diff options
author | taca <taca@pkgsrc.org> | 2009-04-16 17:11:12 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2009-04-16 17:11:12 +0000 |
commit | b59a2f22736ea1c5748a2e155545072e72790e14 (patch) | |
tree | 6c98c8f3520d49e6da333aa7d9a9c4dc81078889 /lang/ruby18-base/patches | |
parent | 72e47a4fd9bd6eb0f2b3578e1a3fe2b28a5cdf2a (diff) | |
download | pkgsrc-b59a2f22736ea1c5748a2e155545072e72790e14.tar.gz |
Update ruby18-base-1.8.7.160 (1.8.7-p160).
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
Diffstat (limited to 'lang/ruby18-base/patches')
-rw-r--r-- | lang/ruby18-base/patches/patch-dg | 43 | ||||
-rw-r--r-- | lang/ruby18-base/patches/patch-dh | 15 | ||||
-rw-r--r-- | lang/ruby18-base/patches/patch-dj | 34 |
3 files changed, 0 insertions, 92 deletions
diff --git a/lang/ruby18-base/patches/patch-dg b/lang/ruby18-base/patches/patch-dg deleted file mode 100644 index c056818b5f2..00000000000 --- a/lang/ruby18-base/patches/patch-dg +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $ - -Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790. -(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) - ---- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900 -+++ lib/rexml/document.rb -@@ -32,6 +32,7 @@ module REXML - # @param context if supplied, contains the context of the document; - # this should be a Hash. - def initialize( source = nil, context = {} ) -+ @entity_expansion_count = 0 - super() - @context = context - return if source.nil? -@@ -200,6 +201,27 @@ module REXML - Parsers::StreamParser.new( source, listener ).parse - end - -+ @@entity_expansion_limit = 10_000 -+ -+ # Set the entity expansion limit. By default the limit is set to 10000. -+ def Document::entity_expansion_limit=( val ) -+ @@entity_expansion_limit = val -+ end -+ -+ # Get the entity expansion limit. By default the limit is set to 10000. -+ def Document::entity_expansion_limit -+ return @@entity_expansion_limit -+ end -+ -+ attr_reader :entity_expansion_count -+ -+ def record_entity_expansion -+ @entity_expansion_count += 1 -+ if @entity_expansion_count > @@entity_expansion_limit -+ raise "number of entity expansions exceeded, processing aborted." -+ end -+ end -+ - private - def build( source ) - Parsers::TreeParser.new( source, self ).parse diff --git a/lang/ruby18-base/patches/patch-dh b/lang/ruby18-base/patches/patch-dh deleted file mode 100644 index 9db6472587f..00000000000 --- a/lang/ruby18-base/patches/patch-dh +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $ - -Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790. -(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) - ---- lib/rexml/entity.rb.orig 2008-04-18 16:22:13.000000000 +0900 -+++ lib/rexml/entity.rb -@@ -73,6 +73,7 @@ module REXML - # all entities -- both %ent; and &ent; entities. This differs from - # +value()+ in that +value+ only replaces %ent; entities. - def unnormalized -+ document.record_entity_expansion - v = value() - return nil if v.nil? - @unnormalized = Text::unnormalize(v, parent) diff --git a/lang/ruby18-base/patches/patch-dj b/lang/ruby18-base/patches/patch-dj deleted file mode 100644 index 3b3cf7a1fc9..00000000000 --- a/lang/ruby18-base/patches/patch-dj +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $ - -Online Certificate Status Protocol's verify method fix from Ruby's -repository: revision 22440. - ---- ext/openssl/ossl_ocsp.c.orig 2007-06-09 00:02:04.000000000 +0900 -+++ ext/openssl/ossl_ocsp.c -@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv - static VALUE - ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) - { -- VALUE certs, store, flags; -+ VALUE certs, store, flags, result; - OCSP_BASICRESP *bs; - STACK_OF(X509) *x509s; - X509_STORE *x509st; -- int flg, result; -+ int flg; - - rb_scan_args(argc, argv, "21", &certs, &store, &flags); - x509st = GetX509StorePtr(store); - flg = NIL_P(flags) ? 0 : INT2NUM(flags); - x509s = ossl_x509_ary2sk(certs); - GetOCSPBasicRes(self, bs); -- result = OCSP_basic_verify(bs, x509s, x509st, flg); -+ result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse; - sk_X509_pop_free(x509s, X509_free); - if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); - -- return result ? Qtrue : Qfalse; -+ return result; - } - - /* |