pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q2]: pkgsrc/lang/ruby18-base Pullup ticket #769 - requeste...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7f30f44cf584
branches:  pkgsrc-2005Q2
changeset: 496081:7f30f44cf584
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Sep 22 16:44:59 2005 +0000

description:
Pullup ticket #769 - requested by Takahiro Kambe
security and portability fixes for ruby18-base

Revisions pulled up:
- pkgsrc/lang/ruby18-base/Makefile              1.7, 1.8
- pkgsrc/lang/ruby18-base/distinfo              1.3, 1.4, 1.5
- pkgsrc/lang/ruby18-base/patches/patch-aa      1.2
- pkgsrc/lang/ruby18-base/patches/patch-ab      1.2
- pkgsrc/lang/ruby18-base/patches/patch-ad      1.1
- pkgsrc/lang/ruby18-base/patches/patch-au      1.1
- pkgsrc/lang/ruby18-base/patches/patch-av      1.1
- pkgsrc/lang/ruby18-base/patches/patch-aw      1.1
- pkgsrc/lang/ruby18-base/patches/patch-ax      1.1
- pkgsrc/lang/ruby18-base/patches/patch-ay      1.1
- pkgsrc/lang/ruby18-base/patches/patch-az      1.1

   Module Name:         pkgsrc
   Committed By:        taca
   Date:                Sun Sep 18 13:38:50 UTC 2005

   Modified Files:
        pkgsrc/lang/ruby18-base: Makefile distinfo
   Added Files:
        pkgsrc/lang/ruby18-base/patches: patch-au patch-av patch-aw patch-ax
            patch-ay patch-az

   Log Message:
   Adding DrafonFly BSD support based on patch provided by Joerg Sonnenberger.

   Bump PKGREVISION.
---
   Module Name:         pkgsrc
   Committed By:        taca
   Date:                Mon Sep 19 15:19:13 UTC 2005

   Modified Files:
        pkgsrc/lang/ruby18-base: distinfo
        pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab

   Log Message:
   Rearrange configure script a little:

   - Correct case statement moving "interix3*)" to before "interrix*)" since
     "interix3*)" wouldn't match and always match to "interix*)".

   - Remove "interix3*" in the case condition which always "interix*" pattern.

   This dosen't fix anything bulding on Interix3 (SFU 3.5) and on other
   platforms, but fix obvious mistake in configure script.
---
   Module Name:         pkgsrc
   Committed By:        taca
   Date:                Wed Sep 21 14:03:22 UTC 2005

   Modified Files:
        pkgsrc/lang/ruby18-base: Makefile distinfo
   Added Files:
        pkgsrc/lang/ruby18-base/patches: patch-ad

   Log Message:
   Add a patch for fix the security problem which allows an arbitrary code
   to run bypassing the safe level check.

   The patch was provided by Yukihiro Matsumoto on ruby-dev mailing list.

   Bump PKGREVISION.

diffstat:

 lang/ruby18-base/Makefile         |    4 +-
 lang/ruby18-base/distinfo         |   13 ++-
 lang/ruby18-base/patches/patch-aa |   35 +++-----
 lang/ruby18-base/patches/patch-ab |   35 +++-----
 lang/ruby18-base/patches/patch-ad |  158 ++++++++++++++++++++++++++++++++++++++
 lang/ruby18-base/patches/patch-au |   12 ++
 lang/ruby18-base/patches/patch-av |   52 ++++++++++++
 lang/ruby18-base/patches/patch-aw |   13 +++
 lang/ruby18-base/patches/patch-ax |   13 +++
 lang/ruby18-base/patches/patch-ay |   16 +++
 lang/ruby18-base/patches/patch-az |   13 +++
 11 files changed, 315 insertions(+), 49 deletions(-)

diffs (truncated from 469 to 300 lines):

diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/Makefile Thu Sep 22 16:44:59 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.5.2.1 2005/06/24 08:40:44 salo Exp $
+# $NetBSD: Makefile,v 1.5.2.2 2005/09/22 16:44:59 salo Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
-PKGREVISION=   2
+PKGREVISION=   4
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/distinfo Thu Sep 22 16:44:59 2005 +0000
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.1.1.1.4.1 2005/06/24 08:40:44 salo Exp $
+$NetBSD: distinfo,v 1.1.1.1.4.2 2005/09/22 16:45:00 salo Exp $
 
 SHA1 (ruby/ruby-1.8.2.tar.gz) = 409a917d3a0aba41f45bd053b767c85b2bc35ffa
 RMD160 (ruby/ruby-1.8.2.tar.gz) = fc4dcdc2dda9bfbcf8ca19ca090aa55a18ea06a4
 Size (ruby/ruby-1.8.2.tar.gz) = 3627349 bytes
-SHA1 (patch-aa) = 5d000eaeac3d5166073863f002b1d7eb551405fa
-SHA1 (patch-ab) = 0b419b2948409e6375eb605bb33623f97bf0d91d
+SHA1 (patch-aa) = b0c96d7f10ff48245f97d7561e33ced4c4fed69d
+SHA1 (patch-ab) = eeb4048b99784392b7a09a904748e8ff23205580
 SHA1 (patch-ac) = 8a60292e7fd312df639404fc015c4f3eeef49137
+SHA1 (patch-ad) = 79661e47e0a489cf8f2ad81a9c816ce23d88902b
 SHA1 (patch-al) = a62c126e971a0d45b00e873802bc9ee67786c47e
 SHA1 (patch-am) = fe000acf64e20245058c83319030e11606e75004
 SHA1 (patch-an) = aa56ea179d9b7bf6ece22b4d8bba0c9137a0e342
@@ -15,3 +16,9 @@
 SHA1 (patch-ar) = b9743d012e1c70573b590973a68e1d640ebab1c5
 SHA1 (patch-as) = 19acb0f24b0e24c6253ea5df8592a39b38223b91
 SHA1 (patch-at) = ee6b178f5fe31616253e5b47a979c31d18db2a6c
+SHA1 (patch-au) = f49bce921fec7d58c59e686d83c671ae71e28e1d
+SHA1 (patch-av) = 16955a5779607374b8ca80ab1abe04d07dcef03d
+SHA1 (patch-aw) = 95ccd93d39f9b13e5a4c34f5dae5764e984b5682
+SHA1 (patch-ax) = 00e9e4ba94fb550863d635d91b3da0aed3b15dea
+SHA1 (patch-ay) = ff77057f34279635d05a80ce316a478e3b528ab4
+SHA1 (patch-az) = 22484716620583e289da3c7d01a55163a1194d93
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-aa
--- a/lang/ruby18-base/patches/patch-aa Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/patches/patch-aa Thu Sep 22 16:44:59 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.1.1.1 2005/03/06 16:36:57 taca Exp $
+$NetBSD: patch-aa,v 1.1.1.1.4.1 2005/09/22 16:45:00 salo Exp $
 
 --- configure.in.orig  2004-12-23 00:16:55.000000000 +0900
 +++ configure.in
@@ -12,17 +12,8 @@
  freebsd*)     LIBS="-lm $LIBS"
                AC_CACHE_CHECK([whether -lxpg4 has to be linked],
                  rb_cv_lib_xpg4_needed,
-@@ -813,7 +816,7 @@ if test "$with_dln_a_out" != yes; then
-     openstep*)        CCDLFLAGS="$CCDLFLAGS -fno-common";;
-     rhapsody*)        CCDLFLAGS="$CCDLFLAGS -fno-common";;
-     darwin*)  CCDLFLAGS="$CCDLFLAGS -fno-common";;
--    human*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-+    human*|interix3*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-     *) CCDLFLAGS="$CCDLFLAGS -fPIC";;
-     esac
-   else
-@@ -875,6 +878,13 @@ if test "$with_dln_a_out" != yes; then
-                         test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
+@@ -863,6 +866,13 @@ if test "$with_dln_a_out" != yes; then
+                           LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
                        fi
                        rb_cv_dlopen=yes ;;
 +      interix3*)      : ${LDSHARED='${CC} -shared'}
@@ -32,13 +23,13 @@
 +                      LIBPATHFLAG=' -L%1$-s'
 +                      RPATHFLAG=' -Wl,-R%1$-s'
 +                      rb_cv_dlopen=yes ;;
-       openbsd*)       : ${LDSHARED="\$(CC) -shared ${CCDLFLAGS}"}
-                       if test "$rb_cv_binary_elf" = yes; then
-                           LDFLAGS="$LDFLAGS -Wl,-E"
-@@ -1172,6 +1182,14 @@ if test "$enable_shared" = 'yes'; then
-          LIBRUBY_ALIASES=""
-       fi
-       ;;
+       interix*)       : ${LDSHARED="$CC -shared"}
+                       XLDFLAGS="$XLDFLAGS -Wl,-E"
+                       LIBPATHFLAG=" -L'%1\$-s'"
+@@ -1216,6 +1226,14 @@ if test "$enable_shared" = 'yes'; then
+       LIBRUBY_DLDFLAGS='-install_name $(libdir)/lib$(RUBY_SO_NAME).dylib -current_version $(MAJOR).$(MINOR).$(TEENY) -compatibility_version $(MAJOR).$(MINOR)'
+       LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).$(MAJOR).$(MINOR).dylib lib$(RUBY_SO_NAME).dylib'
+       ;;
 +    interix3*)
 +      SOLIBS='$(LIBS)'
 +      LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)'
@@ -47,6 +38,6 @@
 +      LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)'
 +      LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so'
 +      ;;
-     openbsd*)
-       SOLIBS='$(LIBS)'
-       LIBRUBY_SO='lib$(RUBY_INSTALL_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}`
+     interix*)
+       LIBRUBYARG_SHARED='-L${libdir} -L. -l$(RUBY_SO_NAME)'
+       ;;
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-ab
--- a/lang/ruby18-base/patches/patch-ab Fri Sep 16 15:06:52 2005 +0000
+++ b/lang/ruby18-base/patches/patch-ab Thu Sep 22 16:44:59 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-ab,v 1.1.1.1 2005/03/06 16:36:57 taca Exp $
+$NetBSD: patch-ab,v 1.1.1.1.4.1 2005/09/22 16:45:00 salo Exp $
 
 --- configure.orig     2004-12-25 19:58:38.000000000 +0900
 +++ configure
@@ -12,17 +12,8 @@
  freebsd*)     LIBS="-lm $LIBS"
                echo "$as_me:$LINENO: checking whether -lxpg4 has to be linked" >&5
  echo $ECHO_N "checking whether -lxpg4 has to be linked... $ECHO_C" >&6
-@@ -13953,7 +13956,7 @@ echo $ECHO_N "checking whether OS depend
-     openstep*)        CCDLFLAGS="$CCDLFLAGS -fno-common";;
-     rhapsody*)        CCDLFLAGS="$CCDLFLAGS -fno-common";;
-     darwin*)  CCDLFLAGS="$CCDLFLAGS -fno-common";;
--    human*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-+    human*|interix3*|bsdi*|beos*|cygwin*|mingw*|aix*|interix*) ;;
-     *) CCDLFLAGS="$CCDLFLAGS -fPIC";;
-     esac
-   else
-@@ -14015,6 +14018,13 @@ echo $ECHO_N "checking whether OS depend
-                         test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
+@@ -14003,6 +14006,13 @@ echo $ECHO_N "checking whether OS depend
+                           LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
                        fi
                        rb_cv_dlopen=yes ;;
 +      interix3*)      : ${LDSHARED='${CC} -shared'}
@@ -32,13 +23,13 @@
 +                      LIBPATHFLAG=' -L%1$-s'
 +                      RPATHFLAG=' -Wl,-R%1$-s'
 +                      rb_cv_dlopen=yes ;;
-       openbsd*)       : ${LDSHARED="\$(CC) -shared ${CCDLFLAGS}"}
-                       if test "$rb_cv_binary_elf" = yes; then
-                           LDFLAGS="$LDFLAGS -Wl,-E"
-@@ -14732,6 +14742,14 @@ if test "$enable_shared" = 'yes'; then
-          LIBRUBY_ALIASES=""
-       fi
-       ;;
+       interix*)       : ${LDSHARED="$CC -shared"}
+                       XLDFLAGS="$XLDFLAGS -Wl,-E"
+                       LIBPATHFLAG=" -L'%1\$-s'"
+@@ -14776,6 +14786,14 @@ if test "$enable_shared" = 'yes'; then
+       LIBRUBY_DLDFLAGS='-install_name $(libdir)/lib$(RUBY_SO_NAME).dylib -current_version $(MAJOR).$(MINOR).$(TEENY) -compatibility_version $(MAJOR).$(MINOR)'
+       LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).$(MAJOR).$(MINOR).dylib lib$(RUBY_SO_NAME).dylib'
+       ;;
 +    interix3*)
 +      SOLIBS='$(LIBS)'
 +      LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR).$(TEENY)'
@@ -47,6 +38,6 @@
 +      LIBRUBYARG_SHARED='-Wl,-R -Wl,${libdir} -L${libdir} -L. -l$(RUBY_SO_NAME)'
 +      LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR) lib$(RUBY_SO_NAME).so'
 +      ;;
-     openbsd*)
-       SOLIBS='$(LIBS)'
-       LIBRUBY_SO='lib$(RUBY_INSTALL_NAME).so.$(MAJOR).'`expr ${MINOR} \* 10 + ${TEENY}`
+     interix*)
+       LIBRUBYARG_SHARED='-L${libdir} -L. -l$(RUBY_SO_NAME)'
+       ;;
diff -r 131e4349f5e9 -r 7f30f44cf584 lang/ruby18-base/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ad Thu Sep 22 16:44:59 2005 +0000
@@ -0,0 +1,158 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/09/22 16:45:00 salo Exp $
+
+--- eval.c.orig        2004-12-18 11:07:29.000000000 +0900
++++ eval.c
+@@ -252,6 +252,11 @@ struct cache_entry {              /* method hash tab
+ static struct cache_entry cache[CACHE_SIZE];
+ static int ruby_running = 0;
+ 
++#define NOEX_TAINTED 8
++#define NOEX_SAFE(n) ((n) >> 4)
++#define NOEX_WITH(n, v) ((n) | (v) << 4)
++#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
++
+ void
+ rb_clear_cache()
+ {
+@@ -344,7 +349,7 @@ rb_add_method(klass, mid, node, noex)
+     }
+     if (OBJ_FROZEN(klass)) rb_error_frozen("class/module");
+     rb_clear_cache_by_id(mid);
+-    body = NEW_METHOD(node, noex);
++    body = NEW_METHOD(node, NOEX_WITH_SAFE(noex));
+     st_insert(RCLASS(klass)->m_tbl, mid, (st_data_t)body);
+     if (node && mid != ID_ALLOCATOR && ruby_running) {
+       if (FL_TEST(klass, FL_SINGLETON)) {
+@@ -5456,20 +5461,21 @@ call_cfunc(func, recv, len, argc, argv)
+ }
+ 
+ static VALUE
+-rb_call0(klass, recv, id, oid, argc, argv, body, nosuper)
++rb_call0(klass, recv, id, oid, argc, argv, body, flags)
+     VALUE klass, recv;
+     ID    id;
+     ID    oid;
+     int argc;                 /* OK */
+     VALUE *argv;              /* OK */
+     NODE *body;                       /* OK */
+-    int nosuper;
++    int flags;
+ {
+     NODE *b2;         /* OK */
+     volatile VALUE result = Qnil;
+     int itr;
+     static int tick;
+     TMP_PROTECT;
++    volatile int safe = -1;
+ 
+     switch (ruby_iter->iter) {
+       case ITER_PRE:
+@@ -5491,7 +5497,7 @@ rb_call0(klass, recv, id, oid, argc, arg
+ 
+     ruby_frame->last_func = id;
+     ruby_frame->orig_func = oid;
+-    ruby_frame->last_class = nosuper?0:klass;
++    ruby_frame->last_class = (flags & NOEX_UNDEF)?0:klass;
+     ruby_frame->self = recv;
+     ruby_frame->argc = argc;
+     ruby_frame->argv = argv;
+@@ -5553,7 +5559,6 @@ rb_call0(klass, recv, id, oid, argc, arg
+           NODE *saved_cref = 0;
+ 
+           PUSH_SCOPE();
+-
+           if (body->nd_rval) {
+               saved_cref = ruby_cref;
+               ruby_cref = (NODE*)body->nd_rval;
+@@ -5572,9 +5577,16 @@ rb_call0(klass, recv, id, oid, argc, arg
+           }
+           b2 = body = body->nd_next;
+ 
++          if (NOEX_SAFE(flags) > ruby_safe_level) {
++              if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
++                  rb_raise(rb_eSecurityError, "calling insecure method: %s",
++                           rb_id2name(id));
++              }
++              safe = ruby_safe_level;
++              ruby_safe_level = NOEX_SAFE(flags);
++          }
+           PUSH_VARS();
+           PUSH_TAG(PROT_FUNC);
+-
+           if ((state = EXEC_TAG()) == 0) {
+               NODE *node = 0;
+               int i;
+@@ -5653,6 +5665,7 @@ rb_call0(klass, recv, id, oid, argc, arg
+               result = prot_tag->retval;
+               state = 0;
+           }
++          if (safe >= 0) ruby_safe_level = safe;
+           POP_TAG();
+           POP_VARS();
+           POP_CLASS();
+@@ -5740,7 +5753,7 @@ rb_call(klass, recv, mid, argc, argv, sc
+       }
+     }
+ 
+-    return rb_call0(klass, recv, mid, id, argc, argv, body, noex & NOEX_NOSUPER);
++    return rb_call0(klass, recv, mid, id, argc, argv, body, noex);
+ }
+ 
+ VALUE
+@@ -8530,6 +8543,7 @@ struct METHOD {
+     VALUE klass, rklass;
+     VALUE recv;
+     ID id, oid;
++    int safe_level;
+     NODE *body;
+ };
+ 
+@@ -8577,6 +8591,7 @@ mnew(klass, obj, id, mklass)
+     data->body = body;
+     data->rklass = rklass;
+     data->oid = oid;
++    data->safe_level = NOEX_WITH_SAFE(0);
+     OBJ_INFECT(method, klass);
+ 
+     return method;
+@@ -8661,6 +8676,7 @@ method_unbind(obj)
+     data->body = orig->body;
+     data->rklass = orig->rklass;
+     data->oid = orig->oid;
++    data->safe_level = NOEX_WITH_SAFE(0);
+     OBJ_INFECT(method, obj);
+ 
+     return method;
+@@ -8782,26 +8798,21 @@ method_call(argc, argv, method)
+ {
+     VALUE result = Qnil;      /* OK */
+     struct METHOD *data;
+-    int state;
+-    volatile int safe = -1;
++    int safe;



Home | Main Index | Thread Index | Old Index