Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package ruby1.8 This upload fixes a build problem in kfreebsd-* (#691793). You will find attached the debdiff against the package in testing. unblock ruby1.8/1.8.7.358-6 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.utf8, LC_CTYPE=pt_BR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Antonio Terceiro <terceiro@debian.org>
diff -Nru ruby1.8-1.8.7.358/debian/changelog ruby1.8-1.8.7.358/debian/changelog --- ruby1.8-1.8.7.358/debian/changelog 2012-06-02 12:34:01.000000000 +0200 +++ ruby1.8-1.8.7.358/debian/changelog 2012-11-01 01:20:28.000000000 +0100 @@ -1,3 +1,17 @@ +ruby1.8 (1.8.7.358-6) unstable; urgency=high + + * Timeout the execution of the tests after 2 hours. This should fix the + build on kfreebsd-* (Closes: #691793) and hurd. + + -- Antonio Terceiro <terceiro@debian.org> Wed, 31 Oct 2012 22:12:50 +0100 + +ruby1.8 (1.8.7.358-5) unstable; urgency=high + + * added debian/patches/CVE-2012-4481.patch to fix CVE-2012-4481 + (Closes: #689945) + + -- Antonio Terceiro <terceiro@debian.org> Sun, 14 Oct 2012 19:45:52 -0300 + ruby1.8 (1.8.7.358-4) unstable; urgency=low * debian/rules: avoid running DRB tests, since they crash and leave runaway diff -Nru ruby1.8-1.8.7.358/debian/patches/CVE-2012-4481.patch ruby1.8-1.8.7.358/debian/patches/CVE-2012-4481.patch --- ruby1.8-1.8.7.358/debian/patches/CVE-2012-4481.patch 1970-01-01 01:00:00.000000000 +0100 +++ ruby1.8-1.8.7.358/debian/patches/CVE-2012-4481.patch 2012-10-15 00:45:15.000000000 +0200 @@ -0,0 +1,18 @@ +Description: avoid breaking safefity in strings passed to Exception#to_s + Fixes CVE-2012-4481 +Bug-Debian: http://bugs.debian.org/689945 +Origin: http://seclists.org/oss-sec/2012/q4/22 +Reviewed-By: Antonio Terceiro <terceiro@debian.org> + +--- ruby1.8-1.8.7.358.orig/error.c ++++ ruby1.8-1.8.7.358/error.c +@@ -665,9 +665,6 @@ name_err_to_s(exc) + + if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); + StringValue(str); +- if (str != mesg) { +- OBJ_INFECT(str, mesg); +- } + return str; + } + diff -Nru ruby1.8-1.8.7.358/debian/patches/series ruby1.8-1.8.7.358/debian/patches/series --- ruby1.8-1.8.7.358/debian/patches/series 2012-05-27 15:59:27.000000000 +0200 +++ ruby1.8-1.8.7.358/debian/patches/series 2012-10-15 00:43:03.000000000 +0200 @@ -13,3 +13,4 @@ 110703_CVE-2011-0188.patch tcltk-no-rpath.patch use-ldflags.patch +CVE-2012-4481.patch diff -Nru ruby1.8-1.8.7.358/debian/rules ruby1.8-1.8.7.358/debian/rules --- ruby1.8-1.8.7.358/debian/rules 2012-06-02 12:31:13.000000000 +0200 +++ ruby1.8-1.8.7.358/debian/rules 2012-10-31 23:12:27.000000000 +0100 @@ -65,7 +65,7 @@ ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) # avoid running drb tests -- they make buildds hang forever mv test/drb _test_drb - -make test-all + -timeout 2h make test-all mv _test_drb test/drb endif
Attachment:
signature.asc
Description: Digital signature