This updates to the latest patch release of ruby, which was released yesterday. I haven't finished my testing of it, but so far no problems. If anyone could do additional testing on non-i386/non-amd64 arches, or put this in a bulk build, I would appreciate it.
p286 includes the security fix added earlier in the week, and an additional security fix: http://preview.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability It also includes numerous bug fixes. ruby 1.8.7-p371 was also released, but as it just contains the security fix we already manually backported earlier in the week, there is no point in upgrading to it. The additional security fix in 1.9.3 p286 is not necessary in 1.8.7, as 1.8.7 already handled the case correctly. Assuming no problems come up in my testing and I don't hear any negative reports, I plan to commit this next week. Jeremy Index: Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/1.9/Makefile,v retrieving revision 1.28 diff -u -p -r1.28 Makefile --- Makefile 8 Oct 2012 13:17:11 -0000 1.28 +++ Makefile 12 Oct 2012 15:00:55 -0000 @@ -7,15 +7,9 @@ COMMENT-tk = tk interface for ruby COMMENT-ri_docs = ri documentation files for ruby VERSION = 1.9.3 -PATCHLEVEL = 194 +PATCHLEVEL = 286 RUBYLIBREV = 1.9.1 -REVISION-main = 0 -REVISION-dbm = 0 -REVISION-gdbm = 0 -REVISION-tk = 0 -REVISION-ri_docs = 0 - SHARED_LIBS = ruby19 1.0 PKGNAME-main = ruby-${VERSION}.${PATCHLEVEL} PKGNAME-gdbm = ruby-gdbm-${VERSION}.${PATCHLEVEL} @@ -92,6 +86,9 @@ VMEM_WARNING = Yes SUBST_VARS += RUBYLIBREV REGRESS_DEPENDS = ${FULLPKGNAME-main}:${BUILD_PKGPATH} + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/ruby do-regress: -cd ${WRKSRC} && make test-sample Index: distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/1.9/distinfo,v retrieving revision 1.7 diff -u -p -r1.7 distinfo --- distinfo 27 Apr 2012 18:40:02 -0000 1.7 +++ distinfo 12 Oct 2012 14:46:57 -0000 @@ -1,5 +1,2 @@ -MD5 (ruby-1.9.3-p194.tar.gz) = vAxxXGnaTR2L1XBpwZ9sDg== -RMD160 (ruby-1.9.3-p194.tar.gz) = qVRmssHhR7Mlq2AsxXPlVSvXQcw= -SHA1 (ruby-1.9.3-p194.tar.gz) = Mc9r2YHkySnl3Du9s0GDPqsb2fI= -SHA256 (ruby-1.9.3-p194.tar.gz) = RuL6gL5+/tUb2c3FKdH+IuvHVn7g+R20q4VUOM9L2Ls= -SIZE (ruby-1.9.3-p194.tar.gz) = 12432239 +SHA256 (ruby-1.9.3-p286.tar.gz) = 6UNnEIdR/WvOeUAdlHuqZglsdX/ToIVjUKKr0F0m2J0= +SIZE (ruby-1.9.3-p286.tar.gz) = 12459652 Index: patches/patch-error_c =================================================================== RCS file: patches/patch-error_c diff -N patches/patch-error_c --- patches/patch-error_c 8 Oct 2012 13:17:11 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,35 +0,0 @@ -$OpenBSD: patch-error_c,v 1.1 2012/10/08 13:17:11 jeremy Exp $ - -Backport security fix from ruby SVN revision 37068. - ---- error.c.orig Sat Feb 25 04:32:19 2012 -+++ error.c Mon Oct 8 04:59:26 2012 -@@ -569,7 +569,6 @@ exc_to_s(VALUE exc) - - if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); - r = rb_String(mesg); -- OBJ_INFECT(r, exc); - return r; - } - -@@ -853,11 +852,7 @@ name_err_to_s(VALUE exc) - - if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); - StringValue(str); -- if (str != mesg) { -- rb_iv_set(exc, "mesg", mesg = str); -- } -- OBJ_INFECT(mesg, exc); -- return mesg; -+ return str; - } - - /* -@@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj) - args[2] = d; - mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args); - } -- OBJ_INFECT(mesg, obj); - return mesg; - } - Index: patches/patch-test_ruby_test_exception_rb =================================================================== RCS file: patches/patch-test_ruby_test_exception_rb diff -N patches/patch-test_ruby_test_exception_rb --- patches/patch-test_ruby_test_exception_rb 8 Oct 2012 13:17:11 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,61 +0,0 @@ -$OpenBSD: patch-test_ruby_test_exception_rb,v 1.1 2012/10/08 13:17:11 jeremy Exp $ - -Backport tests for security fix from ruby SVN revision 37068. - ---- test/ruby/test_exception.rb.orig Tue Feb 7 16:44:05 2012 -+++ test/ruby/test_exception.rb Mon Oct 8 04:59:37 2012 -@@ -333,4 +333,54 @@ end.join - load(t.path) - end - end -+ -+ def test_to_s_taintness_propagation -+ for exc in [Exception, NameError] -+ m = "abcdefg" -+ e = exc.new(m) -+ e.taint -+ s = e.to_s -+ assert_equal(false, m.tainted?, -+ "#{exc}#to_s should not propagate taintness") -+ assert_equal(false, s.tainted?, -+ "#{exc}#to_s should not propagate taintness") -+ end -+ -+ o = Object.new -+ def o.to_str -+ "foo" -+ end -+ o.taint -+ e = NameError.new(o) -+ s = e.to_s -+ assert_equal(false, s.tainted?) -+ end -+ -+ def test_exception_to_s_should_not_propagate_untrustedness -+ favorite_lang = "Ruby" -+ -+ for exc in [Exception, NameError] -+ assert_raise(SecurityError) do -+ lambda { -+ $SAFE = 4 -+ exc.new(favorite_lang).to_s -+ favorite_lang.replace("Python") -+ }.call -+ end -+ end -+ -+ assert_raise(SecurityError) do -+ lambda { -+ $SAFE = 4 -+ o = Object.new -+ o.singleton_class.send(:define_method, :to_str) { -+ favorite_lang -+ } -+ NameError.new(o).to_s -+ favorite_lang.replace("Python") -+ }.call -+ end -+ -+ assert_equal("Ruby", favorite_lang) -+ end - end Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/1.9/pkg/PLIST-main,v retrieving revision 1.6 diff -u -p -r1.6 PLIST-main --- pkg/PLIST-main 27 Apr 2012 18:40:02 -0000 1.6 +++ pkg/PLIST-main 12 Oct 2012 15:00:11 -0000 @@ -636,9 +636,6 @@ lib/ruby/${RUBYLIBREV}/rubygems/source_i lib/ruby/${RUBYLIBREV}/rubygems/spec_fetcher.rb lib/ruby/${RUBYLIBREV}/rubygems/specification.rb lib/ruby/${RUBYLIBREV}/rubygems/ssl_certs/ -lib/ruby/${RUBYLIBREV}/rubygems/ssl_certs/AddTrustExternalCARoot.pem -lib/ruby/${RUBYLIBREV}/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem -lib/ruby/${RUBYLIBREV}/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem lib/ruby/${RUBYLIBREV}/rubygems/ssl_certs/ca-bundle.pem lib/ruby/${RUBYLIBREV}/rubygems/syck_hack.rb lib/ruby/${RUBYLIBREV}/rubygems/test_case.rb Index: pkg/PLIST-ri_docs =================================================================== RCS file: /cvs/ports/lang/ruby/1.9/pkg/PLIST-ri_docs,v retrieving revision 1.3 diff -u -p -r1.3 PLIST-ri_docs --- pkg/PLIST-ri_docs 27 Apr 2012 18:40:02 -0000 1.3 +++ pkg/PLIST-ri_docs 12 Oct 2012 15:01:53 -0000 @@ -3937,8 +3937,6 @@ share/ri/${RUBYLIBREV}/system/IPSocket/g share/ri/${RUBYLIBREV}/system/IPSocket/getaddress_orig-c.ri share/ri/${RUBYLIBREV}/system/IPSocket/peeraddr-i.ri share/ri/${RUBYLIBREV}/system/IPSocket/recvfrom-i.ri -share/ri/${RUBYLIBREV}/system/IPSocket/valid%3f-c.ri -share/ri/${RUBYLIBREV}/system/IPSocket/valid_v4%3f-c.ri share/ri/${RUBYLIBREV}/system/IPSocket/valid_v6%3f-c.ri share/ri/${RUBYLIBREV}/system/IRB/ share/ri/${RUBYLIBREV}/system/IRB/Abort/ @@ -7654,6 +7652,12 @@ share/ri/${RUBYLIBREV}/system/Psych/Emit share/ri/${RUBYLIBREV}/system/Psych/Exception/ share/ri/${RUBYLIBREV}/system/Psych/Exception/cdesc-Exception.ri share/ri/${RUBYLIBREV}/system/Psych/Handler/ +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/ +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/canonical-i.ri +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/cdesc-DumperOptions.ri +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/indentation-i.ri +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/line_width-i.ri +share/ri/${RUBYLIBREV}/system/Psych/Handler/DumperOptions/new-c.ri share/ri/${RUBYLIBREV}/system/Psych/Handler/alias-i.ri share/ri/${RUBYLIBREV}/system/Psych/Handler/cdesc-Handler.ri share/ri/${RUBYLIBREV}/system/Psych/Handler/empty-i.ri
