pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/ruby18-base



Module Name:    pkgsrc
Committed By:   taca
Date:           Fri Jun 20 15:39:29 UTC 2008

Modified Files:
        pkgsrc/lang/ruby18-base: distinfo
        pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab

Log Message:
Update Ruby 1.8.7 patchlevel 22.

This is security fix:

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities

Fri Jun 20 18:25:18 2008  Nobuyoshi Nakada  <nobu%ruby-lang.org@localhost>

        * string.c (rb_str_buf_append): should infect.

Fri Jun 20 16:33:09 2008  Nobuyoshi Nakada  <nobu%ruby-lang.org@localhost>

        * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
          behavior at integer overflow.

        * string.c (str_buf_cat): ditto.

Wed Jun 18 22:24:46 2008  URABE Shyouhei  <shyouhei%ruby-lang.org@localhost>

        * array.c (ary_new, rb_ary_initialize, rb_ary_store,
          rb_ary_aplice, rb_ary_times): integer overflows should be
          checked. based on patches from Drew Yao <ayao at apple.com>
          fixed CVE-2008-2726

        * string.c (rb_str_buf_append): fixed unsafe use of alloca,
          which led memory corruption. based on a patch from Drew Yao
          <ayao at apple.com> fixed CVE-2008-2726

        * sprintf.c (rb_str_format): backported from trunk.

        * intern.h: ditto.

Tue Jun 17 15:09:46 2008  Nobuyoshi Nakada  <nobu%ruby-lang.org@localhost>

        * file.c (file_expand_path): no need to expand root path which has no
          short file name.  [ruby-dev:35095]

Sun Jun 15 19:27:40 2008  Akinori MUSHA  <knu%iDaemons.org@localhost>

        * configure.in: Fix $LOAD_PATH.  Properly expand vendor_ruby
          directories; submitted by Takahiro Kambe <taca at
          back-street.net> in [ruby-dev:35099].


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.29 pkgsrc/lang/ruby18-base/distinfo
cvs rdiff -r1.11 -r1.12 pkgsrc/lang/ruby18-base/patches/patch-aa \
    pkgsrc/lang/ruby18-base/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index