pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q2]: pkgsrc/lang/ruby18-base Pullup ticket #769 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7f30f44cf584
branches: pkgsrc-2005Q2
changeset: 496081:7f30f44cf584
user: salo <salo%pkgsrc.org@localhost>
date: Thu Sep 22 16:44:59 2005 +0000
description:
Pullup ticket #769 - requested by Takahiro Kambe
security and portability fixes for ruby18-base
Revisions pulled up:
- pkgsrc/lang/ruby18-base/Makefile 1.7, 1.8
- pkgsrc/lang/ruby18-base/distinfo 1.3, 1.4, 1.5
- pkgsrc/lang/ruby18-base/patches/patch-aa 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ab 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ad 1.1
- pkgsrc/lang/ruby18-base/patches/patch-au 1.1
- pkgsrc/lang/ruby18-base/patches/patch-av 1.1
- pkgsrc/lang/ruby18-base/patches/patch-aw 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ax 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ay 1.1
- pkgsrc/lang/ruby18-base/patches/patch-az 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 18 13:38:50 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az
Log Message:
Adding DrafonFly BSD support based on patch provided by Joerg Sonnenberger.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Sep 19 15:19:13 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: distinfo
pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab
Log Message:
Rearrange configure script a little:
- Correct case statement moving "interix3*)" to before "interrix*)" since
"interix3*)" wouldn't match and always match to "interix*)".
- Remove "interix3*" in the case condition which always "interix*" pattern.
This dosen't fix anything bulding on Interix3 (SFU 3.5) and on other
platforms, but fix obvious mistake in configure script.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 21 14:03:22 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch for fix the security problem which allows an arbitrary code
to run bypassing the safe level check.
The patch was provided by Yukihiro Matsumoto on ruby-dev mailing list.
Bump PKGREVISION.
diffstat:
lang/ruby18-base/Makefile | 4 +-
lang/ruby18-base/distinfo | 13 ++-
lang/ruby18-base/patches/patch-aa | 35 +++-----
lang/ruby18-base/patches/patch-ab | 35 +++-----
lang/ruby18-base/patches/patch-ad | 158 ++++++++++++++++++++++++++++++++++++++
lang/ruby18-base/patches/patch-au | 12 ++
lang/ruby18-base/patches/patch-av | 52 ++++++++++++
lang/ruby18-base/patches/patch-aw | 13 +++
lang/ruby18-base/patches/patch-ax | 13 +++
lang/ruby18-base/patches/patch-ay | 16 +++
lang/ruby18-base/patches/patch-az | 13 +++
11 files changed, 315 insertions(+), 49 deletions(-)
diffs (truncated from 469 to 300 lines):
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/Makefile Thu Sep 22 16:44:59 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.5.2.1 2005/06/24 08:40:44 salo Exp $
+# $NetBSD: Makefile,v 1.5.2.2 2005/09/22 16:44:59 salo Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
-PKGREVISION= 2
+PKGREVISION= 4
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/distinfo Thu Sep 22 16:44:59 2005 +0000
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.1.1.1.4.1 2005/06/24 08:40:44 salo Exp $
+$NetBSD: distinfo,v 1.1.1.1.4.2 2005/09/22 16:45:00 salo Exp $
SHA1 (ruby/ruby-1.8.2.tar.gz) = 409a917d3a0aba41f45bd053b767c85b2bc35ffa
RMD160 (ruby/ruby-1.8.2.tar.gz) = fc4dcdc2dda9bfbcf8ca19ca090aa55a18ea06a4
Size (ruby/ruby-1.8.2.tar.gz) = 3627349 bytes
-SHA1 (patch-aa) = 5d000eaeac3d5166073863f002b1d7eb551405fa
-SHA1 (patch-ab) = 0b419b2948409e6375eb605bb33623f97bf0d91d
+SHA1 (patch-aa) = b0c96d7f10ff48245f97d7561e33ced4c4fed69d
+SHA1 (patch-ab) = eeb4048b99784392b7a09a904748e8ff23205580
SHA1 (patch-ac) = 8a60292e7fd312df639404fc015c4f3eeef49137
+SHA1 (patch-ad) = 79661e47e0a489cf8f2ad81a9c816ce23d88902b
SHA1 (patch-al) = a62c126e971a0d45b00e873802bc9ee67786c47e
SHA1 (patch-am) = fe000acf64e20245058c83319030e11606e75004
SHA1 (patch-an) = aa56ea179d9b7bf6ece22b4d8bba0c9137a0e342
@@ -15,3 +16,9 @@
SHA1 (patch-ar) = b9743d012e1c70573b590973a68e1d640ebab1c5
SHA1 (patch-as) = 19acb0f24b0e24c6253ea5df8592a39b38223b91
SHA1 (patch-at) = ee6b178f5fe31616253e5b47a979c31d18db2a6c
+SHA1 (patch-au) = f49bce921fec7d58c59e686d83c671ae71e28e1d
+SHA1 (patch-av) = 16955a5779607374b8ca80ab1abe04d07dcef03d
+SHA1 (patch-aw) = 95ccd93d39f9b13e5a4c34f5dae5764e984b5682
+SHA1 (patch-ax) = 00e9e4ba94fb550863d635d91b3da0aed3b15dea
+SHA1 (patch-ay) = ff77057f34279635d05a80ce316a478e3b528ab4
+SHA1 (patch-az) = 22484716620583e289da3c7d01a55163a1194d93
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-aa
--- a/lang/ruby18-base/patches/patch-aa Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/patches/patch-aa Thu Sep 22 16:44:59 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.1.1.1 2005/03/06 16:36:57 taca Exp $
+$NetBSD: patch-aa,v 1.1.1.1.4.1 2005/09/22 16:45:00 salo Exp $
--- configure.in.orig 2004-12-23 00:16:55.000000000 +0900
+++ configure.in
@@ -12,17 +12,8 @@
freebsd*) LIBS="-lm $LIBS"
AC_CACHE_CHECK([whether -lxpg4 has to be linked],
rb_cv_lib_xpg4_needed,
-@@ -813,7 +816,7 @@ if test "$with_dln_a_out" != yes; then
- openstep*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
- rhapsody*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
- darwin*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
-- human*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-+ human*|interix3*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
- *) CCDLFLAGS="$CCDLFLAGS -fPIC";;
- esac
- else
-@@ -875,6 +878,13 @@ if test "$with_dln_a_out" != yes; then
- test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
+@@ -863,6 +866,13 @@ if test "$with_dln_a_out" != yes; then
+ LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
fi
rb_cv_dlopen=yes ;;
+ interix3*) : ${LDSHARED='${CC} -shared'}
@@ -32,13 +23,13 @@
+ LIBPATHFLAG=' -L%1$-s'
+ RPATHFLAG=' -Wl,-R%1$-s'
+ rb_cv_dlopen=yes ;;
- openbsd*) : ${LDSHARED="\$(CC) -shared ${CCDLFLAGS}"}
- if test "$rb_cv_binary_elf" = yes; then
- LDFLAGS="$LDFLAGS -Wl,-E"
-@@ -1172,6 +1182,14 @@ if test "$enable_shared" = 'yes'; then
- LIBRUBY_ALIASES=""
- fi
- ;;
+ interix*) : ${LDSHARED="$CC -shared"}
+ XLDFLAGS="$XLDFLAGS -Wl,-E"
+ LIBPATHFLAG=" -L'%1\$-s'"
+@@ -1216,6 +1226,14 @@ if test "$enable_shared" = 'yes'; then
+ LIBRUBY_DLDFLAGS='-install_name $(libdir)/lib$(RUBY_SO_NAME).dylib -current_version $(MAJOR).$(MINOR).$(TEENY) -compatibility_version $(MAJOR).$(MINOR)'
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).$(MAJOR).$(MINOR).dylib lib$(RUBY_SO_NAME).dylib'
+ ;;
+ interix3*)
+ SOLIBS='$(LIBS)'
+ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)'
@@ -47,6 +38,6 @@
+ LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)'
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so'
+ ;;
- openbsd*)
- SOLIBS='$(LIBS)'
- LIBRUBY_SO='lib$(RUBY_INSTALL_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}`
+ interix*)
+ LIBRUBYARG_SHARED='-L${libdir} -L. -l$(RUBY_SO_NAME)'
+ ;;
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-ab
--- a/lang/ruby18-base/patches/patch-ab Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/patches/patch-ab Thu Sep 22 16:44:59 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-ab,v 1.1.1.1 2005/03/06 16:36:57 taca Exp $
+$NetBSD: patch-ab,v 1.1.1.1.4.1 2005/09/22 16:45:00 salo Exp $
--- configure.orig 2004-12-25 19:58:38.000000000 +0900
+++ configure
@@ -12,17 +12,8 @@
freebsd*) LIBS="-lm $LIBS"
echo "$as_me:$LINENO: checking whether -lxpg4 has to be linked" >&5
echo $ECHO_N "checking whether -lxpg4 has to be linked... $ECHO_C" >&6
-@@ -13953,7 +13956,7 @@ echo $ECHO_N "checking whether OS depend
- openstep*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
- rhapsody*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
- darwin*) CCDLFLAGS="$CCDLFLAGS -fno-common";;
-- human*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-+ human*|interix3*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
- *) CCDLFLAGS="$CCDLFLAGS -fPIC";;
- esac
- else
-@@ -14015,6 +14018,13 @@ echo $ECHO_N "checking whether OS depend
- test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
+@@ -14003,6 +14006,13 @@ echo $ECHO_N "checking whether OS depend
+ LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
fi
rb_cv_dlopen=yes ;;
+ interix3*) : ${LDSHARED='${CC} -shared'}
@@ -32,13 +23,13 @@
+ LIBPATHFLAG=' -L%1$-s'
+ RPATHFLAG=' -Wl,-R%1$-s'
+ rb_cv_dlopen=yes ;;
- openbsd*) : ${LDSHARED="\$(CC) -shared ${CCDLFLAGS}"}
- if test "$rb_cv_binary_elf" = yes; then
- LDFLAGS="$LDFLAGS -Wl,-E"
-@@ -14732,6 +14742,14 @@ if test "$enable_shared" = 'yes'; then
- LIBRUBY_ALIASES=""
- fi
- ;;
+ interix*) : ${LDSHARED="$CC -shared"}
+ XLDFLAGS="$XLDFLAGS -Wl,-E"
+ LIBPATHFLAG=" -L'%1\$-s'"
+@@ -14776,6 +14786,14 @@ if test "$enable_shared" = 'yes'; then
+ LIBRUBY_DLDFLAGS='-install_name $(libdir)/lib$(RUBY_SO_NAME).dylib -current_version $(MAJOR).$(MINOR).$(TEENY) -compatibility_version $(MAJOR).$(MINOR)'
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).$(MAJOR).$(MINOR).dylib lib$(RUBY_SO_NAME).dylib'
+ ;;
+ interix3*)
+ SOLIBS='$(LIBS)'
+ LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)'
@@ -47,6 +38,6 @@
+ LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)'
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so'
+ ;;
- openbsd*)
- SOLIBS='$(LIBS)'
- LIBRUBY_SO='lib$(RUBY_INSTALL_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}`
+ interix*)
+ LIBRUBYARG_SHARED='-L${libdir} -L. -l$(RUBY_SO_NAME)'
+ ;;
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ad Thu Sep 22 16:44:59 2005 +0000
@@ -0,0 +1,158 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/09/22 16:45:00 salo Exp $
+
+--- eval.c.orig 2004-12-18 11:07:29.000000000 +0900
++++ eval.c
+@@ -252,6 +252,11 @@ struct cache_entry { /* method hash tab
+ static struct cache_entry cache[CACHE_SIZE];
+ static int ruby_running = 0;
+
++#define NOEX_TAINTED 8
++#define NOEX_SAFE(n) ((n) >> 4)
++#define NOEX_WITH(n, v) ((n) | (v) << 4)
++#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
++
+ void
+ rb_clear_cache()
+ {
+@@ -344,7 +349,7 @@ rb_add_method(klass, mid, node, noex)
+ }
+ if (OBJ_FROZEN(klass)) rb_error_frozen("class/module");
+ rb_clear_cache_by_id(mid);
+- body = NEW_METHOD(node, noex);
++ body = NEW_METHOD(node, NOEX_WITH_SAFE(noex));
+ st_insert(RCLASS(klass)->m_tbl, mid, (st_data_t)body);
+ if (node && mid != ID_ALLOCATOR && ruby_running) {
+ if (FL_TEST(klass, FL_SINGLETON)) {
+@@ -5456,20 +5461,21 @@ call_cfunc(func, recv, len, argc, argv)
+ }
+
+ static VALUE
+-rb_call0(klass, recv, id, oid, argc, argv, body, nosuper)
++rb_call0(klass, recv, id, oid, argc, argv, body, flags)
+ VALUE klass, recv;
+ ID id;
+ ID oid;
+ int argc; /* OK */
+ VALUE *argv; /* OK */
+ NODE *body; /* OK */
+- int nosuper;
++ int flags;
+ {
+ NODE *b2; /* OK */
+ volatile VALUE result = Qnil;
+ int itr;
+ static int tick;
+ TMP_PROTECT;
++ volatile int safe = -1;
+
+ switch (ruby_iter->iter) {
+ case ITER_PRE:
+@@ -5491,7 +5497,7 @@ rb_call0(klass, recv, id, oid, argc, arg
+
+ ruby_frame->last_func = id;
+ ruby_frame->orig_func = oid;
+- ruby_frame->last_class = nosuper?0:klass;
++ ruby_frame->last_class = (flags & NOEX_UNDEF)?0:klass;
+ ruby_frame->self = recv;
+ ruby_frame->argc = argc;
+ ruby_frame->argv = argv;
+@@ -5553,7 +5559,6 @@ rb_call0(klass, recv, id, oid, argc, arg
+ NODE *saved_cref = 0;
+
+ PUSH_SCOPE();
+-
+ if (body->nd_rval) {
+ saved_cref = ruby_cref;
+ ruby_cref = (NODE*)body->nd_rval;
+@@ -5572,9 +5577,16 @@ rb_call0(klass, recv, id, oid, argc, arg
+ }
+ b2 = body = body->nd_next;
+
++ if (NOEX_SAFE(flags) > ruby_safe_level) {
++ if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
++ rb_raise(rb_eSecurityError, "calling insecure method: %s",
++ rb_id2name(id));
++ }
++ safe = ruby_safe_level;
++ ruby_safe_level = NOEX_SAFE(flags);
++ }
+ PUSH_VARS();
+ PUSH_TAG(PROT_FUNC);
+-
+ if ((state = EXEC_TAG()) == 0) {
+ NODE *node = 0;
+ int i;
+@@ -5653,6 +5665,7 @@ rb_call0(klass, recv, id, oid, argc, arg
+ result = prot_tag->retval;
+ state = 0;
+ }
++ if (safe >= 0) ruby_safe_level = safe;
+ POP_TAG();
+ POP_VARS();
+ POP_CLASS();
+@@ -5740,7 +5753,7 @@ rb_call(klass, recv, mid, argc, argv, sc
+ }
+ }
+
+- return rb_call0(klass, recv, mid, id, argc, argv, body, noex & NOEX_NOSUPER);
++ return rb_call0(klass, recv, mid, id, argc, argv, body, noex);
+ }
+
+ VALUE
+@@ -8530,6 +8543,7 @@ struct METHOD {
+ VALUE klass, rklass;
+ VALUE recv;
+ ID id, oid;
++ int safe_level;
+ NODE *body;
+ };
+
+@@ -8577,6 +8591,7 @@ mnew(klass, obj, id, mklass)
+ data->body = body;
+ data->rklass = rklass;
+ data->oid = oid;
++ data->safe_level = NOEX_WITH_SAFE(0);
+ OBJ_INFECT(method, klass);
+
+ return method;
+@@ -8661,6 +8676,7 @@ method_unbind(obj)
+ data->body = orig->body;
+ data->rklass = orig->rklass;
+ data->oid = orig->oid;
++ data->safe_level = NOEX_WITH_SAFE(0);
+ OBJ_INFECT(method, obj);
+
+ return method;
+@@ -8782,26 +8798,21 @@ method_call(argc, argv, method)
+ {
+ VALUE result = Qnil; /* OK */
+ struct METHOD *data;
+- int state;
+- volatile int safe = -1;
++ int safe;
Home |
Main Index |
Thread Index |
Old Index