[ruby/f13/master] - Apply upstream patch for CVE-2010-0541 (bug 587731)
Mamoru Tasaka
mtasaka at fedoraproject.org
Sun Aug 22 17:44:44 UTC 2010
commit 9e54766673a2a7e043cfab249f99d9909b55fbec
Author: Mamoru Tasaka <tasaka1 at localhost.localdomain>
Date: Mon Aug 23 02:44:37 2010 +0900
- Apply upstream patch for CVE-2010-0541 (bug 587731)
ruby-1.8.6.x-CVE-2010-0541.patch | 22 ++++++++++++++++++++++
ruby.spec | 8 +++++++-
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/ruby-1.8.6.x-CVE-2010-0541.patch b/ruby-1.8.6.x-CVE-2010-0541.patch
new file mode 100644
index 0000000..2b5d808
--- /dev/null
+++ b/ruby-1.8.6.x-CVE-2010-0541.patch
@@ -0,0 +1,22 @@
+commit 11183a22ef3998b9e822bb9322e49b8d6838aa81
+Author: wyhaines <wyhaines at b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Tue Aug 17 18:36:29 2010 +0000
+
+ lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
+
+
+ git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@29026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+
+diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
+index 62156b1..48fe4b0 100644
+--- a/lib/webrick/httpresponse.rb
++++ b/lib/webrick/httpresponse.rb
+@@ -209,7 +209,7 @@ module WEBrick
+ @keep_alive = false
+ self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
+ end
+- @header['content-type'] = "text/html"
++ @header['content-type'] = "text/html; charset=ISO-8859-1"
+
+ if respond_to?(:create_error_page)
+ create_error_page()
diff --git a/ruby.spec b/ruby.spec
index 38e16cd..95f8ab8 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -18,7 +18,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
-Release: 5%{?dist}
+Release: 6%{?dist}
License: Ruby or GPLv2
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -95,6 +95,8 @@ Patch37: ruby-1.8.x-ext_tk-flatten-level-revert.patch
Patch38: ruby-1.8.x-null-class-must-be-Qnil.patch
# Once revert this patch to apply Patch34 cleanly
Patch39: ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch
+# From upstream ruby_1_8_6 branch: Patch for CVE-2010-0541
+Patch40: ruby-1.8.6.x-CVE-2010-0541.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@@ -250,6 +252,7 @@ pushd %{name}-%{arcver}
%patch36 -p1
%patch37 -p1
%patch38 -p1
+%patch40 -p1
popd
%build
@@ -640,6 +643,9 @@ rm -rf $RPM_BUILD_ROOT
%{_emacs_sitestartdir}/ruby-mode-init.el
%changelog
+* Mon Aug 23 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.399-6
+- Apply upstream patch for CVE-2010-0541 (bug 587731)
+
* Wed May 19 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.399-5
- Retry for bug 559158, Simplify the OpenSSL::Digest class
pull more change commits from ruby_1_8 branch
More information about the scm-commits
mailing list