scuderiaf1

%define rubyver         1.9.3
%define rubyminorver    p484

Name:           ruby
Version:        %{rubyver}%{rubyminorver}
Release:        2%{?dist}
License:        Ruby License/GPL - see COPYING
URL:            http://www.ruby-lang.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:  gcc

scuderiaf1

#!/bin/bash
# shellshock-test.sh
# this will run it 
# curl -L https://gist.githubusercontent.com/scuderiaf1/2a49271cdd2e5a022a54/raw/33ba8308f71819ee9e4d741e44f02724e8f40dc4/shellshock-test.sh|bash
VUNERABLE=false;
CVE20146271="$(env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" 2>&1 )"

CVE20147169=$(cd /tmp 2>&1; rm -f /tmp/echo 2>&1; env 'x=() { (a)=>\' bash -c "echo uname" 2>&1; cat /tmp/echo 2>&1; rm -f /tmp/echo 2>&1 )

if [[ "$CVE20146271" =~ "vulnerable" ]]

scuderiaf1

diff -ur ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c
--- ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c	2012-02-19 06:09:11.000000000 -0800
+++ ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c	2014-01-03 16:37:11.077561351 -0800
@@ -757,8 +757,10 @@
                 method = EC_GFp_mont_method();
             } else if (id == s_GFp_nist) {
                 method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
             } else if (id == s_GF2m_simple) {
                 method = EC_GF2m_simple_method();

scuderiaf1

#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
  if echo "${ret}" | grep -q 'Cipher.*0000'; then
    echo "SSL 3.0 disabled"
  else
    echo "SSL 3.0 enabled"
 fi
else
  echo "SSL disabled or other error"

scuderiaf1

echo "GET /" | openssl s_client -ssl3 -connect localhost:443 2> /dev/null | grep "no peer certificate available" > /dev/null || echo "Vulnerable"

scuderiaf1

%define rubyver         2.1.3

Name:           ruby
Version:        %{rubyver}
Release:        2%{?dist}
License:        Ruby License/GPL - see COPYING
URL:            http://www.ruby-lang.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:  gcc
BuildRequires:  make

scuderiaf1

%define rubyver         2.1.4

Name:           ruby
Version:        %{rubyver}
Release:        2%{?dist}
License:        Ruby License/GPL - see COPYING
URL:            http://www.ruby-lang.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:  gcc
BuildRequires:  make

scuderiaf1

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];

scuderiaf1

#!/bin/bash
#Version 3
## command line to run 
##  curl -L https://gist.githubusercontent.com/scuderiaf1/52f881e6cce407228780/raw/043b6124f75d4c897377c157c6efab53654eb042/GHOST-test.sh |bash
echo "Installed glibc version(s)"

rv=0
for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
    glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
    glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')

scuderiaf1

#!/usr/bin/env bash
# repository
cd /tmp

echo "******"
echo "*** update needed yum pkgs ***"
echo "******"

yum -y install libxslt-devel libxml2-devel gdbm-devel libffi-devel zlib-devel openssl-devel readline-devel curl-devel openssl-devel pcre-devel git memcached-devel mysql-devel