diff options
| author | simon <simon@FreeBSD.org> | 2005-07-03 18:26:31 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-07-03 18:26:31 +0800 |
| commit | 11b375fdbc803905c1f0fe764109a8b6df88474d (patch) | |
| tree | a038a41034e41f4c3f22a13487ab36bd0628a4b3 /lang/ruby18 | |
| parent | f5e381cf1674b6443f5a119b45893a815d350e7d (diff) | |
| download | freebsd-ports-gnome-11b375fdbc803905c1f0fe764109a8b6df88474d.tar.gz freebsd-ports-gnome-11b375fdbc803905c1f0fe764109a8b6df88474d.tar.zst freebsd-ports-gnome-11b375fdbc803905c1f0fe764109a8b6df88474d.zip | |
Fix arbitrary command execution in XMLRPC server.
PR: ports/82855
Submitted by: Renato Botelho <freebsd@galle.com.br>
Obtained from: Ruby CVS
Approved by: maintainer timeout (1 day; security)
With hat: secteam
Security: CAN-2005-1992
Security: http://vuxml.FreeBSD.org/594eb447-e398-11d9-a8bd-000cf18bbe54.html
Diffstat (limited to 'lang/ruby18')
| -rw-r--r-- | lang/ruby18/Makefile | 2 | ||||
| -rw-r--r-- | lang/ruby18/files/patch-lib_xmlrpc_utils.rb | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile index e50c2d715ab7..8bc1874f16f0 100644 --- a/lang/ruby18/Makefile +++ b/lang/ruby18/Makefile @@ -7,7 +7,7 @@ PORTNAME= ruby PORTVERSION= ${RUBY_PORTVERSION} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= lang ruby ipv6 MASTER_SITES= ${MASTER_SITE_RUBY} MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY} diff --git a/lang/ruby18/files/patch-lib_xmlrpc_utils.rb b/lang/ruby18/files/patch-lib_xmlrpc_utils.rb new file mode 100644 index 000000000000..bdf98e240ba7 --- /dev/null +++ b/lang/ruby18/files/patch-lib_xmlrpc_utils.rb @@ -0,0 +1,11 @@ +--- lib/xmlrpc/utils.rb.orig Fri Jul 1 07:38:00 2005 ++++ lib/xmlrpc/utils.rb Fri Jul 1 07:38:55 2005 +@@ -138,7 +138,7 @@ + + def get_methods(obj, delim=".") + prefix = @prefix + delim +- obj.class.public_instance_methods.collect { |name| ++ obj.class.public_instance_methods(false).collect { |name| + [prefix + name, obj.method(name).to_proc, nil, nil] + } + end |