head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.32 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.30 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.28 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.26 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.24 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.22 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.20 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.18 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.16 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.14 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.12 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.10 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.8 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.6 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.4 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.2 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2006.09.07.15.40.01; author taca; state dead; branches; next 1.1; 1.1 date 2006.07.30.23.12.50; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.07.30.23.12.50; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.07.31.22.43.13; author salo; state Exp; branches; next ; desc @@ 1.2 log @Update Ruby to 1.8.5 (+ ruby-1-8 branch on 2006-09-07). pkgsrc changes: * Add RUBY_DYNAMIC_DIRS which cause generating dynamic PLIST entries. * Move using buildlinks to rubyversion.mk. * Merge converters/ruby-iconv to ruby18-base. Ruby changes: * too may, see ChangeLog file or http://eigenclass.org/hiki.rb?ruby+1.8.5+changelog @ text @$NetBSD: patch-ck,v 1.1 2006/07/30 23:12:50 taca Exp $ # fix for JVN#13947696 (part of CVE-2006-3694) --- dir.c.orig 2005-09-14 22:40:58.000000000 +0900 +++ dir.c @@@@ -325,7 +325,17 @@@@ dir_closed() rb_raise(rb_eIOError, "closed directory"); } +static void +dir_check(dir) + VALUE dir; +{ + if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir"); + rb_check_frozen(dir); +} + #define GetDIR(obj, dirp) do {\ + dir_check(dir);\ Data_Get_Struct(obj, struct dir_data, dirp);\ if (dirp->dir == NULL) dir_closed();\ } while (0) @@@@ -536,6 +546,9 @@@@ dir_close(dir) { struct dir_data *dirp; + if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) { + rb_raise(rb_eSecurityError, "Insecure: can't close"); + } GetDIR(dir, dirp); closedir(dirp->dir); dirp->dir = NULL; @ 1.1 log @- Security fix for CVE-2006-3694 (JVN#13947696 and JVN#83768862). - Import yaml problem and fix document generation for ri(1). - minor clean up to pkgsrc. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ck was added on branch pkgsrc-2006Q2 on 2006-07-30 23:12:50 +0000 @ text @d1 34 @ 1.1.2.2 log @Pullup ticket 1764 - requested by taca security fix for ruby18-base Module Name: pkgsrc Committed By: taca Date: Sun Jul 30 23:12:50 UTC 2006 Modified Files: pkgsrc/lang/ruby18-base: Makefile PLIST distinfo pkgsrc/lang/ruby18-base/patches: patch-ad patch-cc Added Files: pkgsrc/lang/ruby18-base/patches: patch-ck patch-cl patch-cm patch-cn patch-co Log Message: - Security fix for CVE-2006-3694 (JVN#13947696 and JVN#83768862). - Import yaml problem and fix document generation for ri(1). - minor clean up to pkgsrc. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon Jul 31 11:29:03 UTC 2006 Modified Files: pkgsrc/lang/ruby18-base: Makefile PLIST distinfo pkgsrc/lang/ruby18-base/patches: patch-cm Log Message: - Fix PLIST problem; a extra entry. - Reduce warning of optparse.rb when generating ri(1) database. Bump PKGREVISION. @ text @a0 34 $NetBSD: patch-ck,v 1.1.2.1 2006/07/31 22:43:13 salo Exp $ # fix for JVN#13947696 (part of CVE-2006-3694) --- dir.c.orig 2005-09-14 22:40:58.000000000 +0900 +++ dir.c @@@@ -325,7 +325,17 @@@@ dir_closed() rb_raise(rb_eIOError, "closed directory"); } +static void +dir_check(dir) + VALUE dir; +{ + if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir"); + rb_check_frozen(dir); +} + #define GetDIR(obj, dirp) do {\ + dir_check(dir);\ Data_Get_Struct(obj, struct dir_data, dirp);\ if (dirp->dir == NULL) dir_closed();\ } while (0) @@@@ -536,6 +546,9 @@@@ dir_close(dir) { struct dir_data *dirp; + if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) { + rb_raise(rb_eSecurityError, "Insecure: can't close"); + } GetDIR(dir, dirp); closedir(dirp->dir); dirp->dir = NULL; @