[ruby/f13/master] - Apply upstream patch for CVE-2010-0541 (bug 587731)

Mamoru Tasaka mtasaka at fedoraproject.org
Sun Aug 22 17:44:44 UTC 2010 

commit 9e54766673a2a7e043cfab249f99d9909b55fbec
Author: Mamoru Tasaka <tasaka1 at localhost.localdomain>
Date:   Mon Aug 23 02:44:37 2010 +0900

    - Apply upstream patch for CVE-2010-0541 (bug 587731)

 ruby-1.8.6.x-CVE-2010-0541.patch |   22 ++++++++++++++++++++++
 ruby.spec                        |    8 +++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/ruby-1.8.6.x-CVE-2010-0541.patch b/ruby-1.8.6.x-CVE-2010-0541.patch
new file mode 100644
index 0000000..2b5d808
--- /dev/null
+++ b/ruby-1.8.6.x-CVE-2010-0541.patch
@@ -0,0 +1,22 @@
+commit 11183a22ef3998b9e822bb9322e49b8d6838aa81
+Author: wyhaines <wyhaines at b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date:   Tue Aug 17 18:36:29 2010 +0000
+
+    lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
+    
+    
+    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@29026 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+
+diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
+index 62156b1..48fe4b0 100644
+--- a/lib/webrick/httpresponse.rb
++++ b/lib/webrick/httpresponse.rb
+@@ -209,7 +209,7 @@ module WEBrick
+         @keep_alive = false
+         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
+       end
+-      @header['content-type'] = "text/html"
++      @header['content-type'] = "text/html; charset=ISO-8859-1"
+ 
+       if respond_to?(:create_error_page)
+         create_error_page()
diff --git a/ruby.spec b/ruby.spec
index 38e16cd..95f8ab8 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -18,7 +18,7 @@
 
 Name:		ruby
 Version:	%{rubyver}%{?dotpatchlevel}
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	Ruby or GPLv2
 URL:		http://www.ruby-lang.org/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -95,6 +95,8 @@ Patch37:        ruby-1.8.x-ext_tk-flatten-level-revert.patch
 Patch38:        ruby-1.8.x-null-class-must-be-Qnil.patch
 # Once revert this patch to apply Patch34 cleanly
 Patch39:        ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch
+# From upstream ruby_1_8_6 branch: Patch for CVE-2010-0541
+Patch40:        ruby-1.8.6.x-CVE-2010-0541.patch
 
 Summary:	An interpreter of object-oriented scripting language
 Group:		Development/Languages
@@ -250,6 +252,7 @@ pushd %{name}-%{arcver}
 %patch36 -p1
 %patch37 -p1
 %patch38 -p1
+%patch40 -p1
 popd
 
 %build
@@ -640,6 +643,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_emacs_sitestartdir}/ruby-mode-init.el
 
 %changelog
+* Mon Aug 23 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.399-6
+- Apply upstream patch for CVE-2010-0541 (bug 587731)
+
 * Wed May 19 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.6.399-5
 - Retry for bug 559158, Simplify the OpenSSL::Digest class
   pull more change commits from ruby_1_8 branch

More information about the scm-commits mailing list