Pullup ticket #4488 - requested by tron

lang/ruby200-base: security patch

Revisions pulled up:
- lang/ruby200-base/Makefile                                    1.12
- lang/ruby200-base/distinfo                                    1.15
- lang/ruby200-base/patches/patch-pack.c                        1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Aug 25 03:27:37 UTC 2014

   Modified Files:
   	pkgsrc/lang/ruby200-base: Makefile distinfo
   Added Files:
   	pkgsrc/lang/ruby200-base/patches: patch-pack.c

   Log Message:
   Add fix for CVS-2014-4975.

   Bump PKGREVISION.

3 files changed, 46 insertions, 2 deletions

diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile
index 6d2879d6386..73abd4f7e04 100644
--- a/lang/ruby200-base/Makefile
+++ b/lang/ruby200-base/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2014/05/13 17:48:36 pho Exp $
+# $NetBSD: Makefile,v 1.11.2.1 2014/08/25 16:31:58 tron Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
+PKGREVISION=	1
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo
index d1ef399f412..8961cc5bd76 100644
--- a/lang/ruby200-base/distinfo
+++ b/lang/ruby200-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2014/05/21 03:14:45 taca Exp $
+$NetBSD: distinfo,v 1.14.2.1 2014/08/25 16:31:58 tron Exp $
 
 SHA1 (ruby-2.0.0-p481.tar.bz2) = 08f0cedbaf3bc45b0681973aa7b19aa3be2e1184
 RMD160 (ruby-2.0.0-p481.tar.bz2) = 7a2d527975f57e2700552b06082cc93589fa34a1
@@ -22,5 +22,6 @@ SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116
 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7
 SHA1 (patch-man_ri.1) = af855135020f18c361cc55af676adc75e26bf4d3
 SHA1 (patch-man_ruby.1) = 5bc1e2e7c4c640659e33d0131d0982ce4e0d9fe0
+SHA1 (patch-pack.c) = 4a4965fc909112003a9842045e4e798c5cd2339d
 SHA1 (patch-test_rubygems_test__gem.rb) = 32ba1a7a2e9f6174297de969fc0b7cdcd083c764
 SHA1 (patch-tool_rbinstall.rb) = 287064ed2bc90e92cdc1b38fc4031d65819d3843
diff --git a/lang/ruby200-base/patches/patch-pack.c b/lang/ruby200-base/patches/patch-pack.c
new file mode 100644
index 00000000000..e36a911e434
--- /dev/null
+++ b/lang/ruby200-base/patches/patch-pack.c
@@ -0,0 +1,42 @@
+$NetBSD: patch-pack.c,v 1.1.2.2 2014/08/25 16:31:58 tron Exp $
+
+Fix for CVS-2014-4975 from revision #46806 in ruby_2_1 branch.
+
+--- pack.c.orig	2012-10-19 13:13:32.000000000 +0000
++++ pack.c
+@@ -1063,7 +1063,8 @@ static const char b64_table[] =
+ static void
+ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
+ {
+-    char buff[4096];
++    enum {buff_size = 4096, encoded_unit = 4};
++    char buff[buff_size + 1];	/* +1 for tail_lf */
+     long i = 0;
+     const char *trans = type == 'u' ? uu_table : b64_table;
+     char padding;
+@@ -1076,7 +1077,7 @@ encodes(VALUE str, const char *s, long l
+ 	padding = '=';
+     }
+     while (len >= 3) {
+-        while (len >= 3 && sizeof(buff)-i >= 4) {
++        while (len >= 3 && buff_size-i >= encoded_unit) {
+             buff[i++] = trans[077 & (*s >> 2)];
+             buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))];
+             buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))];
+@@ -1084,7 +1085,7 @@ encodes(VALUE str, const char *s, long l
+             s += 3;
+             len -= 3;
+         }
+-        if (sizeof(buff)-i < 4) {
++        if (buff_size-i < encoded_unit) {
+             rb_str_buf_cat(str, buff, i);
+             i = 0;
+         }
+@@ -1104,6 +1105,7 @@ encodes(VALUE str, const char *s, long l
+     }
+     if (tail_lf) buff[i++] = '\n';
+     rb_str_buf_cat(str, buff, i);
++    if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun");
+ }
+ 
+ static const char hex_table[] = "0123456789ABCDEF";