diff options
author | tron <tron> | 2014-08-25 16:50:43 +0000 |
---|---|---|
committer | tron <tron> | 2014-08-25 16:50:43 +0000 |
commit | 45981dbb6ed7db553a2bf072708de15f81aaec12 (patch) | |
tree | 919b48bbc4822ff4447ef044319b592c62ba93a5 | |
parent | 243558e80a5ee54423b3307f0e5021121a61de61 (diff) | |
download | pkgsrc-45981dbb6ed7db553a2bf072708de15f81aaec12.tar.gz |
Pullup ticket #4489 - requested by tron
lang/ruby21-base: security patch
Revisions pulled up:
- lang/ruby21-base/Makefile 1.6
- lang/ruby21-base/distinfo 1.7
- lang/ruby21-base/patches/patch-pack.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 25 03:28:25 UTC 2014
Modified Files:
pkgsrc/lang/ruby21-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby21-base/patches: patch-pack.c
Log Message:
Add fix for CVS-2014-4975.
Bump PKGREVISION.
-rw-r--r-- | lang/ruby21-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby21-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby21-base/patches/patch-pack.c | 42 |
3 files changed, 46 insertions, 2 deletions
diff --git a/lang/ruby21-base/Makefile b/lang/ruby21-base/Makefile index 376993ad5e6..91d33a84e17 100644 --- a/lang/ruby21-base/Makefile +++ b/lang/ruby21-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.5 2014/06/26 16:56:11 jperkin Exp $ +# $NetBSD: Makefile,v 1.5.2.1 2014/08/25 16:50:43 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby21-base/distinfo b/lang/ruby21-base/distinfo index 1c3e5ab2ae5..f230e30a160 100644 --- a/lang/ruby21-base/distinfo +++ b/lang/ruby21-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.6 2014/05/21 03:19:57 taca Exp $ +$NetBSD: distinfo,v 1.6.2.1 2014/08/25 16:50:43 tron Exp $ SHA1 (ruby-2.1.2.tar.bz2) = 29a615966c7feb6554be736e7dcd590c770ee692 RMD160 (ruby-2.1.2.tar.bz2) = 0bae9f1f62c0df44840355a880eb1907892f2b38 @@ -22,6 +22,7 @@ SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = af855135020f18c361cc55af676adc75e26bf4d3 SHA1 (patch-man_ruby.1) = 5bc1e2e7c4c640659e33d0131d0982ce4e0d9fe0 +SHA1 (patch-pack.c) = d553e0f2dd81df87d925260efbb04853d055ae8b SHA1 (patch-template_verconf.h.in) = 1f4c0676d1335a9fc32ccf8cbfa41678dde96dcd SHA1 (patch-test_rubygems_test__gem.rb) = 4d8cc50c2782e29eefea0ea6deedf295a7f09bc2 SHA1 (patch-tool_rbinstall.rb) = 845e5136dc2b5e3c41aeb833890e786544d6f5d5 diff --git a/lang/ruby21-base/patches/patch-pack.c b/lang/ruby21-base/patches/patch-pack.c new file mode 100644 index 00000000000..d026d894b80 --- /dev/null +++ b/lang/ruby21-base/patches/patch-pack.c @@ -0,0 +1,42 @@ +$NetBSD: patch-pack.c,v 1.1.2.2 2014/08/25 16:50:44 tron Exp $ + +Fix for CVS-2014-4975 from revision #46806 in ruby_2_1 branch. + +--- pack.c.orig 2013-11-08 02:37:47.000000000 +0000 ++++ pack.c +@@ -946,7 +946,8 @@ static const char b64_table[] = + static void + encodes(VALUE str, const char *s, long len, int type, int tail_lf) + { +- char buff[4096]; ++ enum {buff_size = 4096, encoded_unit = 4}; ++ char buff[buff_size + 1]; /* +1 for tail_lf */ + long i = 0; + const char *trans = type == 'u' ? uu_table : b64_table; + char padding; +@@ -959,7 +960,7 @@ encodes(VALUE str, const char *s, long l + padding = '='; + } + while (len >= 3) { +- while (len >= 3 && sizeof(buff)-i >= 4) { ++ while (len >= 3 && buff_size-i >= encoded_unit) { + buff[i++] = trans[077 & (*s >> 2)]; + buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; + buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; +@@ -967,7 +968,7 @@ encodes(VALUE str, const char *s, long l + s += 3; + len -= 3; + } +- if (sizeof(buff)-i < 4) { ++ if (buff_size-i < encoded_unit) { + rb_str_buf_cat(str, buff, i); + i = 0; + } +@@ -987,6 +988,7 @@ encodes(VALUE str, const char *s, long l + } + if (tail_lf) buff[i++] = '\n'; + rb_str_buf_cat(str, buff, i); ++ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun"); + } + + static const char hex_table[] = "0123456789ABCDEF"; |