Fedora has issued an advisory on April 22: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079454.html Patched package uploaded for Mageia 2. Advisory: ======================== Updated ruby-RubyGems package fixes security vulnerabilities: This release increases the security used when RubyGems is talking to an https server. HTTPS connections no longer redirect to HTTP (CVE-2012-2125), and RubyGems will now verify that certificates are valid when making SSL connections (CVE-2012-2126). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126 https://github.com/rubygems/rubygems/blob/1.8/History.txt http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079454.html ======================== Updated packages in core/updates_testing: ======================== ruby-RubyGems-1.7.2-3.1.mga2 from ruby-RubyGems-1.7.2-3.1.mga2.src.rpm
Blocks: (none) => 6487
For some unknown reason Funda just rebuilt this, updating the advisory. Advisory: ======================== Updated ruby-RubyGems package fixes security vulnerabilities: This release increases the security used when RubyGems is talking to an https server. HTTPS connections no longer redirect to HTTP (CVE-2012-2125), and RubyGems will now verify that certificates are valid when making SSL connections (CVE-2012-2126). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126 https://github.com/rubygems/rubygems/blob/1.8/History.txt http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079454.html ======================== Updated packages in core/updates_testing: ======================== ruby-RubyGems-1.7.2-3.2.mga2 from ruby-RubyGems-1.7.2-3.2.mga2.src.rpm
CC: (none) => fundawang
http://docs.rubygems.org/
Whiteboard: (none) => has_procedure
Adding feedback tag until chiliproject, redmine & teambox are updated
Whiteboard: has_procedure => has_procedure feedback
Removing feedback marker. As per QA meeting this can be pushed once tested.
Whiteboard: has_procedure feedback => has_procedure
Testing mga2 64 $ gem list *** LOCAL GEMS *** atk (1.0.3) cairo (1.10.2) gdk_pixbuf2 (1.0.3) glib2 (1.0.3) gtk2 (1.0.3) msgpack (0.4.6) pango (1.0.3) pkg-config (1.1.0) $ gem list --both a *** LOCAL GEMS *** atk (1.0.3) *** REMOTE GEMS *** a (0.1.1) a-gem (0.0.2) a2_printer (0.1.0) <snip> azul (0.0.1) azure (0.1.1) $ gem install azure Fetching: systemu-2.5.2.gem (100%) ERROR: While executing gem ... (Gem::FilePermissionError) You don't have write permissions into the /usr/lib/ruby/gems/1.8 directory. $ su - Password: # gem install azure Fetching: systemu-2.5.2.gem (100%) Fetching: macaddr-1.6.1.gem (100%) Fetching: uuid-2.3.7.gem (100%) Fetching: libxml-ruby-2.3.3.gem (100%) Building native extensions. This could take a while... ERROR: Error installing azure: ERROR: Failed to build gem native extension. /usr/bin/ruby extconf.rb mkmf.rb can't find header files for ruby at /usr/lib/ruby/ruby.h Gem files will remain installed in /usr/lib/ruby/gems/1.8/gems/libxml-ruby-2.3.3 for inspection. Results logged to /usr/lib/ruby/gems/1.8/gems/libxml-ruby-2.3.3/ext/libxml/gem_make.out # urpmi ruby-devel # gem install azure Building native extensions. This could take a while... Fetching: ratom-0.7.2.gem (100%) Fetching: nokogiri-1.5.6.gem (100%) Building native extensions. This could take a while... ERROR: Error installing azure: ERROR: Failed to build gem native extension. /usr/bin/ruby extconf.rb checking for libxml/parser.h... yes checking for libxslt/xslt.h... no ----- libxslt is missing. please visit http://nokogiri.org/tutorials/installing_nokogiri.html for help with installing dependencies. ----- etc. # gem uninstall libxml-ruby macaddr ratom systemu uuid You have requested to uninstall the gem: libxml-ruby-2.3.3 ratom-0.7.2 depends on [libxml-ruby (~> 2.3.2)] If you remove this gems, one or more dependencies will not be met. Continue with Uninstall? [Yn] y Successfully uninstalled libxml-ruby-2.3.3 You have requested to uninstall the gem: macaddr-1.6.1 uuid-2.3.7 depends on [macaddr (~> 1.0)] If you remove this gems, one or more dependencies will not be met. Continue with Uninstall? [Yn] y Successfully uninstalled macaddr-1.6.1 Successfully uninstalled ratom-0.7.2 Successfully uninstalled systemu-2.5.2 Remove executables: uuid in addition to the gem? [Yn] y Removing uuid Successfully uninstalled uuid-2.3.7 Azure was a bad one to choose, it fails missing lib64xslt, possibly -devel but it shows that ruby-RubyGems is maybe missing a require on ruby-devel. # rpm -q ruby-RubyGems ruby-RubyGems-1.7.2-3.2.mga2 Adding feedback marker again :D
Yep, Funda had some issues with RubyGems when trying to do the security update for ruby-rdoc (Bug 9081), so this package probably needs another update.
Assigning Funda until this is ready. Please reassign to QA when you've had a chance to look Thanks
CC: (none) => qa-bugsAssignee: qa-bugs => fundawangWhiteboard: has_procedure feedback => has_procedure
Side question: will ChiliProject appear in mga3? (No problem, i installed Redmine now instead (which ChiliProject forked from), just curoious.
CC: (none) => fri
(In reply to Morgan Leijström from comment #8) > Side question: will ChiliProject appear in mga3? > (No problem, i installed Redmine now instead (which ChiliProject forked > from), just curoious. File a bug and request it. Thomas Spuhler fixed it right after Cauldron opened. Since it was in Mageia 2, it can be reintroduced in Mageia 3 as an update.
Closing this now due to Mageia 2 EOL. http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/
Status: NEW => RESOLVEDResolution: (none) => OLDQA Contact: (none) => security