head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.10
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.8
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.6
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.4.0.4
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2009Q4:1.4.0.2
	pkgsrc-2009Q4-base:1.4
	pkgsrc-2009Q1:1.3.0.6
	pkgsrc-2009Q1-base:1.3
	pkgsrc-2008Q4:1.3.0.4
	pkgsrc-2008Q4-base:1.3
	pkgsrc-2008Q3:1.3.0.2
	pkgsrc-2008Q3-base:1.3
	cube-native-xorg:1.2.0.10
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.8
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.6
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.4
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.2
	pkgsrc-2007Q3-base:1.2;
locks; strict;
comment	@# @;


1.4
date	2009.04.16.17.11.12;	author taca;	state dead;
branches;
next	1.3;

1.3
date	2008.09.14.05.17.18;	author taca;	state Exp;
branches
	1.3.6.1;
next	1.2;

1.2
date	2007.10.06.06.12.36;	author taca;	state dead;
branches
	1.2.8.1;
next	1.1;

1.1
date	2007.09.30.04.08.17;	author taca;	state Exp;
branches;
next	;

1.3.6.1
date	2009.05.01.12.42.02;	author tron;	state dead;
branches;
next	;

1.2.8.1
date	2008.09.17.10.41.38;	author tron;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update ruby18-base-1.8.7.160 (1.8.7-p160).

This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7.  Check the ChangeLog for more details.

Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
@
text
@$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $

Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)

--- lib/rexml/entity.rb.orig	2008-04-18 16:22:13.000000000 +0900
+++ lib/rexml/entity.rb
@@@@ -73,6 +73,7 @@@@ module REXML
 		# all entities -- both %ent; and &ent; entities.  This differs from
 		# +value()+ in that +value+ only replaces %ent; entities.
 		def unnormalized
+                        document.record_entity_expansion
 			v = value()
 			return nil if v.nil?
 			@@unnormalized = Text::unnormalize(v, parent)
@


1.3
log
@Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
from ruby_1_8 branch.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.3.6.1
log
@Pullup ticket #2752 - requested by taca
ruby18-base: security update
ruby18-curses: security update
ruby18-tk: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk			1.45
- lang/ruby18-base/Makefile			1.50
- lang/ruby18-base/distinfo			1.36
- lang/ruby18-base/patches/patch-dg		delete
- lang/ruby18-base/patches/patch-dh		delete
- lang/ruby18-base/patches/patch-dj		delete
- devel/ruby-curses/distinfo			1.18
- x11/ruby-tk/distinfo				1.21
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Apr 16 17:10:17 UTC 2009

Modified Files:
	pkgsrc/lang/ruby: rubyversion.mk

Log Message:
Bump Ruby 1.8.7's patch level to 160.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Apr 16 17:11:12 UTC 2009

Modified Files:
	pkgsrc/lang/ruby18-base: Makefile distinfo
Removed Files:
	pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj

Log Message:
Update ruby18-base-1.8.7.160 (1.8.7-p160).

This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7.  Check the ChangeLog for more details.

Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Apr 16 17:12:18 UTC 2009

Modified Files:
	pkgsrc/devel/ruby-curses: distinfo

Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Apr 16 17:12:42 UTC 2009

Modified Files:
	pkgsrc/x11/ruby-tk: distinfo

Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
@
text
@d1 1
a1 1
$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $
@


1.2
log
@Update Ruby packages to 1.8.6-p111.

Basically, no change since previous update except Net::HTTP default
@@enable_post_connection_check was wrongly set to true.  (It might
cause compatibility problem.)
@
text
@d1 1
a1 1
$NetBSD: patch-dh,v 1.1 2007/09/30 04:08:17 taca Exp $
d3 13
a15 35
--- lib/net/http.rb.orig	2007-02-13 08:01:19.000000000 +0900
+++ lib/net/http.rb
@@@@ -470,6 +470,7 @@@@ module Net   #:nodoc:
       @@debug_output = nil
       @@use_ssl = false
       @@ssl_context = nil
+      @@enable_post_connection_check = true
     end
 
     def inspect
@@@@ -526,6 +527,9 @@@@ module Net   #:nodoc:
       false   # redefined in net/https
     end
 
+    # specify enabling SSL server certificate and hostname checking.
+    attr_accessor :enable_post_connection_check
+
     # Opens TCP connection and HTTP session.
     # 
     # When this method is called with block, gives a HTTP object
@@@@ -584,6 +588,14 @@@@ module Net   #:nodoc:
           HTTPResponse.read_new(@@socket).value
         end
         s.connect
+        if @@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          begin
+            s.post_connection_check(@@address)
+          rescue OpenSSL::SSL::SSLError => ex
+            raise ex if @@enable_post_connection_check
+            warn ex.message
+          end
+        end
       end
       on_connect
     end
@


1.2.8.1
log
@Pullup ticket #2528 - requested by taca
ruby18-base: security patch

Revisions pulled up:
- lang/ruby18-base/Makefile		1.47
- lang/ruby18-base/distinfo		1.34
- lang/ruby18-base/patches/patch-dg	1.5
- lang/ruby18-base/patches/patch-dh	1.3
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Sun Sep 14 05:17:18 UTC 2008

Modified Files:
	pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
	pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh

Log Message:
Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
from ruby_1_8 branch.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
d3 35
a37 13
Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)

--- lib/rexml/entity.rb.orig	2008-04-18 16:22:13.000000000 +0900
+++ lib/rexml/entity.rb
@@@@ -73,6 +73,7 @@@@ module REXML
 		# all entities -- both %ent; and &ent; entities.  This differs from
 		# +value()+ in that +value+ only replaces %ent; entities.
 		def unnormalized
+                        document.record_entity_expansion
 			v = value()
 			return nil if v.nil?
 			@@unnormalized = Text::unnormalize(v, parent)
@


1.1
log
@Add patches against Ruby 1.8.6-p111.  Since 1.8.6-p111 dosen't
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.

This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@