diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-03 21:06:10 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-03 21:06:10 +0000 |
| commit | 04062c9538d6b391fd6c47fd236f6f668c0646e8 (patch) | |
| tree | f53b35d407798e3979db1ef4faef88748acaee26 /lang | |
| parent | f944d77c9bf2f55f244773e90373027da5f56541 (diff) | |
| download | pkgsrc-04062c9538d6b391fd6c47fd236f6f668c0646e8.tar.gz | |
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/ruby18-base/Makefile | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/distinfo | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/patches/patch-ad | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile index 1dd8f6dceef..65c8b3697d5 100644 --- a/lang/ruby18-base/Makefile +++ b/lang/ruby18-base/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.44 2008/06/19 22:19:37 obache Exp $ +# $NetBSD: Makefile,v 1.45 2008/07/03 21:06:10 tonnerre Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} +PKGREVISION= 1 MAINTAINER= taca@NetBSD.org HOMEPAGE= ${RUBY_HOMEPAGE} diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index 64dbac181f7..ac743fb11ab 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.30 2008/06/20 17:26:31 taca Exp $ +$NetBSD: distinfo,v 1.31 2008/07/03 21:06:10 tonnerre Exp $ SHA1 (ruby-1.8.7-p22.tar.bz2) = a54e59393f0ca8fcc39f9e23e63a04b1cd4e3b7a RMD160 (ruby-1.8.7-p22.tar.bz2) = 249253406204151d9448ec43ddc61712556ae023 @@ -6,3 +6,4 @@ Size (ruby-1.8.7-p22.tar.bz2) = 4121532 bytes SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994 SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7 SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b +SHA1 (patch-ad) = 289682b47332eec16cc88e4f8ff7b5a6be0d75e7 diff --git a/lang/ruby18-base/patches/patch-ad b/lang/ruby18-base/patches/patch-ad new file mode 100644 index 00000000000..b04b82cfc75 --- /dev/null +++ b/lang/ruby18-base/patches/patch-ad @@ -0,0 +1,20 @@ +$NetBSD: patch-ad,v 1.9 2008/07/03 21:06:10 tonnerre Exp $ + +Avoid memory size integer overflow memory exhaustion DoS in filling +arrays (SN-2008-02). + +--- array.c.orig 2008-07-03 22:56:32.000000000 +0200 ++++ array.c +@@ -2416,10 +2416,10 @@ rb_ary_fill(argc, argv, ary) + break; + } + rb_ary_modify(ary); +- end = beg + len; +- if (end < 0) { ++ if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) { + rb_raise(rb_eArgError, "argument too big"); + } ++ end = beg + len; + if (end > RARRAY(ary)->len) { + if (end >= RARRAY(ary)->aux.capa) { + REALLOC_N(RARRAY(ary)->ptr, VALUE, end); |