diff options
author | taca <taca@pkgsrc.org> | 2013-09-10 16:25:51 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2013-09-10 16:25:51 +0000 |
commit | 5e410b81aa9fe316dc6c68dfa4b6467187848586 (patch) | |
tree | db8813c340fb99839aeda1b31b6abcf83e6ad4fc | |
parent | b4914eaa5b05c682d834b31628b7af319df03e76 (diff) | |
download | pkgsrc-5e410b81aa9fe316dc6c68dfa4b6467187848586.tar.gz |
Add a fix for CVE-2013-4287 in rubygems.
Bump PKGREVISION.
-rw-r--r-- | lang/ruby193-base/Makefile | 4 | ||||
-rw-r--r-- | lang/ruby193-base/distinfo | 4 | ||||
-rw-r--r-- | lang/ruby193-base/patches/patch-lib_rubygems_version.rb | 14 | ||||
-rw-r--r-- | lang/ruby200-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby200-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby200-base/patches/patch-lib_rubygems_version.rb | 15 |
6 files changed, 35 insertions, 8 deletions
diff --git a/lang/ruby193-base/Makefile b/lang/ruby193-base/Makefile index d935e1c616d..07359fc03bd 100644 --- a/lang/ruby193-base/Makefile +++ b/lang/ruby193-base/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.33 2013/08/06 15:21:31 fhajny Exp $ +# $NetBSD: Makefile,v 1.34 2013/09/10 16:25:51 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby193-base/distinfo b/lang/ruby193-base/distinfo index ad3badba202..b8e5be9f852 100644 --- a/lang/ruby193-base/distinfo +++ b/lang/ruby193-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2013/07/19 15:32:58 taca Exp $ +$NetBSD: distinfo,v 1.25 2013/09/10 16:25:51 taca Exp $ SHA1 (ruby-1.9.3-p448.tar.bz2) = 4bd9140bd4760409f771d4dd55138c22d3ff2995 RMD160 (ruby-1.9.3-p448.tar.bz2) = e012b5b506092406a4e35711d57290932ba557c6 @@ -24,7 +24,7 @@ SHA1 (patch-lib_rubygems_install__update__options.rb) = 74f81900c92bc3c7a663a112 SHA1 (patch-lib_rubygems_installer.rb) = 5832fd6e8a3d26fe8ae5afc9f8a6fea462d56ccf SHA1 (patch-lib_rubygems_specification.rb) = 3da23596f701c1966bc12f2341c82f2f2c646779 SHA1 (patch-lib_rubygems_uninstaller.rb) = bde19710968f80e56760288d09870a08f3a4ec52 -SHA1 (patch-lib_rubygems_version.rb) = 3ec26651ba8f2e6bbd4527e8c0a2f5944833264f +SHA1 (patch-lib_rubygems_version.rb) = ec135b2e4f298c8077f1213b699ebcb4efa98803 SHA1 (patch-man_erb.1) = a8f69ebb02b4d5e1c80b270a3d683c23d8dfbcf1 SHA1 (patch-man_irb.1) = 58fcccbb5f5f76450715cbf246a018af58d9b57e SHA1 (patch-man_ri.1) = 25d82d08a9eb74ccc1cbbc1fc324d23f1a56ed64 diff --git a/lang/ruby193-base/patches/patch-lib_rubygems_version.rb b/lang/ruby193-base/patches/patch-lib_rubygems_version.rb index 12b38242505..9291752c063 100644 --- a/lang/ruby193-base/patches/patch-lib_rubygems_version.rb +++ b/lang/ruby193-base/patches/patch-lib_rubygems_version.rb @@ -1,9 +1,19 @@ -$NetBSD: patch-lib_rubygems_version.rb,v 1.1 2013/02/02 08:11:54 taca Exp $ +$NetBSD: patch-lib_rubygems_version.rb,v 1.2 2013/09/10 16:25:51 taca Exp $ -A small fix from Ruby 2.0.0 and Rubygem 1.8.25. +* A fix for CVE-2013-4287. +* A small fix from Ruby 2.0.0 and Rubygem 1.8.25. --- lib/rubygems/version.rb.orig 2012-04-19 22:43:16.000000000 +0000 +++ lib/rubygems/version.rb +@@ -145,7 +145,7 @@ class Gem::Version + + include Comparable + +- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: ++ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: + + ## @@ -187,7 +187,7 @@ class Gem::Version raise ArgumentError, "Malformed version number string #{version}" unless self.class.correct?(version) diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile index 22b0589cb35..22f6291f9a0 100644 --- a/lang/ruby200-base/Makefile +++ b/lang/ruby200-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.1 2013/07/21 02:32:58 taca Exp $ +# $NetBSD: Makefile,v 1.2 2013/09/10 16:26:30 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo index fbe2f6ae146..796edbe466a 100644 --- a/lang/ruby200-base/distinfo +++ b/lang/ruby200-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2013/08/15 16:27:35 joerg Exp $ +$NetBSD: distinfo,v 1.3 2013/09/10 16:26:30 taca Exp $ SHA1 (ruby-2.0.0-p247.tar.bz2) = 9d3e5758c87a2c8016aec246f278b7551f8cb675 RMD160 (ruby-2.0.0-p247.tar.bz2) = 4a3b6653f17c145c6938c538022c199f830a0dee @@ -19,6 +19,7 @@ SHA1 (patch-lib_rubygems_install__update__options.rb) = 22cfafe090db72211253b852 SHA1 (patch-lib_rubygems_installer.rb) = ef2ab9f965fc7946e68c8d751d3c21a2c676f343 SHA1 (patch-lib_rubygems_specification.rb) = 4ffe57953051f2e091ae94e022b40146f8bec7aa SHA1 (patch-lib_rubygems_uninstaller.rb) = bf525fc55e9bf94e1561a7cac76e09873d3aaca2 +SHA1 (patch-lib_rubygems_version.rb) = 16ef586c6028c248eff9d284c322f573910e4423 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = 7314829a437e3c4625188a818e18751997eda1ce diff --git a/lang/ruby200-base/patches/patch-lib_rubygems_version.rb b/lang/ruby200-base/patches/patch-lib_rubygems_version.rb new file mode 100644 index 00000000000..e5bb401e429 --- /dev/null +++ b/lang/ruby200-base/patches/patch-lib_rubygems_version.rb @@ -0,0 +1,15 @@ +$NetBSD: patch-lib_rubygems_version.rb,v 1.1 2013/09/10 16:26:31 taca Exp $ + +A fix for CVE-2013-4287. + +--- lib/rubygems/version.rb.orig 2012-11-29 06:52:18.000000000 +0000 ++++ lib/rubygems/version.rb +@@ -147,7 +147,7 @@ class Gem::Version + + # FIX: These are only used once, in .correct?. Do they deserve to be + # constants? +- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: ++ VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: + + ## |