pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/ruby193-base Add fix for CVS-2014-4975 as ruby200...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ee7685b2455a
branches: trunk
changeset: 639893:ee7685b2455a
user: taca <taca%pkgsrc.org@localhost>
date: Tue Sep 30 10:40:08 2014 +0000
description:
Add fix for CVS-2014-4975 as ruby200-base and ruby21-base.
Bump PKGREVISION.
diffstat:
lang/ruby193-base/Makefile | 3 +-
lang/ruby193-base/distinfo | 3 +-
lang/ruby193-base/patches/patch-pack.c | 42 ++++++++++++++++++++++++++++++++++
3 files changed, 46 insertions(+), 2 deletions(-)
diffs (77 lines):
diff -r 57efdf773fc5 -r ee7685b2455a lang/ruby193-base/Makefile
--- a/lang/ruby193-base/Makefile Tue Sep 30 09:00:10 2014 +0000
+++ b/lang/ruby193-base/Makefile Tue Sep 30 10:40:08 2014 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.44 2014/09/02 20:41:42 jperkin Exp $
+# $NetBSD: Makefile,v 1.45 2014/09/30 10:40:08 taca Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
diff -r 57efdf773fc5 -r ee7685b2455a lang/ruby193-base/distinfo
--- a/lang/ruby193-base/distinfo Tue Sep 30 09:00:10 2014 +0000
+++ b/lang/ruby193-base/distinfo Tue Sep 30 10:40:08 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2014/08/25 03:25:57 taca Exp $
+$NetBSD: distinfo,v 1.35 2014/09/30 10:40:08 taca Exp $
SHA1 (ruby-1.9.3-p547.tar.bz2) = 972ea65ab50c697a60c672888a143e0bc84b4d6e
RMD160 (ruby-1.9.3-p547.tar.bz2) = 827473dd20e4dad7704eb5da19f13ce5c105bddf
@@ -29,6 +29,7 @@
SHA1 (patch-man_irb.1) = 58fcccbb5f5f76450715cbf246a018af58d9b57e
SHA1 (patch-man_ri.1) = 25d82d08a9eb74ccc1cbbc1fc324d23f1a56ed64
SHA1 (patch-man_ruby.1) = 43c638a38bed8257f33d8f5a491acd77a18032b7
+SHA1 (patch-pack.c) = 1fa428ded4e95a8511333d7d1eaa4ff80f0f919d
SHA1 (patch-test_rubygems_test__gem.rb) = fe8b8e436b255595122d2a01462ba0a686575f24
SHA1 (patch-tool_rbinstall.rb) = f0497085a09b31145f57028b30e335b09acabcff
SHA1 (patch-vsnprintf.c) = 7bb4ca07381536717518143ef7803634168ca9fa
diff -r 57efdf773fc5 -r ee7685b2455a lang/ruby193-base/patches/patch-pack.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby193-base/patches/patch-pack.c Tue Sep 30 10:40:08 2014 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-pack.c,v 1.1 2014/09/30 10:40:08 taca Exp $
+
+Fix for CVS-2014-4975 from revision #46806 in ruby_2_1 branch.
+
+--- pack.c.orig 2012-08-09 13:49:27.000000000 +0000
++++ pack.c
+@@ -1068,7 +1068,8 @@ static const char b64_table[] =
+ static void
+ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
+ {
+- char buff[4096];
++ enum {buff_size = 4096, encoded_unit = 4};
++ char buff[buff_size + 1]; /* +1 for tail_lf */
+ long i = 0;
+ const char *trans = type == 'u' ? uu_table : b64_table;
+ int padding;
+@@ -1081,7 +1082,7 @@ encodes(VALUE str, const char *s, long l
+ padding = '=';
+ }
+ while (len >= 3) {
+- while (len >= 3 && sizeof(buff)-i >= 4) {
++ while (len >= 3 && buff_size-i >= encoded_unit) {
+ buff[i++] = trans[077 & (*s >> 2)];
+ buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))];
+ buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))];
+@@ -1089,7 +1090,7 @@ encodes(VALUE str, const char *s, long l
+ s += 3;
+ len -= 3;
+ }
+- if (sizeof(buff)-i < 4) {
++ if (buff_size-i < encoded_unit) {
+ rb_str_buf_cat(str, buff, i);
+ i = 0;
+ }
+@@ -1109,6 +1110,7 @@ encodes(VALUE str, const char *s, long l
+ }
+ if (tail_lf) buff[i++] = '\n';
+ rb_str_buf_cat(str, buff, i);
++ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun");
+ }
+
+ static const char hex_table[] = "0123456789ABCDEF";
Home |
Main Index |
Thread Index |
Old Index