Thursday, 5 January 2012

ruby/1.8 and jruby DoS fixes

Jeremy Evans <jeremy <at> openbsd.org>
2012-01-03 22:05:36 GMT

 Over the holidays there were new releases of ruby 1.8, jruby, and rack to fix a DoS vulnerability (CERT-2011-003).  The jruby and rack releases only include a single patch for the DoS, the ruby 1.8 release also includes a handful of small OpenSSL, BigDecimal, and mkconfig fixes.  Tested on i386 and amd64.  I'll be committing tomorrow unless I hear about problems.  Thanks, Jeremy  Index: Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/1.8/Makefile,v retrieving revision 1.19 diff -u -p -r1.19 Makefile --- Makefile	2 Dec 2011 14:36:15 -0000	1.19 +++ Makefile	3 Jan 2012 18:05:48 -0000 @@ -7,7 +7,7 @@ COMMENT-tk=		tk interface for ruby  COMMENT-ri_docs=	ri documentation files ruby   VERSION=		1.8.7 -PATCHLEVEL=		352 +PATCHLEVEL=		357   SHARED_LIBS=		ruby18 0.0  PKGNAME-main=		ruby-${VERSION}.${PATCHLEVEL} @@ -15,12 +15,6 @@ PKGNAME-iconv=		ruby-iconv-${VERSION}.${  PKGNAME-gdbm=		ruby-gdbm-${VERSION}.${PATCHLEVEL}  PKGNAME-tk=		ruby-tk-${VERSION}.${PATCHLEVEL}  PKGNAME-ri_docs=	ruby-ri_docs-${VERSION}.${PATCHLEVEL} - -REVISION-main=		2 -REVISION-iconv=		1 -REVISION-gdbm=		1 -REVISION-tk=		1 -REVISION-ri_docs=	0   PKG_ARCH-ri_docs=	*  PKGSPEC-main=		ruby->=1.8,<1.9 Index: distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/1.8/distinfo,v retrieving revision 1.4 diff -u -p -r1.4 distinfo --- distinfo	11 Jul 2011 04:15:19 -0000	1.4 +++ distinfo	3 Jan 2012 18:06:06 -0000 @@ -1,5 +1,5 @@ -MD5 (ruby-1.8.7-p352.tar.gz) = DDP2Y6EKVA6mVne7dV5Xpw== -RMD160 (ruby-1.8.7-p352.tar.gz) = HBPld74/JEvoA2PixBBGaMWKcag= -SHA1 (ruby-1.8.7-p352.tar.gz) = btQE+NndM+DZ2+JOCRAaHueO18M= -SHA256 (ruby-1.8.7-p352.tar.gz) = IyW5+asq9mNGnQV8ah71nZFKZJgI6fbRpId8iXPC2tA= -SIZE (ruby-1.8.7-p352.tar.gz) = 4894181 +MD5 (ruby-1.8.7-p357.tar.gz) = srgkj/UJfP1in1uXaNHfgg== +RMD160 (ruby-1.8.7-p357.tar.gz) = /6aNbOSTq5ZZLqvzXIdJg4CUHNQ= +SHA1 (ruby-1.8.7-p357.tar.gz) = 4uKSXlVHqzbKTF5AJA9PejgPvtM= +SHA256 (ruby-1.8.7-p357.tar.gz) = L9ysTrN7LroaTu85Kiki4HqSIvyG14HZIVTXFkNLliw= +SIZE (ruby-1.8.7-p357.tar.gz) = 4895136 Index: Makefile =================================================================== RCS file: /cvs/ports/lang/jruby/Makefile,v retrieving revision 1.29 diff -u -p -r1.29 Makefile --- Makefile	9 Dec 2011 21:46:15 -0000	1.29 +++ Makefile	3 Jan 2012 21:02:42 -0000 @@ -4,10 +4,9 @@ SHARED_ONLY =	Yes   COMMENT =	pure-Java implementation of the Ruby language  -V =		1.6.5 +V =		1.6.5.1  DISTNAME =	jruby-src-${V}  PKGNAME =	jruby-${V} -REVISION =	0  CATEGORIES =	lang lang/ruby  DISTFILES =	${DISTNAME}.tar.gz \  		wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz:0 Index: distinfo =================================================================== RCS file: /cvs/ports/lang/jruby/distinfo,v retrieving revision 1.13 diff -u -p -r1.13 distinfo --- distinfo	8 Nov 2011 23:47:20 -0000	1.13 +++ distinfo	3 Jan 2012 21:04:04 -0000 @@ -1,10 +1,10 @@ -MD5 (jruby-src-1.6.5.tar.gz) = N4l6j8w/KFtuBsofAmP0Jw== +MD5 (jruby-src-1.6.5.1.tar.gz) = 3VHmsE2qywd2gucQLRlHBA==  MD5 (wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz) = mOyRmYChedDeeXyUmTVBog== -RMD160 (jruby-src-1.6.5.tar.gz) = a2LH5GLe7m0gk6MvNfZIS3eZeUE= +RMD160 (jruby-src-1.6.5.1.tar.gz) = qW3mxmBVy86/SBCcly1G99IqZ8I=  RMD160 (wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz) = lTBayILxwHuGltkNqDMvfjn0+kM= -SHA1 (jruby-src-1.6.5.tar.gz) = NUnh6vh6WHFo+IaI1lWTCs4viE4= +SHA1 (jruby-src-1.6.5.1.tar.gz) = jh9vv2Ce2YrYSNNjaqwbzctj4/8=  SHA1 (wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz) = ocUg1SbvOliOtPrMEBIY0sOEK90= -SHA256 (jruby-src-1.6.5.tar.gz) = ZY1wE8HOEbb35ce3KftD9vDdhOK1JmFV8unxyf+8JHA= +SHA256 (jruby-src-1.6.5.1.tar.gz) = ESbym4iLVCfC1BYEKmwBCEmrHSnum+l+WSyvaFmSG+U=  SHA256 (wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz) = ybtb8CunJ/jql9zzBZnz2eYWXc08etMsiuWso0nas1c= -SIZE (jruby-src-1.6.5.tar.gz) = 14282074 +SIZE (jruby-src-1.6.5.1.tar.gz) = 14284770  SIZE (wmeissner-jffi-1.0.2-0-ge0d10e9.tar.gz) = 1728176 Index: Makefile =================================================================== RCS file: /cvs/ports/www/ruby-rack/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile	13 Dec 2011 17:58:27 -0000	1.13 +++ Makefile	3 Jan 2012 21:41:50 -0000 @@ -2,7 +2,7 @@   COMMENT=		modular Ruby webserver interface  -DISTNAME=		rack-1.3.5 +DISTNAME=		rack-1.3.6  CATEGORIES=		www   HOMEPAGE=		http://rack.rubyforge.org/ Index: distinfo =================================================================== RCS file: /cvs/ports/www/ruby-rack/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo	13 Dec 2011 17:58:27 -0000	1.6 +++ distinfo	3 Jan 2012 21:41:56 -0000 @@ -1,5 +1,5 @@ -MD5 (rack-1.3.5.gem) = +xDuybpizRjjRu1b0oV3tg== -RMD160 (rack-1.3.5.gem) = Z2AmrOYzabbBnvY7HfdzWjB5hVc= -SHA1 (rack-1.3.5.gem) = jO7YnpodADkALsom5XneitWINRY= -SHA256 (rack-1.3.5.gem) = FyLDbqEgARZWD36Jc6dnWifm/C4IpcwcFGUjNRq25eE= -SIZE (rack-1.3.5.gem) = 155648 +MD5 (rack-1.3.6.gem) = Ri/wdEP4L/2Iwbao7c9mWQ== +RMD160 (rack-1.3.6.gem) = Ms5y1Caj2km/JQle8IrbgdO2tIA= +SHA1 (rack-1.3.6.gem) = KPugiwdwKlI3daMDHG3iSWN20iM= +SHA256 (rack-1.3.6.gem) = 1AkPRyBaivTmAr5zz25flPDJGVHPtORoLpP8F7LmcOI= +SIZE (rack-1.3.6.gem) = 156160

Source: http://permalink.gmane.org/gmane.os.openbsd.ports/52931

happy halloween happy halloween history of halloween eagles cowboys eagles cowboys trick or treat times trick or treat times

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)