# HG changeset patch
# User Rich Burridge <rich.burridge@oracle.com>
# Date 1485295027 28800
# Node ID c434582c6269dede7860335508fd2a76d63e8c53
# Parent  b08206e584c3713041f32e920b17609cf8f7852a
25377444 problem in UTILITY/RUBY

diff -r b08206e584c3 -r c434582c6269 components/ruby/ruby-21/patches/15-CVE-2016-2337.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-21/patches/15-CVE-2016-2337.patch	Tue Jan 24 13:57:07 2017 -0800
@@ -0,0 +1,109 @@
+Patch from upstream to fix CVE-2016-2337.
+
+See:
+
+  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2337
+
+and:
+
+  https://bugzilla.suse.com/show_bug.cgi?id=1018812
+
+for more details.
+
+Based on the patches at:
+
+  https://github.com/ruby/tk/commit/ebd0fc80d62eeb7b8556522256f8d035e013eb65
+  https://github.com/ruby/tk/commit/d098136e3f62a4879a7d7cd34bbd50f482ba3331
+
+--- ruby-2.1.6/ext/tk/tcltklib.c.orig	2017-01-24 07:24:44.277290163 +0000
++++ ruby-2.1.6/ext/tk/tcltklib.c	2017-01-24 11:10:02.370460844 +0000
+@@ -3291,7 +3291,7 @@
+         DUMP1("set backtrace");
+         if (!NIL_P(backtrace = rb_funcall(exc, ID_backtrace, 0, 0))) {
+             backtrace = rb_ary_join(backtrace, rb_str_new2("\n"));
+-            Tcl_AddErrorInfo(interp, StringValuePtr(backtrace));
++            Tcl_AddErrorInfo(interp, StringValueCStr(backtrace));
+         }
+ 
+         rb_thread_critical = thr_crit_bup;
+@@ -6217,19 +6217,19 @@
+             /* without Tk */
+             with_tk = 0;
+         } else {
+-            /* Tcl_SetVar(ptr->ip, "argv", StringValuePtr(opts), 0); */
+-            Tcl_SetVar(ptr->ip, "argv", StringValuePtr(opts), TCL_GLOBAL_ONLY);
++            /* Tcl_SetVar(ptr->ip, "argv", StringValueCStr(opts), 0); */
++            Tcl_SetVar(ptr->ip, "argv", StringValueCStr(opts), TCL_GLOBAL_ONLY);
+ 	    Tcl_Eval(ptr->ip, "set argc [llength $argv]");
+         }
+     case 1:
+         /* argv0 */
+         if (!NIL_P(argv0)) {
+-            if (strncmp(StringValuePtr(argv0), "-e", 3) == 0
+-                || strncmp(StringValuePtr(argv0), "-", 2) == 0) {
++            if (strncmp(StringValueCStr(argv0), "-e", 3) == 0
++                || strncmp(StringValueCStr(argv0), "-", 2) == 0) {
+                 Tcl_SetVar(ptr->ip, "argv0", "ruby", TCL_GLOBAL_ONLY);
+             } else {
+-                /* Tcl_SetVar(ptr->ip, "argv0", StringValuePtr(argv0), 0); */
+-                Tcl_SetVar(ptr->ip, "argv0", StringValuePtr(argv0),
++                /* Tcl_SetVar(ptr->ip, "argv0", StringValueCStr(argv0), 0); */
++                Tcl_SetVar(ptr->ip, "argv0", StringValueCStr(argv0),
+                            TCL_GLOBAL_ONLY);
+             }
+         }
+@@ -6426,7 +6426,7 @@
+     slave->allow_ruby_exit = 0;
+     slave->return_value = 0;
+ 
+-    slave->ip = Tcl_CreateSlave(master->ip, StringValuePtr(name), safe);
++    slave->ip = Tcl_CreateSlave(master->ip, StringValueCStr(name), safe);
+     if (slave->ip == NULL) {
+         rb_thread_critical = thr_crit_bup;
+         return rb_exc_new2(rb_eRuntimeError,
+@@ -6902,7 +6902,7 @@
+ get_obj_from_str(str)
+     VALUE str;
+ {
+-    const char *s = StringValuePtr(str);
++    const char *s = StringValueCStr(str);
+ 
+ #if TCL_MAJOR_VERSION == 8 && TCL_MINOR_VERSION == 0
+     return Tcl_NewStringObj((char*)s, RSTRING_LEN(str));
+@@ -7750,7 +7750,8 @@
+     if (NIL_P(msg)) {
+       msg_obj = NULL;
+     } else {
+-      msg_obj = Tcl_NewStringObj(RSTRING_PTR(msg), RSTRING_LEN(msg));
++      char *s = StringValueCStr(msg);
++      msg_obj = Tcl_NewStringObj(s, RSTRING_LENINT(msg));
+       Tcl_IncrRefCount(msg_obj);
+     }
+ 
+@@ -8414,7 +8415,7 @@
+ 
+     enc_name = rb_funcall(enc_name, ID_to_s, 0, 0);
+     if (Tcl_SetSystemEncoding((Tcl_Interp *)NULL,
+-                              StringValuePtr(enc_name)) != TCL_OK) {
++                              StringValueCStr(enc_name)) != TCL_OK) {
+         rb_raise(rb_eArgError, "unknown encoding name '%s'",
+                  RSTRING_PTR(enc_name));
+     }
+@@ -8835,7 +8836,7 @@
+     Tcl_Preserve((ClientData)av); /* XXXXXXXX */
+ #endif
+     for (i = 0; i < argc; ++i) {
+-        av[i] = strdup(StringValuePtr(argv[i]));
++        av[i] = strdup(StringValueCStr(argv[i]));
+     }
+     av[argc] = NULL;
+ #endif
+@@ -9839,7 +9840,7 @@
+     len = 1;
+     for(num = 0; num < argc; num++) {
+         if (OBJ_TAINTED(argv[num])) taint_flag = 1;
+-        dst = StringValuePtr(argv[num]);
++        dst = StringValueCStr(argv[num]);
+ #if TCL_MAJOR_VERSION >= 8
+         len += Tcl_ScanCountedElement(dst, RSTRING_LENINT(argv[num]),
+                                       &flagPtr[num]) + 1;
diff -r b08206e584c3 -r c434582c6269 components/ruby/ruby-23/patches/06-CVE-2016-2337.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-23/patches/06-CVE-2016-2337.patch	Tue Jan 24 13:57:07 2017 -0800
@@ -0,0 +1,111 @@
+Patch from upstream to fix CVE-2016-2337.
+
+See:
+
+  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2337
+
+and:
+
+  https://bugzilla.suse.com/show_bug.cgi?id=1018812
+
+for more details.
+
+Note that we already have the changes from:
+
+  https://github.com/ruby/tk/commit/ebd0fc80d62eeb7b8556522256f8d035e013eb65
+
+So we just need the changes in:
+
+  https://github.com/ruby/tk/commit/d098136e3f62a4879a7d7cd34bbd50f482ba3331
+
+--- ruby-2.3.1/ext/tk/tcltklib.c.orig	2017-01-24 11:18:36.997895152 +0000
++++ ruby-2.3.1/ext/tk/tcltklib.c	2017-01-24 11:24:03.332270445 +0000
+@@ -3313,7 +3313,7 @@
+         DUMP1("set backtrace");
+         if (!NIL_P(backtrace = rb_funcallv(exc, ID_backtrace, 0, 0))) {
+             backtrace = rb_ary_join(backtrace, rb_str_new2("\n"));
+-            Tcl_AddErrorInfo(interp, StringValuePtr(backtrace));
++            Tcl_AddErrorInfo(interp, StringValueCStr(backtrace));
+         }
+ 
+         rb_thread_critical = thr_crit_bup;
+@@ -6222,19 +6222,19 @@
+             /* without Tk */
+             with_tk = 0;
+         } else {
+-            /* Tcl_SetVar(ptr->ip, "argv", StringValuePtr(opts), 0); */
+-            Tcl_SetVar(ptr->ip, "argv", StringValuePtr(opts), TCL_GLOBAL_ONLY);
++            /* Tcl_SetVar(ptr->ip, "argv", StringValueCStr(opts), 0); */
++            Tcl_SetVar(ptr->ip, "argv", StringValueCStr(opts), TCL_GLOBAL_ONLY);
+ 	    Tcl_Eval(ptr->ip, "set argc [llength $argv]");
+         }
+     case 1:
+         /* argv0 */
+         if (!NIL_P(argv0)) {
+-            if (strncmp(StringValuePtr(argv0), "-e", 3) == 0
+-                || strncmp(StringValuePtr(argv0), "-", 2) == 0) {
++            if (strncmp(StringValueCStr(argv0), "-e", 3) == 0
++                || strncmp(StringValueCStr(argv0), "-", 2) == 0) {
+                 Tcl_SetVar(ptr->ip, "argv0", "ruby", TCL_GLOBAL_ONLY);
+             } else {
+-                /* Tcl_SetVar(ptr->ip, "argv0", StringValuePtr(argv0), 0); */
+-                Tcl_SetVar(ptr->ip, "argv0", StringValuePtr(argv0),
++                /* Tcl_SetVar(ptr->ip, "argv0", StringValueCStr(argv0), 0); */
++                Tcl_SetVar(ptr->ip, "argv0", StringValueCStr(argv0),
+                            TCL_GLOBAL_ONLY);
+             }
+         }
+@@ -6434,7 +6434,7 @@
+     slave->allow_ruby_exit = 0;
+     slave->return_value = 0;
+ 
+-    slave->ip = Tcl_CreateSlave(master->ip, StringValuePtr(name), safe);
++    slave->ip = Tcl_CreateSlave(master->ip, StringValueCStr(name), safe);
+     if (slave->ip == NULL) {
+         rb_thread_critical = thr_crit_bup;
+         return rb_exc_new2(rb_eRuntimeError,
+@@ -6910,7 +6910,7 @@
+ get_obj_from_str(str)
+     VALUE str;
+ {
+-    const char *s = StringValuePtr(str);
++    const char *s = StringValueCStr(str);
+ 
+ #if TCL_MAJOR_VERSION == 8 && TCL_MINOR_VERSION == 0
+     return Tcl_NewStringObj((char*)s, RSTRING_LEN(str));
+@@ -7758,7 +7758,7 @@
+     if (NIL_P(msg)) {
+       msg_obj = NULL;
+     } else {
+-      char *s = StringValuePtr(msg);
++      char *s = StringValueCStr(msg);
+       msg_obj = Tcl_NewStringObj(s, RSTRING_LENINT(msg));
+       Tcl_IncrRefCount(msg_obj);
+     }
+@@ -8423,7 +8423,7 @@
+ 
+     enc_name = rb_funcallv(enc_name, ID_to_s, 0, 0);
+     if (Tcl_SetSystemEncoding((Tcl_Interp *)NULL,
+-                              StringValuePtr(enc_name)) != TCL_OK) {
++                              StringValueCStr(enc_name)) != TCL_OK) {
+         rb_raise(rb_eArgError, "unknown encoding name '%s'",
+                  RSTRING_PTR(enc_name));
+     }
+@@ -8864,7 +8864,7 @@
+     Tcl_Preserve((ClientData)av); /* XXXXXXXX */
+ #endif
+     for (i = 0; i < argc; ++i) {
+-        av[i] = strdup(StringValuePtr(argv[i]));
++        av[i] = strdup(StringValueCStr(argv[i]));
+     }
+     av[argc] = NULL;
+ #endif
+@@ -9868,7 +9868,7 @@
+     len = 1;
+     for(num = 0; num < argc; num++) {
+         if (OBJ_TAINTED(argv[num])) taint_flag = 1;
+-        dst = StringValuePtr(argv[num]);
++        dst = StringValueCStr(argv[num]);
+ #if TCL_MAJOR_VERSION >= 8
+         len += Tcl_ScanCountedElement(dst, RSTRING_LENINT(argv[num]),
+                                       &flagPtr[num]) + 1;