OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 25-Aug-2006 21:37:37
Branch: HEAD Handle: 2006082520373700
Modified files:
openpkg-src/ruby ruby.patch ruby.spec
Log:
upgrading package: ruby 1.8.4 -> 1.8.5
Summary:
Revision Changes Path
1.8 +5 -98 openpkg-src/ruby/ruby.patch
1.42 +2 -2 openpkg-src/ruby/ruby.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/ruby/ruby.patch
============================================================================
$ cvs diff -u -r1.7 -r1.8 ruby.patch
--- openpkg-src/ruby/ruby.patch 28 Jul 2006 08:59:30 -0000 1.7
+++ openpkg-src/ruby/ruby.patch 25 Aug 2006 19:37:37 -0000 1.8
@@ -1,7 +1,7 @@
Index: configure
---- configure.orig 2005-09-21 02:10:31 +0200
-+++ configure 2005-09-21 08:24:44 +0200
-@@ -14293,7 +14293,7 @@
+--- configure.orig 2006-08-25 10:34:16 +0200
++++ configure 2006-08-25 21:35:39 +0200
+@@ -18137,7 +18137,7 @@
rb_cv_dlopen=yes ;;
esix*|uxpds*) : ${LDSHARED="ld -G"}
rb_cv_dlopen=yes ;;
@@ -11,8 +11,8 @@
bsdi3*) case "$CC" in
*shlicc*) : ${LDSHARED="$CC -r"}
Index: ext/dbm/extconf.rb
---- ext/dbm/extconf.rb.orig 2003-07-24 09:41:36 +0200
-+++ ext/dbm/extconf.rb 2005-09-21 08:24:44 +0200
+--- ext/dbm/extconf.rb.orig 2006-05-26 01:44:05 +0200
++++ ext/dbm/extconf.rb 2006-08-25 21:35:39 +0200
@@ -48,7 +48,7 @@
if dblib
db_check(dblib)
@@ -22,96 +22,3 @@
db_check(dblib) and break
end
end
-
------------------------------------------------------------------------------
-
-Security Fixes (CVE-2006-3694)
-
-- eval.c, alias(): preserve current safe level
-
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/eval.c?cvsroot=src&r1=1.616.2.166&r2=1.616.2.167
- (only relevant part)
-- re.c: do not modify untainted levels in safe levels > 3
-
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/re.c?cvsroot=src&r1=1.114.2.17&r2=1.114.2.18
- (only last hunk is relevant)
-- dir.c: should not close untainted dir stream
-
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/dir.c?cvsroot=src&r1=1.92.2.32&r2=1.92.2.33
-
-Index: dir.c
---- dir.c.orig 2005-09-14 15:40:58 +0200
-+++ dir.c 2006-07-28 10:47:57 +0200
-@@ -325,7 +325,17 @@
- rb_raise(rb_eIOError, "closed directory");
- }
-
-+static void
-+dir_check(dir)
-+ VALUE dir;
-+{
-+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
-+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
-+ rb_check_frozen(dir);
-+}
-+
- #define GetDIR(obj, dirp) do {\
-+ dir_check(dir);\
- Data_Get_Struct(obj, struct dir_data, dirp);\
- if (dirp->dir == NULL) dir_closed();\
- } while (0)
-@@ -536,6 +546,9 @@
- {
- struct dir_data *dirp;
-
-+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
-+ rb_raise(rb_eSecurityError, "Insecure: can't close");
-+ }
- GetDIR(dir, dirp);
- closedir(dirp->dir);
- dirp->dir = NULL;
-Index: eval.c
---- eval.c.orig 2005-12-20 14:41:47 +0100
-+++ eval.c 2006-07-28 10:47:57 +0200
-@@ -2097,7 +2097,8 @@
- }
- }
- st_insert(RCLASS(klass)->m_tbl, name,
-- (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
-+ (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
-+ NOEX_WITH_SAFE(orig->nd_noex)));
- if (singleton) {
- rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
- }
-@@ -5638,6 +5639,11 @@
- TMP_PROTECT;
- volatile int safe = -1;
-
-+ if (NOEX_SAFE(flags) > ruby_safe_level &&
-+ !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
-+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
-+ rb_id2name(id));
-+ }
- switch (ruby_iter->iter) {
- case ITER_PRE:
- case ITER_PAS:
-@@ -5742,10 +5748,6 @@
- b2 = body = body->nd_next;
-
- if (NOEX_SAFE(flags) > ruby_safe_level) {
-- if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 &&
NOEX_SAFE(flags) > 2) {
-- rb_raise(rb_eSecurityError, "calling insecure method: %s",
-- rb_id2name(id));
-- }
- safe = ruby_safe_level;
- ruby_safe_level = NOEX_SAFE(flags);
- }
-Index: re.c
---- re.c.orig 2005-12-13 04:27:51 +0100
-+++ re.c 2006-07-28 10:47:57 +0200
-@@ -1332,6 +1332,8 @@
- {
- struct RRegexp *re = RREGEXP(obj);
-
-+ if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
-+ rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
- if (re->ptr) re_free_pattern(re->ptr);
- if (re->str) free(re->str);
- re->ptr = 0;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/ruby/ruby.spec
============================================================================
$ cvs diff -u -r1.41 -r1.42 ruby.spec
--- openpkg-src/ruby/ruby.spec 28 Jul 2006 08:59:30 -0000 1.41
+++ openpkg-src/ruby/ruby.spec 25 Aug 2006 19:37:37 -0000 1.42
@@ -32,8 +32,8 @@
Class: BASE
Group: Language
License: GPL
-Version: 1.8.4
-Release: 20060728
+Version: 1.8.5
+Release: 20060825
# list of sources
Source0: ftp://ftp.ruby-lang.org/pub/ruby/ruby-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
