[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Update ruby18-base-1.8.7.160 (1.8.7-p...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang/ruby18-base Update ruby18-base-1.8.7.160 (1.8.7-p...
From: taca <taca%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:36:00 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3b655a6f18e6
branches:  trunk
changeset: 557497:3b655a6f18e6
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Apr 16 17:11:12 2009 +0000

description:
Update ruby18-base-1.8.7.160 (1.8.7-p160).

This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7.  Check the ChangeLog for more details.

Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.

diffstat:

 lang/ruby18-base/Makefile         |   3 +-
 lang/ruby18-base/distinfo         |  11 +++------
 lang/ruby18-base/patches/patch-dg |  43 ---------------------------------------
 lang/ruby18-base/patches/patch-dh |  15 -------------
 lang/ruby18-base/patches/patch-dj |  34 ------------------------------
 5 files changed, 5 insertions(+), 101 deletions(-)

diffs (137 lines):

diff -r 4b5f882106cb -r 3b655a6f18e6 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Thu Apr 16 17:10:17 2009 +0000
+++ b/lang/ruby18-base/Makefile Thu Apr 16 17:11:12 2009 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $
+# $NetBSD: Makefile,v 1.50 2009/04/16 17:11:12 taca Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
-PKGREVISION=   3
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 #PKGREVISION=
diff -r 4b5f882106cb -r 3b655a6f18e6 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Thu Apr 16 17:10:17 2009 +0000
+++ b/lang/ruby18-base/distinfo Thu Apr 16 17:11:12 2009 +0000
@@ -1,11 +1,8 @@
-$NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $
+$NetBSD: distinfo,v 1.36 2009/04/16 17:11:12 taca Exp $
 
-SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
-RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
-Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes
+SHA1 (ruby-1.8.7-p160.tar.bz2) = 64ed631a819f28d9dd86d2c699e1b0a94d7e5dc9
+RMD160 (ruby-1.8.7-p160.tar.bz2) = 77469c9c4e9303f2ec8ca72a0cbf98b674cb1415
+Size (ruby-1.8.7-p160.tar.bz2) = 4137518 bytes
 SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994
 SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
 SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
-SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e
-SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c
-SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6
diff -r 4b5f882106cb -r 3b655a6f18e6 lang/ruby18-base/patches/patch-dg
--- a/lang/ruby18-base/patches/patch-dg Thu Apr 16 17:10:17 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/document.rb.orig 2008-06-06 17:05:24.000000000 +0900
-+++ lib/rexml/document.rb
-@@ -32,6 +32,7 @@ module REXML
-         # @param context if supplied, contains the context of the document;
-         # this should be a Hash.
-               def initialize( source = nil, context = {} )
-+      @entity_expansion_count = 0
-                       super()
-                       @context = context
-                       return if source.nil?
-@@ -200,6 +201,27 @@ module REXML
-                       Parsers::StreamParser.new( source, listener ).parse
-               end
- 
-+    @@entity_expansion_limit = 10_000
-+
-+    # Set the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit=( val )
-+      @@entity_expansion_limit = val
-+    end
-+
-+    # Get the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit
-+      return @@entity_expansion_limit
-+    end
-+
-+    attr_reader :entity_expansion_count
-+    
-+    def record_entity_expansion
-+      @entity_expansion_count += 1
-+      if @entity_expansion_count > @@entity_expansion_limit
-+        raise "number of entity expansions exceeded, processing aborted."
-+      end
-+    end
-+
-               private
-               def build( source )
-       Parsers::TreeParser.new( source, self ).parse
diff -r 4b5f882106cb -r 3b655a6f18e6 lang/ruby18-base/patches/patch-dh
--- a/lang/ruby18-base/patches/patch-dh Thu Apr 16 17:10:17 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/entity.rb.orig   2008-04-18 16:22:13.000000000 +0900
-+++ lib/rexml/entity.rb
-@@ -73,6 +73,7 @@ module REXML
-               # all entities -- both %ent; and &ent; entities.  This differs from
-               # +value()+ in that +value+ only replaces %ent; entities.
-               def unnormalized
-+                        document.record_entity_expansion
-                       v = value()
-                       return nil if v.nil?
-                       @unnormalized = Text::unnormalize(v, parent)
diff -r 4b5f882106cb -r 3b655a6f18e6 lang/ruby18-base/patches/patch-dj
--- a/lang/ruby18-base/patches/patch-dj Thu Apr 16 17:10:17 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
-
-Online Certificate Status Protocol's verify method fix from Ruby's
-repository: revision 22440.
-
---- ext/openssl/ossl_ocsp.c.orig       2007-06-09 00:02:04.000000000 +0900
-+++ ext/openssl/ossl_ocsp.c
-@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
- static VALUE
- ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
- {
--    VALUE certs, store, flags;
-+    VALUE certs, store, flags, result;
-     OCSP_BASICRESP *bs;
-     STACK_OF(X509) *x509s;
-     X509_STORE *x509st;
--    int flg, result;
-+    int flg;
- 
-     rb_scan_args(argc, argv, "21", &certs, &store, &flags);
-     x509st = GetX509StorePtr(store);
-     flg = NIL_P(flags) ? 0 : INT2NUM(flags);
-     x509s = ossl_x509_ary2sk(certs);
-     GetOCSPBasicRes(self, bs);
--    result = OCSP_basic_verify(bs, x509s, x509st, flg);
-+    result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
-     sk_X509_pop_free(x509s, X509_free);
-     if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- 
--    return result ? Qtrue : Qfalse;
-+    return result;
- }
- 
- /*

Prev by Date: [pkgsrc/trunk]: pkgsrc/x11/rep-gtk2 add a bl3.mk
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/libgweather update to 2.26.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/x11/rep-gtk2 add a bl3.mk
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/libgweather update to 2.26.1
Indexes:

Home | Main Index | Thread Index | Old Index