Hello community, here is the log from the commit of package ruby for openSUSE:11.3 checked in at Tue May 17 18:53:06 CEST 2011. -------- --- old-versions/11.3/UPDATES/all/ruby/ruby.changes 2011-03-04 17:29:32.000000000 +0100 +++ 11.3/ruby/ruby.changes 2011-05-12 18:36:28.000000000 +0200 @@ -1,0 +2,7 @@ +Thu May 12 16:23:56 UTC 2011 - mrueckert@suse.de + +- added ruby-1.8.x_bigdecimal_memory_corruption.patch: + dont cast parameter to unsigned int in the alloc and later memset + the original value. (bnc#682287) CVE-2011-0188 + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- ruby-1.8.x_bigdecimal_memory_corruption.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby.spec ++++++ --- /var/tmp/diff_new_pack.UCgcWK/_old 2011-05-17 18:51:47.000000000 +0200 +++ /var/tmp/diff_new_pack.UCgcWK/_new 2011-05-17 18:51:47.000000000 +0200 @@ -20,7 +20,7 @@ Name: ruby Version: 1.8.7.p249 -Release: 8.<RELEASE2> +Release: 8.<RELEASE3> # %define pkg_version 1.8.7 %define patch_level p249 @@ -72,6 +72,7 @@ Patch14: ruby-1.8.x_webrick_charset_issue.patch Patch15: ruby-1.8.x_fileutils_symlink_race.patch Patch16: ruby-1.8.x_net_http_close_in_rescue.patch +Patch17: ruby-1.8.x_bigdecimal_memory_corruption.patch # vendor ruby files taken from: # http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ Source3: site-specific.rb @@ -261,6 +262,7 @@ %patch14 %patch15 %patch16 +%patch17 %if 0%{?with_bleak_house} for patch in valgrind configure gc ; do patch -p0 < bleak_house-%{bleak_house_version}/ruby/${patch}.patch ++++++ ruby-1.8.x_bigdecimal_memory_corruption.patch ++++++ Index: ext/bigdecimal/bigdecimal.c =================================================================== --- ext/bigdecimal/bigdecimal.c.orig 2011-05-10 14:14:48.000000000 +0200 +++ ext/bigdecimal/bigdecimal.c 2011-05-10 14:18:53.602468960 +0200 @@ -2026,11 +2026,11 @@ static int gnAlloc=0; /* Memory allocati VP_EXPORT void * VpMemAlloc(U_LONG mb) { - void *p = xmalloc((unsigned int)mb); + void *p = xmalloc(mb); if(!p) { VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1); } - memset(p,0,mb); + memset(p, 0, mb); #ifdef _DEBUG gnAlloc++; /* Count allocation call */ #endif /* _DEBUG */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org