[gentoo-commits] repo/gentoo:master commit in: dev-ruby/json/files/, dev-ruby/json/ - gentoo-commits

From:	Hans de Graaff <graaff@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-ruby/json/files/, dev-ruby/json/
Date:	Fri, 01 Sep 2017 07:15:02
Message-Id:	`1504250091.c934437856bf6c0d00c319c56ce5bc348cc4cf2e.graaff@gentoo`

1

commit:     c934437856bf6c0d00c319c56ce5bc348cc4cf2e

2

Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

3

AuthorDate: Fri Sep  1 07:10:59 2017 +0000

4

Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>

5

CommitDate: Fri Sep  1 07:14:51 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9344378

7

8

dev-ruby/json: fix security bug 629484

9

10

Package-Manager: Portage-2.3.6, Repoman-2.3.2

11

12

 dev-ruby/json/files/json-1.8.6-heap-exposure.patch | 82 ++++++++++++++++++++++

13

 dev-ruby/json/json-1.8.6-r1.ebuild                 | 70 ++++++++++++++++++

14

 2 files changed, 152 insertions(+)

15

16

diff --git a/dev-ruby/json/files/json-1.8.6-heap-exposure.patch b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch

17

new file mode 100644

18

index 00000000000..d3da7a0f86f

19

--- /dev/null

20

+++ b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch

21

@@ -0,0 +1,82 @@

22

+diff --git ext/json/generator/generator.c ext/json/generator/generator.c

23

+index a135e28348..2cdca5685f 100644

24

+--- a/ext/json/ext/generator/generator.c

25

++++ b/ext/json/ext/generator/generator.c

26

+@@ -301,7 +301,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {

27

+   char *result;

28

+   if (len <= 0) return NULL;

29

+   result = ALLOC_N(char, len);

30

+-  memccpy(result, ptr, 0, len);

31

++  memcpy(result, ptr, len);

32

+   return result;

33

+ }

34

+

35

+@@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)

36

+         }

37

+     } else {

38

+         if (state->indent) ruby_xfree(state->indent);

39

+-        state->indent = strdup(RSTRING_PTR(indent));

40

++        state->indent = fstrndup(RSTRING_PTR(indent), len);

41

+         state->indent_len = len;

42

+     }

43

+     return Qnil;

44

+@@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)

45

+         }

46

+     } else {

47

+         if (state->space) ruby_xfree(state->space);

48

+-        state->space = strdup(RSTRING_PTR(space));

49

++        state->space = fstrndup(RSTRING_PTR(space), len);

50

+         state->space_len = len;

51

+     }

52

+     return Qnil;

53

+@@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)

54

+         }

55

+     } else {

56

+         if (state->space_before) ruby_xfree(state->space_before);

57

+-        state->space_before = strdup(RSTRING_PTR(space_before));

58

++        state->space_before = fstrndup(RSTRING_PTR(space_before), len);

59

+         state->space_before_len = len;

60

+     }

61

+     return Qnil;

62

+@@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)

63

+         }

64

+     } else {

65

+         if (state->object_nl) ruby_xfree(state->object_nl);

66

+-        state->object_nl = strdup(RSTRING_PTR(object_nl));

67

++        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);

68

+         state->object_nl_len = len;

69

+     }

70

+     return Qnil;

71

+@@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)

72

+         }

73

+     } else {

74

+         if (state->array_nl) ruby_xfree(state->array_nl);

75

+-        state->array_nl = strdup(RSTRING_PTR(array_nl));

76

++        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);

77

+         state->array_nl_len = len;

78

+     }

79

+     return Qnil;

80

+diff --git ext/json/generator/generator.h ext/json/generator/generator.h

81

+index 298c0a4965..6bbf817b7d 100644

82

+--- a/ext/json/ext/generator/generator.h

83

++++ b/ext/json/ext/generator/generator.h

84

+@@ -1,7 +1,6 @@

85

+ #ifndef _GENERATOR_H_

86

+ #define _GENERATOR_H_

87

+

88

+-#include <string.h>

89

+ #include <math.h>

90

+ #include <ctype.h>

91

+

92

+diff --git ext/json/lib/json/version.rb ext/json/lib/json/version.rb

93

+index b5748334b9..cd7ddf8777 100644

94

+--- a/lib/json/version.rb

95

++++ b/lib/json/version.rb

96

+@@ -1,7 +1,7 @@

97

+ module JSON

98

+   # JSON version

99

+-  VERSION         = '1.8.6'

100

++  VERSION         = '1.8.6.1'

101

+   VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:

102

+   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:

103

+   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:

104

105

diff --git a/dev-ruby/json/json-1.8.6-r1.ebuild b/dev-ruby/json/json-1.8.6-r1.ebuild

106

new file mode 100644

107

index 00000000000..ab9cfddf39e

108

--- /dev/null

109

+++ b/dev-ruby/json/json-1.8.6-r1.ebuild

110

@@ -0,0 +1,70 @@

111

+# Copyright 1999-2017 Gentoo Foundation

112

+# Distributed under the terms of the GNU General Public License v2

113

+

114

+EAPI=6

115

+USE_RUBY="ruby22 ruby23 ruby24"

116

+

117

+RUBY_FAKEGEM_RECIPE_DOC="rdoc"

118

+RUBY_FAKEGEM_EXTRADOC="CHANGES TODO README.md README-json-jruby.markdown"

119

+

120

+RUBY_FAKEGEM_GEMSPEC="json.gemspec"

121

+

122

+inherit multilib ruby-fakegem

123

+

124

+DESCRIPTION="A JSON implementation as a Ruby extension"

125

+HOMEPAGE="https://github.com/flori/json"

126

+LICENSE="|| ( Ruby GPL-2 )"

127

+

128

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

129

+SLOT="0"

130

+IUSE=""

131

+

132

+RDEPEND="${RDEPEND}"

133

+DEPEND="${DEPEND}

134

+	dev-util/ragel"

135

+

136

+ruby_add_bdepend "dev-ruby/rake

137

+	doc? ( dev-ruby/rdoc )"

138

+

139

+PATCHES=( "${FILESDIR}/${P}-heap-exposure.patch" )

140

+

141

+all_ruby_prepare() {

142

+	# Avoid building the extension twice!

143

+	# And use rdoc instead of sdoc which we don't have packaged

144

+	# And don't call git to list files. We're using the pregenerated spec anyway.

145

+	sed -i \

146

+		-e 's| => :compile||' \

147

+		-e 's| => :clean||' \

148

+		-e 's|sdoc|rdoc|' \

149

+		-e 's|`git ls-files`|""|' \

150

+		Rakefile || die "rakefile fix failed"

151

+

152

+	# Remove hardcoded and broken -O setting.

153

+	sed -i -e '/^  \(if\|unless\)/,/^  end/ s:^:#:' \

154

+		-e '/^unless/,/^end/ s:^:#:' ext/json/ext/*/extconf.rb || die

155

+}

156

+

157

+each_ruby_compile() {

158

+	# Since 1.5.0 a Java extension is provided but it does not compile.

159

+	if [[ $(basename ${RUBY}) != "jruby" ]]; then

160

+		${RUBY} -S rake compile || die "extension compile failed"

161

+	fi

162

+}

163

+

164

+each_ruby_test() {

165

+	JSON=pure \

166

+	${RUBY} -Iext:lib -S testrb-2 tests/test_*.rb || die "pure ruby tests failed"

167

+

168

+	if [[ $(basename ${RUBY}) != "jruby" ]]; then

169

+		JSON=ext \

170

+		${RUBY} -Iext:lib -S testrb-2 tests/test_*.rb || die "ext ruby tests failed"

171

+	fi

172

+}

173

+

174

+each_ruby_install() {

175

+	each_fakegem_install

176

+	if [[ $(basename ${RUBY}) != "jruby" ]]; then

177

+		ruby_fakegem_newins ext/json/ext/generator$(get_modname) lib/json/ext/generator$(get_modname)

178

+		ruby_fakegem_newins ext/json/ext/parser$(get_modname) lib/json/ext/parser$(get_modname)

179

+	fi

180

+}

1	commit: c934437856bf6c0d00c319c56ce5bc348cc4cf2e
2	Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
3	AuthorDate: Fri Sep 1 07:10:59 2017 +0000
4	Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
5	CommitDate: Fri Sep 1 07:14:51 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9344378
7
8	dev-ruby/json: fix security bug 629484
9
10	Package-Manager: Portage-2.3.6, Repoman-2.3.2
11
12	dev-ruby/json/files/json-1.8.6-heap-exposure.patch \| 82 ++++++++++++++++++++++
13	dev-ruby/json/json-1.8.6-r1.ebuild \| 70 ++++++++++++++++++
14	2 files changed, 152 insertions(+)
15
16	diff --git a/dev-ruby/json/files/json-1.8.6-heap-exposure.patch b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch
17	new file mode 100644
18	index 00000000000..d3da7a0f86f
19	--- /dev/null
20	+++ b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch
21	@@ -0,0 +1,82 @@
22	+diff --git ext/json/generator/generator.c ext/json/generator/generator.c
23	+index a135e28348..2cdca5685f 100644
24	+--- a/ext/json/ext/generator/generator.c
25	++++ b/ext/json/ext/generator/generator.c
26	+@@ -301,7 +301,7 @@ static char fstrndup(const char ptr, unsigned long len) {
27	+ char *result;
28	+ if (len <= 0) return NULL;
29	+ result = ALLOC_N(char, len);
30	+- memccpy(result, ptr, 0, len);
31	++ memcpy(result, ptr, len);
32	+ return result;
33	+ }
34	+
35	+@@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
36	+ }
37	+ } else {
38	+ if (state->indent) ruby_xfree(state->indent);
39	+- state->indent = strdup(RSTRING_PTR(indent));
40	++ state->indent = fstrndup(RSTRING_PTR(indent), len);
41	+ state->indent_len = len;
42	+ }
43	+ return Qnil;
44	+@@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
45	+ }
46	+ } else {
47	+ if (state->space) ruby_xfree(state->space);
48	+- state->space = strdup(RSTRING_PTR(space));
49	++ state->space = fstrndup(RSTRING_PTR(space), len);
50	+ state->space_len = len;
51	+ }
52	+ return Qnil;
53	+@@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
54	+ }
55	+ } else {
56	+ if (state->space_before) ruby_xfree(state->space_before);
57	+- state->space_before = strdup(RSTRING_PTR(space_before));
58	++ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
59	+ state->space_before_len = len;
60	+ }
61	+ return Qnil;
62	+@@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
63	+ }
64	+ } else {
65	+ if (state->object_nl) ruby_xfree(state->object_nl);
66	+- state->object_nl = strdup(RSTRING_PTR(object_nl));
67	++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
68	+ state->object_nl_len = len;
69	+ }
70	+ return Qnil;
71	+@@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
72	+ }
73	+ } else {
74	+ if (state->array_nl) ruby_xfree(state->array_nl);
75	+- state->array_nl = strdup(RSTRING_PTR(array_nl));
76	++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
77	+ state->array_nl_len = len;
78	+ }
79	+ return Qnil;
80	+diff --git ext/json/generator/generator.h ext/json/generator/generator.h
81	+index 298c0a4965..6bbf817b7d 100644
82	+--- a/ext/json/ext/generator/generator.h
83	++++ b/ext/json/ext/generator/generator.h
84	+@@ -1,7 +1,6 @@
85	+ #ifndef _GENERATOR_H_
86	+ #define _GENERATOR_H_
87	+
88	+-#include <string.h>
89	+ #include <math.h>
90	+ #include <ctype.h>
91	+
92	+diff --git ext/json/lib/json/version.rb ext/json/lib/json/version.rb
93	+index b5748334b9..cd7ddf8777 100644
94	+--- a/lib/json/version.rb
95	++++ b/lib/json/version.rb
96	+@@ -1,7 +1,7 @@
97	+ module JSON
98	+ # JSON version
99	+- VERSION = '1.8.6'
100	++ VERSION = '1.8.6.1'
101	+ VERSION_ARRAY = VERSION.split(/\./).map { \|x\| x.to_i } # :nodoc:
102	+ VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
103	+ VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
104
105	diff --git a/dev-ruby/json/json-1.8.6-r1.ebuild b/dev-ruby/json/json-1.8.6-r1.ebuild
106	new file mode 100644
107	index 00000000000..ab9cfddf39e
108	--- /dev/null
109	+++ b/dev-ruby/json/json-1.8.6-r1.ebuild
110	@@ -0,0 +1,70 @@
111	+# Copyright 1999-2017 Gentoo Foundation
112	+# Distributed under the terms of the GNU General Public License v2
113	+
114	+EAPI=6
115	+USE_RUBY="ruby22 ruby23 ruby24"
116	+
117	+RUBY_FAKEGEM_RECIPE_DOC="rdoc"
118	+RUBY_FAKEGEM_EXTRADOC="CHANGES TODO README.md README-json-jruby.markdown"
119	+
120	+RUBY_FAKEGEM_GEMSPEC="json.gemspec"
121	+
122	+inherit multilib ruby-fakegem
123	+
124	+DESCRIPTION="A JSON implementation as a Ruby extension"
125	+HOMEPAGE="https://github.com/flori/json"
126	+LICENSE="\|\| ( Ruby GPL-2 )"
127	+
128	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
129	+SLOT="0"
130	+IUSE=""
131	+
132	+RDEPEND="${RDEPEND}"
133	+DEPEND="${DEPEND}
134	+ dev-util/ragel"
135	+
136	+ruby_add_bdepend "dev-ruby/rake
137	+ doc? ( dev-ruby/rdoc )"
138	+
139	+PATCHES=( "${FILESDIR}/${P}-heap-exposure.patch" )
140	+
141	+all_ruby_prepare() {
142	+ # Avoid building the extension twice!
143	+ # And use rdoc instead of sdoc which we don't have packaged
144	+ # And don't call git to list files. We're using the pregenerated spec anyway.
145	+ sed -i \
146	+ -e 's\| => :compile\|\|' \
147	+ -e 's\| => :clean\|\|' \
148	+ -e 's\|sdoc\|rdoc\|' \
149	+ -e 's\|`git ls-files`\|""\|' \
150	+ Rakefile \|\| die "rakefile fix failed"
151	+
152	+ # Remove hardcoded and broken -O setting.
153	+ sed -i -e '/^ \(if\\|unless\)/,/^ end/ s:^:#:' \
154	+ -e '/^unless/,/^end/ s:^:#:' ext/json/ext/*/extconf.rb \|\| die
155	+}
156	+
157	+each_ruby_compile() {
158	+ # Since 1.5.0 a Java extension is provided but it does not compile.
159	+ if [[ $(basename ${RUBY}) != "jruby" ]]; then
160	+ ${RUBY} -S rake compile \|\| die "extension compile failed"
161	+ fi
162	+}
163	+
164	+each_ruby_test() {
165	+ JSON=pure \
166	+ ${RUBY} -Iext:lib -S testrb-2 tests/test_*.rb \|\| die "pure ruby tests failed"
167	+
168	+ if [[ $(basename ${RUBY}) != "jruby" ]]; then
169	+ JSON=ext \
170	+ ${RUBY} -Iext:lib -S testrb-2 tests/test_*.rb \|\| die "ext ruby tests failed"
171	+ fi
172	+}
173	+
174	+each_ruby_install() {
175	+ each_fakegem_install
176	+ if [[ $(basename ${RUBY}) != "jruby" ]]; then
177	+ ruby_fakegem_newins ext/json/ext/generator$(get_modname) lib/json/ext/generator$(get_modname)
178	+ ruby_fakegem_newins ext/json/ext/parser$(get_modname) lib/json/ext/parser$(get_modname)
179	+ fi
180	+}

Gentoo Archives: gentoo-commits