pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q1]: pkgsrc Pullup ticket #2752 - requested by taca
details: https://anonhg.NetBSD.org/pkgsrc/rev/878bfcb18f58
branches: pkgsrc-2009Q1
changeset: 556798:878bfcb18f58
user: tron <tron%pkgsrc.org@localhost>
date: Fri May 01 12:42:02 2009 +0000
description:
Pullup ticket #2752 - requested by taca
ruby18-base: security update
ruby18-curses: security update
ruby18-tk: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.45
- lang/ruby18-base/Makefile 1.50
- lang/ruby18-base/distinfo 1.36
- lang/ruby18-base/patches/patch-dg delete
- lang/ruby18-base/patches/patch-dh delete
- lang/ruby18-base/patches/patch-dj delete
- devel/ruby-curses/distinfo 1.18
- x11/ruby-tk/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:10:17 UTC 2009
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
Bump Ruby 1.8.7's patch level to 160.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:11:12 UTC 2009
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Removed Files:
pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj
Log Message:
Update ruby18-base-1.8.7.160 (1.8.7-p160).
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:12:18 UTC 2009
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:12:42 UTC 2009
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
diffstat:
devel/ruby-curses/distinfo | 8 +++---
lang/ruby/rubyversion.mk | 4 +-
lang/ruby18-base/Makefile | 3 +-
lang/ruby18-base/distinfo | 11 +++------
lang/ruby18-base/patches/patch-dg | 43 ---------------------------------------
lang/ruby18-base/patches/patch-dh | 15 -------------
lang/ruby18-base/patches/patch-dj | 34 ------------------------------
x11/ruby-tk/distinfo | 8 +++---
8 files changed, 15 insertions(+), 111 deletions(-)
diffs (183 lines):
diff -r 06d4debfc6fb -r 878bfcb18f58 devel/ruby-curses/distinfo
--- a/devel/ruby-curses/distinfo Wed Apr 29 21:29:42 2009 +0000
+++ b/devel/ruby-curses/distinfo Fri May 01 12:42:02 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.17 2008/08/11 06:59:40 taca Exp $
+$NetBSD: distinfo,v 1.17.8.1 2009/05/01 12:42:02 tron Exp $
-SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
-RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
-Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes
+SHA1 (ruby-1.8.7-p160.tar.bz2) = 64ed631a819f28d9dd86d2c699e1b0a94d7e5dc9
+RMD160 (ruby-1.8.7-p160.tar.bz2) = 77469c9c4e9303f2ec8ca72a0cbf98b674cb1415
+Size (ruby-1.8.7-p160.tar.bz2) = 4137518 bytes
SHA1 (patch-aa) = 5e5dcea99e02716e42a428a2d01769c5709f0f45
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby/rubyversion.mk
--- a/lang/ruby/rubyversion.mk Wed Apr 29 21:29:42 2009 +0000
+++ b/lang/ruby/rubyversion.mk Fri May 01 12:42:02 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.44 2008/08/11 06:58:33 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.44.8.1 2009/05/01 12:42:02 tron Exp $
#
.if !defined(_RUBYVERSION_MK)
@@ -10,7 +10,7 @@
RUBY18_VERSION= 1.8.7
# patch
-RUBY18_PATCHLEVEL= 72
+RUBY18_PATCHLEVEL= 160
# RUBY_VERSION_DEFAULT defines default version for Ruby related
# packages and user can define in mk.conf. (1.6 or 1.8)
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Wed Apr 29 21:29:42 2009 +0000
+++ b/lang/ruby18-base/Makefile Fri May 01 12:42:02 2009 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $
+# $NetBSD: Makefile,v 1.49.2.1 2009/05/01 12:42:02 tron Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
-PKGREVISION= 3
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
#PKGREVISION=
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Wed Apr 29 21:29:42 2009 +0000
+++ b/lang/ruby18-base/distinfo Fri May 01 12:42:02 2009 +0000
@@ -1,11 +1,8 @@
-$NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $
+$NetBSD: distinfo,v 1.35.2.1 2009/05/01 12:42:02 tron Exp $
-SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
-RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
-Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes
+SHA1 (ruby-1.8.7-p160.tar.bz2) = 64ed631a819f28d9dd86d2c699e1b0a94d7e5dc9
+RMD160 (ruby-1.8.7-p160.tar.bz2) = 77469c9c4e9303f2ec8ca72a0cbf98b674cb1415
+Size (ruby-1.8.7-p160.tar.bz2) = 4137518 bytes
SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994
SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
-SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e
-SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c
-SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby18-base/patches/patch-dg
--- a/lang/ruby18-base/patches/patch-dg Wed Apr 29 21:29:42 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900
-+++ lib/rexml/document.rb
-@@ -32,6 +32,7 @@ module REXML
- # @param context if supplied, contains the context of the document;
- # this should be a Hash.
- def initialize( source = nil, context = {} )
-+ @entity_expansion_count = 0
- super()
- @context = context
- return if source.nil?
-@@ -200,6 +201,27 @@ module REXML
- Parsers::StreamParser.new( source, listener ).parse
- end
-
-+ @@entity_expansion_limit = 10_000
-+
-+ # Set the entity expansion limit. By default the limit is set to 10000.
-+ def Document::entity_expansion_limit=( val )
-+ @@entity_expansion_limit = val
-+ end
-+
-+ # Get the entity expansion limit. By default the limit is set to 10000.
-+ def Document::entity_expansion_limit
-+ return @@entity_expansion_limit
-+ end
-+
-+ attr_reader :entity_expansion_count
-+
-+ def record_entity_expansion
-+ @entity_expansion_count += 1
-+ if @entity_expansion_count > @@entity_expansion_limit
-+ raise "number of entity expansions exceeded, processing aborted."
-+ end
-+ end
-+
- private
- def build( source )
- Parsers::TreeParser.new( source, self ).parse
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby18-base/patches/patch-dh
--- a/lang/ruby18-base/patches/patch-dh Wed Apr 29 21:29:42 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/entity.rb.orig 2008-04-18 16:22:13.000000000 +0900
-+++ lib/rexml/entity.rb
-@@ -73,6 +73,7 @@ module REXML
- # all entities -- both %ent; and &ent; entities. This differs from
- # +value()+ in that +value+ only replaces %ent; entities.
- def unnormalized
-+ document.record_entity_expansion
- v = value()
- return nil if v.nil?
- @unnormalized = Text::unnormalize(v, parent)
diff -r 06d4debfc6fb -r 878bfcb18f58 lang/ruby18-base/patches/patch-dj
--- a/lang/ruby18-base/patches/patch-dj Wed Apr 29 21:29:42 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
-
-Online Certificate Status Protocol's verify method fix from Ruby's
-repository: revision 22440.
-
---- ext/openssl/ossl_ocsp.c.orig 2007-06-09 00:02:04.000000000 +0900
-+++ ext/openssl/ossl_ocsp.c
-@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
- static VALUE
- ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
- {
-- VALUE certs, store, flags;
-+ VALUE certs, store, flags, result;
- OCSP_BASICRESP *bs;
- STACK_OF(X509) *x509s;
- X509_STORE *x509st;
-- int flg, result;
-+ int flg;
-
- rb_scan_args(argc, argv, "21", &certs, &store, &flags);
- x509st = GetX509StorePtr(store);
- flg = NIL_P(flags) ? 0 : INT2NUM(flags);
- x509s = ossl_x509_ary2sk(certs);
- GetOCSPBasicRes(self, bs);
-- result = OCSP_basic_verify(bs, x509s, x509st, flg);
-+ result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
- sk_X509_pop_free(x509s, X509_free);
- if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
-
-- return result ? Qtrue : Qfalse;
-+ return result;
- }
-
- /*
diff -r 06d4debfc6fb -r 878bfcb18f58 x11/ruby-tk/distinfo
--- a/x11/ruby-tk/distinfo Wed Apr 29 21:29:42 2009 +0000
+++ b/x11/ruby-tk/distinfo Fri May 01 12:42:02 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.20 2008/08/11 06:59:55 taca Exp $
+$NetBSD: distinfo,v 1.20.8.1 2009/05/01 12:42:03 tron Exp $
-SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
-RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
-Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes
+SHA1 (ruby-1.8.7-p160.tar.bz2) = 64ed631a819f28d9dd86d2c699e1b0a94d7e5dc9
+RMD160 (ruby-1.8.7-p160.tar.bz2) = 77469c9c4e9303f2ec8ca72a0cbf98b674cb1415
+Size (ruby-1.8.7-p160.tar.bz2) = 4137518 bytes
SHA1 (patch-aa) = 3e4795c80ec44b8aade5ce5ed6c2936f9f1d1e09
Home |
Main Index |
Thread Index |
Old Index