Bug #11248: Backport r50829 - Ruby - Ruby Issue Tracking System

Custom queries

Backport 3.2
Backport 3.3
Backport 3.4
bugs: unassigned
DevMeeting
matz
Open issues with attachment
Windows

Actions

Copy link

Bug #11248

closed

Backport r50829

Bug #11248: Backport r50829

Added by hsbt (Hiroshi SHIBATA) over 10 years ago. Updated about 10 years ago.

Status:

Closed

Assignee:

Target version:

ruby -v:

Backport:

2.0.0: DONE, 2.1: DONE, 2.2: DONE

[ruby-dev:49058]

Description

rubygems で修正済みの CVE-2015-3900 に対するパッチのバックポートをお願いします

Files

Download all files

rubygems-ruby_2_0_0.patch (2.59 KB) rubygems-ruby_2_0_0.patch		hsbt (Hiroshi SHIBATA), 06/11/2015 06:04 AM
rubygems-ruby_2_2.patch (2.58 KB) rubygems-ruby_2_2.patch		hsbt (Hiroshi SHIBATA), 06/11/2015 06:05 AM
rubygems-ruby_2_1-2.patch (2.82 KB) rubygems-ruby_2_1-2.patch		hsbt (Hiroshi SHIBATA), 06/11/2015 08:06 AM

History
Notes
Property changes
Associated revisions

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#1 [ruby-dev:49059]

Status changed from Open to Closed

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#2 [ruby-dev:49060]

バージョン変わらなくてもいいんでしょうかねえ？

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#3

File deleted (~~rubygems-ruby_2_1.patch~~)

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#4 [ruby-dev:49061]

File rubygems-ruby_2_1-2.patch rubygems-ruby_2_1-2.patch added

Ruby 2.1 については rubygems 2.2.3 から 2.2.5 と CVE-2015-3900 の修正のみを反映させることが出来そうなのでパッチを更新しました。 Ruby 2.0.0 の rubygems 2.0.x と Ruby 2.2 の rubygems 2.4.x については CVE-2015-3900 以外の修正も含まれるのでバージョンは変更しない方がよさそうです。

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#5 [ruby-dev:49062]

ええと、新しいバージョンのrubygemsを入れたいということは一切ないのですが
(むしろ絶対にそんなことはしたくない、というか保守ポリシー的にできない)、
変更する以上はバージョン番号を変えないといけないんじゃないの？という疑問があり、
つまり2.0.14.1とか2.2.3.1とか2.4.5.1とかにすべきなんじゃないかなー、
という意味だったのでした。

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#6 [ruby-dev:49063]

なるほど理解しました。

rubygems のバージョンポリシーがわかりませんが、2.0.14.1, 2.2.5(これは余分な変更が含まれないため), 2.4.5.1 が良さそうな気がします。

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#7 [ruby-dev:49064]

rubygemsのバージョンポリシーは私も詳しくないのですが、過去の例を見る限りでは
それでよさそうな気がします。
2.2.5も本家を確認して納得しました。

Updated by nagachika (Tomoyuki Chikanaga) about 10 years ago Actions
Copy link
#8

Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE

r51619 で ruby_2_2 ブランチにバックポートしました。
Gem::VERSION は "2.4.5.1" にしておきました。

Updated by usa (Usaku NAKAMURA) about 10 years ago Actions
Copy link
#9

Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE to 2.0.0: DONE, 2.1: DONE, 2.2: DONE

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Ruby

Tags

Custom queries

Bug #11248

Backport r50829

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#1 [ruby-dev:49059]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#2 [ruby-dev:49060]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#3

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#4 [ruby-dev:49061]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#5 [ruby-dev:49062]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#6 [ruby-dev:49063]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#7 [ruby-dev:49064]

Updated by nagachika (Tomoyuki Chikanaga) about 10 years ago Actions
Copy link
#8

Updated by usa (Usaku NAKAMURA) about 10 years ago Actions
Copy link
#9

Project

General

Profile

Ruby

Tags

Custom queries

Bug #11248

Backport r50829

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago ActionsCopy link #1 [ruby-dev:49059]

Updated by usa (Usaku NAKAMURA) over 10 years ago ActionsCopy link #2 [ruby-dev:49060]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago ActionsCopy link #3

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago ActionsCopy link #4 [ruby-dev:49061]

Updated by usa (Usaku NAKAMURA) over 10 years ago ActionsCopy link #5 [ruby-dev:49062]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago ActionsCopy link #6 [ruby-dev:49063]

Updated by usa (Usaku NAKAMURA) over 10 years ago ActionsCopy link #7 [ruby-dev:49064]

Updated by nagachika (Tomoyuki Chikanaga) about 10 years ago ActionsCopy link #8

Updated by usa (Usaku NAKAMURA) about 10 years ago ActionsCopy link #9

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#1 [ruby-dev:49059]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#2 [ruby-dev:49060]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#3

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#4 [ruby-dev:49061]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#5 [ruby-dev:49062]

Updated by hsbt (Hiroshi SHIBATA) over 10 years ago Actions
Copy link
#6 [ruby-dev:49063]

Updated by usa (Usaku NAKAMURA) over 10 years ago Actions
Copy link
#7 [ruby-dev:49064]

Updated by nagachika (Tomoyuki Chikanaga) about 10 years ago Actions
Copy link
#8

Updated by usa (Usaku NAKAMURA) about 10 years ago Actions
Copy link
#9