Fix arbitrary command execution in XMLRPC server.

PR: ports/82855 Submitted by: Renato Botelho <freebsd@galle.com.br> Obtained from: Ruby CVS Approved by: maintainer timeout (1 day; security) With hat: secteam Security: CAN-2005-1992 Security: http://vuxml.FreeBSD.org/594eb447-e398-11d9-a8bd-000cf18bbe54.html
author: Simon L. B. Nielsen <simon@FreeBSD.org> 2005-07-03 10:26:31 +0000
committer: Simon L. B. Nielsen <simon@FreeBSD.org> 2005-07-03 10:26:31 +0000
commit: 575be647d695c2a0bc20dbfd715f8311172853a1 (patch)
tree: a46f27233922d5d41dbc0d6c076d3edef6a4f270 /lang/ruby18
parent: - Better WWW (diff)
2 files changed, 12 insertions, 1 deletions
diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile
index e50c2d715ab7..8bc1874f16f0 100644
--- a/lang/ruby18/Makefile
+++ b/lang/ruby18/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	ruby
 PORTVERSION=	${RUBY_PORTVERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	lang ruby ipv6
 MASTER_SITES=		${MASTER_SITE_RUBY}
 MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR_RUBY}
diff --git a/lang/ruby18/files/patch-lib_xmlrpc_utils.rb b/lang/ruby18/files/patch-lib_xmlrpc_utils.rb
new file mode 100644
index 000000000000..bdf98e240ba7
--- /dev/null
+++ b/lang/ruby18/files/patch-lib_xmlrpc_utils.rb
@@ -0,0 +1,11 @@
+--- lib/xmlrpc/utils.rb.orig	Fri Jul  1 07:38:00 2005
++++ lib/xmlrpc/utils.rb	Fri Jul  1 07:38:55 2005
+@@ -138,7 +138,7 @@
+ 
+     def get_methods(obj, delim=".")
+       prefix = @prefix + delim
+-      obj.class.public_instance_methods.collect { |name|
++      obj.class.public_instance_methods(false).collect { |name|
+         [prefix + name, obj.method(name).to_proc, nil, nil] 
+       }
+     end
author	Simon L. B. Nielsen <simon@FreeBSD.org>	2005-07-03 10:26:31 +0000
committer	Simon L. B. Nielsen <simon@FreeBSD.org>	2005-07-03 10:26:31 +0000
commit	575be647d695c2a0bc20dbfd715f8311172853a1 (patch)
tree	a46f27233922d5d41dbc0d6c076d3edef6a4f270 /lang/ruby18
parent	- Better WWW (diff)