From 561a5a1691e3625c7b9f10ffbc82607f901d5fc0 Mon Sep 17 00:00:00 2001 From: Steve Wills Date: Tue, 12 Feb 2013 15:23:04 +0000 Subject: [PATCH] - Update Ruby 1.9 to 1.9.3p385. This fixes a security issue in rdoc (CVE-2013-0256) - Also add the patch for the security issue in the bundled json (CVE-2013-0269) - Fix an issue with the .pc file by patching configure [1] Reported by: avg [1] Security: forthcoming --- Mk/bsd.ruby.mk | 2 +- lang/ruby19/distinfo | 4 +- lang/ruby19/files/patch-configure.in | 26 +++- lang/ruby19/files/patch-json | 172 +++++++++++++++++++++++ lang/ruby19/files/patch-tool_mkconfig.rb | 10 +- 5 files changed, 201 insertions(+), 13 deletions(-) create mode 100644 lang/ruby19/files/patch-json diff --git a/Mk/bsd.ruby.mk b/Mk/bsd.ruby.mk index ffbc475577c8..5bf567f08bb2 100644 --- a/Mk/bsd.ruby.mk +++ b/Mk/bsd.ruby.mk @@ -196,7 +196,7 @@ RUBY19= "@comment " RUBY_RELVERSION= 1.9.3 RUBY_PORTREVISION= 0 RUBY_PORTEPOCH= 1 -RUBY_PATCHLEVEL= 327 +RUBY_PATCHLEVEL= 385 RUBY_VERSION?= ${RUBY_RELVERSION}.${RUBY_PATCHLEVEL} RUBY_DISTVERSION?= ${RUBY_RELVERSION}-p${RUBY_PATCHLEVEL} diff --git a/lang/ruby19/distinfo b/lang/ruby19/distinfo index 02dfb67a1a81..32eed247d5bc 100644 --- a/lang/ruby19/distinfo +++ b/lang/ruby19/distinfo @@ -1,2 +1,2 @@ -SHA256 (ruby/ruby-1.9.3-p327.tar.bz2) = d989465242f9b11a8a3aa8cbd2c75a9b3a8c0ec2f14a087a0c7b51abf164e488 -SIZE (ruby/ruby-1.9.3-p327.tar.bz2) = 9975835 +SHA256 (ruby/ruby-1.9.3-p385.tar.bz2) = f991ee50414dc795696bad0fc5c7b0b94d93b9b38fed943326d20ce4e9dda42b +SIZE (ruby/ruby-1.9.3-p385.tar.bz2) = 10021486 diff --git a/lang/ruby19/files/patch-configure.in b/lang/ruby19/files/patch-configure.in index e6aeb4a2cd1b..3ba840dc4a62 100644 --- a/lang/ruby19/files/patch-configure.in +++ b/lang/ruby19/files/patch-configure.in @@ -1,6 +1,6 @@ ---- configure.in.orig 2012-02-15 19:26:09.000000000 -0500 -+++ configure.in 2012-02-16 22:28:27.617422641 -0500 -@@ -1118,11 +1118,11 @@ +--- configure.in.orig 2013-02-11 14:33:14.000000000 +0000 ++++ configure.in 2013-02-11 14:30:13.000000000 +0000 +@@ -1129,11 +1129,11 @@ [superux*], [ ac_cv_func_setitimer=no ], [ LIBS="-lm $LIBS"]) @@ -17,7 +17,7 @@ if test "${enable_win95}" = maybe; then AC_HAVE_LIBRARY(unicows, [enable_win95=yes], [enable_win95=no]) fi -@@ -1815,7 +1815,7 @@ +@@ -1828,7 +1828,7 @@ fi if test x"$enable_pthread" = xyes; then @@ -26,7 +26,7 @@ AC_CHECK_LIB($pthread_lib, pthread_kill, rb_with_pthread=yes, rb_with_pthread=no) if test "$rb_with_pthread" = "yes"; then break; fi -@@ -1823,6 +1823,7 @@ +@@ -1836,6 +1836,7 @@ if test x"$rb_with_pthread" = xyes; then AC_DEFINE(_REENTRANT) AC_DEFINE(_THREAD_SAFE) @@ -34,3 +34,19 @@ AC_DEFINE(HAVE_LIBPTHREAD) AC_CHECK_HEADERS(pthread_np.h, [], [], [@%:@include ]) AS_CASE([$pthread_lib], +@@ -2080,7 +2081,6 @@ + : ${LDSHARED='$(CC) -shared'} + if test "$rb_cv_binary_elf" = yes; then + LDFLAGS="$LDFLAGS -rdynamic" +- DLDFLAGS="$DLDFLAGS "'-Wl,-soname,$(.TARGET)' + else + test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable" + fi +@@ -2385,6 +2385,7 @@ + [freebsd*|dragonfly*], [ + SOLIBS='$(LIBS)' + LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)' ++ LIBRUBY_DLDFLAGS='-Wl,-soname,$(LIBRUBY_SO)' + if test "$rb_cv_binary_elf" != "yes" ; then + LIBRUBY_SO="$LIBRUBY_SO.\$(TEENY)" + LIBRUBY_ALIASES='' diff --git a/lang/ruby19/files/patch-json b/lang/ruby19/files/patch-json new file mode 100644 index 000000000000..898b5597baaa --- /dev/null +++ b/lang/ruby19/files/patch-json @@ -0,0 +1,172 @@ +--- ext/json/parser/parser.c.orig ++++ ext/json/parser/parser.c +@@ -1671,7 +1671,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) + if (option_given_p(opts, tmp)) { + json->create_additions = RTEST(rb_hash_aref(opts, tmp)); + } else { +- json->create_additions = 1; ++ json->create_additions = 0; + } + tmp = ID2SYM(i_create_id); + if (option_given_p(opts, tmp)) { +@@ -1718,7 +1718,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) + } + + +-#line 1719 "parser.c" ++#line 1722 "parser.c" + static const int JSON_start = 1; + static const int JSON_first_final = 10; + static const int JSON_error = 0; +@@ -1726,7 +1726,7 @@ static const int JSON_error = 0; + static const int JSON_en_main = 1; + + +-#line 726 "parser.rl" ++#line 729 "parser.rl" + + + static VALUE cParser_parse_strict(VALUE self) +@@ -1737,16 +1737,16 @@ static VALUE cParser_parse_strict(VALUE self) + GET_PARSER; + + +-#line 1738 "parser.c" ++#line 1741 "parser.c" + { + cs = JSON_start; + } + +-#line 736 "parser.rl" ++#line 739 "parser.rl" + p = json->source; + pe = p + json->len; + +-#line 1747 "parser.c" ++#line 1750 "parser.c" + { + if ( p == pe ) + goto _test_eof; +@@ -1802,7 +1802,7 @@ case 5: + goto st1; + goto st5; + tr3: +-#line 715 "parser.rl" ++#line 718 "parser.rl" + { + char *np; + json->current_nesting = 1; +@@ -1811,7 +1811,7 @@ tr3: + } + goto st10; + tr4: +-#line 708 "parser.rl" ++#line 711 "parser.rl" + { + char *np; + json->current_nesting = 1; +@@ -1823,7 +1823,7 @@ st10: + if ( ++p == pe ) + goto _test_eof10; + case 10: +-#line 1824 "parser.c" ++#line 1827 "parser.c" + switch( (*p) ) { + case 13: goto st10; + case 32: goto st10; +@@ -1880,7 +1880,7 @@ case 9: + _out: {} + } + +-#line 739 "parser.rl" ++#line 742 "parser.rl" + + if (cs >= JSON_first_final && p == pe) { + return result; +@@ -1892,7 +1892,7 @@ case 9: + + + +-#line 1893 "parser.c" ++#line 1896 "parser.c" + static const int JSON_quirks_mode_start = 1; + static const int JSON_quirks_mode_first_final = 10; + static const int JSON_quirks_mode_error = 0; +@@ -1900,7 +1900,7 @@ static const int JSON_quirks_mode_error = 0; + static const int JSON_quirks_mode_en_main = 1; + + +-#line 764 "parser.rl" ++#line 767 "parser.rl" + + + static VALUE cParser_parse_quirks_mode(VALUE self) +@@ -1911,16 +1911,16 @@ static VALUE cParser_parse_quirks_mode(VALUE self) + GET_PARSER; + + +-#line 1912 "parser.c" ++#line 1915 "parser.c" + { + cs = JSON_quirks_mode_start; + } + +-#line 774 "parser.rl" ++#line 777 "parser.rl" + p = json->source; + pe = p + json->len; + +-#line 1921 "parser.c" ++#line 1924 "parser.c" + { + if ( p == pe ) + goto _test_eof; +@@ -1954,7 +1954,7 @@ st0: + cs = 0; + goto _out; + tr2: +-#line 756 "parser.rl" ++#line 759 "parser.rl" + { + char *np = JSON_parse_value(json, p, pe, &result); + if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;} +@@ -1964,7 +1964,7 @@ st10: + if ( ++p == pe ) + goto _test_eof10; + case 10: +-#line 1965 "parser.c" ++#line 1968 "parser.c" + switch( (*p) ) { + case 13: goto st10; + case 32: goto st10; +@@ -2053,7 +2053,7 @@ case 9: + _out: {} + } + +-#line 777 "parser.rl" ++#line 780 "parser.rl" + + if (cs >= JSON_quirks_mode_first_final && p == pe) { + return result; +--- ext/json/parser/parser.rl.orig ++++ ext/json/parser/parser.rl +@@ -602,6 +602,9 @@ static VALUE convert_encoding(VALUE source) + * defaults to true. + * * *object_class*: Defaults to Hash + * * *array_class*: Defaults to Array ++ * * *quirks_mode*: Enables quirks_mode for parser, that is for example ++ * parsing single JSON values instead of documents is possible. ++ * + */ + static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) + { +@@ -652,7 +655,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) + if (option_given_p(opts, tmp)) { + json->create_additions = RTEST(rb_hash_aref(opts, tmp)); + } else { +- json->create_additions = 1; ++ json->create_additions = 0; + } + tmp = ID2SYM(i_create_id); + if (option_given_p(opts, tmp)) { + diff --git a/lang/ruby19/files/patch-tool_mkconfig.rb b/lang/ruby19/files/patch-tool_mkconfig.rb index ea3071af69e7..307bc6bf5c99 100644 --- a/lang/ruby19/files/patch-tool_mkconfig.rb +++ b/lang/ruby19/files/patch-tool_mkconfig.rb @@ -1,12 +1,12 @@ ---- tool/mkconfig.rb.orig 2010-10-04 00:53:53.000000000 -0700 -+++ tool/mkconfig.rb 2010-10-04 00:55:18.000000000 -0700 -@@ -136,7 +136,8 @@ +--- tool/mkconfig.rb.orig 2013-01-15 07:03:47.000000000 +0000 ++++ tool/mkconfig.rb 2013-02-12 03:29:09.829833511 +0000 +@@ -148,7 +148,8 @@ drive = File::PATH_SEPARATOR == ';' --prefix = "/lib/ruby/#{version}/#{arch}" +-prefix = "/#{v_runtime[:libdir] || 'lib'}/ruby/#{version}/#{arch}" +major, minor, *rest = RUBY_VERSION.split('.') +prefix = "/lib/ruby/#{major}.#{minor}/#{arch}" print " TOPDIR = File.dirname(__FILE__).chomp!(#{prefix.dump})\n" print " DESTDIR = ", (drive ? "TOPDIR && TOPDIR[/\\A[a-z]:/i] || " : ""), "'' unless defined? DESTDIR\n" - print " CONFIG = {}\n" + print <<'ARCH' if universal