mwmitchell-rsolr 0.5.7
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGES.txt +41 -0
- data/LICENSE +201 -0
- data/README.rdoc +191 -0
- data/Rakefile +40 -0
- data/examples/direct.rb +20 -0
- data/examples/http.rb +16 -0
- data/lib/core_ext.rb +8 -0
- data/lib/rsolr.rb +34 -0
- data/lib/rsolr/connection.rb +7 -0
- data/lib/rsolr/connection/adapter.rb +7 -0
- data/lib/rsolr/connection/adapter/common_methods.rb +46 -0
- data/lib/rsolr/connection/adapter/direct.rb +80 -0
- data/lib/rsolr/connection/adapter/http.rb +51 -0
- data/lib/rsolr/connection/base.rb +121 -0
- data/lib/rsolr/connection/search_ext.rb +126 -0
- data/lib/rsolr/http_client.rb +115 -0
- data/lib/rsolr/http_client/adapter.rb +6 -0
- data/lib/rsolr/http_client/adapter/curb.rb +51 -0
- data/lib/rsolr/http_client/adapter/net_http.rb +48 -0
- data/lib/rsolr/indexer.rb +23 -0
- data/lib/rsolr/mapper.rb +62 -0
- data/lib/rsolr/mapper/rss.rb +29 -0
- data/lib/rsolr/message.rb +73 -0
- data/lib/rsolr/response.rb +8 -0
- data/lib/rsolr/response/base.rb +33 -0
- data/lib/rsolr/response/index_info.rb +22 -0
- data/lib/rsolr/response/query.rb +170 -0
- data/lib/rsolr/response/update.rb +4 -0
- data/test/connection/direct_test.rb +22 -0
- data/test/connection/http_test.rb +19 -0
- data/test/connection/search_ext_test_methods.rb +17 -0
- data/test/connection/test_methods.rb +122 -0
- data/test/http_client/curb_test.rb +19 -0
- data/test/http_client/net_http_test.rb +13 -0
- data/test/http_client/test_methods.rb +40 -0
- data/test/http_client/util_test.rb +40 -0
- data/test/mapper_test.rb +123 -0
- data/test/message_test.rb +87 -0
- data/test/pagination_test.rb +58 -0
- data/test/ruby-lang.org.rss.xml +391 -0
- data/test/test_helpers.rb +39 -0
- metadata +107 -0
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'test_helpers')
|
|
2
|
+
|
|
3
|
+
class HTTPUtilTest < RSolrBaseTest
|
|
4
|
+
|
|
5
|
+
class DummyClass
|
|
6
|
+
include RSolr::HTTPClient::Util
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def setup
|
|
10
|
+
@c = DummyClass.new
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def test_build_url
|
|
14
|
+
m = @c.method(:build_url)
|
|
15
|
+
assert_equal '/something', m.call('/something')
|
|
16
|
+
assert_equal '/something?q=Testing', m.call('/something', :q=>'Testing')
|
|
17
|
+
assert_equal '/something?array=1&array=2&array=3', m.call('/something', :array=>[1, 2, 3])
|
|
18
|
+
assert_equal '/something?array=1&array=2&array=3&q=A', m.call('/something', :q=>'A', :array=>[1, 2, 3])
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def test_escape
|
|
22
|
+
assert_equal '%2B', @c.escape('+')
|
|
23
|
+
assert_equal 'This+is+a+test', @c.escape('This is a test')
|
|
24
|
+
assert_equal '%3C%3E%2F%5C', @c.escape('<>/\\')
|
|
25
|
+
assert_equal '%22', @c.escape('"')
|
|
26
|
+
assert_equal '%3A', @c.escape(':')
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_hash_to_params
|
|
30
|
+
my_params = {
|
|
31
|
+
:z=>'should be last',
|
|
32
|
+
:q=>'test',
|
|
33
|
+
:d=>[1, 2, 3, 4],
|
|
34
|
+
:b=>:zxcv,
|
|
35
|
+
:x=>['!', '*', nil]
|
|
36
|
+
}
|
|
37
|
+
assert_equal 'b=zxcv&d=1&d=2&d=3&d=4&q=test&x=%21&x=%2A&z=should+be+last', @c.hash_to_params(my_params)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
data/test/mapper_test.rb
ADDED
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'test_helpers')
|
|
2
|
+
|
|
3
|
+
require 'rss'
|
|
4
|
+
|
|
5
|
+
class MapperTest < RSolrBaseTest
|
|
6
|
+
|
|
7
|
+
# simple replacement
|
|
8
|
+
def test_string_map
|
|
9
|
+
data = {
|
|
10
|
+
:skip_this=>'!'
|
|
11
|
+
}
|
|
12
|
+
mapping = {
|
|
13
|
+
:id=>'one',
|
|
14
|
+
:name=>'foo'
|
|
15
|
+
}
|
|
16
|
+
mapper = RSolr::Mapper::Base.new(mapping)
|
|
17
|
+
expected = [mapping]
|
|
18
|
+
assert_equal expected, mapper.map(data)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def test_map_yields_if_block_given
|
|
22
|
+
data = {
|
|
23
|
+
:NUMID=>100,
|
|
24
|
+
:type=>:type_val,
|
|
25
|
+
:code=>:code_val
|
|
26
|
+
}
|
|
27
|
+
mapping = {
|
|
28
|
+
:id=>:NUMID,
|
|
29
|
+
:name=>'foo',
|
|
30
|
+
:category=>[:type, :code]
|
|
31
|
+
}
|
|
32
|
+
mapper = RSolr::Mapper::Base.new(mapping)
|
|
33
|
+
expected = [{:name=>"foo", :category=>[:type_val, :code_val], :id=>100}]
|
|
34
|
+
result = mapper.map(data) do |doc|
|
|
35
|
+
assert expected, doc
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# test enumerable/array mappings
|
|
40
|
+
def test_array_multi_value
|
|
41
|
+
data = {
|
|
42
|
+
:NUMID=>100,
|
|
43
|
+
:type=>:type_val,
|
|
44
|
+
:code=>:code_val
|
|
45
|
+
}
|
|
46
|
+
mapping = {
|
|
47
|
+
:id=>:NUMID,
|
|
48
|
+
:name=>'foo',
|
|
49
|
+
:category=>[:type, :code]
|
|
50
|
+
}
|
|
51
|
+
mapper = RSolr::Mapper::Base.new(mapping)
|
|
52
|
+
expected = [{:name=>"foo", :category=>[:type_val, :code_val], :id=>100}]
|
|
53
|
+
assert_equal expected, mapper.map(data)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# test the proc mapping type
|
|
57
|
+
# test that the second arg in the block is a Solr::Mapper
|
|
58
|
+
def test_proc
|
|
59
|
+
data = [{:name=>'-bach;'}]
|
|
60
|
+
mapping = {
|
|
61
|
+
:name=>proc{|d,index|
|
|
62
|
+
assert_equal Fixnum, index.class
|
|
63
|
+
d[:name].gsub(/\W+/, '')
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
mapper = RSolr::Mapper::Base.new(mapping)
|
|
67
|
+
expected = [{:name=>"bach"}]
|
|
68
|
+
assert_equal expected, mapper.map(data)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def rss_file
|
|
72
|
+
@rss_file ||= File.join(File.dirname(__FILE__), 'ruby-lang.org.rss.xml')
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
# load an rss feed
|
|
76
|
+
# create a mapping
|
|
77
|
+
# map it and test the fields
|
|
78
|
+
def raw_mapping_rss_docs
|
|
79
|
+
rss = RSS::Parser.parse(File.read(rss_file), false)
|
|
80
|
+
mapping = {
|
|
81
|
+
:channel=>rss.channel.title,
|
|
82
|
+
:url=>rss.channel.link,
|
|
83
|
+
:total=>rss.items.size,
|
|
84
|
+
:title=>proc {|item,index| item.title },
|
|
85
|
+
:link=>proc{|item,index| item.link },
|
|
86
|
+
:published=>proc{|item,index| item.date },
|
|
87
|
+
:description=>proc{|item,index| item.description }
|
|
88
|
+
}
|
|
89
|
+
mapper = RSolr::Mapper::Base.new(mapping)
|
|
90
|
+
mapper.map(rss.items)
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
# load an rss feed
|
|
94
|
+
# create a mapping
|
|
95
|
+
# map it and test the fields
|
|
96
|
+
def rss_mapper_docs
|
|
97
|
+
m = RSolr::Mapper::RSS.new
|
|
98
|
+
mapping = {
|
|
99
|
+
:channel=>:'channel.title',
|
|
100
|
+
:url=>:'channel.link',
|
|
101
|
+
:total=>:'items.size',
|
|
102
|
+
:title=>proc {|item,index| item.title },
|
|
103
|
+
:link=>proc {|item,index| item.link },
|
|
104
|
+
:published=>proc {|item,index| item.date },
|
|
105
|
+
:description=>proc {|item,index| item.description }
|
|
106
|
+
}
|
|
107
|
+
m.map(rss_file, mapping)
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def test_rss
|
|
111
|
+
[rss_mapper_docs, raw_mapping_rss_docs].each do |docs|
|
|
112
|
+
assert_equal 10, docs.size
|
|
113
|
+
first = docs.first
|
|
114
|
+
# make sure the mapped solr docs have all of the keys from the mapping
|
|
115
|
+
#assert mapping.keys.all?{|mapping_key| first.keys.include?(mapping_key) }
|
|
116
|
+
assert_equal docs.size, docs.first[:total].to_i
|
|
117
|
+
assert_equal Time.parse('Mon Nov 10 09:55:53 -0500 2008'), first[:published]
|
|
118
|
+
assert_equal 'http://www.ruby-lang.org/en/feeds/news.rss/', first[:url]
|
|
119
|
+
assert_equal 'Scotland on Rails 2009', first[:title]
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
end
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'test_helpers')
|
|
2
|
+
|
|
3
|
+
class MessageTest < RSolrBaseTest
|
|
4
|
+
|
|
5
|
+
# call all of the simple methods...
|
|
6
|
+
# make sure the xml string is valid
|
|
7
|
+
# ensure the class is actually Solr::XML
|
|
8
|
+
def test_simple_methods
|
|
9
|
+
[:optimize, :rollback, :commit].each do |meth|
|
|
10
|
+
result = RSolr::Message.send(meth)
|
|
11
|
+
assert_equal "<#{meth}/>", result.to_s
|
|
12
|
+
assert_equal String, result.class
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def test_add_yields_field_attrs_if_block_given
|
|
17
|
+
result = RSolr::Message.add({:id=>1}, :boost=>200.00) do |hash_doc, doc_xml_attrs|
|
|
18
|
+
doc_xml_attrs[:boost] = 10
|
|
19
|
+
end
|
|
20
|
+
assert_equal '<add boost="200.0"><doc><field name="id" boost="10">1</field></doc></add>', result
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def test_delete_by_id
|
|
24
|
+
result = RSolr::Message.delete_by_id(10)
|
|
25
|
+
assert_equal String, result.class
|
|
26
|
+
assert_equal '<delete><id>10</id></delete>', result.to_s
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_delete_by_multiple_ids
|
|
30
|
+
result = RSolr::Message.delete_by_id([1, 2, 3])
|
|
31
|
+
assert_equal String, result.class
|
|
32
|
+
assert_equal '<delete><id>1</id><id>2</id><id>3</id></delete>', result.to_s
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def test_delete_by_query
|
|
36
|
+
result = RSolr::Message.delete_by_id('status:"LOST"')
|
|
37
|
+
assert_equal String, result.class
|
|
38
|
+
assert_equal '<delete><id>status:"LOST"</id></delete>', result.to_s
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def test_delete_by_multiple_queries
|
|
42
|
+
result = RSolr::Message.delete_by_id(['status:"LOST"', 'quantity:0'])
|
|
43
|
+
assert_equal String, result.class
|
|
44
|
+
assert_equal '<delete><id>status:"LOST"</id><id>quantity:0</id></delete>', result.to_s
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# add a single hash ("doc")
|
|
48
|
+
def test_add_hash
|
|
49
|
+
data = {
|
|
50
|
+
:id=>1,
|
|
51
|
+
:name=>'matt'
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
expected = '<add><doc><field name="id">1</field><field name="name">matt</field></doc></add>'
|
|
55
|
+
assert_equal expected, RSolr::Message.add(data).to_s
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# add an array of hashes
|
|
59
|
+
def test_add_array
|
|
60
|
+
data = [
|
|
61
|
+
{
|
|
62
|
+
:id=>1,
|
|
63
|
+
:name=>'matt'
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
:id=>2,
|
|
67
|
+
:name=>'sam'
|
|
68
|
+
}
|
|
69
|
+
]
|
|
70
|
+
|
|
71
|
+
message = RSolr::Message.add(data)
|
|
72
|
+
expected = '<add><doc><field name="id">1</field><field name="name">matt</field></doc><doc><field name="id">2</field><field name="name">sam</field></doc></add>'
|
|
73
|
+
|
|
74
|
+
assert_equal expected, message.to_s
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
# multiValue field support test, thanks to Fouad Mardini!
|
|
78
|
+
def test_add_multi_valued_field
|
|
79
|
+
data = {
|
|
80
|
+
:id => 1,
|
|
81
|
+
:name => ['matt1', 'matt2']
|
|
82
|
+
}
|
|
83
|
+
expected = '<add><doc><field name="id">1</field><field name="name">matt1</field><field name="name">matt2</field></doc></add>'
|
|
84
|
+
assert_equal expected, RSolr::Message.add(data).to_s
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
end
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'test_helpers')
|
|
2
|
+
|
|
3
|
+
class PaginationTest < RSolrBaseTest
|
|
4
|
+
|
|
5
|
+
def create_response(params={})
|
|
6
|
+
response = RSolr::Response::Query::Base.new(mock_query_response)
|
|
7
|
+
response.params.merge! params
|
|
8
|
+
response
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# test the Solr::Connection pagination methods
|
|
12
|
+
def test_connection_calculate_start
|
|
13
|
+
dummy_connection = RSolr::Connection::Base.new(nil)
|
|
14
|
+
assert_equal 15, dummy_connection.send(:calculate_start, 2, 15)
|
|
15
|
+
assert_equal 450, dummy_connection.send(:calculate_start, 10, 50)
|
|
16
|
+
assert_equal 0, dummy_connection.send(:calculate_start, 0, 50)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def test_connection_modify_params_for_pagination
|
|
20
|
+
dummy_connection = RSolr::Connection::Base.new(nil)
|
|
21
|
+
p = dummy_connection.send(:modify_params_for_pagination, {:page=>1})
|
|
22
|
+
assert_equal 0, p[:start]
|
|
23
|
+
assert_equal 10, p[:rows]
|
|
24
|
+
#
|
|
25
|
+
p = dummy_connection.send(:modify_params_for_pagination, {:page=>10, :per_page=>100})
|
|
26
|
+
assert_equal 900, p[:start]
|
|
27
|
+
assert_equal 100, p[:rows]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def test_math
|
|
31
|
+
response = create_response({'rows'=>5})
|
|
32
|
+
assert_equal response.params['rows'], response.per_page
|
|
33
|
+
assert_equal 26, response.total
|
|
34
|
+
assert_equal 1, response.current_page
|
|
35
|
+
assert_equal 6, response.total_pages
|
|
36
|
+
|
|
37
|
+
# now switch the rows (per_page)
|
|
38
|
+
# total and current page should remain the same value
|
|
39
|
+
# page_count should change
|
|
40
|
+
|
|
41
|
+
response = create_response({'rows'=>2})
|
|
42
|
+
assert_equal response.params['rows'], response.per_page
|
|
43
|
+
assert_equal 26, response.total
|
|
44
|
+
assert_equal 1, response.current_page
|
|
45
|
+
assert_equal 13, response.total_pages
|
|
46
|
+
|
|
47
|
+
# now switch the start
|
|
48
|
+
|
|
49
|
+
response = create_response({'rows'=>3})
|
|
50
|
+
response.instance_variable_set '@start', 4
|
|
51
|
+
assert_equal response.params['rows'], response.per_page
|
|
52
|
+
assert_equal 26, response.total
|
|
53
|
+
# 2 per page, currently on the 10th item
|
|
54
|
+
assert_equal 2, response.current_page
|
|
55
|
+
assert_equal 9, response.total_pages
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
end
|
|
@@ -0,0 +1,391 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
|
|
3
|
+
<channel>
|
|
4
|
+
<title>Ruby News</title>
|
|
5
|
+
<link>http://www.ruby-lang.org/en/feeds/news.rss/</link>
|
|
6
|
+
<language>en-us</language>
|
|
7
|
+
<ttl>40</ttl>
|
|
8
|
+
<description>The latest news from Ruby-Lang.org.</description>
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
<item>
|
|
12
|
+
<title>Scotland on Rails 2009</title>
|
|
13
|
+
<description><p><a href="http://scotlandonrails.com">Scotland on Rails</a> is pleased to announce that Conference2009 will be held March 26-28 in Edinburgh, Scotland.</p>
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
<p>We are now accepting submissions. The closing date for submissions is December 1st 2008, so there&#8217;s still time! Please mail your plaintext proposals for 45 minute sessions to <a href="mailto:submissions@scotlandonrails.com">submissions@scotlandonrails.com</a>.</p>
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
<p>Alternatively, if you are interested in sponsoring the conference, please mail <a href="mailto:sponsorship@scotlandonrails.com">sponsorship@scotlandonrails.com</a> for a prospectus.</p>
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
<p>Lastly, if you wish to be notified when we open for registration, you can sign up on the site.</p>
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
<p>Come and enjoy all that Edinburgh has to offer (whisky! castle! volcano! ruby! whisky!) in March. We hope to see you there.</p> </description>
|
|
26
|
+
<pubDate>Mon, 10 Nov 2008 14:55:53 GMT</pubDate>
|
|
27
|
+
<guid>http://www.ruby-lang.org/en/news/2008/11/10/scotland-on-rails-2009/</guid>
|
|
28
|
+
<link>http://www.ruby-lang.org/en/news/2008/11/10/scotland-on-rails-2009/</link>
|
|
29
|
+
</item>
|
|
30
|
+
|
|
31
|
+
<item>
|
|
32
|
+
<title>MountainWest RubyConf 2009 dates and CFP</title>
|
|
33
|
+
<description><p><a href="http://mtnwestrubyconf.org">MountainWest RubyConf 2009</a> will be held March 13-14, 2009, in Salt Lake City, Utah, <span class="caps">USA</span>.</p>
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
<p>Proposals to speak at this regional conference are now being accepted. Please send your proposal to proposals@mtnwestrubyconf.org.</p>
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
<p>The submission deadline is midnight (MST) on December 31st, 2008.</p>
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
<p>There are sponsorship opportunities available as well. Please contact sponsorship@mtnwestruby.org if you are interested.</p>
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
<p>Please see <a href="http://mtnwestrubyconf.org">mtnwestrubyconf.org/</a> for more details as they become available.</p> </description>
|
|
46
|
+
<pubDate>Sat, 08 Nov 2008 15:03:32 GMT</pubDate>
|
|
47
|
+
<guid>http://www.ruby-lang.org/en/news/2008/11/08/mountainwest-rubyconf-2009-dates-and-cfp/</guid>
|
|
48
|
+
<link>http://www.ruby-lang.org/en/news/2008/11/08/mountainwest-rubyconf-2009-dates-and-cfp/</link>
|
|
49
|
+
</item>
|
|
50
|
+
|
|
51
|
+
<item>
|
|
52
|
+
<title> Ruby 1.9.1-preview 1 released</title>
|
|
53
|
+
<description><p>Yugui (Yuki Sonoda) announced the release of Ruby 1.9.1-preview 1:</p>
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
<blockquote>
|
|
57
|
+
This is a preview release of Ruby 1.9.1, which will be the first stable version of the Ruby 1.9 series. Try it out now and get an early taste of a modern, faster, multilingualized, and much improved Ruby with clearer syntax.<br><br>
|
|
58
|
+
|
|
59
|
+
<p>If you encounter any bugs or problems, please let us know via the official issue tracking system:</p>
|
|
60
|
+
|
|
61
|
+
|
|
62
|
+
<p><a href="http://redmine.ruby-lang.org">http://redmine.ruby-lang.org</a></p>
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
</blockquote>
|
|
66
|
+
|
|
67
|
+
<p>You can download the release from;</p>
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
<ul>
|
|
71
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.tar.bz2">ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.tar.bz2</a>
|
|
72
|
+
|
|
73
|
+
<p><span class="caps">SIZE</span>: 6169022 bytes
|
|
74
|
+
<span class="caps">MD5</span>: 0d51dc949bb6b438ad4ebfabbb5f6754
|
|
75
|
+
<span class="caps">SHA256</span>: dc39000537d7c7528ef26af8e1c3a6215b30b6c579c615eaec7013513410456a</p></li>
|
|
76
|
+
</ul>
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
<ul>
|
|
80
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.tar.gz">ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.tar.gz</a>
|
|
81
|
+
|
|
82
|
+
<p><span class="caps">SIZE</span>: 7409682 bytes
|
|
83
|
+
<span class="caps">MD5</span>: 738f701532452fd5d36f5c155f3ba692
|
|
84
|
+
<span class="caps">SHA256</span>: 99443bdae9f94ba7b08de187881f8cbee172379edf9c5fa85fc04c869150ff6d</p></li>
|
|
85
|
+
</ul>
|
|
86
|
+
|
|
87
|
+
|
|
88
|
+
<ul>
|
|
89
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.zip">ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-preview1.zip</a>
|
|
90
|
+
|
|
91
|
+
<p><span class="caps">SIZE</span>: 8569116 bytes
|
|
92
|
+
<span class="caps">MD5</span>: 5f68246246c4cd29d8a3b6b34b29b6ac
|
|
93
|
+
<span class="caps">SHA256</span>: a6c3a7bf7ea83b595024764926353e08596a78e40c57ac58c568662e5e88df95</p></li>
|
|
94
|
+
</ul> </description>
|
|
95
|
+
<pubDate>Tue, 28 Oct 2008 19:45:27 GMT</pubDate>
|
|
96
|
+
<guid>http://www.ruby-lang.org/en/news/2008/10/28/ruby-1-9-1-preview-1-released/</guid>
|
|
97
|
+
<link>http://www.ruby-lang.org/en/news/2008/10/28/ruby-1-9-1-preview-1-released/</link>
|
|
98
|
+
</item>
|
|
99
|
+
|
|
100
|
+
<item>
|
|
101
|
+
<title>RubyConf 2008 is Sold-out</title>
|
|
102
|
+
<description><p><a href="http://rubyconf.org/">RubyConf 2008</a> is sold out</p>
|
|
103
|
+
|
|
104
|
+
|
|
105
|
+
<p>However, there is a <a href="http://www.regonline.com/builder/site/Default.aspx?eventid=636797">waiting list</a> you can join in case of cancellations.</p> </description>
|
|
106
|
+
<pubDate>Thu, 02 Oct 2008 23:21:06 GMT</pubDate>
|
|
107
|
+
<guid>http://www.ruby-lang.org/en/news/2008/10/02/rubyconf-2008-is-sold-out/</guid>
|
|
108
|
+
<link>http://www.ruby-lang.org/en/news/2008/10/02/rubyconf-2008-is-sold-out/</link>
|
|
109
|
+
</item>
|
|
110
|
+
|
|
111
|
+
<item>
|
|
112
|
+
<title>Voices That Matter 2008</title>
|
|
113
|
+
<description><p>Pearson Education is running a <a href="http://www.voicesthatmatter.com/ruby2008/">Voices That Matter</a> Ruby conference this fall in Boston. The conference, from the same people who Addison-Wesley's Professional Ruby Series, will give you a chance to meet and learn from those very same authors. Don't miss a chance to interact with so many Ruby professionals.</p> </description>
|
|
114
|
+
<pubDate>Tue, 09 Sep 2008 02:49:37 GMT</pubDate>
|
|
115
|
+
<guid>http://www.ruby-lang.org/en/news/2008/09/09/voices-that-matter-2008/</guid>
|
|
116
|
+
<link>http://www.ruby-lang.org/en/news/2008/09/09/voices-that-matter-2008/</link>
|
|
117
|
+
</item>
|
|
118
|
+
|
|
119
|
+
<item>
|
|
120
|
+
<title>DoS vulnerability in REXML</title>
|
|
121
|
+
<description><p>There is a DoS vulnerability in the REXML library included in the Ruby
|
|
122
|
+
Standard Library. A so-called "XML entity explosion" attack technique
|
|
123
|
+
can be used for remotely bringing down (disabling) any application
|
|
124
|
+
which parses user-provided XML using REXML.</p><p>Most Rails applications will be vulnerable because Rails parses
|
|
125
|
+
user-provided XML using REXML by default. </p> <h2><a name="label-0" id="label-0">Impact</a></h2><!-- RDLabel: "Impact" --><p>An attacker can cause a denial of service by causing REXML to parse a
|
|
126
|
+
document containing recursively nested entities such as:</p><pre>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
|
|
127
|
+
&lt;!DOCTYPE member [
|
|
128
|
+
&lt;!ENTITY a "&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;&amp;b;"&gt;
|
|
129
|
+
&lt;!ENTITY b "&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;&amp;c;"&gt;
|
|
130
|
+
&lt;!ENTITY c "&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;&amp;d;"&gt;
|
|
131
|
+
&lt;!ENTITY d "&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;&amp;e;"&gt;
|
|
132
|
+
&lt;!ENTITY e "&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;&amp;f;"&gt;
|
|
133
|
+
&lt;!ENTITY f "&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;&amp;g;"&gt;
|
|
134
|
+
&lt;!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"&gt;
|
|
135
|
+
]&gt;
|
|
136
|
+
&lt;member&gt;
|
|
137
|
+
&amp;a;
|
|
138
|
+
&lt;/member&gt;</pre><h2><a name="label-1" id="label-1">Vulnerable versions</a></h2><!-- RDLabel: "Vulnerable versions" --><h3><a name="label-2" id="label-2">1.8 series</a></h3><!-- RDLabel: "1.8 series" --><ul>
|
|
139
|
+
<li>1.8.6-p287 and all prior versions</li>
|
|
140
|
+
<li>1.8.7-p72 and all prior versions</li>
|
|
141
|
+
</ul><h3><a name="label-3" id="label-3">1.9 series</a></h3><!-- RDLabel: "1.9 series" --><ul>
|
|
142
|
+
<li>all versions</li>
|
|
143
|
+
</ul><h2><a name="label-4" id="label-4">Solution</a></h2><!-- RDLabel: "Solution" --><p>Please download the following monkey patch to fix this problem.</p><ul>
|
|
144
|
+
<li><a href="http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix2.rb">&lt;URL:http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix2.rb&gt;</a></li>
|
|
145
|
+
</ul><p>Then fix your application to load rexml-expansion-fix2.rb before using
|
|
146
|
+
REXML.</p><pre>require "rexml-expansion-fix2"
|
|
147
|
+
...
|
|
148
|
+
doc = REXML::Document.new(str)
|
|
149
|
+
...</pre><p>If you have a Rails application, copy rexml-expansion-fix2.rb into a
|
|
150
|
+
directory on the load path (such as RAILS_ROOT/lib/), and put the
|
|
151
|
+
following line into config/environment.rb.</p><pre>require "rexml-expansion-fix2"</pre><p>If your application is Rails 2.1 or later, you can simply copy
|
|
152
|
+
rexml-expansion-fix2.rb to RAILS_ROOT/config/initializers and it will
|
|
153
|
+
be required automatically.</p><p>By default, XML entity expansion limit is 10000. You can change it by
|
|
154
|
+
changing REXML::Document.entity_expansion_limit. e.g.</p><pre>REXML::Document.entity_expansion_limit = 1000</pre><p>This fix will be made available as a gem and used by future versions of
|
|
155
|
+
rails, but users should take corrective action immediately.</p><h2><a name="label-5" id="label-5">Credit</a></h2><!-- RDLabel: "Credit" --><p>Credit to Luka Treiber and Mitja Kolsek of ACROS Security for
|
|
156
|
+
disclosing the problem to Ruby and Rails Security Teams.</p><p>Credit to Michael Koziarski of Rails Core Team for creating the monkey
|
|
157
|
+
patch to fix the vulnerability.</p><h2><a name="label-6" id="label-6">Changes</a></h2><!-- RDLabel: "Changes" --><ul>
|
|
158
|
+
<li>2008-08-29 18:46 +09:00 fixed the summary not to mislead that this vulnerability is Rails specific.</li>
|
|
159
|
+
<li>2008-11-09 12:40 +09:00 fixed <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502535">a bug of the monkey patch</a>.</li>
|
|
160
|
+
</ul></description>
|
|
161
|
+
<pubDate>Sat, 23 Aug 2008 07:56:11 GMT</pubDate>
|
|
162
|
+
<guid>http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/</guid>
|
|
163
|
+
<link>http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/</link>
|
|
164
|
+
</item>
|
|
165
|
+
|
|
166
|
+
<item>
|
|
167
|
+
<title>Ruby 1.8.7-p72 and 1.8.6-p287 released</title>
|
|
168
|
+
<description><p>Ruby 1.8.7-p72 and 1.8.6-p287 have been released.
|
|
169
|
+
The last releases were incomplete, and the new releases include fixes of <a href="http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/#label-3">the previously announced vulnerability of dl</a>.</p><p>The released source archives are available at:</p><ul>
|
|
170
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz&gt;</a></li>
|
|
171
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.bz2">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.bz2&gt;</a></li>
|
|
172
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.zip">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.zip&gt;</a></li>
|
|
173
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz&gt;</a></li>
|
|
174
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.bz2">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.bz2&gt;</a></li>
|
|
175
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.zip">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.zip&gt;</a></li>
|
|
176
|
+
</ul> <p>Checksums:</p><pre>MD5(ruby-1.8.6-p287.tar.gz)= f6cd51001534ced5375339707a757556
|
|
177
|
+
SHA256(ruby-1.8.6-p287.tar.gz)= 6463d1932c34ff72b79174ac7d2c28940d29d147928250928a00a0dbee43db57
|
|
178
|
+
SIZE(ruby-1.8.6-p287.tar.gz)= 4590393
|
|
179
|
+
|
|
180
|
+
MD5(ruby-1.8.6-p287.tar.bz2)= 80b5f3db12531d36e6c81fac6d05dda9
|
|
181
|
+
SHA256(ruby-1.8.6-p287.tar.bz2)= ac15a1cb78c50ec9cc7e831616a143586bdd566bc865c6b769a0c47b3b3936ce
|
|
182
|
+
SIZE(ruby-1.8.6-p287.tar.bz2)= 3956902
|
|
183
|
+
|
|
184
|
+
MD5(ruby-1.8.6-p287.zip)= e555d51f5b387fdd52ae53d9bafa13f5
|
|
185
|
+
SHA256(ruby-1.8.6-p287.zip)= 844c66c015565839531a34b83e0526cd4fa2a71cc0f5cc8ddb0d4c158403543a
|
|
186
|
+
SIZE(ruby-1.8.6-p287.zip)= 5606238
|
|
187
|
+
|
|
188
|
+
MD5(ruby-1.8.7-p72.tar.gz)= 5e5b7189674b3a7f69401284f6a7a36d
|
|
189
|
+
SHA256(ruby-1.8.7-p72.tar.gz)= e15ca005076f5d6f91fc856fdfbd071698a4cadac3c6e25855899dba1f6fc5ef
|
|
190
|
+
SIZE(ruby-1.8.7-p72.tar.gz)= 4805594
|
|
191
|
+
|
|
192
|
+
MD5(ruby-1.8.7-p72.tar.bz2)= 0b215c46b89b28d7ab8d56d96e72d5b9
|
|
193
|
+
SHA256(ruby-1.8.7-p72.tar.bz2)= a8f8a28e286dd76747d8e97ea5cfe7a315eb896906ab8c8606d687d9f6f6146e
|
|
194
|
+
SIZE(ruby-1.8.7-p72.tar.bz2)= 4127450
|
|
195
|
+
|
|
196
|
+
MD5(ruby-1.8.7-p72.zip)= b44fe5a12d4bf138ba0d3660e13a8216
|
|
197
|
+
SHA256(ruby-1.8.7-p72.zip)= 77e67be4aa8c3e041e1d20d24e5fcf2e33ad9bccb3da3332b6c0a5b648334903
|
|
198
|
+
SIZE(ruby-1.8.7-p72.zip)= 5855902</pre><p>For a full list of all changes, see the bundled files named ChangeLog, which are also available at the following locations:</p><ul>
|
|
199
|
+
<li><a href="http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_287/ChangeLog">&lt;URL:http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_287/ChangeLog&gt;</a></li>
|
|
200
|
+
<li><a href="http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_72/ChangeLog">&lt;URL:http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_72/ChangeLog&gt;</a></li>
|
|
201
|
+
</ul></description>
|
|
202
|
+
<pubDate>Mon, 11 Aug 2008 02:01:00 GMT</pubDate>
|
|
203
|
+
<guid>http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/</guid>
|
|
204
|
+
<link>http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/</link>
|
|
205
|
+
</item>
|
|
206
|
+
|
|
207
|
+
<item>
|
|
208
|
+
<title>Multiple vulnerabilities in Ruby</title>
|
|
209
|
+
<description><p>Multiple vulnerabilities have been discovered in Ruby. It's
|
|
210
|
+
recommended that you upgrade to the latest versions.</p> <h2><a name="label-0" id="label-0">Details</a></h2><!-- RDLabel: "Details" --><p>The following vulnerabilities have been discovered.</p><h3><a name="label-1" id="label-1">Several vulnerabilities in safe level</a></h3><!-- RDLabel: "Several vulnerabilities in safe level" --><p>Several vulnerabilities in safe level have been discovered.</p><ul>
|
|
211
|
+
<li><p>untrace_var is permitted at safe level 4.</p>
|
|
212
|
+
<pre>trace_var(:$VAR) {|val| puts "$VAR = #{val}" }
|
|
213
|
+
|
|
214
|
+
Thread.new do
|
|
215
|
+
$SAFE = 4
|
|
216
|
+
eval %q{
|
|
217
|
+
proc = untrace_var :$VAR
|
|
218
|
+
proc.first.call("aaa")
|
|
219
|
+
}
|
|
220
|
+
end.join</pre></li>
|
|
221
|
+
<li><p>$PROGRAM_NAME may be modified at safe level 4.</p>
|
|
222
|
+
<pre>Thread.new do
|
|
223
|
+
$SAFE = 4
|
|
224
|
+
eval %q{$PROGRAM_NAME.replace "Hello, World!"}
|
|
225
|
+
end.join
|
|
226
|
+
|
|
227
|
+
$PROGRAM_NAME #=&gt; "Hello, World!"</pre></li>
|
|
228
|
+
<li><p>Insecure methods may be called at safe level 1-3.</p>
|
|
229
|
+
<pre>class Hello
|
|
230
|
+
def world
|
|
231
|
+
Thread.new do
|
|
232
|
+
$SAFE = 4
|
|
233
|
+
msg = "Hello, World!"
|
|
234
|
+
def msg.size
|
|
235
|
+
self.replace self*10 # replace string
|
|
236
|
+
1 # return wrong size
|
|
237
|
+
end
|
|
238
|
+
msg
|
|
239
|
+
end.value
|
|
240
|
+
end
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
$SAFE = 1 # or 2, or 3
|
|
244
|
+
s = Hello.new.world
|
|
245
|
+
if s.kind_of?(String)
|
|
246
|
+
puts s if s.size &lt; 20 # print string which size is less than 20
|
|
247
|
+
end</pre></li>
|
|
248
|
+
<li><p>Syslog operations are permitted at safe level 4.</p>
|
|
249
|
+
<pre>require "syslog"
|
|
250
|
+
|
|
251
|
+
Syslog.open
|
|
252
|
+
|
|
253
|
+
Thread.new do
|
|
254
|
+
$SAFE = 4
|
|
255
|
+
eval %q{
|
|
256
|
+
Syslog.log(Syslog::LOG_WARNING, "Hello, World!")
|
|
257
|
+
Syslog.mask = Syslog::LOG_UPTO(Syslog::LOG_EMERG)
|
|
258
|
+
Syslog.info("masked")
|
|
259
|
+
Syslog.close
|
|
260
|
+
}
|
|
261
|
+
end.join</pre></li>
|
|
262
|
+
</ul><p>These vulnerabilities were reported by Keita Yamaguchi.</p><h3><a name="label-2" id="label-2">DoS vulnerability in WEBrick</a></h3><!-- RDLabel: "DoS vulnerability in WEBrick" --><p>WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking
|
|
263
|
+
requests due to a backtracking regular expression in
|
|
264
|
+
WEBrick::HTTPUtils.split_header_value.</p><p>Exploitable server:</p><pre>require 'webrick'
|
|
265
|
+
WEBrick::HTTPServer.new(:Port =&gt; 2000, :DocumentRoot =&gt; "/etc").start</pre><p>Attack:</p><pre>require 'net/http'
|
|
266
|
+
res = Net::HTTP.start("localhost", 2000) { |http|
|
|
267
|
+
req = Net::HTTP::Get.new("/passwd")
|
|
268
|
+
req['If-None-Match'] = %q{meh=""} + %q{foo="bar" } * 100
|
|
269
|
+
http.request(req)
|
|
270
|
+
}
|
|
271
|
+
p res</pre><p>The request likely won't finish in this universe.</p><p>This vulnerability was reported by Christian Neukirchen.</p><h3><a name="label-3" id="label-3">Lack of taintness check in dl</a></h3><!-- RDLabel: "Lack of taintness check in dl" --><p>dl doesn't check taintness, so it could allow attackers to call
|
|
272
|
+
dangerous functions.</p><pre>require 'dl'
|
|
273
|
+
$SAFE = 1
|
|
274
|
+
h = DL.dlopen(nil)
|
|
275
|
+
sys = h.sym('system', 'IP')
|
|
276
|
+
uname = 'uname -rs'.taint
|
|
277
|
+
sys[uname]</pre><p>This vulnerability was reported by sheepman.</p><h3><a name="label-4" id="label-4">DNS spoofing vulnerability in resolv.rb</a></h3><!-- RDLabel: "DNS spoofing vulnerability in resolv.rb" --><p>resolv.rb allow remote attackers to spoof DNS answers. This risk can be
|
|
278
|
+
reduced by randomness of DNS transaction IDs and source ports, so resolv.rb
|
|
279
|
+
is fixed to randomize them.</p><ul>
|
|
280
|
+
<li>see also: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447">CVE-2008-1447</a></li>
|
|
281
|
+
</ul><p>This vulnerability was reported by Tanaka Akira.</p><h2><a name="label-5" id="label-5">Vulnerable versions</a></h2><!-- RDLabel: "Vulnerable versions" --><dl>
|
|
282
|
+
<dt><a name="label-6" id="label-6">1.8 series</a></dt><!-- RDLabel: "1.8 series" -->
|
|
283
|
+
<dd>
|
|
284
|
+
<ul>
|
|
285
|
+
<li>1.8.5 and all prior versions</li>
|
|
286
|
+
<li>1.8.6-p286 and all prior versions</li>
|
|
287
|
+
<li>1.8.7-p71 and all prior versions</li>
|
|
288
|
+
</ul>
|
|
289
|
+
</dd>
|
|
290
|
+
<dt><a name="label-7" id="label-7">1.9 series</a></dt><!-- RDLabel: "1.9 series" -->
|
|
291
|
+
<dd>
|
|
292
|
+
<ul>
|
|
293
|
+
<li>r18423 and all prior revisions</li>
|
|
294
|
+
</ul>
|
|
295
|
+
</dd>
|
|
296
|
+
</dl><h2><a name="label-8" id="label-8">Solution</a></h2><!-- RDLabel: "Solution" --><dl>
|
|
297
|
+
<dt><a name="label-9" id="label-9">1.8 series</a></dt><!-- RDLabel: "1.8 series" -->
|
|
298
|
+
<dd>
|
|
299
|
+
Please upgrade to 1.8.6-p287, or 1.8.7-p72.
|
|
300
|
+
<ul>
|
|
301
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz&gt;</a></li>
|
|
302
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz&gt;</a></li>
|
|
303
|
+
</ul>
|
|
304
|
+
</dd>
|
|
305
|
+
<dt><a name="label-10" id="label-10">1.9 series</a></dt><!-- RDLabel: "1.9 series" -->
|
|
306
|
+
<dd>
|
|
307
|
+
<p>Please check out the latest version using Subversion.</p>
|
|
308
|
+
<pre>$ svn co http://svn.ruby-lang.org/repos/ruby/trunk ruby</pre>
|
|
309
|
+
</dd>
|
|
310
|
+
</dl><p>Please note that a package that corrects this weakness may already be
|
|
311
|
+
available through your package management software.</p><h2><a name="label-11" id="label-11">Credit</a></h2><!-- RDLabel: "Credit" --><p>Credit to Keita Yamaguchi, Christian Neukirchen, sheepman, and Tanaka
|
|
312
|
+
Akira for disclosing these problems to Ruby Security Team.</p><h2><a name="label-12" id="label-12">Changes</a></h2><!-- RDLabel: "Changes" --><ul>
|
|
313
|
+
<li>2008-08-08 12:21 +09:00 fixed the revision number of ruby 1.9.</li>
|
|
314
|
+
<li>2008-08-11 11:23 +09:00 fixed the patchlevel of ruby 1.8. see <a href="http://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released/">the release announcement of Ruby 1.8.7-p72 and 1.8.6-p287</a></li>
|
|
315
|
+
</ul></description>
|
|
316
|
+
<pubDate>Fri, 08 Aug 2008 02:59:49 GMT</pubDate>
|
|
317
|
+
<guid>http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</guid>
|
|
318
|
+
<link>http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/</link>
|
|
319
|
+
</item>
|
|
320
|
+
|
|
321
|
+
<item>
|
|
322
|
+
<title>RubyConf 2008 Proposals Now Being Accepted</title>
|
|
323
|
+
<description><p><a href="http://www.rubyconf.org">RubyConf 2008</a> will be held in Orlando, Florida, <span class="caps">USA</span>, from November 6 to November 8.</p>
|
|
324
|
+
|
|
325
|
+
|
|
326
|
+
<p><a href="http://www.rubyconf.org/proposals/new">Proposals for presentations</a> are now begin accepted. All proposals must be received by August 21.</p> </description>
|
|
327
|
+
<pubDate>Mon, 04 Aug 2008 20:26:29 GMT</pubDate>
|
|
328
|
+
<guid>http://www.ruby-lang.org/en/news/2008/08/04/rubyconf-2008-proposals-now-being-accepted/</guid>
|
|
329
|
+
<link>http://www.ruby-lang.org/en/news/2008/08/04/rubyconf-2008-proposals-now-being-accepted/</link>
|
|
330
|
+
</item>
|
|
331
|
+
|
|
332
|
+
<item>
|
|
333
|
+
<title>Arbitrary code execution vulnerabilities</title>
|
|
334
|
+
<description><p>Multiple vulnerabilities in Ruby may lead to a denial of service (DoS)
|
|
335
|
+
condition or allow execution of arbitrary code.</p> <h2><a name="label-0" id="label-0">Impact</a></h2><!-- RDLabel: "Impact" --><p>With the following vulnerabilities, an attacker can lead to denial of
|
|
336
|
+
service condition or execute arbitrary code.</p><ul>
|
|
337
|
+
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662">CVE-2008-2662</a></li>
|
|
338
|
+
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663">CVE-2008-2663</a></li>
|
|
339
|
+
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725">CVE-2008-2725</a></li>
|
|
340
|
+
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726">CVE-2008-2726</a></li>
|
|
341
|
+
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664">CVE-2008-2664</a></li>
|
|
342
|
+
</ul><h2><a name="label-1" id="label-1">Vulnerable versions</a></h2><!-- RDLabel: "Vulnerable versions" --><dl>
|
|
343
|
+
<dt><a name="label-2" id="label-2">1.8 series</a></dt><!-- RDLabel: "1.8 series" -->
|
|
344
|
+
<dd>
|
|
345
|
+
<ul>
|
|
346
|
+
<li>1.8.4 and all prior versions</li>
|
|
347
|
+
<li>1.8.5-p230 and all prior versions</li>
|
|
348
|
+
<li>1.8.6-p229 and all prior versions</li>
|
|
349
|
+
<li>1.8.7-p21 and all prior versions</li>
|
|
350
|
+
</ul>
|
|
351
|
+
</dd>
|
|
352
|
+
<dt><a name="label-3" id="label-3">1.9 series</a></dt><!-- RDLabel: "1.9 series" -->
|
|
353
|
+
<dd>
|
|
354
|
+
<ul>
|
|
355
|
+
<li>1.9.0-1 and all prior versions</li>
|
|
356
|
+
</ul>
|
|
357
|
+
</dd>
|
|
358
|
+
</dl><h2><a name="label-4" id="label-4">Solution</a></h2><!-- RDLabel: "Solution" --><dl>
|
|
359
|
+
<dt><a name="label-5" id="label-5">1.8 series</a></dt><!-- RDLabel: "1.8 series" -->
|
|
360
|
+
<dd>
|
|
361
|
+
Please upgrade to 1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22.
|
|
362
|
+
<ul>
|
|
363
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz&gt;</a>
|
|
364
|
+
(md5sum: e900cf225d55414bffe878f00a85807c)</li>
|
|
365
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz&gt;</a>
|
|
366
|
+
(md5sum: 5e8247e39be2dc3c1a755579c340857f)</li>
|
|
367
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz&gt;</a>
|
|
368
|
+
(md5sum: fc3ede83a98f48d8cb6de2145f680ef2)</li>
|
|
369
|
+
</ul>
|
|
370
|
+
</dd>
|
|
371
|
+
<dt><a name="label-6" id="label-6">1.9 series</a></dt><!-- RDLabel: "1.9 series" -->
|
|
372
|
+
<dd>
|
|
373
|
+
Please upgrade to 1.9.0-2.
|
|
374
|
+
<ul>
|
|
375
|
+
<li><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-2.tar.gz">&lt;URL:ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-2.tar.gz&gt;</a>
|
|
376
|
+
(md5sum: 2a848b81ed1d6393b88eec8aa6173b75)</li>
|
|
377
|
+
</ul>
|
|
378
|
+
</dd>
|
|
379
|
+
</dl><p>These versions also fix the vulnerability of WEBrick (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891">CVE-2008-1891</a>).</p><p>Please note that a package that corrects this weakness may already be
|
|
380
|
+
available through your package management software.</p><h2><a name="label-7" id="label-7">Credit</a></h2><!-- RDLabel: "Credit" --><p>Credit to Drew Yao of Apple Product Security for disclosing the problem to Ruby
|
|
381
|
+
Security Team.</p><h2><a name="label-8" id="label-8">Changes</a></h2><!-- RDLabel: "Changes" --><ul>
|
|
382
|
+
<li>2008-06-21 00:29 +09:00 removed wrong CVE IDs (CVE-2008-2727, CVE-2008-2728).</li>
|
|
383
|
+
</ul></description>
|
|
384
|
+
<pubDate>Fri, 20 Jun 2008 12:54:43 GMT</pubDate>
|
|
385
|
+
<guid>http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</guid>
|
|
386
|
+
<link>http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/</link>
|
|
387
|
+
</item>
|
|
388
|
+
|
|
389
|
+
|
|
390
|
+
</channel>
|
|
391
|
+
</rss>
|