- New upstream release.

- Security fixes.
- CVE-2008-3655: Ruby does not properly restrict access to critical
    variables and methods at various safe levels.
- CVE-2008-3656: DoS vulnerability in WEBrick.
- CVE-2008-3657: Lack of taintness check in dl.
- CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine.
- Remove the unnecessary backported patches.

.cvsignore

@@ -22,3 +22,4 @@ rubyfaq-990927.tar.gz
 rubyfaq-jp-990927.tar.gz
 ruby-1.8.6-p114.tar.bz2
 ruby-1.8.6-p230.tar.bz2
+ruby-1.8.6-p287.tar.bz2

ruby-1.8.6.230-p238.patch

@@ -1,58 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/class.c ruby-1.8.6-p230/class.c
---- ruby-1.8.6-p230.orig/class.c	2008-06-15 21:06:33.000000000 +0900
-+++ ruby-1.8.6-p230/class.c	2008-06-30 11:21:41.000000000 +0900
-@@ -62,10 +62,7 @@ clone_method(mid, body, data)
-     NODE *fbody = body->nd_body;
- 
-     if (fbody && nd_type(fbody) == NODE_SCOPE) {
--	VALUE cref = data->klass ?
--	    (VALUE)NEW_NODE(NODE_CREF,data->klass,0,fbody->nd_rval) :
--	    fbody->nd_rval;
--	fbody = NEW_NODE(NODE_SCOPE, fbody->nd_tbl, cref, fbody->nd_next);
-+	fbody = rb_copy_node_scope(fbody, ruby_cref);
-     }
-     st_insert(data->tbl, mid, (st_data_t)NEW_METHOD(fbody, body->nd_noex));
-     return ST_CONTINUE;
-diff -pruN ruby-1.8.6-p230.orig/eval.c ruby-1.8.6-p230/eval.c
---- ruby-1.8.6-p230.orig/eval.c	2008-06-16 15:43:48.000000000 +0900
-+++ ruby-1.8.6-p230/eval.c	2008-06-30 11:19:15.000000000 +0900
-@@ -2239,8 +2239,8 @@ rb_mod_alias_method(mod, newname, oldnam
-     return mod;
- }
- 
--static NODE*
--copy_node_scope(node, rval)
-+NODE*
-+rb_copy_node_scope(node, rval)
-     NODE *node;
-     NODE *rval;
- {
-@@ -3948,7 +3948,7 @@ rb_eval(self, n)
- 		noex |= NOEX_NOSUPER;
- 	    }
- 
--	    defn = copy_node_scope(node->nd_defn, ruby_cref);
-+	    defn = rb_copy_node_scope(node->nd_defn, ruby_cref);
- 	    rb_add_method(ruby_class, node->nd_mid, defn, noex);
- 	    if (scope_vmode == SCOPE_MODFUNC) {
- 		rb_add_method(rb_singleton_class(ruby_class),
-@@ -3984,7 +3984,7 @@ rb_eval(self, n)
- 		    rb_warning("redefine %s", rb_id2name(node->nd_mid));
- 		}
- 	    }
--	    defn = copy_node_scope(node->nd_defn, ruby_cref);
-+	    defn = rb_copy_node_scope(node->nd_defn, ruby_cref);
- 	    rb_add_method(klass, node->nd_mid, defn,
- 			  NOEX_PUBLIC|(body?body->nd_noex&NOEX_UNDEF:0));
- 	    result = Qnil;
-diff -pruN ruby-1.8.6-p230.orig/node.h ruby-1.8.6-p230/node.h
---- ruby-1.8.6-p230.orig/node.h	2007-05-23 00:01:22.000000000 +0900
-+++ ruby-1.8.6-p230/node.h	2008-06-30 11:20:06.000000000 +0900
-@@ -371,6 +371,7 @@ typedef unsigned int rb_event_t;
- #define RUBY_EVENT_ALL      0xff
- 
- typedef void (*rb_event_hook_func_t) _((rb_event_t,NODE*,VALUE,ID,VALUE));
-+NODE *rb_copy_node_scope _((NODE *, NODE *));
- void rb_add_event_hook _((rb_event_hook_func_t,rb_event_t));
- int rb_remove_event_hook _((rb_event_hook_func_t));
- 

ruby-1.8.6.230-p248.patch

@@ -1,16 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c
---- ruby-1.8.6-p230.orig/array.c	2008-06-20 15:53:16.000000000 +0900
-+++ ruby-1.8.6-p230/array.c	2008-06-30 11:33:00.000000000 +0900
-@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary)
- 	break;
-     }
-     rb_ary_modify(ary);
--    end = beg + len;
--    if (end < 0) {
-+    if (len > ARY_MAX_SIZE - beg) {
- 	rb_raise(rb_eArgError, "argument too big");
-     }
-+    end = beg + len;
-     if (end > RARRAY(ary)->len) {
- 	if (end >= RARRAY(ary)->aux.capa) {
- 	    REALLOC_N(RARRAY(ary)->ptr, VALUE, end);

ruby-1.8.6.230-p257.patch

@@ -1,12 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/array.c ruby-1.8.6-p230/array.c
---- ruby-1.8.6-p230.orig/array.c	2008-07-01 16:32:12.000000000 +0900
-+++ ruby-1.8.6-p230/array.c	2008-07-01 16:34:01.000000000 +0900
-@@ -2272,7 +2272,7 @@ rb_ary_fill(argc, argv, ary)
- 	break;
-     }
-     rb_ary_modify(ary);
--    if (len > ARY_MAX_SIZE - beg) {
-+    if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) {
- 	rb_raise(rb_eArgError, "argument too big");
-     }
-     end = beg + len;

ruby-1.8.6.230-string-str_buf_cat.patch

@@ -1,28 +0,0 @@
-diff -pruN ruby-1.8.6-p230.orig/string.c ruby-1.8.6-p230/string.c
---- ruby-1.8.6-p230.orig/string.c	2008-06-20 18:24:53.000000000 +0900
-+++ ruby-1.8.6-p230/string.c	2008-06-25 16:10:17.000000000 +0900
-@@ -693,9 +693,13 @@ str_buf_cat(str, ptr, len)
-     const char *ptr;
-     long len;
- {
--    long capa, total;
-+    long capa, total, off = -1;
- 
-     rb_str_modify(str);
-+    if (ptr >= RSTRING(str)->ptr && ptr <= RSTRING(str)->ptr + RSTRING(str)->len) {
-+	off = ptr - RSTRING(str)->ptr;
-+    }
-+    if (len == 0) return 0;
-     if (FL_TEST(str, STR_ASSOC)) {
- 	FL_UNSET(str, STR_ASSOC);
- 	capa = RSTRING(str)->aux.capa = RSTRING(str)->len;
-@@ -717,6 +721,9 @@ str_buf_cat(str, ptr, len)
- 	}
- 	RESIZE_CAPA(str, capa);
-     }
-+    if (off != -1) {
-+	ptr = RSTRING(str)->ptr + off;
-+    }
-     memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
-     RSTRING(str)->len = total;
-     RSTRING(str)->ptr[total] = '\0'; /* sentinel */

ruby-rubyprefix.patch

@@ -1,7 +1,7 @@
-diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
+diff -pruN ruby-1.8.6-p287.orig/configure.in ruby-1.8.6-p287/configure.in
---- ruby-1.8.5-p12.orig/configure.in	2006-12-06 19:58:08.000000000 +0900
+--- ruby-1.8.6-p287.orig/configure.in	2008-07-13 00:03:28.000000000 +0900
-+++ ruby-1.8.5-p12/configure.in	2007-02-05 17:02:43.000000000 +0900
++++ ruby-1.8.6-p287/configure.in	2008-08-14 01:08:00.000000000 +0900
-@@ -1505,6 +1505,13 @@
+@@ -1608,6 +1608,13 @@ case "$target_os" in
      rubyw_install_name="$RUBYW_INSTALL_NAME"
      ;;
  esac
@@ -15,7 +15,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
  case "$target_os" in
    cygwin*|mingw*|*djgpp*|os2-emx*)
      RUBY_LIB_PREFIX="/lib/ruby"
-@@ -1513,20 +1520,29 @@
+@@ -1616,20 +1623,29 @@ case "$target_os" in
      RUBY_LIB_PREFIX="${prefix}/lib/ruby"
      ;;
  esac
@@ -47,7 +47,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
  RUBY_SITE_LIB_PATH2="${RUBY_SITE_LIB_PATH}/${MAJOR}.${MINOR}"
  
  AC_DEFINE_UNQUOTED(RUBY_LIB, "${RUBY_LIB_PATH}")
-@@ -1536,6 +1552,7 @@
+@@ -1639,6 +1655,7 @@ AC_DEFINE_UNQUOTED(RUBY_SITE_LIB2, "${RU
  AC_SUBST(arch)dnl
  AC_SUBST(sitearch)dnl
  AC_SUBST(sitedir)dnl
@@ -55,7 +55,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
  
  configure_args=$ac_configure_args
  AC_SUBST(configure_args)dnl
-@@ -1544,7 +1561,7 @@
+@@ -1647,7 +1664,7 @@ if test "$fat_binary" != no ; then
      arch="fat-${target_os}"
  
      AC_DEFINE_UNQUOTED(RUBY_THIN_ARCHLIB,
@@ -64,7 +64,7 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
  
      AC_DEFINE_UNQUOTED(RUBY_SITE_THIN_ARCHLIB,
                   "${RUBY_SITE_LIB_PATH}/" __ARCHITECTURE__ "-${target_os}")
-@@ -1559,8 +1576,8 @@
+@@ -1662,8 +1679,8 @@ case "$target_os" in
    *) sitearch="${arch}" ;;
  esac
  
@@ -75,11 +75,11 @@ diff -ruN ruby-1.8.5-p12.orig/configure.in ruby-1.8.5-p12/configure.in
  
  AC_ARG_WITH(search-path,
  		[  --with-search-path=DIR specify the additional search path],
-diff -ruN ruby-1.8.5-p12.orig/mkconfig.rb ruby-1.8.5-p12/mkconfig.rb
+diff -pruN ruby-1.8.6-p287.orig/mkconfig.rb ruby-1.8.6-p287/mkconfig.rb
---- ruby-1.8.5-p12.orig/mkconfig.rb	2006-06-25 23:03:10.000000000 +0900
+--- ruby-1.8.6-p287.orig/mkconfig.rb	2008-06-08 01:37:10.000000000 +0900
-+++ ruby-1.8.5-p12/mkconfig.rb	2007-02-05 16:54:32.000000000 +0900
++++ ruby-1.8.6-p287/mkconfig.rb	2008-08-14 01:08:00.000000000 +0900
-@@ -108,10 +108,10 @@
+@@ -139,10 +139,10 @@ print(*v_fast)
- print v_fast, v_others
+ print(*v_others)
  print <<EOS
    CONFIG["ruby_version"] = "$(MAJOR).$(MINOR)"
 -  CONFIG["rubylibdir"] = "$(libdir)/ruby/$(ruby_version)"

ruby.spec

@@ -1,6 +1,6 @@
 %define	rubyxver	1.8
 %define	rubyver		1.8.6
-%define _patchlevel	230
+%define _patchlevel	287
 %define dotpatchlevel	%{?_patchlevel:.%{_patchlevel}}
 %define patchlevel	%{?_patchlevel:-p%{_patchlevel}}
 %define	arcver		%{rubyver}%{?patchlevel}
@@ -12,7 +12,7 @@
 
 Name:		ruby
 Version:	%{rubyver}%{?dotpatchlevel}
-Release:	5%{?dist}
+Release:	1%{?dist}
 License:	Ruby or GPLv2
 URL:		http://www.ruby-lang.org/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -34,10 +34,6 @@ Patch21:	ruby-deprecated-sitelib-search-path.patch
 Patch22:	ruby-deprecated-search-path.patch
 Patch23:	ruby-multilib.patch
 Patch25:	ruby-1.8.6.111-gcc43.patch
-Patch26:	ruby-1.8.6.230-string-str_buf_cat.patch
-Patch27:	ruby-1.8.6.230-p238.patch
-Patch28:	ruby-1.8.6.230-p248.patch
-Patch29:	ruby-1.8.6.230-p257.patch
 
 Summary:	An interpreter of object-oriented scripting language
 Group:		Development/Languages
@@ -156,10 +152,6 @@ pushd %{name}-%{arcver}
 %patch23 -p1
 %endif
 %patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
 popd
 
 %build
@@ -510,6 +502,17 @@ rm -rf tmp-ruby-docs
 %{_datadir}/emacs/site-lisp/site-start.d/ruby-mode-init.el
 
 %changelog
+* Sat Aug 23 2008 Akira TAGOH <tagoh@redhat.com> - 1.8.6.287-1
+- New upstream release.
+- Security fixes.
+  - CVE-2008-3655: Ruby does not properly restrict access to critical
+                   variables and methods at various safe levels.
+  - CVE-2008-3656: DoS vulnerability in WEBrick.
+  - CVE-2008-3657: Lack of taintness check in dl.
+  - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
+  - CVE-2008-3443: Memory allocation failure in Ruby regex engine.
+- Remove the unnecessary backported patches.
+
 * Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.8.6.230-5
 - rebuild against db4-4.7
 

sources

@@ -2,4 +2,4 @@
 d65e3a216d6d345a2a6f1aa8758c2f75  ruby-refm-rdp-1.8.1-ja-html.tar.gz
 634c25b14e19925d10af3720d72e8741  rubyfaq-990927.tar.gz
 4fcec898f51d8371cc42d0a013940469  rubyfaq-jp-990927.tar.gz
-3eceb42d4fc56398676c20a49ac7e044  ruby-1.8.6-p230.tar.bz2
+80b5f3db12531d36e6c81fac6d05dda9  ruby-1.8.6-p287.tar.bz2