From a3901df76bb6f708dc4ef4bf4663c4b79ea5074b Mon Sep 17 00:00:00 2001 From: taca Date: Mon, 28 Mar 2011 16:19:36 +0000 Subject: Add a patch for fix of CVE-2011-0188. Bump PKGREVISION. --- lang/ruby19-base/Makefile | 3 ++- lang/ruby19-base/distinfo | 3 ++- .../patches/patch-ext_bigdecimal_bigdecimal.c | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 lang/ruby19-base/patches/patch-ext_bigdecimal_bigdecimal.c (limited to 'lang/ruby19-base') diff --git a/lang/ruby19-base/Makefile b/lang/ruby19-base/Makefile index 22cca74c520..e1aae52cc80 100644 --- a/lang/ruby19-base/Makefile +++ b/lang/ruby19-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.7 2011/02/21 14:44:11 taca Exp $ +# $NetBSD: Makefile,v 1.8 2011/03/28 16:19:36 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} #PKGREVISION= diff --git a/lang/ruby19-base/distinfo b/lang/ruby19-base/distinfo index 9573acfb4be..601c02d2848 100644 --- a/lang/ruby19-base/distinfo +++ b/lang/ruby19-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2011/03/27 15:49:40 taca Exp $ +$NetBSD: distinfo,v 1.6 2011/03/28 16:19:36 taca Exp $ SHA1 (ruby-1.9.2-p180.tar.bz2) = 10824b44c8060c7b9b5afc0b3519a1e9f02f7fe5 RMD160 (ruby-1.9.2-p180.tar.bz2) = a5870eaa18777342e562fdb513c2dd76d2045d78 @@ -24,4 +24,5 @@ SHA1 (patch-ar) = 8a4b8ae18f9bdafc1bfbbd9ec62d18caf890571e SHA1 (patch-as) = 2005d2b5ca10d79188e8615383b881d5c9dfb616 SHA1 (patch-at) = 532eebfda565d78b9d7ab572b7d8539933e431a3 SHA1 (patch-au) = 45073c6d3461ee181e89228beb088d161af3d735 +SHA1 (patch-ext_bigdecimal_bigdecimal.c) = e15f6acd3f36c428540b5e8dcc1f2b0a610ffb7c SHA1 (patch-string.c) = 56c5433a8dd43ca4ee0a21d4d131ce4f662608ed diff --git a/lang/ruby19-base/patches/patch-ext_bigdecimal_bigdecimal.c b/lang/ruby19-base/patches/patch-ext_bigdecimal_bigdecimal.c new file mode 100644 index 00000000000..acfaa31f1af --- /dev/null +++ b/lang/ruby19-base/patches/patch-ext_bigdecimal_bigdecimal.c @@ -0,0 +1,19 @@ +$NetBSD: patch-ext_bigdecimal_bigdecimal.c,v 1.1 2011/03/28 16:19:36 taca Exp $ + +* Fix for CVE-2011-0188 from repository, r30993. + +--- ext/bigdecimal/bigdecimal.c.orig 2010-05-08 02:07:43.000000000 +0000 ++++ ext/bigdecimal/bigdecimal.c +@@ -2123,9 +2123,9 @@ static int gnAlloc=0; /* Memory allocati + VP_EXPORT void * + VpMemAlloc(U_LONG mb) + { +- void *p = xmalloc((unsigned int)mb); +- if(!p) { +- VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1); ++ void *p = xmalloc(mb); ++ if (!p) { ++ VpException(VP_EXCEPTION_MEMORY, "failed to allocate memory", 1); + } + memset(p,0,mb); + #ifdef BIGDECIMAL_DEBUG -- cgit v1.2.3