pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q3]: pkgsrc/lang/ruby-base Pullup ticket 142 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7cadcf830d9c
branches:  pkgsrc-2004Q3
changeset: 480743:7cadcf830d9c
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Nov 15 21:26:45 2004 +0000

description:
Pullup ticket 142 - requested by Takahiro Kambe
security fix for ruby-base

        Module Name:    pkgsrc
        Committed By:   taca
        Date:           Tue Nov  9 14:11:33 UTC 2004

        Modified Files:
                pkgsrc/lang/ruby-base: Makefile distinfo
        Added Files:
                pkgsrc/lang/ruby-base/patches: patch-ar

        Log Message:
        Fix potential DoS problem in CGI module from Ruby's CVS repository.
        (noted by CAN-2004-0983)

        Bump package revision.

diffstat:

 lang/ruby-base/Makefile         |   4 ++--
 lang/ruby-base/distinfo         |   3 ++-
 lang/ruby-base/patches/patch-ar |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diffs (53 lines):

diff -r 49138c735ffc -r 7cadcf830d9c lang/ruby-base/Makefile
--- a/lang/ruby-base/Makefile   Mon Nov 15 08:03:46 2004 +0000
+++ b/lang/ruby-base/Makefile   Mon Nov 15 21:26:45 2004 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2004/08/24 15:43:56 taca Exp $
+# $NetBSD: Makefile,v 1.29.2.1 2004/11/15 21:26:45 salo Exp $
 # FreeBSD Id: ports/lang/ruby/Makefile,v 1.39 2000/10/20 19:56:03 knu Exp
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGNAMEPREFIX}base-${RUBY_VERSION}
-PKGREVISION=   5
+PKGREVISION=   7
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
diff -r 49138c735ffc -r 7cadcf830d9c lang/ruby-base/distinfo
--- a/lang/ruby-base/distinfo   Mon Nov 15 08:03:46 2004 +0000
+++ b/lang/ruby-base/distinfo   Mon Nov 15 21:26:45 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2004/08/24 15:43:56 taca Exp $
+$NetBSD: distinfo,v 1.15.2.1 2004/11/15 21:26:45 salo Exp $
 
 SHA1 (ruby/ruby-1.6.8.tar.gz) = 4b475ac1c837cd62b6dfe85359e1502a71b08cd1
 Size (ruby/ruby-1.6.8.tar.gz) = 1023403 bytes
@@ -15,3 +15,4 @@
 SHA1 (patch-ao) = 1070614441174b30926ba1d8a4d1a4718172ce4b
 SHA1 (patch-ap) = 19f520406a9b699a4bbe53b0e9e2b69b4eb7d96a
 SHA1 (patch-aq) = cf9f16f056c2f5df2493b6f04232fb62edf4448f
+SHA1 (patch-ar) = 03e15c32b0865d11339f609b2e98613fc09083b4
diff -r 49138c735ffc -r 7cadcf830d9c lang/ruby-base/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby-base/patches/patch-ar   Mon Nov 15 21:26:45 2004 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ar,v 1.1.2.2 2004/11/15 21:26:45 salo Exp $
+
+--- lib/cgi.rb.orig    2002-08-29 18:05:06.000000000 +0900
++++ lib/cgi.rb
+@@ -823,10 +823,13 @@ convert string charset, and set language
+           end
+ 
+           c = if bufsize < content_length
+-                stdinput.read(bufsize) or ''
++                stdinput.read(bufsize)
+               else
+-                stdinput.read(content_length) or ''
++                stdinput.read(content_length)
+               end
++        if c.nil?
++          raise EOFError, "bad content body"
++        end
+           buf += c
+           content_length -= c.size
+ 



Home | Main Index | Thread Index | Old Index