rpms/ruby/FC-6 ruby-1.8.6.111-CVE-2007-5162.patch, NONE, 1.1 .cvsignore, 1.21, 1.22 ruby.spec, 1.96, 1.97 sources, 1.20, 1.21 ruby-1.8.5-CVE-2007-5162.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 29 13:48:49 UTC 2007
Author: tagoh
Update of /cvs/dist/rpms/ruby/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv3944
Modified Files:
.cvsignore ruby.spec sources
Added Files:
ruby-1.8.6.111-CVE-2007-5162.patch
Removed Files:
ruby-1.8.5-CVE-2007-5162.patch
Log Message:
* Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.5.114-1
- New upstream release.
- ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes
at trunk to enable the fix without any modifications on the users' scripts.
Note that Net::HTTP#enable_post_connection_check isn't available anymore.
If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE
to Net::HTTP#verify_mode= instead of.
sources 29 Oct 2007 13:48:43 -0000
d57f9762b3b34a9e4835085b4c5acc59 ruby-1.8.5-p114.tar.bz2
ruby-1.8.6.111-CVE-2007-5162.patch:
ext/openssl/lib/net/ftptls.rb | 10 ++++++++++
ext/openssl/lib/net/telnets.rb | 3 +++
lib/net/http.rb | 11 +----------
lib/net/imap.rb | 1 +
lib/open-uri.rb | 1 -
5 files changed, 15 insertions(+), 11 deletions(-)
--- NEW FILE ruby-1.8.6.111-CVE-2007-5162.patch ---
diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb
--- ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb 2007-02-13 08:01:19.000000000 +0900
+++ ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb 2007-10-29 21:10:24.000000000 +0900
@@ -29,13 +29,23 @@ require 'net/ftp'
module Net
class FTPTLS < FTP
+ def connect(host, port=FTP_PORT)
+ @hostname = host
+ super
+ end
+
def login(user = "anonymous", passwd = nil, acct = nil)
+ store = OpenSSL::X509::Store.new
+ store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
+ ctx.cert_store = store
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
@sock.connect
+ @sock.post_connection_check(@hostname)
super(user, passwd, acct)
voidcmd("PBSZ 0")
end
diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb
--- ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb 2007-02-13 08:01:19.000000000 +0900
+++ ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb 2007-10-29 21:13:03.000000000 +0900
@@ -134,6 +134,9 @@ module Net
@sock.verify_callback = @options['VerifyCallback']
@sock.verify_depth = @options['VerifyDepth']
@sock.connect
+ if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE
+ @sock.post_connection_check(@options['Host'])
+ end
@ssl = true
end
''
diff -pruN ruby-1.8.6-p111.orig/lib/net/http.rb ruby-1.8.6-p111/lib/net/http.rb
--- ruby-1.8.6-p111.orig/lib/net/http.rb 2007-09-24 17:12:24.000000000 +0900
+++ ruby-1.8.6-p111/lib/net/http.rb 2007-10-29 21:12:12.000000000 +0900
@@ -470,7 +470,6 @@ module Net #:nodoc:
@debug_output = nil
@use_ssl = false
@ssl_context = nil
- @enable_post_connection_check = false
end
def inspect
@@ -527,9 +526,6 @@ module Net #:nodoc:
false # redefined in net/https
end
- # specify enabling SSL server certificate and hostname checking.
- attr_accessor :enable_post_connection_check
-
# Opens TCP connection and HTTP session.
#
# When this method is called with block, gives a HTTP object
@@ -589,12 +585,7 @@ module Net #:nodoc:
end
s.connect
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
- begin
- s.post_connection_check(@address)
- rescue OpenSSL::SSL::SSLError => ex
- raise ex if @enable_post_connection_check
- warn ex.message
- end
+ s.post_connection_check(@address)
end
end
on_connect
diff -pruN ruby-1.8.6-p111.orig/lib/net/imap.rb ruby-1.8.6-p111/lib/net/imap.rb
--- ruby-1.8.6-p111.orig/lib/net/imap.rb 2007-08-22 08:28:09.000000000 +0900
+++ ruby-1.8.6-p111/lib/net/imap.rb 2007-10-29 21:14:38.000000000 +0900
@@ -900,6 +900,7 @@ module Net
end
@sock = SSLSocket.new(@sock, context)
@sock.connect # start ssl session.
+ @sock.post_connection_check(@host) if verify
else
@usessl = false
end
diff -pruN ruby-1.8.6-p111.orig/lib/open-uri.rb ruby-1.8.6-p111/lib/open-uri.rb
--- ruby-1.8.6-p111.orig/lib/open-uri.rb 2007-09-24 17:12:24.000000000 +0900
+++ ruby-1.8.6-p111/lib/open-uri.rb 2007-10-29 21:16:03.000000000 +0900
@@ -229,7 +229,6 @@ module OpenURI
if target.class == URI::HTTPS
require 'net/https'
http.use_ssl = true
- http.enable_post_connection_check = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
store = OpenSSL::X509::Store.new
store.set_default_paths
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/ruby/FC-6/.cvsignore,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- .cvsignore 4 Oct 2007 14:08:14 -0000 1.21
+++ .cvsignore 29 Oct 2007 13:48:46 -0000 1.22
@@ -15,3 +15,4 @@
ruby-1.8.5-p35.tar.gz
ruby-1.8.5-p52.tar.bz2
ruby-1.8.5-p113.tar.bz2
+ruby-1.8.5-p114.tar.bz2
Index: ruby.spec
===================================================================
RCS file: /cvs/dist/rpms/ruby/FC-6/ruby.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- ruby.spec 29 Oct 2007 10:14:41 -0000 1.96
+++ ruby.spec 29 Oct 2007 13:48:46 -0000 1.97
@@ -1,7 +1,7 @@
%define manver 1.4.6
%define rubyxver 1.8
%define rubyver 1.8.5
-%define _patchlevel 113
+%define _patchlevel 114
%define dotpatchlevel %{?_patchlevel:.%{_patchlevel}}
%define patchlevel %{?_patchlevel:-p%{_patchlevel}}
%define sitedir %{_libdir}/ruby/site_ruby
@@ -11,7 +11,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
-Release: 3%{?dist}
+Release: 1%{?dist}
License: Ruby or GPL+
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -38,7 +38,7 @@
Patch23: ruby-multilib.patch
Patch24: ruby-tcltk-multilib.patch
Patch25: ruby-fix-autoconf-magic-code.patch
-Patch26: ruby-1.8.5-CVE-2007-5162.patch
+Patch26: ruby-1.8.6.111-CVE-2007-5162.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -461,7 +461,13 @@
%endif
%changelog
-* Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.5.113-3
+* Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.5.114-1
+- New upstream release.
+- ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes
+ at trunk to enable the fix without any modifications on the users' scripts.
+ Note that Net::HTTP#enable_post_connection_check isn't available anymore.
+ If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE
+ to Net::HTTP#verify_mode= instead of.
- Doh. exactly enable pthread support for ppc again. (#201452)
* Mon Oct 15 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.5.113-2
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/ruby/FC-6/sources,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- sources 4 Oct 2007 14:08:15 -0000 1.20
+++ sources 29 Oct 2007 13:48:46 -0000 1.21
@@ -2,4 +2,4 @@
d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz
7f3e181c0be9a1579e43a5a8b26372d6 rubyfaq-990927.tar.bz2
8aa2e2da327dc43ff6e46e634eb657b6 rubyfaq-jp-990927.tar.bz2
-682117fbca4cd2ceac6beb6a403eef59 ruby-1.8.5-p113.tar.bz2
+d57f9762b3b34a9e4835085b4c5acc59 ruby-1.8.5-p114.tar.bz2
--- ruby-1.8.5-CVE-2007-5162.patch DELETED ---
More information about the fedora-cvs-commits
mailing list