diff options
author | Hans de Graaff <graaff@gentoo.org> | 2008-08-29 06:25:35 +0000 |
---|---|---|
committer | Hans de Graaff <graaff@gentoo.org> | 2008-08-29 06:25:35 +0000 |
commit | 9638beb4b2f09d60f9a64c5d6ca3ebc1243ca75d (patch) | |
tree | 3f415e7b1417ce718df1e4179f6dd488d70c7790 /dev-lang | |
parent | Version bump to 0.20. Bug #222667 (diff) | |
download | gentoo-2-9638beb4b2f09d60f9a64c5d6ca3ebc1243ca75d.tar.gz gentoo-2-9638beb4b2f09d60f9a64c5d6ca3ebc1243ca75d.tar.bz2 gentoo-2-9638beb4b2f09d60f9a64c5d6ca3ebc1243ca75d.zip |
Version bump for security issue #236060
(Portage version: 2.1.4.4)
Diffstat (limited to 'dev-lang')
-rw-r--r-- | dev-lang/ruby/ChangeLog | 9 | ||||
-rw-r--r-- | dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff | 103 | ||||
-rw-r--r-- | dev-lang/ruby/ruby-1.8.6_p287-r1.ebuild | 161 |
3 files changed, 272 insertions, 1 deletions
diff --git a/dev-lang/ruby/ChangeLog b/dev-lang/ruby/ChangeLog index deea41309494..e5f2ea8fa8c0 100644 --- a/dev-lang/ruby/ChangeLog +++ b/dev-lang/ruby/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-lang/ruby # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/ruby/ChangeLog,v 1.346 2008/08/23 05:41:32 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/ruby/ChangeLog,v 1.347 2008/08/29 06:25:34 graaff Exp $ + +*ruby-1.8.6_p287-r1 (29 Aug 2008) + + 29 Aug 2008; Hans de Graaff <graaff@gentoo.org> + +files/ruby-1.8.6_p287-entity_expansion_limit.diff, + +ruby-1.8.6_p287-r1.ebuild: + Fix REXML security issues, bug #236060. 23 Aug 2008; Jeroen Roovers <jer@gentoo.org> metadata.xml: Add GLEP 56 USE flag descriptions. diff --git a/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff b/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff new file mode 100644 index 000000000000..fdd0112d5b44 --- /dev/null +++ b/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff @@ -0,0 +1,103 @@ +Fix for a security issue in the REXML library from the ruby-core list: +http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/18414 +https://bugs.gentoo.org/show_bug.cgi?id=236060 + +Index: lib/rexml/document.rb +=================================================================== +--- lib/rexml/document.rb (revision 18834) ++++ lib/rexml/document.rb (working copy) +@@ -32,6 +32,7 @@ + # @param context if supplied, contains the context of the document; + # this should be a Hash. + def initialize( source = nil, context = {} ) ++ @entity_expansion_count = 0 + super() + @context = context + return if source.nil? +@@ -200,6 +201,27 @@ + Parsers::StreamParser.new( source, listener ).parse + end + ++ @@entity_expansion_limit = 10_000 ++ ++ # Set the entity expansion limit. By defualt the limit is set to 10000. ++ def Document::entity_expansion_limit=( val ) ++ @@entity_expansion_limit = val ++ end ++ ++ # Get the entity expansion limit. By defualt the limit is set to 10000. ++ def Document::entity_expansion_limit ++ return @@entity_expansion_limit ++ end ++ ++ attr_reader :entity_expansion_count ++ ++ def record_entity_expansion ++ @entity_expansion_count += 1 ++ if @entity_expansion_count > @@entity_expansion_limit ++ raise "number of entity expansions exceeded, processing aborted." ++ end ++ end ++ + private + def build( source ) + Parsers::TreeParser.new( source, self ).parse +Index: lib/rexml/entity.rb +=================================================================== +--- lib/rexml/entity.rb (revision 18834) ++++ lib/rexml/entity.rb (working copy) +@@ -73,6 +73,7 @@ + # all entities -- both %ent; and &ent; entities. This differs from + # +value()+ in that +value+ only replaces %ent; entities. + def unnormalized ++ document.record_entity_expansion + v = value() + return nil if v.nil? + @unnormalized = Text::unnormalize(v, parent) +Index: test/rexml/test_document.rb +=================================================================== +--- test/rexml/test_document.rb (revision 0) ++++ test/rexml/test_document.rb (revision 0) +@@ -0,0 +1,42 @@ ++require "rexml/document" ++require "test/unit" ++ ++class REXML::TestDocument < Test::Unit::TestCase ++ def test_new ++ doc = REXML::Document.new(<<EOF) ++<?xml version="1.0" encoding="UTF-8"?> ++<message>Hello world!</message> ++EOF ++ assert_equal("Hello world!", doc.root.children.first.value) ++ end ++ ++ XML_WITH_NESTED_ENTITY = <<EOF ++<?xml version="1.0" encoding="UTF-8"?> ++<!DOCTYPE member [ ++ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> ++ <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> ++ <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> ++ <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> ++ <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> ++ <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> ++ <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> ++]> ++<member> ++&a; ++</member> ++EOF ++ ++ def test_entity_expansion_limit ++ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) ++ assert_raise(RuntimeError) do ++ doc.root.children.first.value ++ end ++ REXML::Document.entity_expansion_limit = 100 ++ assert_equal(100, REXML::Document.entity_expansion_limit) ++ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) ++ assert_raise(RuntimeError) do ++ doc.root.children.first.value ++ end ++ assert_equal(101, doc.entity_expansion_count) ++ end ++end diff --git a/dev-lang/ruby/ruby-1.8.6_p287-r1.ebuild b/dev-lang/ruby/ruby-1.8.6_p287-r1.ebuild new file mode 100644 index 000000000000..03142dcbc906 --- /dev/null +++ b/dev-lang/ruby/ruby-1.8.6_p287-r1.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-lang/ruby/ruby-1.8.6_p287-r1.ebuild,v 1.1 2008/08/29 06:25:34 graaff Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" + +ONIGURUMA="onigd2_5_9" + +inherit autotools eutils flag-o-matic multilib versionator + +MY_P="${PN}-$(replace_version_separator 3 '-')" +S=${WORKDIR}/${MY_P} + +SLOT=$(get_version_component_range 1-2) +MY_SUFFIX=$(delete_version_separator 1 ${SLOT}) + +DESCRIPTION="An object-oriented scripting language" +HOMEPAGE="http://www.ruby-lang.org/" +SRC_URI="ftp://ftp.ruby-lang.org/pub/ruby/${SLOT}/${MY_P}.tar.bz2" + +LICENSE="Ruby" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="berkdb debug doc emacs examples gdbm ipv6 rubytests socks5 ssl threads tk xemacs" + +RDEPEND=" + berkdb? ( sys-libs/db ) + gdbm? ( sys-libs/gdbm ) + ssl? ( dev-libs/openssl ) + socks5? ( >=net-proxy/dante-1.1.13 ) + tk? ( dev-lang/tk ) + >=dev-ruby/ruby-config-0.3.1 + !=dev-lang/ruby-cvs-${SLOT}* + !dev-ruby/rdoc + !dev-ruby/rexml" +DEPEND="${RDEPEND}" +PDEPEND="emacs? ( app-emacs/ruby-mode ) + xemacs? ( app-xemacs/ruby-modes )" + +PROVIDE="virtual/ruby" + +src_unpack() { + unpack ${A} + + cd "${S}/ext/dl" + epatch "${FILESDIR}/${PN}-1.8.6-memory-leak.diff" + cd "${S}" + + epatch "${FILESDIR}/${P}-entity_expansion_limit.diff" + + # Fix a hardcoded lib path in configure script + sed -i -e "s:\(RUBY_LIB_PREFIX=\"\${prefix}/\)lib:\1$(get_libdir):" \ + configure.in || die "sed failed" + + eautoreconf +} + +src_compile() { + # -fomit-frame-pointer makes ruby segfault, see bug #150413. + filter-flags -fomit-frame-pointer + # In many places aliasing rules are broken; play it safe + # as it's risky with newer compilers to leave it as it is. + append-flags -fno-strict-aliasing + + # Socks support via dante + if use socks5 ; then + # Socks support can't be disabled as long as SOCKS_SERVER is + # set and socks library is present, so need to unset + # SOCKS_SERVER in that case. + unset SOCKS_SERVER + fi + + # Increase GC_MALLOC_LIMIT if set (default is 8000000) + if [ -n "${RUBY_GC_MALLOC_LIMIT}" ] ; then + append-flags "-DGC_MALLOC_LIMIT=${RUBY_GC_MALLOC_LIMIT}" + fi + + econf --program-suffix=$MY_SUFFIX --enable-shared \ + $(use_enable socks5 socks) \ + $(use_enable doc install-doc) \ + $(use_enable threads pthread) \ + $(use_enable ipv6) \ + $(use_enable debug) \ + $(use_with berkdb dbm) \ + $(use_with gdbm) \ + $(use_with ssl openssl) \ + $(use_with tk) \ + ${myconf} \ + --with-sitedir=/usr/$(get_libdir)/ruby/site_ruby \ + || die "econf failed" + + emake EXTLDFLAGS="${LDFLAGS}" || die "emake failed" +} + +src_test() { + emake -j1 test || die "make test failed" + + elog "Ruby's make test has been run. Ruby also ships with a make check" + elog "that cannot be run until after ruby has been installed." + elog + if use rubytests; then + elog "You have enabled rubytests, so they will be installed to" + elog "/usr/share/${PN}-${SLOT}/test. To run them you must be a user other" + elog "than root, and you must place them into a writeable directory." + elog "Then call: " + elog + elog "ruby -C /location/of/tests runner.rb" + else + elog "Enable the rubytests USE flag to install the make check tests" + fi +} + +src_install() { + LD_LIBRARY_PATH="${D}/usr/$(get_libdir)" + RUBYLIB="${S}:${D}/usr/$(get_libdir)/ruby/${SLOT}" + for d in $(find "${S}/ext" -type d) ; do + RUBYLIB="${RUBYLIB}:$d" + done + export LD_LIBRARY_PATH RUBYLIB + + emake DESTDIR="${D}" install || die "make install failed" + + MINIRUBY=$(echo -e 'include Makefile\ngetminiruby:\n\t@echo $(MINIRUBY)'|make -f - getminiruby) + keepdir $(${MINIRUBY} -rrbconfig -e "print Config::CONFIG['sitelibdir']") + keepdir $(${MINIRUBY} -rrbconfig -e "print Config::CONFIG['sitearchdir']") + + if use doc; then + make DESTDIR="${D}" install-doc || die "make install-doc failed" + fi + + if use examples; then + dodir /usr/share/doc/${PF} + cp -pPR sample "${D}/usr/share/doc/${PF}" + fi + + dosym libruby$MY_SUFFIX$(get_libname ${PV%_*}) /usr/$(get_libdir)/libruby$(get_libname ${PV%.*}) + dosym libruby$MY_SUFFIX$(get_libname ${PV%_*}) /usr/$(get_libdir)/libruby$(get_libname ${PV%_*}) + + dodoc ChangeLog NEWS README* ToDo + + if use rubytests; then + dodir /usr/share/${PN}-${SLOT} + cp -pPR test "${D}/usr/share/${PN}-${SLOT}" + fi +} + +pkg_postinst() { + + if [[ ! -n $(readlink "${ROOT}"usr/bin/ruby) ]] ; then + "${ROOT}usr/sbin/ruby-config" ruby$MY_SUFFIX + fi + elog + elog "You can change the default ruby interpreter by ${ROOT}usr/sbin/ruby-config" + elog +} + +pkg_postrm() { + if [[ ! -n $(readlink "${ROOT}"usr/bin/ruby) ]] ; then + "${ROOT}usr/sbin/ruby-config" ruby$MY_SUFFIX + fi +} |