.
And, the patch is necessary so that there is a problem in the check on
the library of ext/tk.
I attaches patches which revise these problems.
Please update to this version with attached patches?
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
From f83651ac30c7c776dee8a6a401c654757cb8d1c2 Mon Sep 17 00:00:00 2001
From: mrkn <mrkn@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Mar 2011 04:40:49 +0000
Subject: [PATCH] * ext/bigdecimal/bigdecimal.c (VpMemAlloc): CVE-2011-0188.
Fixes a bug reported by Drew Yao <ayao at apple.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
--- a/ext/bigdecimal/bigdecimal.c 2011-07-21 14:02:50.000000000 +0900
+++ b/ext/bigdecimal/bigdecimal.c 2011-07-21 14:03:01.000000000 +0900
@@ -2123,7 +2123,7 @@
VP_EXPORT void *
VpMemAlloc(U_LONG mb)
{
- void *p = xmalloc((unsigned int)mb);
+ void *p = xmalloc(mb);
if(!p) {
VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
}
diff --git a/ext/tk/extconf.rb.orig b/ext/tk/extconf.rb
index fed2a30..e9b28cc 100644
--- a/ext/tk/extconf.rb
+++ b/ext/tk/extconf.rb
@@ -1035,7 +1035,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths)
lib = "tclstub"
else
func = "Tcl_FindExecutable"
- lib = "tcl"
+ lib = tcllib
end
if version && ! version.empty?
@@ -1179,7 +1179,7 @@ def find_tk(tklib, stubs, version, *opt_paths)
lib = "tkstub"
else
func = "Tk_Init"
- lib = "tk"
+ lib = tklib
end
if version && ! version.empty?