From b4f7e889eac41df141310f69ad513687f6ec1696 Mon Sep 17 00:00:00 2001
From: taca <taca>
Date: Mon, 16 Feb 2015 14:03:32 +0000
Subject: Add fix for CVE-2015-1426.

Bump PKGREVISION.
---
 lang/ruby18-base/Makefile                          |  4 ++--
 lang/ruby18-base/distinfo                          |  3 ++-
 lang/ruby18-base/patches/patch-lib_rexml_entity.rb | 22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 lang/ruby18-base/patches/patch-lib_rexml_entity.rb

(limited to 'lang')

diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile
index a07726f54c9..f79ee7bc44e 100644
--- a/lang/ruby18-base/Makefile
+++ b/lang/ruby18-base/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.82 2014/06/26 15:59:31 jperkin Exp $
+# $NetBSD: Makefile,v 1.83 2015/02/16 14:03:32 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo
index 93790f832e7..d495a6bfe2a 100644
--- a/lang/ruby18-base/distinfo
+++ b/lang/ruby18-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.60 2013/11/24 15:26:30 taca Exp $
+$NetBSD: distinfo,v 1.61 2015/02/16 14:03:32 taca Exp $
 
 SHA1 (ruby-1.8.7-p374.tar.bz2) = cf82b6cbeed8e389705aa6b66c2a8141626705c3
 RMD160 (ruby-1.8.7-p374.tar.bz2) = 314efaa961c80c9294202c6e40dec0e38865ed94
@@ -50,3 +50,4 @@ SHA1 (patch-ga) = 73f50504baf74ee77d00dcfb5a9446bbaf122726
 SHA1 (patch-gb) = 345ad3e5df6fd9febe7b398f091662fd7c300dc4
 SHA1 (patch-lib_rdoc_options.rb) = 0f14417733ad6fc6fbc93af1c8463ecd59abce7c
 SHA1 (patch-lib_rdoc_rdoc.rb) = bef895245cc06ca84fd1e5d506c3c65932921b3a
+SHA1 (patch-lib_rexml_entity.rb) = 5038826abfa6a56406fe369dfc74c9fe096665f6
diff --git a/lang/ruby18-base/patches/patch-lib_rexml_entity.rb b/lang/ruby18-base/patches/patch-lib_rexml_entity.rb
new file mode 100644
index 00000000000..fac577dcc18
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-lib_rexml_entity.rb
@@ -0,0 +1,22 @@
+$NetBSD: patch-lib_rexml_entity.rb,v 1.1 2015/02/16 14:03:32 taca Exp $
+
+Fix for CVE-2015-1426.
+
+--- lib/rexml/entity.rb.orig	2009-02-05 00:03:56.000000000 +0000
++++ lib/rexml/entity.rb
+@@ -138,8 +138,15 @@ module REXML
+ 				matches = @value.scan(PEREFERENCE_RE)
+ 				rv = @value.clone
+ 				if @parent
++                                  sum = 0
+ 					matches.each do |entity_reference|
+ 						entity_value = @parent.entity( entity_reference[0] )
++						if sum + entity_value.bytesize > Document.entity_expansion_text_limit
++                                                  raise "entity expansion has grown too large"
++                                                else
++                                                  sum += entity_value.bytesize
++                                                end
++
+ 						rv.gsub!( /%#{entity_reference};/um, entity_value )
+ 					end
+ 				end
-- 
cgit v1.2.3