- Fix last discovered security vulnerabilities.

VuXML id: 76562594-1f19-11db-b7d4-0008743bf21a
author: Sergey Matveychuk <sem@FreeBSD.org> 2006-07-30 09:55:21 +0000
committer: Sergey Matveychuk <sem@FreeBSD.org> 2006-07-30 09:55:21 +0000
commit: 331546a499aedd44411dff2659a5886901afb3d9 (patch)
tree: eb42dbb73ec4ca71328d70bce78e38027b1a19f9 /lang/ruby18
parent: - Update apache to 1.3.37 (diff)
4 files changed, 77 insertions, 1 deletions
diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile
index 51698d350b70..f35cf29af73c 100644
--- a/lang/ruby18/Makefile
+++ b/lang/ruby18/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	ruby
 PORTVERSION=	${RUBY_PORTVERSION}
-PORTREVISION=	8
+PORTREVISION=	9
 PORTEPOCH=	1
 CATEGORIES=	lang ruby ipv6
 MASTER_SITES=		${MASTER_SITE_RUBY}
diff --git a/lang/ruby18/files/patch-dir.c-security b/lang/ruby18/files/patch-dir.c-security
new file mode 100644
index 000000000000..5b57a13db4cc
--- /dev/null
+++ b/lang/ruby18/files/patch-dir.c-security
@@ -0,0 +1,30 @@
+--- dir.c.orig	Thu Jul 13 01:48:12 2006
++++ dir.c	Thu Jul 13 01:49:53 2006
+@@ -325,7 +325,17 @@
+     rb_raise(rb_eIOError, "closed directory");
+ }
+ 
++static void
++dir_check(dir)
++    VALUE dir;
++{
++    if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
++	rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
++    rb_check_frozen(dir);
++}
++
+ #define GetDIR(obj, dirp) do {\
++    dir_check(dir);\
+     Data_Get_Struct(obj, struct dir_data, dirp);\
+     if (dirp->dir == NULL) dir_closed();\
+ } while (0)
+@@ -535,6 +545,9 @@
+ {
+     struct dir_data *dirp;
+ 
++    if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
++	rb_raise(rb_eSecurityError, "Insecure: can't close");
++    }
+     GetDIR(dir, dirp);
+     closedir(dirp->dir);
+     dirp->dir = NULL;
diff --git a/lang/ruby18/files/patch-eval.c-security b/lang/ruby18/files/patch-eval.c-security
new file mode 100644
index 000000000000..37f0212396a4
--- /dev/null
+++ b/lang/ruby18/files/patch-eval.c-security
@@ -0,0 +1,35 @@
+--- eval.c.orig	Thu Jul 13 01:48:12 2006
++++ eval.c	Thu Jul 13 01:49:37 2006
+@@ -2050,7 +2050,8 @@
+ 	}
+     }
+     st_insert(RCLASS(klass)->m_tbl, name,
+-      (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
++	      (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
++				    NOEX_WITH_SAFE(orig->nd_noex)));
+     if (singleton) {
+ 	rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
+     }
+@@ -5561,6 +5562,11 @@
+     TMP_PROTECT;
+     volatile int safe = -1;
+ 
++    if (NOEX_SAFE(flags) > ruby_safe_level &&
++	!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
++	rb_raise(rb_eSecurityError, "calling insecure method: %s",
++		 rb_id2name(id));
++    }
+     switch (ruby_iter->iter) {
+       case ITER_PRE:
+ 	itr = ITER_CUR;
+@@ -5664,10 +5670,6 @@
+ 	    b2 = body = body->nd_next;
+ 
+ 	    if (NOEX_SAFE(flags) > ruby_safe_level) {
+-		if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+-		    rb_raise(rb_eSecurityError, "calling insecure method: %s",
+-			     rb_id2name(id));
+-		}
+ 		safe = ruby_safe_level;
+ 		ruby_safe_level = NOEX_SAFE(flags);
+ 	    }
diff --git a/lang/ruby18/files/patch-re.c-security b/lang/ruby18/files/patch-re.c-security
new file mode 100644
index 000000000000..12057bf7b543
--- /dev/null
+++ b/lang/ruby18/files/patch-re.c-security
@@ -0,0 +1,11 @@
+--- re.c.orig	Thu Jul 13 01:48:12 2006
++++ re.c	Thu Jul 13 01:49:45 2006
+@@ -1330,6 +1330,8 @@
+ {
+     struct RRegexp *re = RREGEXP(obj);
+ 
++    if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
++	rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
+     if (re->ptr) re_free_pattern(re->ptr);
+     if (re->str) free(re->str);
+     re->ptr = 0;
author	Sergey Matveychuk <sem@FreeBSD.org>	2006-07-30 09:55:21 +0000
committer	Sergey Matveychuk <sem@FreeBSD.org>	2006-07-30 09:55:21 +0000
commit	331546a499aedd44411dff2659a5886901afb3d9 (patch)
tree	eb42dbb73ec4ca71328d70bce78e38027b1a19f9 /lang/ruby18
parent	- Update apache to 1.3.37 (diff)