diff options
author | salo <salo> | 2004-11-15 21:26:45 +0000 |
---|---|---|
committer | salo <salo> | 2004-11-15 21:26:45 +0000 |
commit | 920026cefa6b4752af9479f77fd178c69acdb233 (patch) | |
tree | b06e1be1d242b471bbc39ed81032a1c0e519aabc | |
parent | 22bc07b67d161dbc36b3eb10316ead1052ba4dc7 (diff) | |
download | pkgsrc-920026cefa6b4752af9479f77fd178c69acdb233.tar.gz |
Pullup ticket 142 - requested by Takahiro Kambe
security fix for ruby-base
Module Name: pkgsrc
Committed By: taca
Date: Tue Nov 9 14:11:33 UTC 2004
Modified Files:
pkgsrc/lang/ruby-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby-base/patches: patch-ar
Log Message:
Fix potential DoS problem in CGI module from Ruby's CVS repository.
(noted by CAN-2004-0983)
Bump package revision.
-rw-r--r-- | lang/ruby-base/Makefile | 4 | ||||
-rw-r--r-- | lang/ruby-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby-base/patches/patch-ar | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/lang/ruby-base/Makefile b/lang/ruby-base/Makefile index f53830e4c26..c2b65d6c013 100644 --- a/lang/ruby-base/Makefile +++ b/lang/ruby-base/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.29 2004/08/24 15:43:56 taca Exp $ +# $NetBSD: Makefile,v 1.29.2.1 2004/11/15 21:26:45 salo Exp $ # FreeBSD Id: ports/lang/ruby/Makefile,v 1.39 2000/10/20 19:56:03 knu Exp DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGNAMEPREFIX}base-${RUBY_VERSION} -PKGREVISION= 5 +PKGREVISION= 7 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby-base/distinfo b/lang/ruby-base/distinfo index 821d57771ac..4fd5b83edcb 100644 --- a/lang/ruby-base/distinfo +++ b/lang/ruby-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2004/08/24 15:43:56 taca Exp $ +$NetBSD: distinfo,v 1.15.2.1 2004/11/15 21:26:45 salo Exp $ SHA1 (ruby/ruby-1.6.8.tar.gz) = 4b475ac1c837cd62b6dfe85359e1502a71b08cd1 Size (ruby/ruby-1.6.8.tar.gz) = 1023403 bytes @@ -15,3 +15,4 @@ SHA1 (patch-an) = 72461b10296cb9a03fc37bba6af69650c8777741 SHA1 (patch-ao) = 1070614441174b30926ba1d8a4d1a4718172ce4b SHA1 (patch-ap) = 19f520406a9b699a4bbe53b0e9e2b69b4eb7d96a SHA1 (patch-aq) = cf9f16f056c2f5df2493b6f04232fb62edf4448f +SHA1 (patch-ar) = 03e15c32b0865d11339f609b2e98613fc09083b4 diff --git a/lang/ruby-base/patches/patch-ar b/lang/ruby-base/patches/patch-ar new file mode 100644 index 00000000000..c665faa0adb --- /dev/null +++ b/lang/ruby-base/patches/patch-ar @@ -0,0 +1,20 @@ +$NetBSD: patch-ar,v 1.1.2.2 2004/11/15 21:26:45 salo Exp $ + +--- lib/cgi.rb.orig 2002-08-29 18:05:06.000000000 +0900 ++++ lib/cgi.rb +@@ -823,10 +823,13 @@ convert string charset, and set language + end + + c = if bufsize < content_length +- stdinput.read(bufsize) or '' ++ stdinput.read(bufsize) + else +- stdinput.read(content_length) or '' ++ stdinput.read(content_length) + end ++ if c.nil? ++ raise EOFError, "bad content body" ++ end + buf += c + content_length -= c.size + |