head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.10 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.8 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.6 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.4 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.2 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q1:1.5.0.6 pkgsrc-2009Q1-base:1.5 pkgsrc-2008Q4:1.5.0.4 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.2 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.4.0.4 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.2 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2; locks; strict; comment @# @; 1.6 date 2009.04.16.17.11.12; author taca; state dead; branches; next 1.5; 1.5 date 2008.09.14.05.17.18; author taca; state Exp; branches 1.5.6.1; next 1.4; 1.4 date 2008.06.19.14.35.37; author taca; state dead; branches 1.4.2.1; next 1.3; 1.3 date 2008.05.14.10.09.00; author taca; state Exp; branches; next 1.2; 1.2 date 2007.09.24.21.58.30; author taca; state dead; branches 1.2.6.1; next 1.1; 1.1 date 2007.09.09.14.17.13; author taca; state Exp; branches; next ; 1.5.6.1 date 2009.05.01.12.42.02; author tron; state dead; branches; next ; 1.4.2.1 date 2008.09.17.10.41.38; author tron; state Exp; branches; next ; 1.2.6.1 date 2008.06.28.11.59.46; author tron; state Exp; branches; next ; desc @@ 1.6 log @Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447. @ text @$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $ Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790. (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) --- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900 +++ lib/rexml/document.rb @@@@ -32,6 +32,7 @@@@ module REXML # @@param context if supplied, contains the context of the document; # this should be a Hash. def initialize( source = nil, context = {} ) + @@entity_expansion_count = 0 super() @@context = context return if source.nil? @@@@ -200,6 +201,27 @@@@ module REXML Parsers::StreamParser.new( source, listener ).parse end + @@@@entity_expansion_limit = 10_000 + + # Set the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit=( val ) + @@@@entity_expansion_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit + return @@@@entity_expansion_limit + end + + attr_reader :entity_expansion_count + + def record_entity_expansion + @@entity_expansion_count += 1 + if @@entity_expansion_count > @@@@entity_expansion_limit + raise "number of entity expansions exceeded, processing aborted." + end + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse @ 1.5 log @Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) from ruby_1_8 branch. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.5.6.1 log @Pullup ticket #2752 - requested by taca ruby18-base: security update ruby18-curses: security update ruby18-tk: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.45 - lang/ruby18-base/Makefile 1.50 - lang/ruby18-base/distinfo 1.36 - lang/ruby18-base/patches/patch-dg delete - lang/ruby18-base/patches/patch-dh delete - lang/ruby18-base/patches/patch-dj delete - devel/ruby-curses/distinfo 1.18 - x11/ruby-tk/distinfo 1.21 --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:10:17 UTC 2009 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Bump Ruby 1.8.7's patch level to 160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:11:12 UTC 2009 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj Log Message: Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:18 UTC 2009 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:42 UTC 2009 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160. @ text @d1 1 a1 1 $NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $ @ 1.4 log @Update ruby18-base package to 1.8.7. Since chanes are too much to write here, please refer http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog @ text @d1 1 a1 1 $NetBSD: patch-dg,v 1.3 2008/05/14 10:09:00 taca Exp $ d3 16 a18 16 --- ext/openssl/ossl_hmac.c.orig 2007-03-12 13:12:32.000000000 +0900 +++ ext/openssl/ossl_hmac.c @@@@ -81,9 +81,7 @@@@ ossl_hmac_copy(VALUE self, VALUE other) GetHMAC(self, ctx1); SafeGetHMAC(other, ctx2); - if (!HMAC_CTX_copy(ctx1, ctx2)) { - ossl_raise(eHMACError, NULL); - } + HMAC_CTX_copy(ctx1, ctx2); return self; } @@@@ -104,9 +102,7 @@@@ hmac_final(HMAC_CTX *ctx, char **buf, in { HMAC_CTX final; d20 24 a43 7 - if (!HMAC_CTX_copy(&final, ctx)) { - ossl_raise(eHMACError, NULL); - } + HMAC_CTX_copy(&final, ctx); if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { HMAC_CTX_cleanup(&final); OSSL_Debug("Allocating %d mem", HMAC_size(&final)); @ 1.4.2.1 log @Pullup ticket #2528 - requested by taca ruby18-base: security patch Revisions pulled up: - lang/ruby18-base/Makefile 1.47 - lang/ruby18-base/distinfo 1.34 - lang/ruby18-base/patches/patch-dg 1.5 - lang/ruby18-base/patches/patch-dh 1.3 --- Module Name: pkgsrc Committed By: taca Date: Sun Sep 14 05:17:18 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh Log Message: Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) from ruby_1_8 branch. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 16 a18 16 Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790. (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) --- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900 +++ lib/rexml/document.rb @@@@ -32,6 +32,7 @@@@ module REXML # @@param context if supplied, contains the context of the document; # this should be a Hash. def initialize( source = nil, context = {} ) + @@entity_expansion_count = 0 super() @@context = context return if source.nil? @@@@ -200,6 +201,27 @@@@ module REXML Parsers::StreamParser.new( source, listener ).parse end d20 7 a26 24 + @@@@entity_expansion_limit = 10_000 + + # Set the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit=( val ) + @@@@entity_expansion_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_limit + return @@@@entity_expansion_limit + end + + attr_reader :entity_expansion_count + + def record_entity_expansion + @@entity_expansion_count += 1 + if @@entity_expansion_count > @@@@entity_expansion_limit + raise "number of entity expansions exceeded, processing aborted." + end + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse @ 1.3 log @Fix build problem with recent NetBSD current with post version of OpenSSL 0.9.8g. Since this is fix for build problem only, I don't bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update Ruby to 1.8.6-p110. Approved by wiz@@. This is bug fix release of Ruby 1.8.6. Especially it fixes thread/eval function problem on Mac OS X. It also contains an openssl extention's portablity problem which was bad patch by pkgsrc. For more detail, please refer CHANGES file. @ text @d1 1 a1 1 $NetBSD: patch-dg,v 1.1 2007/09/09 14:17:13 taca Exp $ d3 16 a18 6 This is a fix for ruby-1.8.6 patchlevel 36. --- lib/base64.rb.orig 2007-02-27 20:51:55.000000000 +0900 +++ lib/base64.rb @@@@ -110,7 +110,7 @@@@ module Base64 # UnVieQ== d20 7 a26 6 def b64encode(bin, len = 60) - encode64(bin).scan(/.{1,#{len}}/o) do + encode64(bin).scan(/.{1,#{len}}/) do print $&, "\n" end end @ 1.2.6.1 log @Pullup ticket #2436 - requested by taca Security update for ruby packages Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix the security vulnerability reported in CVE-2008-2726. @ text @d1 1 a1 1 $NetBSD$ d3 6 a8 16 --- ext/openssl/ossl_hmac.c.orig 2007-03-12 13:12:32.000000000 +0900 +++ ext/openssl/ossl_hmac.c @@@@ -81,9 +81,7 @@@@ ossl_hmac_copy(VALUE self, VALUE other) GetHMAC(self, ctx1); SafeGetHMAC(other, ctx2); - if (!HMAC_CTX_copy(ctx1, ctx2)) { - ossl_raise(eHMACError, NULL); - } + HMAC_CTX_copy(ctx1, ctx2); return self; } @@@@ -104,9 +102,7 @@@@ hmac_final(HMAC_CTX *ctx, char **buf, in { HMAC_CTX final; d10 6 a15 7 - if (!HMAC_CTX_copy(&final, ctx)) { - ossl_raise(eHMACError, NULL); - } + HMAC_CTX_copy(&final, ctx); if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { HMAC_CTX_cleanup(&final); OSSL_Debug("Allocating %d mem", HMAC_size(&final)); @ 1.1 log @Update ruby18-base to 1.8.6.36 (Ruby 1.8.6 patchlevel 36). Ruby 1.8.6 patchlevel 36 is maintainous release of Ruby. Changes are too many, please see ChangeLog: http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_36/ChangeLog @ text @d1 1 a1 1 $NetBSD$ @