3a030020ea
1.9, similar to how the lang/python ports are handled. ruby 1.8 now installs as ruby18 and ruby 1.9 installs as ruby19. The included MESSAGE files for both ports let you know the symlinks to set up if you want to make that version the default system ruby. Split port originally started by bernd@, many changes since by me, help and support from jcs@, landry@, jasper@, and sthen@. This causes a large amount of fallout in dependent ruby ports, which will be committed shortly. OK jcs@, landry@, jasper@, sthen@
26 lines
968 B
Plaintext
26 lines
968 B
Plaintext
$OpenBSD: patch-lib_rexml_document_rb,v 1.1 2010/09/23 21:58:50 jeremy Exp $
|
|
|
|
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
|
|
|
|
--- lib/rexml/document.rb.orig Sun Nov 4 05:50:15 2007
|
|
+++ lib/rexml/document.rb Thu Sep 4 09:53:31 2008
|
|
@@ -18,6 +18,18 @@ module REXML
|
|
# you create, you must add one; REXML documents do not write a default
|
|
# declaration for you. See |DECLARATION| and |write|.
|
|
class Document < Element
|
|
+ @@entity_expansion_limit = 10_000
|
|
+ def self.entity_expansion_limit= val
|
|
+ @@entity_expansion_limit = val
|
|
+ end
|
|
+
|
|
+ def record_entity_expansion!
|
|
+ @number_of_expansions ||= 0
|
|
+ @number_of_expansions += 1
|
|
+ if @number_of_expansions > @@entity_expansion_limit
|
|
+ raise "Number of entity expansions exceeded, processing aborted."
|
|
+ end
|
|
+ end
|
|
# A convenient default XML declaration. If you want an XML declaration,
|
|
# the easiest way to add one is mydoc << Document::DECLARATION
|
|
# +DEPRECATED+
|