rpms/ruby/F-8 .cvsignore, 1.23, 1.24 ruby.spec, 1.105, 1.106 sources, 1.22, 1.23 ruby-1.8.6.111-CVE-2007-5162.patch, 1.1, NONE

Tue Jun 24 02:24:38 UTC 2008

Author: tagoh

Update of /cvs/pkgs/rpms/ruby/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19663

Modified Files:
	.cvsignore ruby.spec sources 
Removed Files:
	ruby-1.8.6.111-CVE-2007-5162.patch 
Log Message:
* Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1
- New upstream release.
- Security fixes. (#452293)
  - CVE-2008-1891: WEBrick CGI source disclosure.
  - CVE-2008-2662: Integer overflow in rb_str_buf_append().
  - CVE-2008-2663: Integer overflow in rb_ary_store().
  - CVE-2008-2664: Unsafe use of alloca in rb_str_format().
  - CVE-2008-2725: Integer overflow in rb_ary_splice().
  - CVE-2008-2726: Integer overflow in rb_ary_splice().
- ruby-1.8.6.111-CVE-2007-5162.patch: removed.


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-8/.cvsignore,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24

--- .cvsignore	10 Mar 2008 07:32:01 -0000	1.23
+++ .cvsignore	24 Jun 2008 02:23:53 -0000	1.24
@@ -17,3 +17,4 @@
 ruby-1.8.6-p110.tar.bz2
 ruby-1.8.6-p111.tar.bz2
 ruby-1.8.6-p114.tar.bz2
+ruby-1.8.6-p230.tar.bz2


Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-8/ruby.spec,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- ruby.spec	10 Mar 2008 07:32:01 -0000	1.105
+++ ruby.spec	24 Jun 2008 02:23:53 -0000	1.106
@@ -1,6 +1,6 @@
 %define	rubyxver	1.8
 %define	rubyver		1.8.6
-%define _patchlevel	114
+%define _patchlevel	230
 %define dotpatchlevel	%{?_patchlevel:.%{_patchlevel}}
 %define patchlevel	%{?_patchlevel:-p%{_patchlevel}}
 %define	arcver		%{rubyver}%{?patchlevel}
@@ -35,7 +35,6 @@
 Patch21:	ruby-deprecated-sitelib-search-path.patch
 Patch22:	ruby-deprecated-search-path.patch
 Patch23:	ruby-multilib.patch
-Patch24:	ruby-1.8.6.111-CVE-2007-5162.patch
 Patch25:	ruby-1.8.6.111-gcc43.patch
 
 Summary:	An interpreter of object-oriented scripting language
@@ -156,7 +155,6 @@
 %patch22 -p1
 %patch23 -p1
 %endif
-%patch24 -p1
 %patch25 -p1
 popd
 
@@ -514,6 +512,17 @@
 %endif
 
 %changelog
+* Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1
+- New upstream release.
+- Security fixes. (#452293)
+  - CVE-2008-1891: WEBrick CGI source disclosure.
+  - CVE-2008-2662: Integer overflow in rb_str_buf_append().
+  - CVE-2008-2663: Integer overflow in rb_ary_store().
+  - CVE-2008-2664: Unsafe use of alloca in rb_str_format().
+  - CVE-2008-2725: Integer overflow in rb_ary_splice().
+  - CVE-2008-2726: Integer overflow in rb_ary_splice().
+- ruby-1.8.6.111-CVE-2007-5162.patch: removed.
+
 * Tue Mar  4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1
 - Security fix for CVE-2008-1145.
 - Improve a spec file. (#226381)


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/F-8/sources,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- sources	10 Mar 2008 07:32:01 -0000	1.22
+++ sources	24 Jun 2008 02:23:53 -0000	1.23
@@ -2,4 +2,4 @@
 d65e3a216d6d345a2a6f1aa8758c2f75  ruby-refm-rdp-1.8.1-ja-html.tar.gz
 634c25b14e19925d10af3720d72e8741  rubyfaq-990927.tar.gz
 4fcec898f51d8371cc42d0a013940469  rubyfaq-jp-990927.tar.gz
-b4d0c74497f684814bcfbb41b7384a71  ruby-1.8.6-p114.tar.bz2
+3eceb42d4fc56398676c20a49ac7e044  ruby-1.8.6-p230.tar.bz2


--- ruby-1.8.6.111-CVE-2007-5162.patch DELETED ---


