Backport fix for CVE-2009-5147 and CVE-2015-7551 from r23405

2015-12-18 17:36:31 +00:00 · 2015-12-18 17:36:31 +00:00 · ca6441521a
commit ca6441521a
parent 0d42ad63d4
2 changed files with 31 additions and 2 deletions
--- a/lang/ruby/1.8/Makefile
+++ b/lang/ruby/1.8/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.36 2015/04/15 21:58:16 jeremy Exp $
+# $OpenBSD: Makefile,v 1.37 2015/12/18 17:36:31 jeremy Exp $

 COMMENT-main=		object oriented script language with threads
 COMMENT-iconv=		libiconv interface for ruby
@ -20,7 +20,7 @@ PKGNAME-ri_docs=	ruby-ri_docs-${VERSION}.${PATCHLEVEL}
 PKG_ARCH-ri_docs=	*
 PKGSPEC-main=		ruby->=1.8,<1.9

-REVISION-main=		4
+REVISION-main=		5
 REVISION-ri_docs=	0

 CONFIGURE_ARGS=		--program-suffix=18 \
--- a/lang/ruby/1.8/patches/patch-ext_dl_handle_c
+++ b/lang/ruby/1.8/patches/patch-ext_dl_handle_c
@ -0,0 +1,29 @@
+$OpenBSD: patch-ext_dl_handle_c,v 1.1 2015/12/18 17:36:31 jeremy Exp $
+
+Backport fix for CVE-2009-5147 and CVE-2015-7551 from r23405.
+
+--- ext/dl/handle.c.orig	Wed Dec 16 09:07:34 2015
+++ ext/dl/handle.c	Wed Dec 16 09:11:33 2015
+@@ -5,6 +5,8 @@
+ #include <ruby.h>
+ #include "dl.h"
+ 
+#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))
+
+ VALUE rb_cDLHandle;
+ 
+ void
+@@ -52,11 +54,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE s
+ 
+   switch (rb_scan_args(argc, argv, "11", &lib, &flag)) {
+   case 1:
+-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
+     cflag = RTLD_LAZY | RTLD_GLOBAL;
+     break;
+   case 2:
+-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
+     cflag = NUM2INT(flag);
+     break;
+   default: