up to 2.4.5; CVE-2018-16396, CVE-2018-16395

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/

- CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
- CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly

diff --git a/ruby.spec b/ruby.spec
index afe22b1a2f2f780ec8504c9c71f814f00597b5ed..575ad8faab8dd23bc0016adf4548e62665f840a2 100644 (file)
--- a/ruby.spec
+++ b/ruby.spec
@@ -10,9 +10,9 @@
 %bcond_with    bootstrap       # build bootstrap version
 %bcond_with    tests           # build without tests
 
-%define                rel             12
+%define                rel             1
 %define                ruby_version    2.4
-%define                patchlevel      4
+%define                patchlevel      5
 %define                pkg_version     %{ruby_version}.%{patchlevel}
 %define                ruby_suffix %{!?with_default_ruby:%{ruby_version}}
 %define                doc_version     2_4_3
@@ -34,7 +34,7 @@ License:      (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 Group:         Development/Languages
 # https://www.ruby-lang.org/en/downloads/
 Source0:       https://cache.ruby-lang.org/pub/ruby/%{ruby_version}/%{oname}-%{pkg_version}.tar.xz
-# Source0-md5: 4f30cefb7d50c6fa4d801f47ed9d82ca
+# Source0-md5: 47dec91cf6809785ed02b371c2c5a282
 Source2:       http://www.ruby-doc.org/downloads/%{oname}_%{doc_version}_stdlib_rdocs.tgz
 # Source2-md5: d21fb29009644bd174dbba0dad53f1f5
 Source3:       http://www.ruby-doc.org/downloads/%{oname}_%{doc_version}_core_rdocs.tgz