Ruby 1.9.3-p426 is released (includes a security fix)

Hi, all rubyists

Now Ruby 1.9.3-p426 is released.
This release includes a security fix about bundled DL / Fiddle.

• Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)
  Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)

And some small bugfixes are also included.

See tickets
Issues - Backport193 - Ruby Issue Tracking System
and ChangeLog
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_426/ChangeLog
for details.

Download

You can download this release from:

• ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p426.tar.bz2

  SIZE:   10042766 bytes
  MD5:    c211205e65d7253fc2a4620a34bc9245
  SHA256: 
  

54ac09a5579562ce6d3ba04413d24b5486d3bd3c0632968c7bd49cb76725186a

• ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p426.tar.gz

  SIZE:   12552329 bytes
  MD5:    2defb0d2ff731f5fa36db3a248b7d75e
  SHA256: 
  

673b4853e39e48932aa8460934b2986729125a09e44257bfa7cd9632703021b1

• ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p426.zip

  SIZE:   13869595 bytes
  MD5:    e59a9b3c604df2dae8cf19c24c1e6661
  SHA256: 
  

23eac1ae0862721868b46fd7cc027ada438d6c89fd44b979adb77917e3ee0de6

Release Comment

Many committers, testers and users who gave bug reports helped me to
make this release.
Thanks for their contributions.

Regards,

“U.Nakamura” [email protected] wrote:

Now Ruby 1.9.3-p426 is released.

Looks like p427 is needed, I ran into the build issue fixed by r40741
(signal.c: need to include unistd.h for write(2).)

Thanks.

Yes, there are troubles with signal.c

signal.c: In function ‘sigsegv’:
signal.c:622:2: error: implicit declaration of function ‘write’
[-Werror=implicit-function-declaration]
signal.c: In function ‘trap_handler’:
signal.c:812:17: warning: variable ‘proc’ set but not used
[-Wunused-but-set-variable]
cc1: some warnings being treated as errors
make: *** [signal.o] Error 1

This is on Ubuntu 12.04 x86_64.

Furthermore rvm binaries are not yet available for that platform and the
checksum for rvm is missing.

$ rvm --version

rvm 1.20.9 (stable) by Wayne E. Seguin [email protected], Michal
Papis [email protected] [https://rvm.io/]

$ rvm install ruby-1.9.3-p426
…
There is no checksum for
‘http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p426.tar.bz2’ or
‘ruby-1.9.3-p426.tar.bz2’, it’s not possible to validate it.

So I downloaded the file manually, checked that the MD5 and the SHA256
matched and then run

$ rvm install ruby-1.9.3-p426 --verify-downloads 1

Then got the error.

On Fri, May 17, 2013 at 4:17 PM, Paolo M.
[email protected]wrote:

Yes, there are troubles with signal.c
…
$ rvm install ruby-1.9.3-p426 --verify-downloads 1
Then got the error.

note that latest updated stable is already 1.9.3-p429…