rpms/ruby/devel import.log, 1.2, 1.3 ruby-1.8.6-rexml-CVE-2008-3790.patch, 1.1, 1.2 ruby.spec, 1.130, 1.131
Jeroen van Meeuwen
kanarip at fedoraproject.org
Wed Mar 18 04:51:00 UTC 2009
- Previous message (by thread): rpms/hscolour/devel hscolour.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/ruby/F-10 import.log, NONE, 1.1 ruby-1.8.6-p287-CVE-2008-5189.patch, NONE, 1.1 ruby-1.8.6-p287-remove-ssl-rand-range.patch, NONE, 1.1 ruby-always-use-i386.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 ruby-1.8.6-rexml-CVE-2008-3790.patch, 1.1, 1.2 ruby.spec, 1.124, 1.125 sources, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kanarip
Update of /cvs/pkgs/rpms/ruby/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15655/devel
Modified Files:
import.log ruby-1.8.6-rexml-CVE-2008-3790.patch ruby.spec
Log Message:
1.8.6.287-7
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/import.log,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- import.log 15 Mar 2009 05:58:14 -0000 1.2
+++ import.log 18 Mar 2009 04:50:29 -0000 1.3
@@ -1,2 +1,3 @@
ruby-1_8_6_287-4_fc10:HEAD:ruby-1.8.6.287-4.fc10.src.rpm:1237096558
ruby-1_8_6_287-5_fc10:HEAD:ruby-1.8.6.287-5.fc10.src.rpm:1237096677
+ruby-1_8_6_287-7_fc11:HEAD:ruby-1.8.6.287-7.fc11.src.rpm:1237351812
ruby-1.8.6-rexml-CVE-2008-3790.patch:
Index: ruby-1.8.6-rexml-CVE-2008-3790.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/ruby-1.8.6-rexml-CVE-2008-3790.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ruby-1.8.6-rexml-CVE-2008-3790.patch 8 Oct 2008 13:30:47 -0000 1.1
+++ ruby-1.8.6-rexml-CVE-2008-3790.patch 18 Mar 2009 04:50:29 -0000 1.2
@@ -12,7 +12,7 @@
@@ -200,6 +201,27 @@ module REXML
Parsers::StreamParser.new( source, listener ).parse
end
-
+
+ @@entity_expansion_limit = 10_000
+
+ # Set the entity expansion limit. By defualt the limit is set to 10000.
@@ -26,7 +26,7 @@
+ end
+
+ attr_reader :entity_expansion_count
-+
++
+ def record_entity_expansion
+ @entity_expansion_count += 1
+ if @entity_expansion_count > @@entity_expansion_limit
@@ -44,7 +44,7 @@
# all entities -- both %ent; and &ent; entities. This differs from
# +value()+ in that +value+ only replaces %ent; entities.
def unnormalized
-+ document.record_entity_expansion
++ document.record_entity_expansion unless document.nil?
v = value()
return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent)
Index: ruby.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ruby/devel/ruby.spec,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- ruby.spec 15 Mar 2009 17:46:10 -0000 1.130
+++ ruby.spec 18 Mar 2009 04:50:29 -0000 1.131
@@ -12,7 +12,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
-Release: 6%{?dist}
+Release: 7%{?dist}
License: Ruby or GPLv2
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -512,6 +512,9 @@
%{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el
%changelog
+* Wed Mar 18 2009 Jeroen van Meeuwen <j.van.meeuwen at ogd.nl> - 1.8.6.287-7
+- Fix regression in CVE-2008-3790 (#485383)
+
* Mon Mar 16 2009 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.287-6
- Again use -O2 optimization level
- i586 should search i386-linux directory
- Previous message (by thread): rpms/hscolour/devel hscolour.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/ruby/F-10 import.log, NONE, 1.1 ruby-1.8.6-p287-CVE-2008-5189.patch, NONE, 1.1 ruby-1.8.6-p287-remove-ssl-rand-range.patch, NONE, 1.1 ruby-always-use-i386.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 ruby-1.8.6-rexml-CVE-2008-3790.patch, 1.1, 1.2 ruby.spec, 1.124, 1.125 sources, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list