From owner-cvs-all@FreeBSD.ORG  Thu Nov 25 18:09:13 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CF9D716A4CE; Thu, 25 Nov 2004 18:09:13 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9740643D45; Thu, 25 Nov 2004 18:09:13 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id 2EF383D37;
	Thu, 25 Nov 2004 13:09:09 -0500 (EST)
From: "Dan Langille" <dan@langille.org>
To: Mathieu Arnold <mat@FreeBSD.org>
Date: Thu, 25 Nov 2004 13:09:10 -0500
MIME-Version: 1.0
Message-ID: <41A5D976.27823.6AD537E7@localhost>
Priority: normal
In-reply-to: <CCF2E70770D90974D57C0BC8@[192.168.8.51]>
References: <41A5D6B3.11561.6ACA6DC1@localhost>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
cc: cvs-ports@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/lang/ruby16 Makefile ports/lang/ruby16/files
	patch-cgi.rb ports/lang/ruby18 Makefile ports/lang/ruby18/fi
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Nov 2004 18:09:14 -0000

On 25 Nov 2004 at 19:06, Mathieu Arnold wrote:

> +-le 25/11/2004 12:57 -0500, Dan Langille a dit :
> | On 25 Nov 2004 at 15:25, Simon L. Nielsen wrote:
> | 
> |> simon       2004-11-25 15:25:33 UTC
> |> 
> |>   FreeBSD ports repository (doc committer)
> |> 
> |>   Modified files:
> |>     lang/ruby16          Makefile 
> |>     lang/ruby18          Makefile 
> |>   Added files:
> |>     lang/ruby16/files    patch-cgi.rb 
> |>     lang/ruby18/files    patch-cgi.rb 
> |>   Log:
> |>   Fix DoS in the Ruby CGI module.
> |>   
> |>   Obtained from:  ruby CVS
> |>   Reviewed by:    trhodes
> |>   OK'ed by:       maintainer silence
> |>   With hat:       secteam
> |>   
> |>   Revision  Changes    Path
> |>   1.109     +1 -0      ports/lang/ruby16/Makefile
> |>   1.1       +30 -0     ports/lang/ruby16/files/patch-cgi.rb (new)
> |>   1.78      +1 -1      ports/lang/ruby18/Makefile
> |>   1.1       +27 -0     ports/lang/ruby18/files/patch-cgi.rb (new)
> | 
> | Thank you for the upgrade.
> | 
> | The build process seems to think that the latest and greatest is also 
> | vulnerable:
> | 
> | [dan@polo:/usr/ports/lang/ruby18] $ sudo make install
> |  ===> ruby-1.8.2.p2_2 has known vulnerabilities:
> |  >> ruby -- CGI DoS.
> |  Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-
> | 11d9-a9e7-0001020eed82.html>
> | 
> | Yet, that url claims that ruby-1.8.2.p2_2 is not vulnernable.
> | 
> | They can't both be right!  ;)
> 
> I think you should run portaudit -F

That seems to have fixed things...

Should the build process mention that?  Or should I just know it?
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/