rpms/ruby/devel import.log, 1.2, 1.3 ruby-1.8.6-rexml-CVE-2008-3790.patch, 1.1, 1.2 ruby.spec, 1.130, 1.131

Jeroen van Meeuwen kanarip at fedoraproject.org
Wed Mar 18 04:51:00 UTC 2009 

Author: kanarip

Update of /cvs/pkgs/rpms/ruby/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15655/devel

Modified Files:
	import.log ruby-1.8.6-rexml-CVE-2008-3790.patch ruby.spec 
Log Message:
1.8.6.287-7


Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/import.log,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- import.log	15 Mar 2009 05:58:14 -0000	1.2
+++ import.log	18 Mar 2009 04:50:29 -0000	1.3
@@ -1,2 +1,3 @@
 ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558
 ruby-1_8_6_287-5_fc10:HEAD:ruby-1.8.6.287-5.fc10.src.rpm:1237096677
+ruby-1_8_6_287-7_fc11:HEAD:ruby-1.8.6.287-7.fc11.src.rpm:1237351812

ruby-1.8.6-rexml-CVE-2008-3790.patch:

Index: ruby-1.8.6-rexml-CVE-2008-3790.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/ruby-1.8.6-rexml-CVE-2008-3790.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ruby-1.8.6-rexml-CVE-2008-3790.patch	8 Oct 2008 13:30:47 -0000	1.1
+++ ruby-1.8.6-rexml-CVE-2008-3790.patch	18 Mar 2009 04:50:29 -0000	1.2
@@ -12,7 +12,7 @@
 @@ -200,6 +201,27 @@ module REXML
  			Parsers::StreamParser.new( source, listener ).parse
  		end
- 
+
 +    @@entity_expansion_limit = 10_000
 +
 +    # Set the entity expansion limit. By defualt the limit is set to 10000.
@@ -26,7 +26,7 @@
 +    end
 +
 +    attr_reader :entity_expansion_count
-+    
++
 +    def record_entity_expansion
 +      @entity_expansion_count += 1
 +      if @entity_expansion_count > @@entity_expansion_limit
@@ -44,7 +44,7 @@
  		# all entities -- both %ent; and &ent; entities.  This differs from
  		# +value()+ in that +value+ only replaces %ent; entities.
  		def unnormalized
-+      document.record_entity_expansion
++      document.record_entity_expansion unless document.nil?
  			v = value()
  			return nil if v.nil?
  			@unnormalized = Text::unnormalize(v, parent)


Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/ruby.spec,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- ruby.spec	15 Mar 2009 17:46:10 -0000	1.130
+++ ruby.spec	18 Mar 2009 04:50:29 -0000	1.131
@@ -12,7 +12,7 @@
 
 Name:		ruby
 Version:	%{rubyver}%{?dotpatchlevel}
-Release:	6%{?dist}
+Release:	7%{?dist}
 License:	Ruby or GPLv2
 URL:		http://www.ruby-lang.org/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -512,6 +512,9 @@
 %{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el
 
 %changelog
+* Wed Mar 18 2009 Jeroen van Meeuwen <j.van.meeuwen at ogd.nl> - 1.8.6.287-7
+- Fix regression in CVE-2008-3790 (#485383)
+
 * Mon Mar 16 2009 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.287-6
 - Again use -O2 optimization level
 - i586 should search i386-linux directory

More information about the fedora-extras-commits mailing list