From 9d0faa53ad05f101fddafb6311da68b1c659c95b Mon Sep 17 00:00:00 2001 From: Juergen Daubert Date: Wed, 6 Dec 2006 08:06:33 +0100 Subject: [PATCH] [notify] ruby: update to 1.8.5-p2 Security update to finally fix CVE-2006-5467. See http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ --- ruby/.md5sum | 3 +-- ruby/Pkgfile | 9 ++++----- ruby/ruby-1.8.5-cgi-dos-1.patch | 11 ----------- 3 files changed, 5 insertions(+), 18 deletions(-) delete mode 100644 ruby/ruby-1.8.5-cgi-dos-1.patch diff --git a/ruby/.md5sum b/ruby/.md5sum index 718efd9e1..03d0b9f02 100644 --- a/ruby/.md5sum +++ b/ruby/.md5sum @@ -1,3 +1,2 @@ -9d25f59d1c33a0b215f6c25260dcb536 ruby-1.8.5-cgi-dos-1.patch +a3517a224716f79b14196adda3e88057 ruby-1.8.5-p2.tar.gz c29d1494e946c08c4731c3e4cdabb2cb ruby-1.8.5.patch -3fbb02294a8ca33d4684055adba5ed6f ruby-1.8.5.tar.gz diff --git a/ruby/Pkgfile b/ruby/Pkgfile index 0fd5f5cab..3347d0bd1 100644 --- a/ruby/Pkgfile +++ b/ruby/Pkgfile @@ -4,15 +4,14 @@ # Depends on: db, gdbm, ncurses, openssl, readline, zlib name=ruby -version=1.8.5 -release=2 +version=1.8.5-p2 +release=1 source=(ftp://ftp.ruby-lang.org/pub/$name/1.8/$name-$version.tar.gz \ - $name-$version.patch $name-$version-cgi-dos-1.patch) + $name-1.8.5.patch) build () { cd $name-$version - patch -p1 < $SRC/$name-$version.patch - patch -p0 < $SRC/$name-$version-cgi-dos-1.patch + patch -p1 < $SRC/$name-1.8.5.patch ./configure --prefix=/usr \ --mandir=/usr/man \ --enable-shared \ diff --git a/ruby/ruby-1.8.5-cgi-dos-1.patch b/ruby/ruby-1.8.5-cgi-dos-1.patch deleted file mode 100644 index a563c651c..000000000 --- a/ruby/ruby-1.8.5-cgi-dos-1.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/cgi.rb.orig 2006-08-22 18:38:19.000000000 +0900 -+++ lib/cgi.rb 2006-11-03 00:18:53.000000000 +0900 -@@ -1018,7 +1018,7 @@ class CGI - else - stdinput.read(content_length) - end -- if c.nil? -+ if c.nil? || c.empty? - raise EOFError, "bad content body" - end - buf.concat(c)