Comments

77 Comments

Looks good, and CVE fixed according to https://github.com/ohler55/ox/issues/195 .

BZ#1549441 CVE-2017-16229 rubygem-ox: Stack-based buffer over-read in sax_buf.c:read_from_str() causes crash
BZ#1549442 CVE-2017-16229 rubygem-ox: Stack-based buffer over-read in sax_buf.c:read_from_str() causes crash [epel-7]

This update has been unpushed.

Still crashing - the patch is probably for different issue. Everything works, but for CVE-2017-16229 complete fix, another update will be needed.

(tested according to https://github.com/ohler55/ox/issues/195 )

BZ#1549441 CVE-2017-16229 rubygem-ox: Stack-based buffer over-read in sax_buf.c:read_from_str() causes crash
BZ#1549442 CVE-2017-16229 rubygem-ox: Stack-based buffer over-read in sax_buf.c:read_from_str() causes crash [epel-7]

Tested a tiny app using sinatra and it looks good.

BZ#1470689 CVE-2017-11173 rubygem-rack-cors: Missing anchor in generated regex in rack/cors.rb#L256 may permit forged malicious requests [fedora-all]

Tested a tiny app using sinatra and it looks good.

BZ#1470688 CVE-2017-11173 rubygem-rack-cors: Missing anchor in generated regex in rack/cors.rb#L256 may permit forged malicious requests [epel-all]
karma

Works good (HP Zbook)

Tested with rubygem-tilt (build and runtime). Works nice, thanks!

BZ#1450861 Missing provides rubygem(rdiscount) on EPEL 7

This update has been unpushed.

Compatibility issue, RB #1449029

Haven't noticed that, thanks! I will probably update the EPEL 7 version too, as it is a new package here.

Encoding and decoding results are the same between native and win32/win64 versions.

Decoded wav files are the same with win32, win64, and native flac encoder. (Even encoded flac files are the same, but that's not required for different platforms.)

Decoded wav files are the same with win64 and native flac encoder (encoded flac files are slightly different, but that's known feature and OK).