Add a patch to fix CVE-2011-1005 security problem which found out that

it affected Ruby 1.9.x, too. Now it assigned CVE-2012-4464 and CVE-2012-4466. Bump PKGREVISION.
author: taca <taca@pkgsrc.org> 2012-10-06 16:20:35 +0000
committer: taca <taca@pkgsrc.org> 2012-10-06 16:20:35 +0000
commit: 9e4851877a3e42b10e91b41882707179b4841cbb (patch)
tree: 599d3d57c5b7d938a00947238a9054c112297535 /lang/ruby193-base/patches
parent: cb73c428889e1f047e4edcfff3556b151aed671d (diff)
download: pkgsrc-9e4851877a3e42b10e91b41882707179b4841cbb.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/lang/ruby193-base/patches/patch-error.c b/lang/ruby193-base/patches/patch-error.c
new file mode 100644
index 00000000000..87325192d2d
--- /dev/null
+++ b/lang/ruby193-base/patches/patch-error.c
@@ -0,0 +1,36 @@
+$NetBSD$
+
+Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
+Ruby's repository r37068.
+
+--- error.c.orig	2012-02-25 12:32:19.000000000 +0000
++++ error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+-    if (str != mesg) {
+-	rb_iv_set(exc, "mesg", mesg = str);
+-    }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
++    return str;
+ }
+ 
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+ 	args[2] = d;
+ 	mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+     }
+-    OBJ_INFECT(mesg, obj);
+     return mesg;
+ }
+
author	taca <taca@pkgsrc.org>	2012-10-06 16:20:35 +0000
committer	taca <taca@pkgsrc.org>	2012-10-06 16:20:35 +0000
commit	9e4851877a3e42b10e91b41882707179b4841cbb (patch)
tree	599d3d57c5b7d938a00947238a9054c112297535 /lang/ruby193-base/patches
parent	cb73c428889e1f047e4edcfff3556b151aed671d (diff)
download	pkgsrc-9e4851877a3e42b10e91b41882707179b4841cbb.tar.gz