[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#689839: marked as done (unblock: ruby1.9.1/1.9.3.194-2)

Your message dated Sun, 07 Oct 2012 12:29:44 +0200
with message-id <50715998.9050204@dogguy.org>
and subject line Re: Bug#689839: unblock: ruby1.9.1/1.9.3.194-2
has caused the Debian Bug report #689839,
regarding unblock: ruby1.9.1/1.9.3.194-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
689839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689839
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package ruby1.9.1

I've just uploaded ruby1.9.1/1.9.3.194-2 to unstable. It contains a
security fix for CVE-2011-1005, which closes Debian bug #689075.

Attached you will find a debdiff against the version currently in
wheezy.

unblock ruby1.9.1/1.9.3.194-2

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
Antonio Terceiro <terceiro@debian.org>

diff -Nru ruby1.9.1-1.9.3.194/debian/changelog ruby1.9.1-1.9.3.194/debian/changelog
--- ruby1.9.1-1.9.3.194/debian/changelog	2012-06-02 08:10:26.000000000 -0300
+++ ruby1.9.1-1.9.3.194/debian/changelog	2012-10-06 16:29:43.000000000 -0300
@@ -1,3 +1,12 @@
+ruby1.9.1 (1.9.3.194-2) unstable; urgency=low
+
+  * debian/patches/20120927-cve_2011_1005.patch: patch sent by upstream;
+    fixes CVE-2011-1005 which was thought of as not affecting the Ruby 1.9.x
+    series (Closes: #689075). Thanks to Tyler Hicks <tyhicks@canonical.com>
+    for reporting the issue.
+
+ -- Antonio Terceiro <terceiro@debian.org>  Sat, 06 Oct 2012 16:29:42 -0300
+
 ruby1.9.1 (1.9.3.194-1) unstable; urgency=low
 
   [ Lucas Nussbaum ]
diff -Nru ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch
--- ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch	1969-12-31 21:00:00.000000000 -0300
+++ ruby1.9.1-1.9.3.194/debian/patches/20120927-cve_2011_1005.patch	2012-10-02 10:06:08.000000000 -0300
@@ -0,0 +1,93 @@
+Description: Prevent untainted strings from being incorrectly tainted
+ This flaw allowed untainted strings to be tainted and modified, even in
+ safe level 4.
+Origin: upstream
+--- a/error.c
++++ b/error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+-    if (str != mesg) {
+-	rb_iv_set(exc, "mesg", mesg = str);
+-    }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
++    return str;
+ }
+ 
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+ 	args[2] = d;
+ 	mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+     }
+-    OBJ_INFECT(mesg, obj);
+     return mesg;
+ }
+ 
+--- a/test/ruby/test_exception.rb
++++ b/test/ruby/test_exception.rb
+@@ -333,4 +333,55 @@ end.join
+       load(t.path)
+     end
+   end
++
++  def test_to_s_taintness_propagation
++    for exc in [Exception, NameError]
++      m = "abcdefg"
++      e = exc.new(m)
++      e.taint
++      s = e.to_s
++      assert_equal(false, m.tainted?,
++                   "#{exc}#to_s should not propagate taintness")
++      assert_equal(false, s.tainted?,
++                   "#{exc}#to_s should not propagate taintness")
++    end
++    
++    o = Object.new
++    def o.to_str
++      "foo"
++    end
++    o.taint
++    e = NameError.new(o)
++    s = e.to_s
++    assert_equal(false, s.tainted?)
++  end
++
++  # CVE-2011-1005
++  def test_exception_to_s_should_not_propagate_untrustedness
++    favorite_lang = "Ruby"
++
++    for exc in [Exception, NameError]
++      assert_raise(SecurityError) do
++        lambda {
++          $SAFE = 4
++          exc.new(favorite_lang).to_s
++          favorite_lang.replace("Python")
++        }.call
++      end
++    end
++
++    assert_raise(SecurityError) do
++      lambda {
++        $SAFE = 4
++        o = Object.new
++        o.singleton_class.send(:define_method, :to_str) {
++          favorite_lang
++        }
++        NameError.new(o).to_s
++        favorite_lang.replace("Python")
++      }.call
++    end
++
++    assert_equal("Ruby", favorite_lang)
++  end
+ end
diff -Nru ruby1.9.1-1.9.3.194/debian/patches/series ruby1.9.1-1.9.3.194/debian/patches/series
--- ruby1.9.1-1.9.3.194/debian/patches/series	2012-05-27 19:46:34.000000000 -0300
+++ ruby1.9.1-1.9.3.194/debian/patches/series	2012-09-30 17:40:56.000000000 -0300
@@ -16,3 +16,4 @@
 110829-hurd_dirent_usage.patch
 hurd-path-max.diff
 20120517-r35434.patch
+20120927-cve_2011_1005.patch

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
On 06/10/2012 23:17, Antonio Terceiro wrote:
> Package: release.debian.org Severity: normal User:
> release.debian.org@packages.debian.org Usertags: unblock
> 
> Please unblock package ruby1.9.1
> 

Unblocked.

Regards,

-- 
Mehdi Dogguy مهدي الدڤي

--- End Message ---
Reply to: