Package: ruby1.9.1 / 1.9.3.194-8.1+deb7u2

Metadata

Package Version Patches format
ruby1.9.1 1.9.3.194-8.1+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
909_update_lib_README.diff | (download)

lib/README | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
100731_disable tests.diff | (download)

bootstraptest/test_io.rb | 44 22 + 22 - 0 !
bootstraptest/test_thread.rb | 30 15 + 15 - 0 !
2 files changed, 37 insertions(+), 37 deletions(-)

 disable two tests that are problematic on freebsd
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590002

First test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543805
and upstream bug http://redmine.ruby-lang.org/issues/show/2008

Second test is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542927
and upstream bug http://redmine.ruby-lang.org/issues/show/2025
It was fixed, but is now timing dependent.


903_skip_base_ruby_check.diff | (download)

configure.in | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---
20100829 rubygems_disable_update_system.diff | (download)

lib/rubygems/commands/update_command.rb | 4 4 + 0 - 0 !
test/rubygems/test_gem_commands_update_command.rb | 12 6 + 6 - 0 !
2 files changed, 10 insertions(+), 6 deletions(-)

---
20100829 rubygems_default_dir.diff | (download)

lib/rubygems/defaults.rb | 57 33 + 24 - 0 !
test/rubygems/test_gem.rb | 4 2 + 2 - 0 !
2 files changed, 35 insertions(+), 26 deletions(-)

---
110720_tcltk_disable_rpath.diff | (download)

ext/tk/extconf.rb | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

---
090729_fix_Makefile_deps.diff | (download)

common.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
090803_exclude_rdoc.diff | (download)

common.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
110825 run tests verbose.patch | (download)

common.mk | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 run tests in verbose mode
110825 tests_broken_as_root.patch | (download)

test/gdbm/test_gdbm.rb | 4 2 + 2 - 0 !
test/test_find.rb | 2 2 + 0 - 0 !
2 files changed, 4 insertions(+), 2 deletions(-)

 add some description
110829 freebsd_assert_normal_exit.patch | (download)

bootstraptest/runner.rb | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
110829 hurd_dirent_usage.patch | (download)

configure.in | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
hurd path max.diff | (download)

addr2line.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

---
20120517 r35434.patch | (download)

lib/drb/ssl.rb | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
20120927 cve_2011_1005.patch | (download)

error.c | 8 1 + 7 - 0 !
test/ruby/test_exception.rb | 51 51 + 0 - 0 !
2 files changed, 52 insertions(+), 7 deletions(-)

 prevent untainted strings from being incorrectly tainted
 This flaw allowed untainted strings to be tainted and modified, even in
 safe level 4.
CVE 2012 4522.patch | (download)

file.c | 3 3 + 0 - 0 !
test/ruby/test_file.rb | 10 10 + 0 - 0 !
2 files changed, 13 insertions(+)

 path name must not contain nul bytes.
 This is a fix for CVE-2012-4522.
20121120 cve 2012 5371.diff | (download)

common.mk | 3 2 + 1 - 0 !
random.c | 23 23 + 0 - 0 !
siphash.c | 483 483 + 0 - 0 !
siphash.h | 48 48 + 0 - 0 !
string.c | 6 0 + 6 - 0 !
5 files changed, 556 insertions(+), 7 deletions(-)

 replace hash implementation to avoid dos attacks
 This patch fixes CVE-2012-5371
Bug-Debian: http://bugs.debian.org/693024
CVE 2013 0256.patch | (download)

lib/rdoc/generator/template/darkfish/js/darkfish.js | 16 9 + 7 - 0 !
1 file changed, 9 insertions(+), 7 deletions(-)

 [patch] * lib/rdoc: import rdoc 3.9.5.
 NOTE: This patch includes only main correctios.
CVE 2013 0269.patch | (download)

ext/json/lib/json/add/core.rb | 9 6 + 3 - 0 !
ext/json/lib/json/common.rb | 17 12 + 5 - 0 !
ext/json/parser/parser.c | 36 18 + 18 - 0 !
ext/json/parser/parser.rl | 5 4 + 1 - 0 !
test/json/test_json.rb | 24 22 + 2 - 0 !
test/json/test_json_addition.rb | 46 27 + 19 - 0 !
test/json/test_json_string_matching.rb | 11 5 + 6 - 0 !
7 files changed, 94 insertions(+), 54 deletions(-)

 fix denial of service and unsafe object creation
 vulnerability in JSON. [CVE-2013-0269]
CVE 2013 1821.patch | (download)

lib/rexml/document.rb | 12 12 + 0 - 0 !
lib/rexml/text.rb | 40 25 + 15 - 0 !
test/rexml/test_entity.rb | 18 18 + 0 - 0 !
3 files changed, 55 insertions(+), 15 deletions(-)

 fix entity expansion dos vulnerability in rexml
 CVE-2013-1821
CVE 2013 2065.patch | (download)

ext/dl/lib/dl/func.rb | 3 3 + 0 - 0 !
ext/fiddle/function.c | 9 9 + 0 - 0 !
2 files changed, 12 insertions(+)

---
CVE 2013 4073.patch | (download)

ext/openssl/lib/openssl/ssl-internal.rb | 18 13 + 5 - 0 !
test/openssl/test_ssl.rb | 29 29 + 0 - 0 !
2 files changed, 42 insertions(+), 5 deletions(-)

 fix hostname check bypassing vulnerability in ssl client
 CVE-2013-4073: Hostname identity check did not properly handle
 hostnames in the certificate that contain null bytes.
CVE 2013 4164.patch | (download)

test/ruby/test_float.rb | 12 12 + 0 - 0 !
util.c | 14 12 + 2 - 0 !
2 files changed, 24 insertions(+), 2 deletions(-)

 fix heap overflow in floating point parsing
 This vulnerability is tracked with CVE-2013-4164.
 .
 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/