diff options
author | tron <tron> | 2014-08-25 16:31:58 +0000 |
---|---|---|
committer | tron <tron> | 2014-08-25 16:31:58 +0000 |
commit | 243558e80a5ee54423b3307f0e5021121a61de61 (patch) | |
tree | a0329f04ab19c34e9552f93954a769ca04081dc6 | |
parent | 20a68faa5eeda07808a7c7e3a1cbe71e016271b5 (diff) | |
download | pkgsrc-243558e80a5ee54423b3307f0e5021121a61de61.tar.gz |
Pullup ticket #4488 - requested by tron
lang/ruby200-base: security patch
Revisions pulled up:
- lang/ruby200-base/Makefile 1.12
- lang/ruby200-base/distinfo 1.15
- lang/ruby200-base/patches/patch-pack.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 25 03:27:37 UTC 2014
Modified Files:
pkgsrc/lang/ruby200-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby200-base/patches: patch-pack.c
Log Message:
Add fix for CVS-2014-4975.
Bump PKGREVISION.
-rw-r--r-- | lang/ruby200-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby200-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby200-base/patches/patch-pack.c | 42 |
3 files changed, 46 insertions, 2 deletions
diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile index 6d2879d6386..73abd4f7e04 100644 --- a/lang/ruby200-base/Makefile +++ b/lang/ruby200-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.11 2014/05/13 17:48:36 pho Exp $ +# $NetBSD: Makefile,v 1.11.2.1 2014/08/25 16:31:58 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo index d1ef399f412..8961cc5bd76 100644 --- a/lang/ruby200-base/distinfo +++ b/lang/ruby200-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.14 2014/05/21 03:14:45 taca Exp $ +$NetBSD: distinfo,v 1.14.2.1 2014/08/25 16:31:58 tron Exp $ SHA1 (ruby-2.0.0-p481.tar.bz2) = 08f0cedbaf3bc45b0681973aa7b19aa3be2e1184 RMD160 (ruby-2.0.0-p481.tar.bz2) = 7a2d527975f57e2700552b06082cc93589fa34a1 @@ -22,5 +22,6 @@ SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = af855135020f18c361cc55af676adc75e26bf4d3 SHA1 (patch-man_ruby.1) = 5bc1e2e7c4c640659e33d0131d0982ce4e0d9fe0 +SHA1 (patch-pack.c) = 4a4965fc909112003a9842045e4e798c5cd2339d SHA1 (patch-test_rubygems_test__gem.rb) = 32ba1a7a2e9f6174297de969fc0b7cdcd083c764 SHA1 (patch-tool_rbinstall.rb) = 287064ed2bc90e92cdc1b38fc4031d65819d3843 diff --git a/lang/ruby200-base/patches/patch-pack.c b/lang/ruby200-base/patches/patch-pack.c new file mode 100644 index 00000000000..e36a911e434 --- /dev/null +++ b/lang/ruby200-base/patches/patch-pack.c @@ -0,0 +1,42 @@ +$NetBSD: patch-pack.c,v 1.1.2.2 2014/08/25 16:31:58 tron Exp $ + +Fix for CVS-2014-4975 from revision #46806 in ruby_2_1 branch. + +--- pack.c.orig 2012-10-19 13:13:32.000000000 +0000 ++++ pack.c +@@ -1063,7 +1063,8 @@ static const char b64_table[] = + static void + encodes(VALUE str, const char *s, long len, int type, int tail_lf) + { +- char buff[4096]; ++ enum {buff_size = 4096, encoded_unit = 4}; ++ char buff[buff_size + 1]; /* +1 for tail_lf */ + long i = 0; + const char *trans = type == 'u' ? uu_table : b64_table; + char padding; +@@ -1076,7 +1077,7 @@ encodes(VALUE str, const char *s, long l + padding = '='; + } + while (len >= 3) { +- while (len >= 3 && sizeof(buff)-i >= 4) { ++ while (len >= 3 && buff_size-i >= encoded_unit) { + buff[i++] = trans[077 & (*s >> 2)]; + buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; + buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; +@@ -1084,7 +1085,7 @@ encodes(VALUE str, const char *s, long l + s += 3; + len -= 3; + } +- if (sizeof(buff)-i < 4) { ++ if (buff_size-i < encoded_unit) { + rb_str_buf_cat(str, buff, i); + i = 0; + } +@@ -1104,6 +1105,7 @@ encodes(VALUE str, const char *s, long l + } + if (tail_lf) buff[i++] = '\n'; + rb_str_buf_cat(str, buff, i); ++ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun"); + } + + static const char hex_table[] = "0123456789ABCDEF"; |