Pullup ticket #3939 - requested by taca lang/ruby193-base: security patch Revisions pulled up: - lang/ruby193-base/Makefile 1.18-1.19 - lang/ruby193-base/distinfo 1.9-1.10 - lang/ruby193-base/patches/patch-error.c 1.1-1.2 --- Module Name: pkgsrc Committed By: asau Date: Tue Oct 2 20:11:57 UTC 2012 Modified Files: pkgsrc/lang/ruby193-base: Makefile Log Message: Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. --- Module Name: pkgsrc Committed By: taca Date: Sat Oct 6 16:20:35 UTC 2012 Modified Files: pkgsrc/lang/ruby193-base: Makefile distinfo Added Files: pkgsrc/lang/ruby193-base/patches: patch-error.c Log Message: Add a patch to fix CVE-2011-1005 security problem which found out that it affected Ruby 1.9.x, too. Now it --- Module Name: pkgsrc Committed By: taca Date: Sat Oct 6 16:27:54 UTC 2012 Modified Files: pkgsrc/lang/ruby193-base: distinfo pkgsrc/lang/ruby193-base/patches: patch-error.c Log Message: Add short note to patches/patch-error.c about CVE-2012-4464 and CVE-2012-4466.diff -r1.17 -r1.17.2.1 pkgsrc/lang/ruby193-base/Makefile
(tron)
| @@ -1,32 +1,30 @@ | @@ -1,32 +1,30 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.17 2012/09/22 11:43:28 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.17.2.1 2012/10/10 10:27:48 tron Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | DISTNAME= ${RUBY_DISTNAME} | 4 | DISTNAME= ${RUBY_DISTNAME} | |
| 5 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} | 5 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} | |
| 6 | PKGREVISION= 2 | 6 | PKGREVISION= 3 | |
| 7 | CATEGORIES= lang ruby | 7 | CATEGORIES= lang ruby | |
| 8 | MASTER_SITES= ${MASTER_SITE_RUBY} | 8 | MASTER_SITES= ${MASTER_SITE_RUBY} | |
| 9 | DIST_SUBDIR= ruby193-base-201202170 | 9 | DIST_SUBDIR= ruby193-base-201202170 | |
| 10 | 10 | |||
| 11 | MAINTAINER= taca@NetBSD.org | 11 | MAINTAINER= taca@NetBSD.org | |
| 12 | HOMEPAGE= ${RUBY_HOMEPAGE} | 12 | HOMEPAGE= ${RUBY_HOMEPAGE} | |
| 13 | COMMENT= Ruby ${RUBY_VERSION} release minimum base package | 13 | COMMENT= Ruby ${RUBY_VERSION} release minimum base package | |
| 14 | LICENSE= ${RUBY_LICENSE} | 14 | LICENSE= ${RUBY_LICENSE} | |
| 15 | 15 | |||
| 16 | RUBY_VERSION_SUPPORTED= 193 | 16 | RUBY_VERSION_SUPPORTED= 193 | |
| 17 | 17 | |||
| 18 | PKG_DESTDIR_SUPPORT= user-destdir | |||
| 19 | ||||
| 20 | MAKE_JOBS_SAFE= no | 18 | MAKE_JOBS_SAFE= no | |
| 21 | USE_LANGUAGES= c | 19 | USE_LANGUAGES= c | |
| 22 | USE_TOOLS+= pax yacc | 20 | USE_TOOLS+= pax yacc | |
| 23 | GNU_CONFIGURE= yes | 21 | GNU_CONFIGURE= yes | |
| 24 | TEST_TARGET= test | 22 | TEST_TARGET= test | |
| 25 | CONFIGURE_ARGS+= --enable-shared | 23 | CONFIGURE_ARGS+= --enable-shared | |
| 26 | WRKSRC= ${RUBY_WRKSRC} | 24 | WRKSRC= ${RUBY_WRKSRC} | |
| 27 | 25 | |||
| 28 | MAKE_DIRS= ${RUBY_SITEARCHLIB} ${RUBY_VENDORARCHLIB} | 26 | MAKE_DIRS= ${RUBY_SITEARCHLIB} ${RUBY_VENDORARCHLIB} | |
| 29 | 27 | |||
| 30 | # | 28 | # | |
| 31 | # Don't refrect pkgsrc's INSTALL macro since Ruby expect it could | 29 | # Don't refrect pkgsrc's INSTALL macro since Ruby expect it could | |
| 32 | # execute by unprivileged user. | 30 | # execute by unprivileged user. |
| @@ -1,21 +1,22 @@ | @@ -1,21 +1,22 @@ | |||
| 1 | $NetBSD: distinfo,v 1.8 2012/07/25 14:26:57 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.8.2.1 2012/10/10 10:27:48 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c | 3 | SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c | |
| 4 | RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60 | 4 | RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60 | |
| 5 | Size (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = 9841223 bytes | 5 | Size (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = 9841223 bytes | |
| 6 | SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23 | 6 | SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23 | |
| 7 | SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc | 7 | SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc | |
| 8 | SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5 | 8 | SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5 | |
| 9 | SHA1 (patch-error.c) = c825fc775fa28acfd9f965d2d801389e3ea42922 | |||
| 9 | SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74 | 10 | SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74 | |
| 10 | SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8 | 11 | SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8 | |
| 11 | SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6 | 12 | SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6 | |
| 12 | SHA1 (patch-lib_rubygems_commands_install__command.rb) = ff637f39f3fd76b7550fd7f8c32fe303eec6f8c3 | 13 | SHA1 (patch-lib_rubygems_commands_install__command.rb) = ff637f39f3fd76b7550fd7f8c32fe303eec6f8c3 | |
| 13 | SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 85b666544fc0787e67bb54071d8660cbfe3015d6 | 14 | SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 85b666544fc0787e67bb54071d8660cbfe3015d6 | |
| 14 | SHA1 (patch-lib_rubygems_commands_uninstall__command.rb) = 7d8dd07d332f0e89822d06f2d71e7552358107cc | 15 | SHA1 (patch-lib_rubygems_commands_uninstall__command.rb) = 7d8dd07d332f0e89822d06f2d71e7552358107cc | |
| 15 | SHA1 (patch-lib_rubygems_commands_unpack__command.rb) = b8e18f1feedb7966e2a5280d6020c6134a7d83a3 | 16 | SHA1 (patch-lib_rubygems_commands_unpack__command.rb) = b8e18f1feedb7966e2a5280d6020c6134a7d83a3 | |
| 16 | SHA1 (patch-lib_rubygems_config__file.rb) = ed4ff25ea89a2d13ee601c7edfda0902f08fe29c | 17 | SHA1 (patch-lib_rubygems_config__file.rb) = ed4ff25ea89a2d13ee601c7edfda0902f08fe29c | |
| 17 | SHA1 (patch-lib_rubygems_defaults.rb) = 101a6e653ef3811cdda3ed333b50448c0d3f0d26 | 18 | SHA1 (patch-lib_rubygems_defaults.rb) = 101a6e653ef3811cdda3ed333b50448c0d3f0d26 | |
| 18 | SHA1 (patch-lib_rubygems_dependency__installer.rb) = 572775dd430619f93168732ad312d06819b6f1d7 | 19 | SHA1 (patch-lib_rubygems_dependency__installer.rb) = 572775dd430619f93168732ad312d06819b6f1d7 | |
| 19 | SHA1 (patch-lib_rubygems_doc__manager.rb) = 4b2d70e5dfaeff1f1b70ff27f1084065dcc742d3 | 20 | SHA1 (patch-lib_rubygems_doc__manager.rb) = 4b2d70e5dfaeff1f1b70ff27f1084065dcc742d3 | |
| 20 | SHA1 (patch-lib_rubygems_install__update__options.rb) = 74f81900c92bc3c7a663a112cccf6ff88b6ae180 | 21 | SHA1 (patch-lib_rubygems_install__update__options.rb) = 74f81900c92bc3c7a663a112cccf6ff88b6ae180 | |
| 21 | SHA1 (patch-lib_rubygems_installer.rb) = cec82bd0c5255a2a23799273c7a2835e2bef7e33 | 22 | SHA1 (patch-lib_rubygems_installer.rb) = cec82bd0c5255a2a23799273c7a2835e2bef7e33 |
$NetBSD$
Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
Ruby's repository r37068. Now it assigned CVE-2012-4464 and CVE-2012-4466.
--- error.c.orig 2012-02-25 12:32:19.000000000 +0000
+++ error.c
@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
r = rb_String(mesg);
- OBJ_INFECT(r, exc);
return r;
}
@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
StringValue(str);
- if (str != mesg) {
- rb_iv_set(exc, "mesg", mesg = str);
- }
- OBJ_INFECT(mesg, exc);
- return mesg;
+ return str;
}
/*
@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
args[2] = d;
mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
}
- OBJ_INFECT(mesg, obj);
return mesg;
}