Add a patch to fix CVE-2011-1005 security problem which found out that

it affected Ruby 1.9.x, too.

Now it assigned CVE-2012-4464 and CVE-2012-4466.

Bump PKGREVISION.

3 files changed, 40 insertions, 3 deletions

diff --git a/lang/ruby193-base/Makefile b/lang/ruby193-base/Makefile
index aa7baa7e14b..3425d0243d6 100644
--- a/lang/ruby193-base/Makefile
+++ b/lang/ruby193-base/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2012/10/02 20:11:52 asau Exp $
+# $NetBSD: Makefile,v 1.19 2012/10/06 16:20:35 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 DIST_SUBDIR=	ruby193-base-201202170
diff --git a/lang/ruby193-base/distinfo b/lang/ruby193-base/distinfo
index 37edeb5cc7b..bbca195020d 100644
--- a/lang/ruby193-base/distinfo
+++ b/lang/ruby193-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2012/07/25 14:26:57 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2012/10/06 16:20:35 taca Exp $
 
 SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c
 RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60
@@ -6,6 +6,7 @@ Size (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = 9841223 bytes
 SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23
 SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc
 SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5
+SHA1 (patch-error.c) = 571c8587c171356403f5ece93259a7b59ce3ff75
 SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74
 SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8
 SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6
diff --git a/lang/ruby193-base/patches/patch-error.c b/lang/ruby193-base/patches/patch-error.c
new file mode 100644
index 00000000000..87325192d2d
--- /dev/null
+++ b/lang/ruby193-base/patches/patch-error.c
@@ -0,0 +1,36 @@
+$NetBSD$
+
+Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
+Ruby's repository r37068.
+
+--- error.c.orig	2012-02-25 12:32:19.000000000 +0000
++++ error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+-    if (str != mesg) {
+-	rb_iv_set(exc, "mesg", mesg = str);
+-    }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
++    return str;
+ }
+ 
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+ 	args[2] = d;
+ 	mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+     }
+-    OBJ_INFECT(mesg, obj);
+     return mesg;
+ }
+