pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Use security patch in official Ruby's...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6873b791099a
branches: trunk
changeset: 499465:6873b791099a
user: taca <taca%pkgsrc.org@localhost>
date: Fri Sep 23 12:01:44 2005 +0000
description:
Use security patch in official Ruby's ftp server instead of adding locally.
This dosen't change anything to installed binaries nor built package.
diffstat:
lang/ruby18-base/Makefile | 5 +-
lang/ruby18-base/distinfo | 7 +-
lang/ruby18-base/patches/patch-ac | 13 ---
lang/ruby18-base/patches/patch-ad | 158 --------------------------------------
4 files changed, 8 insertions(+), 175 deletions(-)
diffs (218 lines):
diff -r c34271033de1 -r 6873b791099a lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Fri Sep 23 09:04:57 2005 +0000
+++ b/lang/ruby18-base/Makefile Fri Sep 23 12:01:44 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.8 2005/09/21 14:03:22 taca Exp $
+# $NetBSD: Makefile,v 1.9 2005/09/23 12:01:44 taca Exp $
#
DISTNAME= ${RUBY_DISTNAME}
@@ -7,6 +7,9 @@
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
+PATCH_SITES= ${MASTER_SITE_RUBY}
+PATCHFILES= 1.8.2-patch1.gz
+
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= ${RUBY_HOMEPAGE}
COMMENT= Ruby 1.8 based release minimum package
diff -r c34271033de1 -r 6873b791099a lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Fri Sep 23 09:04:57 2005 +0000
+++ b/lang/ruby18-base/distinfo Fri Sep 23 12:01:44 2005 +0000
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.5 2005/09/21 14:03:22 taca Exp $
+$NetBSD: distinfo,v 1.6 2005/09/23 12:01:44 taca Exp $
SHA1 (ruby/ruby-1.8.2.tar.gz) = 409a917d3a0aba41f45bd053b767c85b2bc35ffa
RMD160 (ruby/ruby-1.8.2.tar.gz) = fc4dcdc2dda9bfbcf8ca19ca090aa55a18ea06a4
Size (ruby/ruby-1.8.2.tar.gz) = 3627349 bytes
+SHA1 (ruby/1.8.2-patch1.gz) = 776c738b52ad9605e7f502ecb967f1ba2d4934e9
+RMD160 (ruby/1.8.2-patch1.gz) = 55ae9b28c8dbb77230659edae9f3f12c8c7f2b99
+Size (ruby/1.8.2-patch1.gz) = 1347 bytes
SHA1 (patch-aa) = b0c96d7f10ff48245f97d7561e33ced4c4fed69d
SHA1 (patch-ab) = eeb4048b99784392b7a09a904748e8ff23205580
-SHA1 (patch-ac) = 8a60292e7fd312df639404fc015c4f3eeef49137
-SHA1 (patch-ad) = 79661e47e0a489cf8f2ad81a9c816ce23d88902b
SHA1 (patch-al) = a62c126e971a0d45b00e873802bc9ee67786c47e
SHA1 (patch-am) = fe000acf64e20245058c83319030e11606e75004
SHA1 (patch-an) = aa56ea179d9b7bf6ece22b4d8bba0c9137a0e342
diff -r c34271033de1 -r 6873b791099a lang/ruby18-base/patches/patch-ac
--- a/lang/ruby18-base/patches/patch-ac Fri Sep 23 09:04:57 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2005/06/23 16:54:47 taca Exp $
-
---- lib/xmlrpc/utils.rb.orig 2003-08-15 02:20:14.000000000 +0900
-+++ lib/xmlrpc/utils.rb
-@@ -138,7 +138,7 @@ module XMLRPC
-
- def get_methods(obj, delim=".")
- prefix = @prefix + delim
-- obj.class.public_instance_methods.collect { |name|
-+ obj.class.public_instance_methods(false).collect { |name|
- [prefix + name, obj.method(name).to_proc, nil, nil]
- }
- end
diff -r c34271033de1 -r 6873b791099a lang/ruby18-base/patches/patch-ad
--- a/lang/ruby18-base/patches/patch-ad Fri Sep 23 09:04:57 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,158 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2005/09/21 14:03:22 taca Exp $
-
---- eval.c.orig 2004-12-18 11:07:29.000000000 +0900
-+++ eval.c
-@@ -252,6 +252,11 @@ struct cache_entry { /* method hash tab
- static struct cache_entry cache[CACHE_SIZE];
- static int ruby_running = 0;
-
-+#define NOEX_TAINTED 8
-+#define NOEX_SAFE(n) ((n) >> 4)
-+#define NOEX_WITH(n, v) ((n) | (v) << 4)
-+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
-+
- void
- rb_clear_cache()
- {
-@@ -344,7 +349,7 @@ rb_add_method(klass, mid, node, noex)
- }
- if (OBJ_FROZEN(klass)) rb_error_frozen("class/module");
- rb_clear_cache_by_id(mid);
-- body = NEW_METHOD(node, noex);
-+ body = NEW_METHOD(node, NOEX_WITH_SAFE(noex));
- st_insert(RCLASS(klass)->m_tbl, mid, (st_data_t)body);
- if (node && mid != ID_ALLOCATOR && ruby_running) {
- if (FL_TEST(klass, FL_SINGLETON)) {
-@@ -5456,20 +5461,21 @@ call_cfunc(func, recv, len, argc, argv)
- }
-
- static VALUE
--rb_call0(klass, recv, id, oid, argc, argv, body, nosuper)
-+rb_call0(klass, recv, id, oid, argc, argv, body, flags)
- VALUE klass, recv;
- ID id;
- ID oid;
- int argc; /* OK */
- VALUE *argv; /* OK */
- NODE *body; /* OK */
-- int nosuper;
-+ int flags;
- {
- NODE *b2; /* OK */
- volatile VALUE result = Qnil;
- int itr;
- static int tick;
- TMP_PROTECT;
-+ volatile int safe = -1;
-
- switch (ruby_iter->iter) {
- case ITER_PRE:
-@@ -5491,7 +5497,7 @@ rb_call0(klass, recv, id, oid, argc, arg
-
- ruby_frame->last_func = id;
- ruby_frame->orig_func = oid;
-- ruby_frame->last_class = nosuper?0:klass;
-+ ruby_frame->last_class = (flags & NOEX_UNDEF)?0:klass;
- ruby_frame->self = recv;
- ruby_frame->argc = argc;
- ruby_frame->argv = argv;
-@@ -5553,7 +5559,6 @@ rb_call0(klass, recv, id, oid, argc, arg
- NODE *saved_cref = 0;
-
- PUSH_SCOPE();
--
- if (body->nd_rval) {
- saved_cref = ruby_cref;
- ruby_cref = (NODE*)body->nd_rval;
-@@ -5572,9 +5577,16 @@ rb_call0(klass, recv, id, oid, argc, arg
- }
- b2 = body = body->nd_next;
-
-+ if (NOEX_SAFE(flags) > ruby_safe_level) {
-+ if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
-+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
-+ rb_id2name(id));
-+ }
-+ safe = ruby_safe_level;
-+ ruby_safe_level = NOEX_SAFE(flags);
-+ }
- PUSH_VARS();
- PUSH_TAG(PROT_FUNC);
--
- if ((state = EXEC_TAG()) == 0) {
- NODE *node = 0;
- int i;
-@@ -5653,6 +5665,7 @@ rb_call0(klass, recv, id, oid, argc, arg
- result = prot_tag->retval;
- state = 0;
- }
-+ if (safe >= 0) ruby_safe_level = safe;
- POP_TAG();
- POP_VARS();
- POP_CLASS();
-@@ -5740,7 +5753,7 @@ rb_call(klass, recv, mid, argc, argv, sc
- }
- }
-
-- return rb_call0(klass, recv, mid, id, argc, argv, body, noex & NOEX_NOSUPER);
-+ return rb_call0(klass, recv, mid, id, argc, argv, body, noex);
- }
-
- VALUE
-@@ -8530,6 +8543,7 @@ struct METHOD {
- VALUE klass, rklass;
- VALUE recv;
- ID id, oid;
-+ int safe_level;
- NODE *body;
- };
-
-@@ -8577,6 +8591,7 @@ mnew(klass, obj, id, mklass)
- data->body = body;
- data->rklass = rklass;
- data->oid = oid;
-+ data->safe_level = NOEX_WITH_SAFE(0);
- OBJ_INFECT(method, klass);
-
- return method;
-@@ -8661,6 +8676,7 @@ method_unbind(obj)
- data->body = orig->body;
- data->rklass = orig->rklass;
- data->oid = orig->oid;
-+ data->safe_level = NOEX_WITH_SAFE(0);
- OBJ_INFECT(method, obj);
-
- return method;
-@@ -8782,26 +8798,21 @@ method_call(argc, argv, method)
- {
- VALUE result = Qnil; /* OK */
- struct METHOD *data;
-- int state;
-- volatile int safe = -1;
-+ int safe;
-
- Data_Get_Struct(method, struct METHOD, data);
- if (data->recv == Qundef) {
- rb_raise(rb_eTypeError, "you cannot call unbound method; bind first");
- }
-- PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
-- PUSH_TAG(PROT_NONE);
- if (OBJ_TAINTED(method)) {
-- safe = ruby_safe_level;
-- if (ruby_safe_level < 4) ruby_safe_level = 4;
-+ safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
- }
-- if ((state = EXEC_TAG()) == 0) {
-- result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,0);
-+ else {
-+ safe = data->safe_level;
- }
-- POP_TAG();
-+ PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
-+ result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,safe);
- POP_ITER();
-- if (safe >= 0) ruby_safe_level = safe;
-- if (state) JUMP_TAG(state);
- return result;
- }
-
Home |
Main Index |
Thread Index |
Old Index