[pkgsrc/pkgsrc-2008Q1]: pkgsrc/lang/ruby18-base Pullup ticket #2443 - request...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9500c3ee8b8b
branches:  pkgsrc-2008Q1
changeset: 540453:9500c3ee8b8b
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jul 10 13:00:01 2008 +0000

description:
Pullup ticket #2443 - requested by taca
Security patch for ruby18-base

Revisions pulled up:
- lang/ruby18-base/Makefile             1.45 via patch
- lang/ruby18-base/distinfo             1.31 via patch
- lang/ruby18-base/patches/patch-ad     1.9 via patch
---
    Module Name:        pkgsrc
    Committed By:       tonnerre
    Date:               Thu Jul  3 21:06:10 UTC 2008

    Modified Files:
        pkgsrc/lang/ruby18-base: Makefile distinfo
    Added Files:
        pkgsrc/lang/ruby18-base/patches: patch-ad

    Log Message:
    Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
    which can be exploited to cause a denial of service through memory
    exhaustion. (SN-2008-02)

diffstat:

 lang/ruby18-base/Makefile         |   3 ++-
 lang/ruby18-base/distinfo         |   3 ++-
 lang/ruby18-base/patches/patch-dj |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r c76f50a2532f -r 9500c3ee8b8b lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Thu Jul 10 12:42:29 2008 +0000
+++ b/lang/ruby18-base/Makefile Thu Jul 10 13:00:01 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.40 2008/01/04 15:42:34 ghen Exp $
+# $NetBSD: Makefile,v 1.40.2.1 2008/07/10 13:00:01 tron Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
diff -r c76f50a2532f -r 9500c3ee8b8b lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Thu Jul 10 12:42:29 2008 +0000
+++ b/lang/ruby18-base/distinfo Thu Jul 10 13:00:01 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26.2.1 2008/06/28 11:54:07 tron Exp $
+$NetBSD: distinfo,v 1.26.2.2 2008/07/10 13:00:01 tron Exp $
 
 SHA1 (ruby-1.8.6-p230.tar.bz2) = c630222fd6b4272db84f54e68879f81e2014cd51
 RMD160 (ruby-1.8.6-p230.tar.bz2) = cdf3ea33c3fd2258c685aea634aca7e9624036ec
@@ -10,3 +10,4 @@
 SHA1 (patch-de) = 716dadc9042f81fe16a183fe03b2a63ec2598212
 SHA1 (patch-df) = 0ea1f97ad998361172f78d5cb0e1d0a5f1501b24
 SHA1 (patch-dg) = e79566ded3c82e63357966e961d7dcdfb84a03cf
+SHA1 (patch-dj) = 4f8f0a53f3d108c7e3c10de0f74ad9420d6c07a2
diff -r c76f50a2532f -r 9500c3ee8b8b lang/ruby18-base/patches/patch-dj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-dj Thu Jul 10 13:00:01 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-dj,v 1.1.2.1 2008/07/10 13:00:01 tron Exp $
+
+Avoid memory size integer overflow memory exhaustion DoS in filling
+arrays (SN-2008-02).
+
+--- array.c.orig       2008-06-20 15:53:16.000000000 +0900
++++ array.c
+@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary)
+       break;
+     }
+     rb_ary_modify(ary);
+-    end = beg + len;
+-    if (end < 0) {
++    if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) {
+       rb_raise(rb_eArgError, "argument too big");
+     }
++    end = beg + len;
+     if (end > RARRAY(ary)->len) {
+       if (end >= RARRAY(ary)->aux.capa) {
+           REALLOC_N(RARRAY(ary)->ptr, VALUE, end);