On Jan 12, 2007, at 11:17, Eric Hodel wrote:
On Jan 12, 2007, at 10:59, Eric Hodel wrote:I've checked in fixes for an installation exploit found by Gavin Sinclair. Here's a draft email describing the exploit and how to fix RubyGems. I only supplied patches for the past two versions of RubyGems, since tattle says that's what everybody uses. b) Apply the following patch For RubyGems 0.9.0: <installer.rb.extract_files.REL_0_9_0.patch> For RubyGems 0.8.11: <installer.rb.extract_files.REL_0_8_11.patch>Note: I didn't test either of these patches. the 0.9.0 patch applied cleanly with offset. The 0.8.11 I had to do by hand. If anybody still has a 0.8.11, please test this patch.
Evan Phoenix reported my patch was bogus. This patch should apply correctly:
installer.rb.extract_files.REL_0_8_11.patch
Description: Binary data
-- Eric Hodel - [EMAIL PROTECTED] - http://blog.segment7.net I LIT YOUR GEM ON FIRE!
_______________________________________________ Rubygems-developers mailing list Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
