pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/ruby193-base Add a patch to fix CVE-2011-1005 sec...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/63d436c9d8a6
branches:  trunk
changeset: 609582:63d436c9d8a6
user:      taca <taca%pkgsrc.org@localhost>
date:      Sat Oct 06 16:20:35 2012 +0000

description:
Add a patch to fix CVE-2011-1005 security problem which found out that
it affected Ruby 1.9.x, too.

Now it assigned CVE-2012-4464 and CVE-2012-4466.

Bump PKGREVISION.

diffstat:

 lang/ruby193-base/Makefile              |   4 +-
 lang/ruby193-base/distinfo              |   3 +-
 lang/ruby193-base/patches/patch-error.c |  36 +++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 3 deletions(-)

diffs (72 lines):

diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/Makefile
--- a/lang/ruby193-base/Makefile        Sat Oct 06 14:25:10 2012 +0000
+++ b/lang/ruby193-base/Makefile        Sat Oct 06 16:20:35 2012 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2012/10/02 20:11:52 asau Exp $
+# $NetBSD: Makefile,v 1.19 2012/10/06 16:20:35 taca Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 DIST_SUBDIR=   ruby193-base-201202170
diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/distinfo
--- a/lang/ruby193-base/distinfo        Sat Oct 06 14:25:10 2012 +0000
+++ b/lang/ruby193-base/distinfo        Sat Oct 06 16:20:35 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2012/07/25 14:26:57 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2012/10/06 16:20:35 taca Exp $
 
 SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c
 RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60
@@ -6,6 +6,7 @@
 SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23
 SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc
 SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5
+SHA1 (patch-error.c) = 571c8587c171356403f5ece93259a7b59ce3ff75
 SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74
 SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8
 SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6
diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/patches/patch-error.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby193-base/patches/patch-error.c   Sat Oct 06 16:20:35 2012 +0000
@@ -0,0 +1,36 @@
+$NetBSD$
+
+Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
+Ruby's repository r37068.
+
+--- error.c.orig       2012-02-25 12:32:19.000000000 +0000
++++ error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+-    if (str != mesg) {
+-      rb_iv_set(exc, "mesg", mesg = str);
+-    }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
++    return str;
+ }
+ 
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+       args[2] = d;
+       mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+     }
+-    OBJ_INFECT(mesg, obj);
+     return mesg;
+ }
+ 



Home | Main Index | Thread Index | Old Index