pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/ruby193-base Add a patch to fix CVE-2011-1005 sec...
details: https://anonhg.NetBSD.org/pkgsrc/rev/63d436c9d8a6
branches: trunk
changeset: 609582:63d436c9d8a6
user: taca <taca%pkgsrc.org@localhost>
date: Sat Oct 06 16:20:35 2012 +0000
description:
Add a patch to fix CVE-2011-1005 security problem which found out that
it affected Ruby 1.9.x, too.
Now it assigned CVE-2012-4464 and CVE-2012-4466.
Bump PKGREVISION.
diffstat:
lang/ruby193-base/Makefile | 4 +-
lang/ruby193-base/distinfo | 3 +-
lang/ruby193-base/patches/patch-error.c | 36 +++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+), 3 deletions(-)
diffs (72 lines):
diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/Makefile
--- a/lang/ruby193-base/Makefile Sat Oct 06 14:25:10 2012 +0000
+++ b/lang/ruby193-base/Makefile Sat Oct 06 16:20:35 2012 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2012/10/02 20:11:52 asau Exp $
+# $NetBSD: Makefile,v 1.19 2012/10/06 16:20:35 taca Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
DIST_SUBDIR= ruby193-base-201202170
diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/distinfo
--- a/lang/ruby193-base/distinfo Sat Oct 06 14:25:10 2012 +0000
+++ b/lang/ruby193-base/distinfo Sat Oct 06 16:20:35 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2012/07/25 14:26:57 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2012/10/06 16:20:35 taca Exp $
SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c
RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60
@@ -6,6 +6,7 @@
SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23
SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc
SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5
+SHA1 (patch-error.c) = 571c8587c171356403f5ece93259a7b59ce3ff75
SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74
SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8
SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6
diff -r 0866eb789556 -r 63d436c9d8a6 lang/ruby193-base/patches/patch-error.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby193-base/patches/patch-error.c Sat Oct 06 16:20:35 2012 +0000
@@ -0,0 +1,36 @@
+$NetBSD$
+
+Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
+Ruby's repository r37068.
+
+--- error.c.orig 2012-02-25 12:32:19.000000000 +0000
++++ error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+
+ if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+ r = rb_String(mesg);
+- OBJ_INFECT(r, exc);
+ return r;
+ }
+
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+
+ if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+ StringValue(str);
+- if (str != mesg) {
+- rb_iv_set(exc, "mesg", mesg = str);
+- }
+- OBJ_INFECT(mesg, exc);
+- return mesg;
++ return str;
+ }
+
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+ args[2] = d;
+ mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+ }
+- OBJ_INFECT(mesg, obj);
+ return mesg;
+ }
+
Home |
Main Index |
Thread Index |
Old Index