rpms/ruby/FC-3 ruby-1.8.2-xmlrpc-CAN-2005-1992.patch, NONE, 1.1 ruby.spec, 1.26, 1.27
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jun 21 09:27:58 UTC 2005
- Previous message (by thread): rpms/sudo/devel .cvsignore, 1.10, 1.11 sources, 1.10, 1.11 sudo.spec, 1.23, 1.24
- Next message (by thread): rpms/s390utils/devel s390utils.spec,1.22,1.23 sources,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tagoh
Update of /cvs/dist/rpms/ruby/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv8999
Modified Files:
ruby.spec
Added Files:
ruby-1.8.2-xmlrpc-CAN-2005-1992.patch
Log Message:
* Tue Jun 21 2005 Akira TAGOH <tagoh at redhat.com> - 1.8.2-1.fc3.3
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
on XMLRPC server. (#161096)
ruby-1.8.2-xmlrpc-CAN-2005-1992.patch:
utils.rb | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE ruby-1.8.2-xmlrpc-CAN-2005-1992.patch ---
diff -ruN ruby-1.8.2.orig/lib/xmlrpc/utils.rb ruby-1.8.2/lib/xmlrpc/utils.rb
--- ruby-1.8.2.orig/lib/xmlrpc/utils.rb 2003-08-15 02:20:14.000000000 +0900
+++ ruby-1.8.2/lib/xmlrpc/utils.rb 2005-06-21 17:28:32.000000000 +0900
@@ -138,7 +138,7 @@
def get_methods(obj, delim=".")
prefix = @prefix + delim
- obj.class.public_instance_methods.collect { |name|
+ obj.class.public_instance_methods(false).collect { |name|
[prefix + name, obj.method(name).to_proc, nil, nil]
}
end
Index: ruby.spec
===================================================================
RCS file: /cvs/dist/rpms/ruby/FC-3/ruby.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ruby.spec 16 Jun 2005 13:37:51 -0000 1.26
+++ ruby.spec 21 Jun 2005 09:27:56 -0000 1.27
@@ -4,7 +4,7 @@
Name: ruby
Version: 1.8.2
-Release: 1.fc3.2
+Release: 1.fc3.3
License: Distributable
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
@@ -25,6 +25,7 @@
Patch2: ruby-1.8.2-strscan-memset.patch
Patch3: ruby-1.8.2-deadcode.patch
Patch4: ruby-1.8.2-tcltk-multilib.patch
+Patch5: ruby-1.8.2-xmlrpc-CAN-2005-1992.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -131,6 +132,7 @@
%ifarch sparc64 ppc64 s390x x86_64
%patch4 -p1
%endif
+%patch5 -p1
popd
%build
@@ -411,6 +413,10 @@
%dir %{_datadir}/emacs/site-lisp/ruby-mode
%changelog
+* Tue Jun 21 2005 Akira TAGOH <tagoh at redhat.com> - 1.8.2-1.fc3.3
+- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
+ on XMLRPC server. (#161096)
+
* Thu Jun 16 2005 Akira TAGOH <tagoh at redhat.com> - 1.8.2-1.fc3.2
- backported the changes from devel:
- ruby-1.8.2-strscan-memset.patch: fixed an wrong usage of memset(3).
- Previous message (by thread): rpms/sudo/devel .cvsignore, 1.10, 1.11 sources, 1.10, 1.11 sudo.spec, 1.23, 1.24
- Next message (by thread): rpms/s390utils/devel s390utils.spec,1.22,1.23 sources,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list