From c31b7ad5f981885c4fadeefa0ba2e02f8c43e664 Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 20 Jun 2008 15:39:29 +0000 Subject: Update Ruby 1.8.7 patchlevel 22. This is security fix: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada * string.c (rb_str_buf_append): should infect. Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. Wed Jun 18 22:24:46 2008 URABE Shyouhei * array.c (ary_new, rb_ary_initialize, rb_ary_store, rb_ary_aplice, rb_ary_times): integer overflows should be checked. based on patches from Drew Yao fixed CVE-2008-2726 * string.c (rb_str_buf_append): fixed unsafe use of alloca, which led memory corruption. based on a patch from Drew Yao fixed CVE-2008-2726 * sprintf.c (rb_str_format): backported from trunk. * intern.h: ditto. Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada * file.c (file_expand_path): no need to expand root path which has no short file name. [ruby-dev:35095] Sun Jun 15 19:27:40 2008 Akinori MUSHA * configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby directories; submitted by Takahiro Kambe in [ruby-dev:35099]. --- lang/ruby18-base/distinfo | 11 ++++------- lang/ruby18-base/patches/patch-aa | 21 +-------------------- lang/ruby18-base/patches/patch-ab | 25 +------------------------ 3 files changed, 6 insertions(+), 51 deletions(-) (limited to 'lang/ruby18-base') diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index d53ab3cb2d1..0bc0b0ddc6a 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,8 +1,5 @@ -$NetBSD: distinfo,v 1.28 2008/06/19 14:35:37 taca Exp $ +$NetBSD: distinfo,v 1.29 2008/06/20 15:39:29 taca Exp $ -SHA1 (ruby-1.8.7-p17.tar.bz2) = 0119f0af48eafe4d7b8cfc95f23588556d25cc21 -RMD160 (ruby-1.8.7-p17.tar.bz2) = d220bd233dddba6c7ceeba84a7da5d2e6a78988b -Size (ruby-1.8.7-p17.tar.bz2) = 4114057 bytes -SHA1 (patch-aa) = c1b07842dc872d9c5f522b7ba48c9e4419ffed64 -SHA1 (patch-ab) = 26260b203644839837b456f5e1ec0a7a3de49503 -SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b +SHA1 (ruby-1.8.7-p22.tar.bz2) = a54e59393f0ca8fcc39f9e23e63a04b1cd4e3b7a +RMD160 (ruby-1.8.7-p22.tar.bz2) = 249253406204151d9448ec43ddc61712556ae023 +Size (ruby-1.8.7-p22.tar.bz2) = 4121532 bytes diff --git a/lang/ruby18-base/patches/patch-aa b/lang/ruby18-base/patches/patch-aa index 2f8747fa3b1..319d89bbb55 100644 --- a/lang/ruby18-base/patches/patch-aa +++ b/lang/ruby18-base/patches/patch-aa @@ -1,4 +1,4 @@ -$NetBSD: patch-aa,v 1.11 2008/06/19 14:35:37 taca Exp $ +$NetBSD: patch-aa,v 1.12 2008/06/20 15:39:29 taca Exp $ --- configure.in.orig 2008-06-09 03:23:46.000000000 +0900 +++ configure.in @@ -49,22 +49,3 @@ $NetBSD: patch-aa,v 1.11 2008/06/19 14:35:37 taca Exp $ fi LDFLAGS="-L. $LDFLAGS" -@@ -1717,14 +1736,14 @@ AC_ARG_WITH(vendordir, - VENDOR_DIR=`eval echo \\"${vendordir}\\"` - case "$target_os" in - cygwin*|mingw*|*djgpp*|os2-emx*) -- RUBY_VENDOR_LIB_PATH="`expr "$VENDOR_DIR" : "$prefix\(/.*\)"`" || -- RUBY_VENDOR_LIB_PATH="$VENDOR_DIR";; -+ RUBY_VENDOR_LIB_PATH="`eval echo "$VENDOR_DIR" | sed 's|^NONE/|/|;s|^'"$prefix"'/|/|'`" -+ ;; - *) -- RUBY_VENDOR_LIB_PATH="$VENDOR_DIR";; -+ RUBY_VENDOR_LIB_PATH="`eval echo \\"$VENDOR_DIR\\" | sed 's|^NONE/|'"$prefix"'/|'`" -+ ;; - esac - RUBY_VENDOR_LIB_PATH2="${RUBY_VENDOR_LIB_PATH}/${MAJOR}.${MINOR}" - --AC_DEFINE_UNQUOTED(RUBY_LIB, "${RUBY_LIB_PATH}") - AC_DEFINE_UNQUOTED(RUBY_VENDOR_LIB, "${RUBY_VENDOR_LIB_PATH}") - AC_DEFINE_UNQUOTED(RUBY_VENDOR_LIB2, "${RUBY_VENDOR_LIB_PATH2}") - diff --git a/lang/ruby18-base/patches/patch-ab b/lang/ruby18-base/patches/patch-ab index e7845572039..11fd9813145 100644 --- a/lang/ruby18-base/patches/patch-ab +++ b/lang/ruby18-base/patches/patch-ab @@ -1,4 +1,4 @@ -$NetBSD: patch-ab,v 1.11 2008/06/19 14:35:37 taca Exp $ +$NetBSD: patch-ab,v 1.12 2008/06/20 15:39:29 taca Exp $ --- configure.orig 2008-06-09 18:38:04.000000000 +0900 +++ configure @@ -49,26 +49,3 @@ $NetBSD: patch-ab,v 1.11 2008/06/19 14:35:37 taca Exp $ fi LDFLAGS="-L. $LDFLAGS" -@@ -17563,18 +17582,15 @@ fi - VENDOR_DIR=`eval echo \\"${vendordir}\\"` - case "$target_os" in - cygwin*|mingw*|*djgpp*|os2-emx*) -- RUBY_VENDOR_LIB_PATH="`expr "$VENDOR_DIR" : "$prefix\(/.*\)"`" || -- RUBY_VENDOR_LIB_PATH="$VENDOR_DIR";; -+ RUBY_VENDOR_LIB_PATH="`eval echo "$VENDOR_DIR" | sed 's|^NONE/|/|;s|^'"$prefix"'/|/|'`" -+ ;; - *) -- RUBY_VENDOR_LIB_PATH="$VENDOR_DIR";; -+ RUBY_VENDOR_LIB_PATH="`eval echo \\"$VENDOR_DIR\\" | sed 's|^NONE/|'"$prefix"'/|'`" -+ ;; - esac - RUBY_VENDOR_LIB_PATH2="${RUBY_VENDOR_LIB_PATH}/${MAJOR}.${MINOR}" - - cat >>confdefs.h <<_ACEOF --#define RUBY_LIB "${RUBY_LIB_PATH}" --_ACEOF -- --cat >>confdefs.h <<_ACEOF - #define RUBY_VENDOR_LIB "${RUBY_VENDOR_LIB_PATH}" - _ACEOF - -- cgit v1.2.3