Hello community, here is the log from the commit of package ruby checked in at Tue Oct 31 00:15:04 CET 2006. -------- --- ruby/ruby.changes 2006-10-20 03:32:27.000000000 +0200 +++ /mounts/work_src_done/STABLE/ruby/ruby.changes 2006-10-30 19:39:22.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Oct 30 18:37:50 CET 2006 - mrueckert@suse.de + +- added cgi_multipart_eof_fix.patch: + fix for a denial of service condition in cgi.rb CVE-2006-5467 + (#214916) + +------------------------------------------------------------------- New: ---- cgi_multipart_eof_fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby.spec ++++++ --- /var/tmp/diff_new_pack.yVc0Cd/_old 2006-10-31 00:14:56.000000000 +0100 +++ /var/tmp/diff_new_pack.yVc0Cd/_new 2006-10-31 00:14:56.000000000 +0100 @@ -12,7 +12,7 @@ Name: ruby Version: 1.8.5 -Release: 3 +Release: 8 %define rb_ver %(echo %{version} | sed -e 's/\\\.[0-9]\\\+$//') # License: GNU General Public License (GPL) - all versions, Other License(s), see package @@ -42,6 +42,7 @@ Patch11: ruby-1.8.4-fix-insecure-regexp-modification.patch Patch12: ruby-1.8.4-fix-alias-safe-level.patch Patch13: ruby-fix-autoconf-magic-code.patch +Patch15: cgi_multipart_eof_fix.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Patch14: ruby-1.8.5-vendor_ruby.patch @@ -207,6 +208,7 @@ #%patch12 -p1 #%patch13 -p1 %patch14 +%patch15 find . -type f | xargs -n 1 sed -i "s@#!\s*/usr/local/bin/ruby@#!/usr/bin/ruby@" touch parse.y @@ -461,6 +463,10 @@ %doc %{_docdir}/%{name}/examples %changelog -n ruby +* Mon Oct 30 2006 - mrueckert@suse.de +- added cgi_multipart_eof_fix.patch: + fix for a denial of service condition in cgi.rb CVE-2006-5467 + (#214916) * Fri Oct 20 2006 - mrueckert@suse.de - run ldconfig - add site_ruby and vendor_ruby arch directories to the filelist ++++++ cgi_multipart_eof_fix.patch ++++++ --- lib/cgi.rb 2005-10-06 19:01:22.000000000 -0600 +++ lib/cgi.rb 2006-09-22 16:38:08.000000000 -0600 @@ -1017,7 +1017,7 @@ else stdinput.read(content_length) end - if c.nil? + if c.nil? || c.empty? raise EOFError, "bad content body" end buf.concat(c) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org