Add a patch to fix CVE-2011-1005 security problem which found out that

it affected Ruby 1.9.x, too. Now it assigned CVE-2012-4464 and CVE-2012-4466. Bump PKGREVISION.
2012-10-06 16:20:35 +00:00 · 2012-10-06 16:20:35 +00:00 · 9e4851877a
commit 9e4851877a
parent cb73c42888
3 changed files with 40 additions and 3 deletions
--- a/lang/ruby193-base/Makefile
+++ b/lang/ruby193-base/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2012/10/02 20:11:52 asau Exp $
+# $NetBSD: Makefile,v 1.19 2012/10/06 16:20:35 taca Exp $
 #

 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 DIST_SUBDIR=	ruby193-base-201202170
--- a/lang/ruby193-base/distinfo
+++ b/lang/ruby193-base/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2012/07/25 14:26:57 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2012/10/06 16:20:35 taca Exp $

 SHA1 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = afb497dc10ea3d83ecbe3ccd9ed45fba1457721c
 RMD160 (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = bca45d750cfd8523e838903c8693749652960d60
@ -6,6 +6,7 @@ Size (ruby193-base-201202170/ruby-1.9.3-p194.tar.bz2) = 9841223 bytes
 SHA1 (patch-configure) = 3ab88504dda0c244b6c58dc42778d9a63f1e4d23
 SHA1 (patch-configure.in) = f743324dda92bd4c490a7214f4822b4cc9a4c5dc
 SHA1 (patch-defs_default__gems) = fb24111736f1a76a05e853aa068024dbdd24e5a5
+SHA1 (patch-error.c) = 571c8587c171356403f5ece93259a7b59ce3ff75
 SHA1 (patch-lib_mkmf.rb) = a4547a4bcbf1f533e264578c455ef1c7e6c9aa74
 SHA1 (patch-lib_rdoc_ri_driver.rb) = acb4cb022893eb8dea2adf7564f5e5e1a0f1e9c8
 SHA1 (patch-lib_rubygems.rb) = cc02e3a296d88605ef8444d64ca805ddebb524c6
--- a/lang/ruby193-base/patches/patch-error.c
+++ b/lang/ruby193-base/patches/patch-error.c
@ -0,0 +1,36 @@
+$NetBSD$
+
+Fix for CVE-2011-1005 which turned out affected to Ruby 1.9.3 from
+Ruby's repository r37068.
+
+--- error.c.orig	2012-02-25 12:32:19.000000000 +0000
+++ error.c
+@@ -569,7 +569,6 @@ exc_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     r = rb_String(mesg);
+-    OBJ_INFECT(r, exc);
+     return r;
+ }
+ 
+@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc)
+ 
+     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
+     StringValue(str);
+-    if (str != mesg) {
+-	rb_iv_set(exc, "mesg", mesg = str);
+-    }
+-    OBJ_INFECT(mesg, exc);
+-    return mesg;
+    return str;
+ }
+ 
+ /*
+@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj)
+ 	args[2] = d;
+ 	mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
+     }
+-    OBJ_INFECT(mesg, obj);
+     return mesg;
+ }
+