[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Add a patch to fix the integer overfl...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f5b4be353eae
branches:  trunk
changeset: 544028:f5b4be353eae
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Thu Jul 03 21:06:10 2008 +0000

description:
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)

diffstat:

 lang/ruby18-base/Makefile         |   3 ++-
 lang/ruby18-base/distinfo         |   3 ++-
 lang/ruby18-base/patches/patch-ad |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (54 lines):

diff -r 04632cd629f5 -r f5b4be353eae lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Thu Jul 03 20:40:04 2008 +0000
+++ b/lang/ruby18-base/Makefile Thu Jul 03 21:06:10 2008 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.44 2008/06/19 22:19:37 obache Exp $
+# $NetBSD: Makefile,v 1.45 2008/07/03 21:06:10 tonnerre Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
+PKGREVISION=   1
 
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
diff -r 04632cd629f5 -r f5b4be353eae lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Thu Jul 03 20:40:04 2008 +0000
+++ b/lang/ruby18-base/distinfo Thu Jul 03 21:06:10 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2008/06/20 17:26:31 taca Exp $
+$NetBSD: distinfo,v 1.31 2008/07/03 21:06:10 tonnerre Exp $
 
 SHA1 (ruby-1.8.7-p22.tar.bz2) = a54e59393f0ca8fcc39f9e23e63a04b1cd4e3b7a
 RMD160 (ruby-1.8.7-p22.tar.bz2) = 249253406204151d9448ec43ddc61712556ae023
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994
 SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
 SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
+SHA1 (patch-ad) = 289682b47332eec16cc88e4f8ff7b5a6be0d75e7
diff -r 04632cd629f5 -r f5b4be353eae lang/ruby18-base/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ad Thu Jul 03 21:06:10 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ad,v 1.9 2008/07/03 21:06:10 tonnerre Exp $
+
+Avoid memory size integer overflow memory exhaustion DoS in filling
+arrays (SN-2008-02).
+
+--- array.c.orig       2008-07-03 22:56:32.000000000 +0200
++++ array.c
+@@ -2416,10 +2416,10 @@ rb_ary_fill(argc, argv, ary)
+       break;
+     }
+     rb_ary_modify(ary);
+-    end = beg + len;
+-    if (end < 0) {
++    if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) {
+       rb_raise(rb_eArgError, "argument too big");
+     }
++    end = beg + len;
+     if (end > RARRAY(ary)->len) {
+       if (end >= RARRAY(ary)->aux.capa) {
+           REALLOC_N(RARRAY(ary)->ptr, VALUE, end);