Date: Sat, 23 Nov 2013 03:10:04 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r334630 - in head: Mk lang/ruby19 lang/ruby20 lang/ruby20/files security/vuxml Message-ID: <201311230310.rAN3A476097349@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Sat Nov 23 03:10:04 2013 New Revision: 334630 URL: http://svnweb.freebsd.org/changeset/ports/334630 Log: - Fix and report heap overflow in floating point parsing issue in ruby Security: cc9043cf-7f7a-426e-b2cc-8d1980618113 Modified: head/Mk/bsd.ruby.mk head/lang/ruby19/distinfo head/lang/ruby20/distinfo head/lang/ruby20/files/patch-cont.c head/lang/ruby20/files/patch-lib_mkmf.rb head/lang/ruby20/files/patch-lib_uri_generic.rb (contents, props changed) head/security/vuxml/vuln.xml Modified: head/Mk/bsd.ruby.mk ============================================================================== --- head/Mk/bsd.ruby.mk Sat Nov 23 01:21:00 2013 (r334629) +++ head/Mk/bsd.ruby.mk Sat Nov 23 03:10:04 2013 (r334630) @@ -179,7 +179,7 @@ RUBY?= ${LOCALBASE}/bin/${RUBY_NAME} RUBY_RELVERSION= 1.9.3 RUBY_PORTREVISION= 0 RUBY_PORTEPOCH= 1 -RUBY_PATCHLEVEL= 448 +RUBY_PATCHLEVEL= 484 RUBY_VERSION?= ${RUBY_RELVERSION}.${RUBY_PATCHLEVEL} RUBY_DISTVERSION?= ${RUBY_RELVERSION}-p${RUBY_PATCHLEVEL} @@ -204,9 +204,9 @@ RUBY20= "@comment " # Ruby 2.0 # RUBY_RELVERSION= 2.0.0 -RUBY_PORTREVISION= 1 +RUBY_PORTREVISION= 0 RUBY_PORTEPOCH= 1 -RUBY_PATCHLEVEL= 195 +RUBY_PATCHLEVEL= 353 RUBY_VERSION?= ${RUBY_RELVERSION}.${RUBY_PATCHLEVEL} RUBY_DISTVERSION?= ${RUBY_RELVERSION}-p${RUBY_PATCHLEVEL} Modified: head/lang/ruby19/distinfo ============================================================================== --- head/lang/ruby19/distinfo Sat Nov 23 01:21:00 2013 (r334629) +++ head/lang/ruby19/distinfo Sat Nov 23 03:10:04 2013 (r334630) @@ -1,2 +1,2 @@ -SHA256 (ruby/ruby-1.9.3-p448.tar.bz2) = a7372230357bfff8e4525fb8019046da521561fe66b02c25d8efc10c9877bc91 -SIZE (ruby/ruby-1.9.3-p448.tar.bz2) = 10052488 +SHA256 (ruby/ruby-1.9.3-p484.tar.bz2) = 0fdc6e860d0023ba7b94c7a0cf1f7d32908b65b526246de9dfd5bb39d0d7922b +SIZE (ruby/ruby-1.9.3-p484.tar.bz2) = 10041514 Modified: head/lang/ruby20/distinfo ============================================================================== --- head/lang/ruby20/distinfo Sat Nov 23 01:21:00 2013 (r334629) +++ head/lang/ruby20/distinfo Sat Nov 23 03:10:04 2013 (r334630) @@ -1,2 +1,2 @@ -SHA256 (ruby/ruby-2.0.0-p195.tar.bz2) = 0be32aef7a7ab6e3708cc1d65cd3e0a99fa801597194bbedd5799c11d652eb5b -SIZE (ruby/ruby-2.0.0-p195.tar.bz2) = 10807456 +SHA256 (ruby/ruby-2.0.0-p353.tar.bz2) = 3de4e4d9aff4682fa4f8ed2b70bd0d746fae17452fc3d3a8e8f505ead9105ad9 +SIZE (ruby/ruby-2.0.0-p353.tar.bz2) = 10730412 Modified: head/lang/ruby20/files/patch-cont.c ============================================================================== --- head/lang/ruby20/files/patch-cont.c Sat Nov 23 01:21:00 2013 (r334629) +++ head/lang/ruby20/files/patch-cont.c Sat Nov 23 03:10:04 2013 (r334630) @@ -1,11 +1,11 @@ ---- cont.c.orig 2013-01-30 04:17:59.000000000 +0000 -+++ cont.c 2013-02-17 21:39:30.712834241 +0000 -@@ -15,7 +15,7 @@ - #include "gc.h" - #include "eval_intern.h" - --#if ((defined(_WIN32) && _WIN32_WINNT >= 0x0400) || (defined(HAVE_GETCONTEXT) && defined(HAVE_SETCONTEXT))) && !defined(__NetBSD__) && !defined(__sun) && !defined(__ia64) && !defined(FIBER_USE_NATIVE) -+#if ((defined(_WIN32) && _WIN32_WINNT >= 0x0400) || (defined(HAVE_GETCONTEXT) && defined(HAVE_SETCONTEXT))) && !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__sun) && !defined(__ia64) && !defined(FIBER_USE_NATIVE) - #define FIBER_USE_NATIVE 1 - - /* FIBER_USE_NATIVE enables Fiber performance improvement using system +--- cont.c.orig 2013-10-09 15:37:54.000000000 +0000 ++++ cont.c 2013-11-22 15:05:19.138396780 +0000 +@@ -44,6 +44,8 @@ + /* At least, Linux/ia64's getcontext(3) doesn't save register window. + */ + # define FIBER_USE_NATIVE 0 ++# elif defined(__FreeBSD__) ++# define FIBER_USE_NATIVE 0 + # elif defined(__GNU__) + /* GNU/Hurd doesn't fully support getcontext, setcontext, makecontext + * and swapcontext functions. Disabling their usage till support is Modified: head/lang/ruby20/files/patch-lib_mkmf.rb ============================================================================== --- head/lang/ruby20/files/patch-lib_mkmf.rb Sat Nov 23 01:21:00 2013 (r334629) +++ head/lang/ruby20/files/patch-lib_mkmf.rb Sat Nov 23 03:10:04 2013 (r334630) @@ -1,11 +1,11 @@ ---- lib/mkmf.rb.orig 2012-11-28 04:19:49.000000000 -0800 -+++ lib/mkmf.rb 2012-12-03 23:18:58.000000000 -0800 -@@ -204,7 +204,7 @@ - $extmk &&= true - if not $extmk and File.exist?(RbConfig::CONFIG["rubyhdrdir"] + "/ruby/ruby.h") - $hdrdir = CONFIG["rubyhdrdir"] +--- lib/mkmf.rb.orig 2013-06-26 07:03:38.000000000 -0700 ++++ lib/mkmf.rb 2013-07-03 17:43:05.000000000 -0700 +@@ -226,7 +226,7 @@ + end + $extmk ||= false + if not $extmk and File.exist?(($hdrdir = RbConfig::CONFIG["rubyhdrdir"]) + "/ruby/ruby.h") - $topdir = $hdrdir + $topdir = $hdrdir + "/" + "#{CONFIG['arch']}/ruby/" $top_srcdir = $hdrdir - $arch_hdrdir = "$(hdrdir)/$(arch)" + $arch_hdrdir = RbConfig::CONFIG["rubyarchhdrdir"] elsif File.exist?(($hdrdir = ($top_srcdir ||= topdir) + "/include") + "/ruby.h") Modified: head/lang/ruby20/files/patch-lib_uri_generic.rb ============================================================================== --- head/lang/ruby20/files/patch-lib_uri_generic.rb Sat Nov 23 01:21:00 2013 (r334629) +++ head/lang/ruby20/files/patch-lib_uri_generic.rb Sat Nov 23 03:10:04 2013 (r334630) @@ -1,19 +1,20 @@ ---- lib/uri/generic.rb.orig 2009-06-18 16:47:45.000000000 +0400 -+++ lib/uri/generic.rb 2009-06-18 16:48:54.000000000 +0400 -@@ -1032,7 +1032,15 @@ - end +--- lib/uri/generic.rb.orig 2012-07-20 01:56:21.000000000 +0000 ++++ lib/uri/generic.rb 2013-11-21 20:50:14.143925606 +0000 +@@ -1482,6 +1482,17 @@ end -- str << path_query + str << path_query + path = path_query + + # + # Add URI delimiter if the path misses it (like as in FTP) + # + if not path.empty? and not str.empty? and path[0, 1] != '/' -+ path = '/' + path ++ path = '/' + path + end + str << path ++ end ++ if @fragment end if @fragment Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Nov 23 01:21:00 2013 (r334629) +++ head/security/vuxml/vuln.xml Sat Nov 23 03:10:04 2013 (r334630) @@ -51,6 +51,43 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="cc9043cf-7f7a-426e-b2cc-8d1980618113"> + <topic>ruby -- Heap Overflow in Floating Point Parsing</topic> + <affects> + <package> + <name>ruby19</name> + <range><lt>1.9.3.484,1</lt></range> + </package> + <package> + <name>ruby20</name> + <range><lt>2.0.0.353,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Ruby developers report:</p> + <blockquote cite="https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/">; + <p>Any time a string is converted to a floating point value, a + specially crafted string can cause a heap overflow. This can lead + to a denial of service attack via segmentation faults and possibly + arbitrary code execution. Any program that converts input of + unknown origin to floating point values (especially common when + accepting JSON) are vulnerable. + </p> + </blockquote> + </body> + </description> + <references> + <url>https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/</url>; + <url>https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/</url>; + <cvename>CVE-2013-4164</cvename> + </references> + <dates> + <discovery>2013-11-22</discovery> + <entry>2013-11-23</entry> + </dates> + </vuln> + <vuln vid="479efd57-516e-11e3-9b62-000c292e4fd8"> <topic>samba -- Private key in key.pem world readable</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311230310.rAN3A476097349>