Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 234224

Summary: Ruby 1.8.6 / 1.8.7 have new stable releases
Product: Gentoo Linux Reporter: M. Edward Borasky <znmeb>
Component: New packagesAssignee: Gentoo Ruby Team <ruby>
Status: RESOLVED FIXED    
Severity: normal CC: znmeb
Priority: High    
Version: 2007.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 225465    

Description M. Edward Borasky 2008-08-08 03:43:37 UTC 
I couldn't find any other bugs for this, so I'm adding a new one. Please feel free to close it if it's a duplicate.

From: 	Urabe Shyouhei <shyouhei@ruby-lang.org>
Reply-To: 	ruby-talk@ruby-lang.org
To: 	ruby-talk ML <ruby-talk@ruby-lang.org>, ruby-list@ruby-lang.org
Subject: 	Ruby 1.8.7-p71 / 1.8.6-p286 released (Security Fix)
Date: 	Fri, 8 Aug 2008 12:00:48 +0900 (Thu, 20:00 PDT)


At last.

Sorry to have kept you waiting so long. Here we release latest Ruby
1.8.7 / 1.8.6 series. I believe they are stable enough.
We also announce that we have fixed several vulnerabilities in them.
Please take a look at the following URL for details.

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Released tarballes are available at:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p286.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p286.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p286.zip
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p71.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p71.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p71.zip

And checksums:

MD5(ruby-1.8.6-p286.tar.gz)= 797ea136fe43e4286c9362ee4516674e
SHA256(ruby-1.8.6-p286.tar.gz)= 1774de918b156c360843c1b68690f5f57532ee48ff079d4d05c51dace8d523ed
SIZE(ruby-1.8.6-p286.tar.gz)= 4590373

MD5(ruby-1.8.6-p286.tar.bz2)= e6b6bf8f34370e433936adb7a7065e63
SHA256(ruby-1.8.6-p286.tar.bz2)= d800552900e1157bbeaae39a4c253683b2444820a5d1ba0a207a13cc469168b7
SIZE(ruby-1.8.6-p286.tar.bz2)= 3957979

MD5(ruby-1.8.6-p286.zip)= 49b8f8108eab839470c7bdc3aed19fbc
SHA256(ruby-1.8.6-p286.zip)= 7fbe51d1800385e9d11270fc3d7a2230af56b540956fd5f690ed0f050db321cc
SIZE(ruby-1.8.6-p286.zip)= 5606110

MD5(ruby-1.8.7-p71.tar.gz)= 721741d1e0785a0b6b9fb07d55184908
SHA256(ruby-1.8.7-p71.tar.gz)= 30ec4298e9ac186a2fe1a94362919ba805538252b707f3aadae1938429269c1a
SIZE(ruby-1.8.7-p71.tar.gz)= 4805478

MD5(ruby-1.8.7-p71.tar.bz2)= e23dd0dd619585df07acc1e3735ab5c7
SHA256(ruby-1.8.7-p71.tar.bz2)= ce74802744b9dfcd77bdd365a1543d050a56d9b366ed5e7a9bf2df25028fd411
SIZE(ruby-1.8.7-p71.tar.bz2)= 4127519

MD5(ruby-1.8.7-p71.zip)= b6f8337d1fb4f0646cc40be876e3b321
SHA256(ruby-1.8.7-p71.zip)= 6fc836f0e58442a0e128910ad9959c3e9814912b5ad8e48c279a04ed77e5a8f2
SIZE(ruby-1.8.7-p71.zip)= 5855760

For now, 1.8.6 should probably go in the tree and 1.8.7 in the overlay -- there's still quite a bit of controversy over 1.8.7
Comment 1 M. Edward Borasky 2008-08-10 02:29:05 UTC 
But wait! There's more!

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
Comment 2 Hans de Graaff gentoo-dev Security 2008-08-10 08:10:49 UTC 
Adding security team.
Comment 3 Hans de Graaff gentoo-dev Security 2008-08-10 14:11:32 UTC 
I've just added ruby 1.8.6_p286 to CVS.
Comment 4 M. Edward Borasky 2008-08-11 02:40:34 UTC 
But wait! There's *still* more!

From shyouhei@ruby-lang.org Mon Aug 11 01:41:32 2008
Return-Path: <ruby-talk-admin@ruby-lang.org>
Delivered-To: cesmail-net-znmeb@cesmail.net
Received: (qmail 10861 invoked from network); 11 Aug 2008 01:41:32 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7
X-Spam-Level: 
X-Spam-Status: hits=0.0 tests=none version=3.2.4
Received: from unknown (192.168.1.108) by filter7.cesmail.net with QMQP; 11
	Aug 2008 01:41:32 -0000
Received: from carbon.ruby-lang.org (221.186.184.68) by mx71.cesmail.net
	with SMTP; 11 Aug 2008 01:41:32 -0000
Received: from carbon.ruby-lang.org (beryllium.ruby-lang.org [127.0.0.1])
	by carbon.ruby-lang.org (Postfix) with ESMTP id AE11B3C224B92; Mon, 11 Aug
	2008 10:38:14 +0900 (JST)
Received: from dump.fs.trans-nt.com (smtp.trans-nt.co.jp [202.10.98.251])
	by carbon.ruby-lang.org (Postfix) with SMTP id ABAE43C224B8A for
	<ruby-talk@ruby-lang.org>; Mon, 11 Aug 2008 10:38:09 +0900 (JST)
Received: (qmail 19842 invoked from network); 11 Aug 2008 10:40:27 +0900
Received: from dhcp117.p.nn.trans-nt.com (HELO ?192.168.164.3?)
	(192.168.130.117) by smtp.trans-nt.co.jp with SMTP; 11 Aug 2008 10:40:27
	+0900
Delivered-To: ruby-talk@ruby-lang.org
Date: Mon, 11 Aug 2008 10:38:10 +0900
Posted: Mon, 11 Aug 2008 10:40:27 +0900
From: Urabe Shyouhei <shyouhei@ruby-lang.org>
Reply-To: ruby-talk@ruby-lang.org
Subject: Ruby 1.8.7-p72 / 1.8.6-p287 released (Security Fix)
To: ruby-talk@ruby-lang.org (ruby-talk ML) ,ruby-list@ruby-lang.org
Message-Id: <489F988B.9090601@ruby-lang.org>
X-ML-Name: ruby-talk
X-Mail-Count: 310808
X-MLServer: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only
	members can post)
X-ML-Info: If you have a question, send e-mail with the body "help"
	(without quotes) to the address ruby-talk-ctl@ruby-lang.org;
	help=<mailto:ruby-talk-ctl@ruby-lang.org?body=help>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16)
	Gecko/20080724 Thunderbird/2.0.0.16 Mnenhy/0.7.5.0
X-Enigmail-Version: 0.95.0
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Precedence: bulk
Lines: 40
List-Id: ruby-talk.ruby-lang.org
List-Software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-Post: <mailto:ruby-talk@ruby-lang.org>
List-Owner: <mailto:ruby-talk-admin@ruby-lang.org>
List-Help: <mailto:ruby-talk-ctl@ruby-lang.org?body=help>
List-Unsubscribe: <mailto:ruby-talk-ctl@ruby-lang.org?body=unsubscribe>
X-SpamCop-Checked: 221.186.184.68 202.10.98.251 
X-Evolution-Source: pop://znmeb%40cesmail.net@pop.spamcop.net/

Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.

Released tarballes are available at:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.zip
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.zip

And checksums:

MD5(ruby-1.8.6-p287.tar.gz)= f6cd51001534ced5375339707a757556
SHA256(ruby-1.8.6-p287.tar.gz)= 6463d1932c34ff72b79174ac7d2c28940d29d147928250928a00a0dbee43db57
SIZE(ruby-1.8.6-p287.tar.gz)= 4590393

MD5(ruby-1.8.6-p287.tar.bz2)= 80b5f3db12531d36e6c81fac6d05dda9
SHA256(ruby-1.8.6-p287.tar.bz2)= ac15a1cb78c50ec9cc7e831616a143586bdd566bc865c6b769a0c47b3b3936ce
SIZE(ruby-1.8.6-p287.tar.bz2)= 3956902

MD5(ruby-1.8.6-p287.zip)= e555d51f5b387fdd52ae53d9bafa13f5
SHA256(ruby-1.8.6-p287.zip)= 844c66c015565839531a34b83e0526cd4fa2a71cc0f5cc8ddb0d4c158403543a
SIZE(ruby-1.8.6-p287.zip)= 5606238

MD5(ruby-1.8.7-p72.tar.gz)= 5e5b7189674b3a7f69401284f6a7a36d
SHA256(ruby-1.8.7-p72.tar.gz)= e15ca005076f5d6f91fc856fdfbd071698a4cadac3c6e25855899dba1f6fc5ef
SIZE(ruby-1.8.7-p72.tar.gz)= 4805594

MD5(ruby-1.8.7-p72.tar.bz2)= 0b215c46b89b28d7ab8d56d96e72d5b9
SHA256(ruby-1.8.7-p72.tar.bz2)= a8f8a28e286dd76747d8e97ea5cfe7a315eb896906ab8c8606d687d9f6f6146e
SIZE(ruby-1.8.7-p72.tar.bz2)= 4127450

MD5(ruby-1.8.7-p72.zip)= b44fe5a12d4bf138ba0d3660e13a8216
SHA256(ruby-1.8.7-p72.zip)= 77e67be4aa8c3e041e1d20d24e5fcf2e33ad9bccb3da3332b6c0a5b648334903
SIZE(ruby-1.8.7-p72.zip)= 5855902

Sorry again for an incomplete release.
Comment 5 Hans de Graaff gentoo-dev Security 2008-08-11 05:59:23 UTC 
ruby 1.8.6_p287 is now in CVS
Comment 6 Hans de Graaff gentoo-dev Security 2008-08-31 06:21:05 UTC 
Closing this since the 1.8.7 version is now also in CVS.