head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.6
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.4
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.2
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.3.0.8
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2011Q1:1.3.0.6
	pkgsrc-2011Q1-base:1.3
	pkgsrc-2010Q4:1.3.0.4
	pkgsrc-2010Q4-base:1.3
	pkgsrc-2010Q3:1.3.0.2
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.2.0.6
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.4
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2;
locks; strict;
comment	@# @;


1.4
date	2011.08.12.15.33.13;	author taca;	state dead;
branches;
next	1.3;

1.3
date	2010.09.10.03.29.00;	author taca;	state Exp;
branches;
next	1.2;

1.2
date	2010.01.14.15.07.28;	author taca;	state Exp;
branches;
next	1.1;

1.1
date	2010.01.10.15.33.28;	author taca;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update ruby18-base pacakge to 1.8.7.352 (1.8.7-p352).

This is maintenance release.  For more detail chagge, plrease refer:

http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
@
text
@$NetBSD: patch-dw,v 1.3 2010/09/10 03:29:00 taca Exp $

Additional fix after webrick security fix.

http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/

--- lib/webrick/accesslog.rb.orig	2010-01-10 10:30:06.000000000 +0000
+++ lib/webrick/accesslog.rb
@@@@ -53,7 +53,7 @@@@ module WEBrick
          when ?e, ?i, ?n, ?o
            raise AccessLogError,
              "parameter is required for \"#{spec}\"" unless param
-           param = params[spec][param] ? escape(param) : "-"
+           (param = params[spec][param]) ? escape(param) : "-"
          when ?t
            params[spec].strftime(param || CLF_TIME_FORMAT)
          when ?%
@


1.3
log
@Update ruby18-base to 1.8.7.302 (Ruby 1.8.7 patchlevel 302).

Since many changes from previous release, please refer
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/.

Note: Since all security updates are already in previous package,
This update dosen't include any securify fix.
@
text
@d1 1
a1 1
$NetBSD: patch-dw,v 1.2 2010/01/14 15:07:28 taca Exp $
@


1.2
log
@Fix a small problem by precious webrick security fix from Ruby's
repositry (r26281).

Also use COMPILER_RPATH_FLAG in Makefile.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD: patch-dw,v 1.1 2010/01/10 15:33:28 taca Exp $
d3 1
a3 1
webrick security fix.
d7 1
a7 1
--- lib/webrick/accesslog.rb.orig	2007-02-12 23:01:19.000000000 +0000
d9 1
a9 1
@@@@ -53,15 +53,23 @@@@ module WEBrick
d13 1
a13 1
-           params[spec][param] || "-"
a17 17
            "%"
          else
-           params[spec]
+           escape(params[spec].to_s)
          end
       }
     end
+
+    def escape(data)
+      if data.tainted?
+        data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint
+      else
+        data
+      end
+    end
   end
 end
@


1.1
log
@Add patches for security problem of webrick.

http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
d14 1
a14 1
+           param = params[spec][param] ? escape(param) : "-"
@