rpms/ruby/FC-5 ruby-1.8.4-fix-alias-safe-level.patch, NONE, 1.1 ruby-1.8.4-fix-insecure-dir-operation.patch, NONE, 1.1 ruby-1.8.4-fix-insecure-regexp-modification.patch, NONE, 1.1 ruby-fix-autoconf-magic-code.patch, NONE, 1.1 ruby.spec, 1.61, 1.62
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 20 12:37:40 UTC 2006
Author: tagoh
Update of /cvs/dist/rpms/ruby/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv29022
Modified Files:
ruby.spec
Added Files:
ruby-1.8.4-fix-alias-safe-level.patch
ruby-1.8.4-fix-insecure-dir-operation.patch
ruby-1.8.4-fix-insecure-regexp-modification.patch
ruby-fix-autoconf-magic-code.patch
Log Message:
* Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8
- security fixes.
- ruby-1.8.4-fix-insecure-dir-operation.patch:
- ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
operations in the certain safe-level restrictions. (#199538)
- ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
safe-level restrictions. (#199543)
ruby-1.8.4-fix-alias-safe-level.patch:
eval.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
--- NEW FILE ruby-1.8.4-fix-alias-safe-level.patch ---
diff -ruN ruby-1.8.4.orig/eval.c ruby-1.8.4/eval.c
--- ruby-1.8.4.orig/eval.c 2005-12-20 22:41:47.000000000 +0900
+++ ruby-1.8.4/eval.c 2006-07-20 18:33:50.000000000 +0900
@@ -2097,7 +2097,8 @@
}
}
st_insert(RCLASS(klass)->m_tbl, name,
- (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
+ (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
+ NOEX_WITH_SAFE(orig->nd_noex)));
if (singleton) {
rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
}
@@ -5638,6 +5639,11 @@
TMP_PROTECT;
volatile int safe = -1;
+ if (NOEX_SAFE(flags) > ruby_safe_level &&
+ !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
+ rb_id2name(id));
+ }
switch (ruby_iter->iter) {
case ITER_PRE:
case ITER_PAS:
@@ -5742,10 +5748,6 @@
b2 = body = body->nd_next;
if (NOEX_SAFE(flags) > ruby_safe_level) {
- if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
- rb_raise(rb_eSecurityError, "calling insecure method: %s",
- rb_id2name(id));
- }
safe = ruby_safe_level;
ruby_safe_level = NOEX_SAFE(flags);
}
ruby-1.8.4-fix-insecure-dir-operation.patch:
dir.c | 13 +++++++++++++
1 files changed, 13 insertions(+)
--- NEW FILE ruby-1.8.4-fix-insecure-dir-operation.patch ---
diff -ruN ruby-1.8.4.orig/dir.c ruby-1.8.4/dir.c
--- ruby-1.8.4.orig/dir.c 2005-09-14 22:40:58.000000000 +0900
+++ ruby-1.8.4/dir.c 2006-07-19 22:14:05.000000000 +0900
@@ -325,7 +325,17 @@
rb_raise(rb_eIOError, "closed directory");
}
+static void
+dir_check(dir)
+ VALUE dir;
+{
+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+ rb_check_frozen(dir);
+}
+
#define GetDIR(obj, dirp) do {\
+ dir_check(dir);\
Data_Get_Struct(obj, struct dir_data, dirp);\
if (dirp->dir == NULL) dir_closed();\
} while (0)
@@ -536,6 +546,9 @@
{
struct dir_data *dirp;
+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
GetDIR(dir, dirp);
closedir(dirp->dir);
dirp->dir = NULL;
ruby-1.8.4-fix-insecure-regexp-modification.patch:
intern.h | 6 +++---
re.c | 15 +++++++++------
2 files changed, 12 insertions(+), 9 deletions(-)
--- NEW FILE ruby-1.8.4-fix-insecure-regexp-modification.patch ---
diff -ruN ruby-1.8.4.orig/re.c ruby-1.8.4/re.c
--- ruby-1.8.4.orig/re.c 2005-12-13 12:27:51.000000000 +0900
+++ ruby-1.8.4/re.c 2006-07-19 18:07:59.000000000 +0900
@@ -70,10 +70,11 @@
#endif
int
-rb_memcicmp(p1, p2, len)
- char *p1, *p2;
+rb_memcicmp(x, y, len)
+ const void *x, *y;
long len;
{
+ const unsigned char *p1 = x, *p2 = y;
int tmp;
while (len--) {
@@ -85,7 +86,7 @@
int
rb_memcmp(p1, p2, len)
- char *p1, *p2;
+ const void *p1, *p2;
long len;
{
if (!ruby_ignorecase) {
@@ -96,11 +97,11 @@
long
rb_memsearch(x0, m, y0, n)
- char *x0, *y0;
+ const void *x0, *y0;
long m, n;
{
- unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0;
- unsigned char *s, *e;
+ const unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0;
+ const unsigned char *s, *e;
long i;
int d;
unsigned long hx, hy;
@@ -1332,6 +1333,8 @@
{
struct RRegexp *re = RREGEXP(obj);
+ if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
if (re->ptr) re_free_pattern(re->ptr);
if (re->str) free(re->str);
re->ptr = 0;
diff -ruN ruby-1.8.4.orig/intern.h ruby-1.8.4/intern.h
--- ruby-1.8.4.orig/intern.h 2006-07-19 18:13:49.000000000 +0900
+++ ruby-1.8.4/intern.h 2006-07-19 18:20:34.000000000 +0900
@@ -353,9 +353,9 @@
VALUE rb_range_beg_len _((VALUE, long*, long*, long, int));
VALUE rb_length_by_each _((VALUE));
/* re.c */
-int rb_memcmp _((char*,char*,long));
-int rb_memcicmp _((char*,char*,long));
-long rb_memsearch _((char*,long,char*,long));
+int rb_memcmp _((const void*,const void*,long));
+int rb_memcicmp _((const void*,const void*,long));
+long rb_memsearch _((const void*,long,const void*,long));
VALUE rb_reg_nth_defined _((int, VALUE));
VALUE rb_reg_nth_match _((int, VALUE));
VALUE rb_reg_last_match _((VALUE));
ruby-fix-autoconf-magic-code.patch:
mkconfig.rb | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE ruby-fix-autoconf-magic-code.patch ---
diff -ruN ruby-1.8.4.orig/mkconfig.rb ruby-1.8.4/mkconfig.rb
--- ruby-1.8.4.orig/mkconfig.rb 2006-07-19 20:39:48.000000000 +0900
+++ ruby-1.8.4/mkconfig.rb 2006-07-19 20:40:12.000000000 +0900
@@ -37,6 +37,7 @@
has_version = false
File.foreach "config.status" do |line|
next if /^#/ =~ line
+ line.gsub!(/\|#_!!_#\|/, '')
if /^s[%,]@program_transform_name@[%,]s,(.*)/ =~ line
next if $install_name
ptn = $1.sub(/\$\$/, '$').split(/,/) #'
Index: ruby.spec
===================================================================
RCS file: /cvs/dist/rpms/ruby/FC-5/ruby.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- ruby.spec 19 Jun 2006 08:42:39 -0000 1.61
+++ ruby.spec 20 Jul 2006 12:37:36 -0000 1.62
@@ -5,10 +5,10 @@
Name: ruby
Version: 1.8.4
-Release: 7.fc5
+Release: 8%{?dist}
License: Ruby License/GPL - see COPYING
URL: http://www.ruby-lang.org/
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: readline readline-devel ncurses ncurses-devel gdbm gdbm-devel glibc-devel tcl-devel tk-devel libX11-devel autoconf gcc unzip openssl-devel db4-devel byacc
%ifnarch ppc64
BuildRequires: emacs
@@ -27,12 +27,16 @@
Patch1: ruby-1.8.2-deadcode.patch
Patch2: ruby-1.8.4-no-eaccess.patch
-Patch3: ruby-rubyprefix.patch
-Patch4: ruby-deprecated-sitelib-search-path.patch
-Patch5: ruby-deprecated-search-path.patch
-Patch6: ruby-multilib.patch
-Patch7: ruby-tcltk-multilib.patch
-Patch8: ruby-1.8.4-64bit-pack.patch
+Patch3: ruby-1.8.4-64bit-pack.patch
+Patch4: ruby-1.8.4-fix-insecure-dir-operation.patch
+Patch5: ruby-1.8.4-fix-insecure-regexp-modification.patch
+Patch6: ruby-1.8.4-fix-alias-safe-level.patch
+Patch20: ruby-rubyprefix.patch
+Patch21: ruby-deprecated-sitelib-search-path.patch
+Patch22: ruby-deprecated-search-path.patch
+Patch23: ruby-multilib.patch
+Patch24: ruby-tcltk-multilib.patch
+Patch25: ruby-fix-autoconf-magic-code.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -146,12 +150,16 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%ifarch ppc64 s390x sparc64 x86_64
%patch5 -p1
%patch6 -p1
-%patch7 -p1
-%patch8 -p1
+%patch20 -p1
+%patch21 -p1
+%ifarch ppc64 s390x sparc64 x86_64
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
%endif
+%patch25 -p1
popd
%build
@@ -190,7 +198,7 @@
popd
%install
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
%ifnarch ppc64
%{__mkdir_p} $RPM_BUILD_ROOT%{_datadir}/emacs/site-lisp/ruby-mode
@@ -367,7 +375,7 @@
__EOF__
%clean
-[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
rm -f *.files
rm -rf tmp-ruby-docs
@@ -446,6 +454,14 @@
%endif
%changelog
+* Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8
+- security fixes.
+ - ruby-1.8.4-fix-insecure-dir-operation.patch:
+ - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
+ operations in the certain safe-level restrictions. (#199538)
+ - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
+ safe-level restrictions. (#199543)
+
* Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5
- fixed the wrong file list again. moved tcltk library into ruby-tcltk.
(#195872)
More information about the fedora-cvs-commits
mailing list