Pullup ticket #4489 - requested by tron

lang/ruby21-base: security patch

Revisions pulled up:
- lang/ruby21-base/Makefile                                     1.6
- lang/ruby21-base/distinfo                                     1.7
- lang/ruby21-base/patches/patch-pack.c                         1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Aug 25 03:28:25 UTC 2014

   Modified Files:
   	pkgsrc/lang/ruby21-base: Makefile distinfo
   Added Files:
   	pkgsrc/lang/ruby21-base/patches: patch-pack.c

   Log Message:
   Add fix for CVS-2014-4975.

   Bump PKGREVISION.

3 files changed, 46 insertions, 2 deletions

diff --git a/lang/ruby21-base/Makefile b/lang/ruby21-base/Makefile
index 376993ad5e6..91d33a84e17 100644
--- a/lang/ruby21-base/Makefile
+++ b/lang/ruby21-base/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.5 2014/06/26 16:56:11 jperkin Exp $
+# $NetBSD: Makefile,v 1.5.2.1 2014/08/25 16:50:43 tron Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
+PKGREVISION=	1
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby21-base/distinfo b/lang/ruby21-base/distinfo
index 1c3e5ab2ae5..f230e30a160 100644
--- a/lang/ruby21-base/distinfo
+++ b/lang/ruby21-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2014/05/21 03:19:57 taca Exp $
+$NetBSD: distinfo,v 1.6.2.1 2014/08/25 16:50:43 tron Exp $
 
 SHA1 (ruby-2.1.2.tar.bz2) = 29a615966c7feb6554be736e7dcd590c770ee692
 RMD160 (ruby-2.1.2.tar.bz2) = 0bae9f1f62c0df44840355a880eb1907892f2b38
@@ -22,6 +22,7 @@ SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116
 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7
 SHA1 (patch-man_ri.1) = af855135020f18c361cc55af676adc75e26bf4d3
 SHA1 (patch-man_ruby.1) = 5bc1e2e7c4c640659e33d0131d0982ce4e0d9fe0
+SHA1 (patch-pack.c) = d553e0f2dd81df87d925260efbb04853d055ae8b
 SHA1 (patch-template_verconf.h.in) = 1f4c0676d1335a9fc32ccf8cbfa41678dde96dcd
 SHA1 (patch-test_rubygems_test__gem.rb) = 4d8cc50c2782e29eefea0ea6deedf295a7f09bc2
 SHA1 (patch-tool_rbinstall.rb) = 845e5136dc2b5e3c41aeb833890e786544d6f5d5
diff --git a/lang/ruby21-base/patches/patch-pack.c b/lang/ruby21-base/patches/patch-pack.c
new file mode 100644
index 00000000000..d026d894b80
--- /dev/null
+++ b/lang/ruby21-base/patches/patch-pack.c
@@ -0,0 +1,42 @@
+$NetBSD: patch-pack.c,v 1.1.2.2 2014/08/25 16:50:44 tron Exp $
+
+Fix for CVS-2014-4975 from revision #46806 in ruby_2_1 branch.
+
+--- pack.c.orig	2013-11-08 02:37:47.000000000 +0000
++++ pack.c
+@@ -946,7 +946,8 @@ static const char b64_table[] =
+ static void
+ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
+ {
+-    char buff[4096];
++    enum {buff_size = 4096, encoded_unit = 4};
++    char buff[buff_size + 1];	/* +1 for tail_lf */
+     long i = 0;
+     const char *trans = type == 'u' ? uu_table : b64_table;
+     char padding;
+@@ -959,7 +960,7 @@ encodes(VALUE str, const char *s, long l
+ 	padding = '=';
+     }
+     while (len >= 3) {
+-        while (len >= 3 && sizeof(buff)-i >= 4) {
++        while (len >= 3 && buff_size-i >= encoded_unit) {
+             buff[i++] = trans[077 & (*s >> 2)];
+             buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))];
+             buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))];
+@@ -967,7 +968,7 @@ encodes(VALUE str, const char *s, long l
+             s += 3;
+             len -= 3;
+         }
+-        if (sizeof(buff)-i < 4) {
++        if (buff_size-i < encoded_unit) {
+             rb_str_buf_cat(str, buff, i);
+             i = 0;
+         }
+@@ -987,6 +988,7 @@ encodes(VALUE str, const char *s, long l
+     }
+     if (tail_lf) buff[i++] = '\n';
+     rb_str_buf_cat(str, buff, i);
++    if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun");
+ }
+ 
+ static const char hex_table[] = "0123456789ABCDEF";