diff options
| author | tron <tron> | 2015-02-20 20:18:59 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-02-20 20:18:59 +0000 |
| commit | a6a08fef90e544be9ffa0e06a5de99a9b62cb92e (patch) | |
| tree | cafd7a385c81893cb30a2eed03b413a8a576a65c | |
| parent | 638c22fb93dcfe8fa0745ac60583ae71283a0a20 (diff) | |
| download | pkgsrc-a6a08fef90e544be9ffa0e06a5de99a9b62cb92e.tar.gz | |
Pullup ticket #4620 - requested by taca
lang/ruby18-base: security patch
Revisions pulled up:
- lang/ruby18-base/Makefile 1.83
- lang/ruby18-base/distinfo 1.61
- lang/ruby18-base/patches/patch-lib_rexml_entity.rb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 16 14:03:32 UTC 2015
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-lib_rexml_entity.rb
Log Message:
Add fix for CVE-2015-1426.
Bump PKGREVISION.
| -rw-r--r-- | lang/ruby18-base/Makefile | 4 | ||||
| -rw-r--r-- | lang/ruby18-base/distinfo | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/patches/patch-lib_rexml_entity.rb | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile index a07726f54c9..3c9a4b3cba4 100644 --- a/lang/ruby18-base/Makefile +++ b/lang/ruby18-base/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.82 2014/06/26 15:59:31 jperkin Exp $ +# $NetBSD: Makefile,v 1.82.6.1 2015/02/20 20:18:59 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index 93790f832e7..5adba4b328e 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.60 2013/11/24 15:26:30 taca Exp $ +$NetBSD: distinfo,v 1.60.10.1 2015/02/20 20:18:59 tron Exp $ SHA1 (ruby-1.8.7-p374.tar.bz2) = cf82b6cbeed8e389705aa6b66c2a8141626705c3 RMD160 (ruby-1.8.7-p374.tar.bz2) = 314efaa961c80c9294202c6e40dec0e38865ed94 @@ -50,3 +50,4 @@ SHA1 (patch-ga) = 73f50504baf74ee77d00dcfb5a9446bbaf122726 SHA1 (patch-gb) = 345ad3e5df6fd9febe7b398f091662fd7c300dc4 SHA1 (patch-lib_rdoc_options.rb) = 0f14417733ad6fc6fbc93af1c8463ecd59abce7c SHA1 (patch-lib_rdoc_rdoc.rb) = bef895245cc06ca84fd1e5d506c3c65932921b3a +SHA1 (patch-lib_rexml_entity.rb) = 5038826abfa6a56406fe369dfc74c9fe096665f6 diff --git a/lang/ruby18-base/patches/patch-lib_rexml_entity.rb b/lang/ruby18-base/patches/patch-lib_rexml_entity.rb new file mode 100644 index 00000000000..6745547f49c --- /dev/null +++ b/lang/ruby18-base/patches/patch-lib_rexml_entity.rb @@ -0,0 +1,22 @@ +$NetBSD: patch-lib_rexml_entity.rb,v 1.1.2.2 2015/02/20 20:18:59 tron Exp $ + +Fix for CVE-2015-1426. + +--- lib/rexml/entity.rb.orig 2009-02-05 00:03:56.000000000 +0000 ++++ lib/rexml/entity.rb +@@ -138,8 +138,15 @@ module REXML + matches = @value.scan(PEREFERENCE_RE) + rv = @value.clone + if @parent ++ sum = 0 + matches.each do |entity_reference| + entity_value = @parent.entity( entity_reference[0] ) ++ if sum + entity_value.bytesize > Document.entity_expansion_text_limit ++ raise "entity expansion has grown too large" ++ else ++ sum += entity_value.bytesize ++ end ++ + rv.gsub!( /%#{entity_reference};/um, entity_value ) + end + end |