On 08/30 06:39, Jeremy Evans wrote:
> The attached gzip patch should fix reported security issues in rubygems
> for all in-tree ruby versions. It was 60KB before being gzipped.
>
> Rubygems security announcement:
> http://blog.rubygems.org/2017/08/27/2.6.13-released.html
>
> Ruby security announcement, containing patch files that were used for
> ruby 2.2, 2.3, and 2.4:
> https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
>
> The ruby 2.2 patch applied to ruby 2.1, so it was used as is. I
> manually backported the ruby 2.2 patch to ruby 1.8 (where rubygems
> uses the separate devel/ruby-gems port). For JRuby, the ruby 2.4
> patch was used directly.
>
> I'm not going to have time to do sufficient testing of this until
> the weekend, so if anyone else wants to try it out, please do so
> and provide feedback.
Here's a new patch with simpler ruby 2.2-2.4 fixes using PATCHFILES.
This is better as it includes the full patch including all tests for
those versions, and causes less churn. Not gzipped this time as it is
only 33K.
Thanks,
Jeremy
Index: devel/ruby-gems/Makefile
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/Makefile,v
retrieving revision 1.33
diff -u -p -r1.33 Makefile
--- devel/ruby-gems/Makefile 24 Jun 2015 06:59:56 -0000 1.33
+++ devel/ruby-gems/Makefile 31 Aug 2017 01:13:16 -0000
@@ -7,6 +7,8 @@ DISTNAME= rubygems-$V
PKGNAME= ruby-gems-$V
CATEGORIES= devel
+REVISION= 0
+
HOMEPAGE= http://docs.rubygems.org/
# GPL
Index: lang/jruby/Makefile
===================================================================
RCS file: /cvs/ports/lang/jruby/Makefile,v
retrieving revision 1.66
diff -u -p -r1.66 Makefile
--- lang/jruby/Makefile 26 Jul 2017 22:45:25 -0000 1.66
+++ lang/jruby/Makefile 31 Aug 2017 01:21:46 -0000
@@ -12,7 +12,7 @@ CATEGORIES = lang lang/ruby
DISTFILES = ${DISTNAME}.tar.gz \
jnr-jffi-1.2.2-0-g4c196bb.tar.gz:0 \
${JRUBY_LAUNCHER_GEM}:1
-REVISION = 0
+REVISION = 1
HOMEPAGE = http://www.jruby.org/
Index: lang/ruby/2.1/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/2.1/Makefile,v
retrieving revision 1.26
diff -u -p -r1.26 Makefile
--- lang/ruby/2.1/Makefile 4 Nov 2016 17:03:29 -0000 1.26
+++ lang/ruby/2.1/Makefile 31 Aug 2017 00:45:07 -0000
@@ -15,7 +15,7 @@ PKGNAME-gdbm = ruby21-gdbm-${VERSION}
PKGNAME-tk = ruby21-tk-${VERSION}
PKGNAME-ri_docs = ruby21-ri_docs-${VERSION}
-REVISION-main = 3
+REVISION-main = 4
PKG_ARCH-ri_docs = *
WANTLIB-ri_docs = # empty
Index: lang/ruby/2.2/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/2.2/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- lang/ruby/2.2/Makefile 4 Apr 2017 21:40:01 -0000 1.20
+++ lang/ruby/2.2/Makefile 31 Aug 2017 01:56:32 -0000
@@ -18,6 +18,12 @@ PKGNAME-ri_docs = ruby22-ri_docs-${VERSI
PKG_ARCH-ri_docs = *
WANTLIB-ri_docs = # empty
+PATCHFILES = 6690/rubygems-2613-ruby22.patch:0
+
+MASTER_SITES0 = https://bugs.ruby-lang.org/attachments/download/
+
+REVISION-main = 0
+
NEXTVER = 2.3
PKGSPEC-main = ruby->=${RUBYLIBREV},<${NEXTVER}
Index: lang/ruby/2.2/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/2.2/distinfo,v
retrieving revision 1.8
diff -u -p -r1.8 distinfo
--- lang/ruby/2.2/distinfo 4 Apr 2017 21:40:01 -0000 1.8
+++ lang/ruby/2.2/distinfo 31 Aug 2017 01:56:45 -0000
@@ -1,2 +1,4 @@
+SHA256 (6690/rubygems-2613-ruby22.patch) = 0KjFVSrETYvJhb768SKIJj+iSFFrQb7em+tltIM05uM=
SHA256 (ruby-2.2.7.tar.gz) = N0GExsW7yI+3utQiNo1AU6I2+2WH8O/3YUbculf5PaU=
+SIZE (6690/rubygems-2613-ruby22.patch) = 11094
SIZE (ruby-2.2.7.tar.gz) = 16678101
Index: lang/ruby/2.3/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/2.3/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- lang/ruby/2.3/Makefile 7 Apr 2017 21:14:17 -0000 1.17
+++ lang/ruby/2.3/Makefile 31 Aug 2017 01:54:58 -0000
@@ -18,6 +18,12 @@ PKGNAME-ri_docs = ruby23-ri_docs-${VERSI
PKG_ARCH-ri_docs = *
WANTLIB-ri_docs = # empty
+PATCHFILES = 6691/rubygems-2613-ruby23.patch:0
+
+MASTER_SITES0 = https://bugs.ruby-lang.org/attachments/download/
+
+REVISION-main = 0
+
NEXTVER = 2.4
PKGSPEC-main = ruby->=${RUBYLIBREV},<${NEXTVER}
Index: lang/ruby/2.3/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/2.3/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- lang/ruby/2.3/distinfo 7 Apr 2017 21:14:17 -0000 1.5
+++ lang/ruby/2.3/distinfo 31 Aug 2017 01:55:03 -0000
@@ -1,2 +1,4 @@
+SHA256 (6691/rubygems-2613-ruby23.patch) = UQVnpD1X6pyMdDaxTnjQpNMzgPQQRD3PNQuYZ8l0V0g=
SHA256 (ruby-2.3.4.tar.gz) = mOGPF8kzMY0OMv7TrqZ+ME8XTQMXCjj9kgxPvkn+wMM=
+SIZE (6691/rubygems-2613-ruby23.patch) = 11119
SIZE (ruby-2.3.4.tar.gz) = 17820518
Index: lang/ruby/2.4/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/2.4/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- lang/ruby/2.4/Makefile 17 Apr 2017 18:29:11 -0000 1.4
+++ lang/ruby/2.4/Makefile 31 Aug 2017 01:52:36 -0000
@@ -16,7 +16,12 @@ PKGNAME-ri_docs = ruby24-ri_docs-${VERSI
PKG_ARCH-ri_docs = *
WANTLIB-ri_docs = # empty
-REVISION-main = 0
+PATCHFILES = 6692/rubygems-2612-ruby24.patch:0 \
+ 6693/rubygems-2613-ruby24.patch:0
+
+MASTER_SITES0 = https://bugs.ruby-lang.org/attachments/download/
+
+REVISION-main = 1
NEXTVER = 2.5
PKGSPEC-main = ruby->=${RUBYLIBREV},<${NEXTVER}
Index: lang/ruby/2.4/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/2.4/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- lang/ruby/2.4/distinfo 24 Mar 2017 14:39:05 -0000 1.2
+++ lang/ruby/2.4/distinfo 31 Aug 2017 01:52:43 -0000
@@ -1,2 +1,6 @@
+SHA256 (6692/rubygems-2612-ruby24.patch) = JRJCDsaq1YbG++gN/DLn7FcaAWjJDkUa0CK0QyAqtKk=
+SHA256 (6693/rubygems-2613-ruby24.patch) = ZndonZkeB63yY1XkBFo72ersoHaUkoZEwoK9BewTBg0=
SHA256 (ruby-2.4.1.tar.gz) = ozDhDVy15Ts6AHgybFcxiIu1XjLEq/6yfZ5/jl0AAlA=
+SIZE (6692/rubygems-2612-ruby24.patch) = 13536
+SIZE (6693/rubygems-2613-ruby24.patch) = 11119
SIZE (ruby-2.4.1.tar.gz) = 14174752
Index: devel/ruby-gems/patches/patch-lib_rubygems_commands_query_command_rb
===================================================================
RCS file: devel/ruby-gems/patches/patch-lib_rubygems_commands_query_command_rb
diff -N devel/ruby-gems/patches/patch-lib_rubygems_commands_query_command_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ devel/ruby-gems/patches/patch-lib_rubygems_commands_query_command_rb 31 Aug 2017 01:13:42 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+Index: lib/rubygems/commands/query_command.rb
+--- lib/rubygems/commands/query_command.rb.orig
++++ lib/rubygems/commands/query_command.rb
+@@ -251,9 +251,10 @@ class Gem::Commands::QueryCommand < Gem::Command
+ end
+ end
+
+- entry << "\n\n" << format_text(spec.summary, 68, 4)
++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++ entry << "\n\n" << format_text(summary, 68, 4)
+ end
+- output << entry
++ output << clean_text(entry)
+ end
+
+ say output.join(options[:details] ? "\n\n" : "\n")
Index: devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb,v
retrieving revision 1.4
diff -u -p -r1.4 patch-lib_rubygems_commands_setup_command_rb
--- devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb 27 Apr 2012 18:41:07 -0000 1.4
+++ devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb 31 Aug 2017 01:13:42 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-lib_rubygems_commands_setup_command_rb,v 1.4 2012/04/27 18:41:07 jeremy Exp $
---- lib/rubygems/commands/setup_command.rb.orig Thu Apr 19 21:29:58 2012
-+++ lib/rubygems/commands/setup_command.rb Mon Apr 23 12:49:58 2012
-@@ -283,7 +283,7 @@ TEXT
+Index: lib/rubygems/commands/setup_command.rb
+--- lib/rubygems/commands/setup_command.rb.orig
++++ lib/rubygems/commands/setup_command.rb
+@@ -286,7 +286,7 @@ TEXT
lib_dir = Gem::ConfigMap[site_or_vendor]
bin_dir = Gem::ConfigMap[:bindir]
else
Index: devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb.orig
===================================================================
RCS file: devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb.orig
diff -N devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb.orig
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb.orig 27 Apr 2012 18:41:07 -0000
@@ -0,0 +1,12 @@
+$OpenBSD: patch-lib_rubygems_commands_setup_command_rb,v 1.4 2012/04/27 18:41:07 jeremy Exp $
+--- lib/rubygems/commands/setup_command.rb.orig Thu Apr 19 21:29:58 2012
++++ lib/rubygems/commands/setup_command.rb Mon Apr 23 12:49:58 2012
+@@ -283,7 +283,7 @@ TEXT
+ lib_dir = Gem::ConfigMap[site_or_vendor]
+ bin_dir = Gem::ConfigMap[:bindir]
+ else
+- lib_dir = File.join prefix, 'lib'
++ lib_dir = ENV['RUBYLIB']
+ bin_dir = File.join prefix, 'bin'
+ end
+ end
Index: devel/ruby-gems/patches/patch-lib_rubygems_installer_rb
===================================================================
RCS file: devel/ruby-gems/patches/patch-lib_rubygems_installer_rb
diff -N devel/ruby-gems/patches/patch-lib_rubygems_installer_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ devel/ruby-gems/patches/patch-lib_rubygems_installer_rb 31 Aug 2017 01:13:42 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Index: lib/rubygems/installer.rb
+--- lib/rubygems/installer.rb.orig
++++ lib/rubygems/installer.rb
+@@ -152,6 +152,10 @@ class Gem::Installer
+ @security_policy = nil if @force and @security_policy and
+ not @security_policy.only_signed
+
++ unless spec.name =~ /\A[a-zA-Z0-9\.\-\_]+\z/
++ raise Gem::InstallError, "#{spec} has an invalid name"
++ end
++
+ unless @force
+ ensure_required_ruby_version_met
+ ensure_required_rubygems_version_met
Index: devel/ruby-gems/patches/patch-lib_rubygems_specification_rb
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/patches/patch-lib_rubygems_specification_rb,v
retrieving revision 1.1
diff -u -p -r1.1 patch-lib_rubygems_specification_rb
--- devel/ruby-gems/patches/patch-lib_rubygems_specification_rb 25 Jun 2014 15:38:18 -0000 1.1
+++ devel/ruby-gems/patches/patch-lib_rubygems_specification_rb 31 Aug 2017 01:13:42 -0000
@@ -3,8 +3,9 @@ $OpenBSD: patch-lib_rubygems_specificati
Backport fix for Gem.refresh from upstream commit
b61c621fb2e00e215bcc8ad7d9fe45433881da14.
---- lib/rubygems/specification.rb.orig Tue Jun 24 14:21:46 2014
-+++ lib/rubygems/specification.rb Tue Jun 24 14:21:52 2014
+Index: lib/rubygems/specification.rb
+--- lib/rubygems/specification.rb.orig
++++ lib/rubygems/specification.rb
@@ -275,6 +275,12 @@ class Gem::Specification
@@all = specs.values
@@ -18,3 +19,20 @@ b61c621fb2e00e215bcc8ad7d9fe45433881da14
_resort!
end
@@all
+@@ -2007,9 +2013,15 @@ class Gem::Specification
+ end
+ end
+
+- unless String === name then
++ if !name.is_a?(String) then
+ raise Gem::InvalidSpecificationException,
+ "invalid value for attribute name: \"#{name.inspect}\""
++ elsif name !~ /[a-zA-Z]/ then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} must include at least one letter"
++ elsif name !~ /\A[a-zA-Z0-9\.\-\_]+\z/ then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+ end
+
+ if require_paths.empty? then
Index: devel/ruby-gems/patches/patch-lib_rubygems_specification_rb.orig
===================================================================
RCS file: devel/ruby-gems/patches/patch-lib_rubygems_specification_rb.orig
diff -N devel/ruby-gems/patches/patch-lib_rubygems_specification_rb.orig
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ devel/ruby-gems/patches/patch-lib_rubygems_specification_rb.orig 25 Jun 2014 15:38:18 -0000
@@ -0,0 +1,20 @@
+$OpenBSD: patch-lib_rubygems_specification_rb,v 1.1 2014/06/25 15:38:18 jeremy Exp $
+
+Backport fix for Gem.refresh from upstream commit
+b61c621fb2e00e215bcc8ad7d9fe45433881da14.
+
+--- lib/rubygems/specification.rb.orig Tue Jun 24 14:21:46 2014
++++ lib/rubygems/specification.rb Tue Jun 24 14:21:52 2014
+@@ -275,6 +275,12 @@ class Gem::Specification
+
+ @@all = specs.values
+
++ # After a reset, make sure already loaded specs
++ # are still marked as activated.
++ specs = {}
++ Gem.loaded_specs.each_value{|s| specs[s] = true}
++ @@all.each{|s| s.activated = true if specs[s]}
++
+ _resort!
+ end
+ @@all
Index: devel/ruby-gems/patches/patch-lib_rubygems_text_rb
===================================================================
RCS file: devel/ruby-gems/patches/patch-lib_rubygems_text_rb
diff -N devel/ruby-gems/patches/patch-lib_rubygems_text_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ devel/ruby-gems/patches/patch-lib_rubygems_text_rb 31 Aug 2017 01:13:42 -0000
@@ -0,0 +1,33 @@
+$OpenBSD$
+
+Index: lib/rubygems/text.rb
+--- lib/rubygems/text.rb.orig
++++ lib/rubygems/text.rb
+@@ -5,13 +5,26 @@ require 'rubygems'
+
+ module Gem::Text
+
++ ##
++ # Remove any non-printable characters and make the text suitable for
++ # printing.
++ def clean_text(text)
++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++ end
++
++ def truncate_text(text, description, max_length = 100_000)
++ raise ArgumentError, "max_length must be positive" unless max_length > 0
++ return text if text.size <= max_length
++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++ end
++
+ ##
+ # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+ # characters
+
+ def format_text(text, wrap, indent=0)
+ result = []
+- work = text.dup
++ work = clean_text(text)
+
+ while work.length > wrap do
+ if work =~ /^(.{0,#{wrap}})[ \n]/ then
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_open_command_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_open_command_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_open_command_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_open_command_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/commands/open_command.rb
+--- lib/ruby/stdlib/rubygems/commands/open_command.rb.orig
++++ lib/ruby/stdlib/rubygems/commands/open_command.rb
+@@ -72,7 +72,7 @@ class Gem::Commands::OpenCommand < Gem::Command
+ end
+
+ def spec_for name
+- spec = Gem::Specification.find_all_by_name(name, @version).last
++ spec = Gem::Specification.find_all_by_name(name, @version).first
+
+ return spec if spec
+
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_query_command_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_query_command_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_query_command_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_query_command_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/commands/query_command.rb
+--- lib/ruby/stdlib/rubygems/commands/query_command.rb.orig
++++ lib/ruby/stdlib/rubygems/commands/query_command.rb
+@@ -226,7 +226,7 @@ is too hard to use.
+ end
+ end
+
+- output << make_entry(matching_tuples, platforms)
++ output << clean_text(make_entry(matching_tuples, platforms))
+ end
+ end
+
+@@ -352,7 +352,8 @@ is too hard to use.
+ end
+
+ def spec_summary entry, spec
+- entry << "\n\n" << format_text(spec.summary, 68, 4)
++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++ entry << "\n\n" << format_text(summary, 68, 4)
+ end
+
+ end
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_sources_command_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_sources_command_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_sources_command_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_commands_sources_command_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/commands/sources_command.rb
+--- lib/ruby/stdlib/rubygems/commands/sources_command.rb.orig
++++ lib/ruby/stdlib/rubygems/commands/sources_command.rb
+@@ -44,7 +44,7 @@ class Gem::Commands::SourcesCommand < Gem::Command
+ source = Gem::Source.new source_uri
+
+ begin
+- if Gem.sources.include? source_uri then
++ if Gem.sources.include? source then
+ say "source #{source_uri} already present in the cache"
+ else
+ source.load_specs :released
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_dependency_list_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_dependency_list_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_dependency_list_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_dependency_list_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/dependency_list.rb
+--- lib/ruby/stdlib/rubygems/dependency_list.rb.orig
++++ lib/ruby/stdlib/rubygems/dependency_list.rb
+@@ -104,7 +104,7 @@ class Gem::DependencyList
+ end
+
+ def inspect # :nodoc:
+- "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }]
++ "%s %p>" % [super[0..-2], map { |s| s.full_name }]
+ end
+
+ ##
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_installer_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_installer_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_installer_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_installer_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/installer.rb
+--- lib/ruby/stdlib/rubygems/installer.rb.orig
++++ lib/ruby/stdlib/rubygems/installer.rb
+@@ -700,6 +700,11 @@ class Gem::Installer
+ unpack or File.writable?(gem_home)
+ end
+
++ def verify_spec_name
++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
++ raise Gem::InstallError, "#{spec} has an invalid name"
++ end
++
+ ##
+ # Return the text for an application file.
+
+@@ -823,6 +828,8 @@ TEXT
+ verify_gem_home options[:unpack]
+
+ ensure_loadable_spec
++
++ verify_spec_name
+
+ if options[:install_as_default]
+ Gem.ensure_default_gem_subdirectories gem_home
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_platform_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_platform_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_platform_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_platform_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/platform.rb
+--- lib/ruby/stdlib/rubygems/platform.rb.orig
++++ lib/ruby/stdlib/rubygems/platform.rb
+@@ -112,7 +112,7 @@ class Gem::Platform
+ end
+
+ def inspect
+- "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a]
++ "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a]
+ end
+
+ def to_a
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems.rb
+--- lib/ruby/stdlib/rubygems.rb.orig
++++ lib/ruby/stdlib/rubygems.rb
+@@ -234,6 +234,7 @@ module Gem
+
+ def self.finish_resolve(request_set=Gem::RequestSet.new)
+ request_set.import Gem::Specification.unresolved_deps.values
++ request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) }
+
+ request_set.resolve_current.each do |s|
+ s.full_spec.activate
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_remote_fetcher_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_remote_fetcher_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_remote_fetcher_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_remote_fetcher_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/remote_fetcher.rb
+--- lib/ruby/stdlib/rubygems/remote_fetcher.rb.orig
++++ lib/ruby/stdlib/rubygems/remote_fetcher.rb
+@@ -110,7 +110,7 @@ class Gem::RemoteFetcher
+ else
+ target = res.target.to_s.strip
+
+- if /\.#{Regexp.quote(host)}\z/ =~ target
++ if URI("http://" + target).host.end_with?(".#{host}")
+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+ end
+
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_specification_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_specification_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_specification_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_specification_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/specification.rb
+--- lib/ruby/stdlib/rubygems/specification.rb.orig
++++ lib/ruby/stdlib/rubygems/specification.rb
+@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
+
+ private_constant :LOAD_CACHE if defined? private_constant
+
++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
++
+ # :startdoc:
+
+ ##
+@@ -2690,9 +2692,15 @@ class Gem::Specification < Gem::BasicSpecification
+ end
+ end
+
+- unless String === name then
++ if !name.is_a?(String) then
+ raise Gem::InvalidSpecificationException,
+- "invalid value for attribute name: \"#{name.inspect}\""
++ "invalid value for attribute name: \"#{name.inspect}\" must be a string"
++ elsif name !~ /[a-zA-Z]/ then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} must include at least one letter"
++ elsif name !~ VALID_NAME_PATTERN then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+ end
+
+ if raw_require_paths.empty? then
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_test_case_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_test_case_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_test_case_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_test_case_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/test_case.rb
+--- lib/ruby/stdlib/rubygems/test_case.rb.orig
++++ lib/ruby/stdlib/rubygems/test_case.rb
+@@ -496,7 +496,7 @@ class Gem::TestCase < MiniTest::Unit::TestCase
+
+ system @git, 'add', gemspec
+ system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet'
+- head = Gem::Util.popen('git', 'rev-parse', 'master').strip
++ head = Gem::Util.popen(@git, 'rev-parse', 'master').strip
+ end
+
+ return name, git_spec.version, directory, head
+@@ -1510,6 +1510,8 @@ end
+ begin
+ gem 'rdoc'
+ require 'rdoc'
++
++ require 'rubygems/rdoc'
+ rescue LoadError, Gem::LoadError
+ end
+
+@@ -1526,3 +1528,4 @@ tmpdirs << (ENV['GEM_PATH'] = Dir.mktmpdir("path"))
+ pid = $$
+ END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid}
+ Gem.clear_paths
++Gem.loaded_specs.clear
Index: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_text_rb
===================================================================
RCS file: lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_text_rb
diff -N lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_text_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/jruby/patches/patch-lib_ruby_stdlib_rubygems_text_rb 31 Aug 2017 01:21:21 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Index: lib/ruby/stdlib/rubygems/text.rb
+--- lib/ruby/stdlib/rubygems/text.rb.orig
++++ lib/ruby/stdlib/rubygems/text.rb
+@@ -7,12 +7,25 @@ require 'rubygems'
+ module Gem::Text
+
+ ##
++ # Remove any non-printable characters and make the text suitable for
++ # printing.
++ def clean_text(text)
++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++ end
++
++ def truncate_text(text, description, max_length = 100_000)
++ raise ArgumentError, "max_length must be positive" unless max_length > 0
++ return text if text.size <= max_length
++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++ end
++
++ ##
+ # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+ # characters
+
+ def format_text(text, wrap, indent=0)
+ result = []
+- work = text.dup
++ work = clean_text(text)
+
+ while work.length > wrap do
+ if work =~ /^(.{0,#{wrap}})[ \n]/ then
Index: lang/ruby/2.1/patches/patch-compile_c
===================================================================
RCS file: /cvs/ports/lang/ruby/2.1/patches/patch-compile_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-compile_c
--- lang/ruby/2.1/patches/patch-compile_c 12 Feb 2014 22:41:43 -0000 1.1
+++ lang/ruby/2.1/patches/patch-compile_c 12 Jul 2016 18:32:27 -0000
@@ -2,9 +2,9 @@ $OpenBSD: patch-compile_c,v 1.1 2014/02/
Disable peephole optimizer on sparc64, since it occasionally segfaults.
---- compile.c.orig Fri Jan 11 09:13:17 2013
-+++ compile.c Thu Jan 9 22:31:36 2014
-@@ -1706,6 +1706,9 @@ static int
+--- compile.c.orig Wed Nov 18 03:24:36 2015
++++ compile.c Tue Jul 12 11:32:17 2016
+@@ -1846,6 +1846,9 @@ static int
iseq_peephole_optimize(rb_iseq_t *iseq, LINK_ELEMENT *list, const int do_tailcallopt)
{
INSN *iobj = (INSN *)list;
Index: lang/ruby/2.1/patches/patch-configure
===================================================================
RCS file: /cvs/ports/lang/ruby/2.1/patches/patch-configure,v
retrieving revision 1.3
diff -u -p -r1.3 patch-configure
--- lang/ruby/2.1/patches/patch-configure 1 Nov 2014 04:53:09 -0000 1.3
+++ lang/ruby/2.1/patches/patch-configure 12 Jul 2016 18:32:27 -0000
@@ -5,9 +5,9 @@ Fix so name, checking for DOT and DOXYGE
Override the arch setting to remove OpenBSD version from it,
so ports don't have to be bumped when OpenBSD version changes.
---- configure.orig Thu Sep 18 10:04:39 2014
-+++ configure Fri Sep 19 09:12:21 2014
-@@ -21056,7 +21056,7 @@ esac
+--- configure.orig Wed Mar 30 02:48:57 2016
++++ configure Tue Jul 12 11:32:17 2016
+@@ -20971,7 +20971,7 @@ esac
openbsd*|mirbsd*) :
SOLIBS='$(LIBS)'
@@ -16,7 +16,7 @@ so ports don't have to be bumped when Op
;; #(
solaris*) :
-@@ -22300,7 +22300,10 @@ _ACEOF
+@@ -22215,7 +22215,10 @@ _ACEOF
_ACEOF
else
Index: lang/ruby/2.1/patches/patch-lib_rubygems_commands_query_command_rb
===================================================================
RCS file: lang/ruby/2.1/patches/patch-lib_rubygems_commands_query_command_rb
diff -N lang/ruby/2.1/patches/patch-lib_rubygems_commands_query_command_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/ruby/2.1/patches/patch-lib_rubygems_commands_query_command_rb 31 Aug 2017 00:45:11 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Index: lib/rubygems/commands/query_command.rb
+--- lib/rubygems/commands/query_command.rb.orig
++++ lib/rubygems/commands/query_command.rb
+@@ -218,7 +218,7 @@ is too hard to use.
+ end
+ end
+
+- output << make_entry(matching_tuples, platforms)
++ output << clean_text(make_entry(matching_tuples, platforms))
+ end
+ end
+
+@@ -336,7 +336,8 @@ is too hard to use.
+ end
+
+ def spec_summary entry, spec
+- entry << "\n\n" << format_text(spec.summary, 68, 4)
++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++ entry << "\n\n" << format_text(summary, 68, 4)
+ end
+
+ end
Index: lang/ruby/2.1/patches/patch-lib_rubygems_installer_rb
===================================================================
RCS file: lang/ruby/2.1/patches/patch-lib_rubygems_installer_rb
diff -N lang/ruby/2.1/patches/patch-lib_rubygems_installer_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/ruby/2.1/patches/patch-lib_rubygems_installer_rb 31 Aug 2017 00:45:11 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+Index: lib/rubygems/installer.rb
+--- lib/rubygems/installer.rb.orig
++++ lib/rubygems/installer.rb
+@@ -621,6 +621,11 @@ class Gem::Installer
+ unpack or File.writable?(gem_home)
+ end
+
++ def verify_spec_name
++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
++ raise Gem::InstallError, "#{spec} has an invalid name"
++ end
++
+ ##
+ # Return the text for an application file.
+
+@@ -745,6 +750,8 @@ TEXT
+ @force and @security_policy and not @security_policy.only_signed
+
+ ensure_loadable_spec
++
++ verify_spec_name
+
+ if options[:install_as_default]
+ Gem.ensure_default_gem_subdirectories gem_home
Index: lang/ruby/2.1/patches/patch-lib_rubygems_remote_fetcher_rb
===================================================================
RCS file: lang/ruby/2.1/patches/patch-lib_rubygems_remote_fetcher_rb
diff -N lang/ruby/2.1/patches/patch-lib_rubygems_remote_fetcher_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/ruby/2.1/patches/patch-lib_rubygems_remote_fetcher_rb 31 Aug 2017 00:45:11 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: lib/rubygems/remote_fetcher.rb
+--- lib/rubygems/remote_fetcher.rb.orig
++++ lib/rubygems/remote_fetcher.rb
+@@ -92,7 +92,7 @@ class Gem::RemoteFetcher
+ else
+ target = res.target.to_s.strip
+
+- if /\.#{Regexp.quote(host)}\z/ =~ target
++ if URI("http://" + target).host.end_with?(".#{host}")
+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+ end
+
Index: lang/ruby/2.1/patches/patch-lib_rubygems_specification_rb
===================================================================
RCS file: lang/ruby/2.1/patches/patch-lib_rubygems_specification_rb
diff -N lang/ruby/2.1/patches/patch-lib_rubygems_specification_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/ruby/2.1/patches/patch-lib_rubygems_specification_rb 31 Aug 2017 00:45:11 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Index: lib/rubygems/specification.rb
+--- lib/rubygems/specification.rb.orig
++++ lib/rubygems/specification.rb
+@@ -112,6 +112,8 @@ class Gem::Specification < Gem::BasicSpecification
+
+ private_constant :LOAD_CACHE if defined? private_constant
+
++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
++
+ # :startdoc:
+
+ ##
+@@ -2435,9 +2437,15 @@ class Gem::Specification < Gem::BasicSpecification
+ end
+ end
+
+- unless String === name then
++ if !name.is_a?(String) then
+ raise Gem::InvalidSpecificationException,
+- "invalid value for attribute name: \"#{name.inspect}\""
++ "invalid value for attribute name: \"#{name.inspect}\" must be a string"
++ elsif name !~ /[a-zA-Z]/ then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} must include at least one letter"
++ elsif name !~ VALID_NAME_PATTERN then
++ raise Gem::InvalidSpecificationException,
++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+ end
+
+ if @require_paths.empty? then
Index: lang/ruby/2.1/patches/patch-lib_rubygems_text_rb
===================================================================
RCS file: lang/ruby/2.1/patches/patch-lib_rubygems_text_rb
diff -N lang/ruby/2.1/patches/patch-lib_rubygems_text_rb
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lang/ruby/2.1/patches/patch-lib_rubygems_text_rb 31 Aug 2017 00:45:11 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Index: lib/rubygems/text.rb
+--- lib/rubygems/text.rb.orig
++++ lib/rubygems/text.rb
+@@ -6,12 +6,25 @@ require 'rubygems'
+ module Gem::Text
+
+ ##
++ # Remove any non-printable characters and make the text suitable for
++ # printing.
++ def clean_text(text)
++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++ end
++
++ def truncate_text(text, description, max_length = 100_000)
++ raise ArgumentError, "max_length must be positive" unless max_length > 0
++ return text if text.size <= max_length
++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++ end
++
++ ##
+ # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+ # characters
+
+ def format_text(text, wrap, indent=0)
+ result = []
+- work = text.dup
++ work = clean_text(text)
+
+ while work.length > wrap do
+ if work =~ /^(.{0,#{wrap}})[ \n]/ then
No comments:
Post a Comment