Pullup ticket 142 - requested by Takahiro Kambe

security fix for ruby-base

        Module Name:	pkgsrc
        Committed By:	taca
        Date:		Tue Nov  9 14:11:33 UTC 2004

        Modified Files:
        	pkgsrc/lang/ruby-base: Makefile distinfo
        Added Files:
        	pkgsrc/lang/ruby-base/patches: patch-ar

        Log Message:
        Fix potential DoS problem in CGI module from Ruby's CVS repository.
        (noted by CAN-2004-0983)

        Bump package revision.

3 files changed, 24 insertions, 3 deletions

diff --git a/lang/ruby-base/Makefile b/lang/ruby-base/Makefile
index f53830e4c26..c2b65d6c013 100644
--- a/lang/ruby-base/Makefile
+++ b/lang/ruby-base/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2004/08/24 15:43:56 taca Exp $
+# $NetBSD: Makefile,v 1.29.2.1 2004/11/15 21:26:45 salo Exp $
 # FreeBSD Id: ports/lang/ruby/Makefile,v 1.39 2000/10/20 19:56:03 knu Exp
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGNAMEPREFIX}base-${RUBY_VERSION}
-PKGREVISION=	5
+PKGREVISION=	7
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby-base/distinfo b/lang/ruby-base/distinfo
index 821d57771ac..4fd5b83edcb 100644
--- a/lang/ruby-base/distinfo
+++ b/lang/ruby-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2004/08/24 15:43:56 taca Exp $
+$NetBSD: distinfo,v 1.15.2.1 2004/11/15 21:26:45 salo Exp $
 
 SHA1 (ruby/ruby-1.6.8.tar.gz) = 4b475ac1c837cd62b6dfe85359e1502a71b08cd1
 Size (ruby/ruby-1.6.8.tar.gz) = 1023403 bytes
@@ -15,3 +15,4 @@ SHA1 (patch-an) = 72461b10296cb9a03fc37bba6af69650c8777741
 SHA1 (patch-ao) = 1070614441174b30926ba1d8a4d1a4718172ce4b
 SHA1 (patch-ap) = 19f520406a9b699a4bbe53b0e9e2b69b4eb7d96a
 SHA1 (patch-aq) = cf9f16f056c2f5df2493b6f04232fb62edf4448f
+SHA1 (patch-ar) = 03e15c32b0865d11339f609b2e98613fc09083b4
diff --git a/lang/ruby-base/patches/patch-ar b/lang/ruby-base/patches/patch-ar
new file mode 100644
index 00000000000..c665faa0adb
--- /dev/null
+++ b/lang/ruby-base/patches/patch-ar
@@ -0,0 +1,20 @@
+$NetBSD: patch-ar,v 1.1.2.2 2004/11/15 21:26:45 salo Exp $
+
+--- lib/cgi.rb.orig	2002-08-29 18:05:06.000000000 +0900
++++ lib/cgi.rb
+@@ -823,10 +823,13 @@ convert string charset, and set language
+           end
+ 
+           c = if bufsize < content_length
+-                stdinput.read(bufsize) or ''
++                stdinput.read(bufsize)
+               else
+-                stdinput.read(content_length) or ''
++                stdinput.read(content_length)
+               end
++	  if c.nil?
++	    raise EOFError, "bad content body"
++	  end
+           buf += c
+           content_length -= c.size
+