lang/ruby18-base/patches/patch-dh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $

Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)

--- lib/rexml/entity.rb.orig	2008-04-18 16:22:13.000000000 +0900
+++ lib/rexml/entity.rb
@@ -73,6 +73,7 @@ module REXML
 		# all entities -- both %ent; and &ent; entities.  This differs from
 		# +value()+ in that +value+ only replaces %ent; entities.
 		def unnormalized
+                        document.record_entity_expansion
 			v = value()
 			return nil if v.nil?
 			@unnormalized = Text::unnormalize(v, parent)