diff options
| author | tron <tron@pkgsrc.org> | 2008-07-10 13:00:01 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2008-07-10 13:00:01 +0000 |
| commit | ac03f4157c738b0c2a6e27953742608136aa6f7f (patch) | |
| tree | 9f1ada1b67baf5175c37d4937bcc394cccfbb107 | |
| parent | 29ac325c8acd1ed8a4689a193a2d7d7266a3b21f (diff) | |
| download | pkgsrc-ac03f4157c738b0c2a6e27953742608136aa6f7f.tar.gz | |
Pullup ticket #2443 - requested by taca
Security patch for ruby18-base
Revisions pulled up:
- lang/ruby18-base/Makefile 1.45 via patch
- lang/ruby18-base/distinfo 1.31 via patch
- lang/ruby18-base/patches/patch-ad 1.9 via patch
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Thu Jul 3 21:06:10 UTC 2008
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
| -rw-r--r-- | lang/ruby18-base/Makefile | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/distinfo | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/patches/patch-dj | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile index f2266d52ca9..074eacfe4eb 100644 --- a/lang/ruby18-base/Makefile +++ b/lang/ruby18-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.40 2008/01/04 15:42:34 ghen Exp $ +# $NetBSD: Makefile,v 1.40.2.1 2008/07/10 13:00:01 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index f65414a43ce..f0b60cf03ed 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.26.2.1 2008/06/28 11:54:07 tron Exp $ +$NetBSD: distinfo,v 1.26.2.2 2008/07/10 13:00:01 tron Exp $ SHA1 (ruby-1.8.6-p230.tar.bz2) = c630222fd6b4272db84f54e68879f81e2014cd51 RMD160 (ruby-1.8.6-p230.tar.bz2) = cdf3ea33c3fd2258c685aea634aca7e9624036ec @@ -10,3 +10,4 @@ SHA1 (patch-ad) = 0fb90a6280afca04d881bb94963ceb7542c6212d SHA1 (patch-de) = 716dadc9042f81fe16a183fe03b2a63ec2598212 SHA1 (patch-df) = 0ea1f97ad998361172f78d5cb0e1d0a5f1501b24 SHA1 (patch-dg) = e79566ded3c82e63357966e961d7dcdfb84a03cf +SHA1 (patch-dj) = 4f8f0a53f3d108c7e3c10de0f74ad9420d6c07a2 diff --git a/lang/ruby18-base/patches/patch-dj b/lang/ruby18-base/patches/patch-dj new file mode 100644 index 00000000000..4d122ff9525 --- /dev/null +++ b/lang/ruby18-base/patches/patch-dj @@ -0,0 +1,20 @@ +$NetBSD: patch-dj,v 1.1.2.1 2008/07/10 13:00:01 tron Exp $ + +Avoid memory size integer overflow memory exhaustion DoS in filling +arrays (SN-2008-02). + +--- array.c.orig 2008-06-20 15:53:16.000000000 +0900 ++++ array.c +@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary) + break; + } + rb_ary_modify(ary); +- end = beg + len; +- if (end < 0) { ++ if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) { + rb_raise(rb_eArgError, "argument too big"); + } ++ end = beg + len; + if (end > RARRAY(ary)->len) { + if (end >= RARRAY(ary)->aux.capa) { + REALLOC_N(RARRAY(ary)->ptr, VALUE, end); |