On 07/01 12:34, Jeremy Evans wrote: > Ruby previously had an emulated approach for File.realpath, which did > not work correctly when using unveil(2). This backports a patch to > use realpath(3) for File.realpath that I recently committed upstream. > > I have tested this works as expected with unveil(2) on -current, and > have been running it on some personal apps for about a week to serve > Ruby web applications using unveil(2) instead of chroot(2) to limit file > system access. unveil(2) is a lot less fragile than chroot(2) for > limiting file system access in Ruby web applications, because many Ruby > libraries have an unfortunate tendency to load Ruby code at runtime from > locations under /usr/local/lib/ruby due to a misfeature called autoload. > > Regen patches while here. > > I plan to commit this in a couple days unless I hear objections.
Looks like I forgot to commit this in July. I've been running it since then with no problems. Today, new versions of Ruby 2.4, 2.5, and 2.6 were released to fix a minor issue in RDoc due to an embedded copy of JQuery. Release announcements at: https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-6-4-released/ https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/ https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-4-7-released/ I'm going to include the File.realpath patch with this version update. Ports-wise, this drops the PATCHFILES usage in ruby 2.6, as the patch is included in 2.6.4. It also regens patches. Tested on amd64. I plan to commit this in a couple days unless I hear objections. After that, I'll update 6.5-stable to get the security fix, but I will not be including the File.realpath patch in the -stable update. Thanks, Jeremy Index: 2.4/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.4/Makefile,v retrieving revision 1.17 diff -u -p -r1.17 Makefile --- 2.4/Makefile 25 Jun 2019 20:25:21 -0000 1.17 +++ 2.4/Makefile 28 Aug 2019 18:00:33 -0000 @@ -1,7 +1,6 @@ # $OpenBSD: Makefile,v 1.17 2019/06/25 20:25:21 sthen Exp $ -VERSION = 2.4.6 -REVISION-main = 0 +VERSION = 2.4.7 SHARED_LIBS = ruby24 2.0 NEXTVER = 2.5 Index: 2.4/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.4/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- 2.4/distinfo 3 Apr 2019 17:25:25 -0000 1.10 +++ 2.4/distinfo 28 Aug 2019 18:00:33 -0000 @@ -1,2 +1,2 @@ -SHA256 (ruby-2.4.6.tar.gz) = 3g3ICXAjcWCZ98im/8dRURuQ3n9WlPQBtZ8tBx25EL4= -SIZE (ruby-2.4.6.tar.gz) = 15880585 +SHA256 (ruby-2.4.7.tar.gz) = zW78cgympiJ0XiusefRebNY6sPWlOtfriBVF9Y/zi4k= +SIZE (ruby-2.4.7.tar.gz) = 16036496 Index: 2.4/patches/patch-file_c =================================================================== RCS file: 2.4/patches/patch-file_c diff -N 2.4/patches/patch-file_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ 2.4/patches/patch-file_c 28 Aug 2019 18:00:33 -0000 @@ -0,0 +1,102 @@ +$OpenBSD$ + +Backport use of realpath(3) for File.realpath to allow unveil(2) to work. + +Index: file.c +--- file.c.orig ++++ file.c +@@ -126,6 +126,9 @@ int flock(int, int); + #define STAT(p, s) stat((p), (s)) + #endif + ++#include <limits.h> ++#include <stdlib.h> ++ + VALUE rb_cFile; + VALUE rb_mFileTest; + VALUE rb_cStat; +@@ -3898,7 +3901,7 @@ realpath_rec(long *prefixlenp, VALUE *resolvedp, const + } + + static VALUE +-rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++rb_check_realpath_emulate(VALUE basedir, VALUE path, enum rb_realpath_mode mode) + { + long prefixlen; + VALUE resolved; +@@ -3980,6 +3983,75 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, + rb_enc_associate(resolved, origenc); + + OBJ_INFECT(resolved, unresolved_path); ++ return resolved; ++} ++ ++static VALUE rb_file_join(VALUE ary, VALUE sep); ++ ++static VALUE ++rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++{ ++ VALUE unresolved_path; ++ rb_encoding *origenc; ++ char *resolved_ptr = NULL; ++ VALUE resolved; ++ ++ if (mode == RB_REALPATH_DIR) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ } ++ ++ unresolved_path = rb_str_dup_frozen(path); ++ origenc = rb_enc_get(unresolved_path); ++ if (*RSTRING_PTR(unresolved_path) != '/' && !NIL_P(basedir)) { ++ unresolved_path = rb_file_join(rb_ary_new_from_args(2, basedir, unresolved_path), rb_str_new2("/")); ++ } ++ ++ if((resolved_ptr = realpath(RSTRING_PTR(unresolved_path), NULL)) == NULL) { ++ /* glibc realpath(3) does not allow /path/to/file.rb/../other_file.rb, ++ returning ENOTDIR in that case. ++ glibc realpath(3) can also return ENOENT for paths that exist, ++ such as /dev/fd/5. ++ Fallback to the emulated approach in either of those cases. */ ++ if (errno == ENOTDIR || ++ (errno == ENOENT && rb_file_exist_p(0, unresolved_path))) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ ++ } ++ if (mode == RB_REALPATH_CHECK) { ++ return Qnil; ++ } ++ rb_sys_fail_path(unresolved_path); ++ } ++ resolved = ospath_new(resolved_ptr, strlen(resolved_ptr), rb_filesystem_encoding()); ++ free(resolved_ptr); ++ ++ if (mode == RB_REALPATH_STRICT || mode == RB_REALPATH_CHECK) { ++ struct stat st; ++ ++ if (rb_stat(resolved, &st) < 0) { ++ if (mode == RB_REALPATH_STRICT) { ++ rb_sys_fail_path(unresolved_path); ++ } ++ return Qnil; ++ } ++ } ++ ++ if (origenc != rb_enc_get(resolved)) { ++ if (!rb_enc_str_asciionly_p(resolved)) { ++ resolved = rb_str_conv_enc(resolved, NULL, origenc); ++ } ++ rb_enc_associate(resolved, origenc); ++ } ++ ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_filesystem_encoding()); ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_ascii8bit_encoding()); ++ } ++ } ++ ++ rb_obj_taint(resolved); ++ RB_GC_GUARD(unresolved_path); + return resolved; + } + Index: 2.4/pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/2.4/pkg/PLIST-main,v retrieving revision 1.6 diff -u -p -r1.6 PLIST-main --- 2.4/pkg/PLIST-main 22 Oct 2018 14:45:52 -0000 1.6 +++ 2.4/pkg/PLIST-main 28 Aug 2019 18:00:33 -0000 @@ -369,7 +369,6 @@ lib/ruby/${REV}/rdoc/generator/template/ lib/ruby/${REV}/rdoc/generator/template/darkfish/index.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/js/ lib/ruby/${REV}/rdoc/generator/template/darkfish/js/darkfish.js -lib/ruby/${REV}/rdoc/generator/template/darkfish/js/jquery.js lib/ruby/${REV}/rdoc/generator/template/darkfish/js/search.js lib/ruby/${REV}/rdoc/generator/template/darkfish/page.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/servlet_not_found.rhtml @@ -1202,10 +1201,10 @@ lib/ruby/gems/${REV}/gems/rake-12.0.0/li lib/ruby/gems/${REV}/gems/rake-12.0.0/lib/rake/trace_output.rb lib/ruby/gems/${REV}/gems/rake-12.0.0/lib/rake/version.rb lib/ruby/gems/${REV}/gems/rake-12.0.0/lib/rake/win32.rb -lib/ruby/gems/${REV}/gems/rdoc-5.0.0/ -lib/ruby/gems/${REV}/gems/rdoc-5.0.0/exe/ -lib/ruby/gems/${REV}/gems/rdoc-5.0.0/exe/rdoc -lib/ruby/gems/${REV}/gems/rdoc-5.0.0/exe/ri +lib/ruby/gems/${REV}/gems/rdoc-5.0.1/ +lib/ruby/gems/${REV}/gems/rdoc-5.0.1/exe/ +lib/ruby/gems/${REV}/gems/rdoc-5.0.1/exe/rdoc +lib/ruby/gems/${REV}/gems/rdoc-5.0.1/exe/ri lib/ruby/gems/${REV}/gems/test-unit-3.2.3/ lib/ruby/gems/${REV}/gems/test-unit-3.2.3/COPYING lib/ruby/gems/${REV}/gems/test-unit-3.2.3/GPL @@ -1353,7 +1352,7 @@ lib/ruby/gems/${REV}/specifications/defa lib/ruby/gems/${REV}/specifications/default/json-2.0.4.gemspec lib/ruby/gems/${REV}/specifications/default/openssl-2.0.9.gemspec lib/ruby/gems/${REV}/specifications/default/psych-2.2.2.gemspec -lib/ruby/gems/${REV}/specifications/default/rdoc-5.0.0.gemspec +lib/ruby/gems/${REV}/specifications/default/rdoc-5.0.1.gemspec lib/ruby/gems/${REV}/specifications/did_you_mean-1.1.0.gemspec lib/ruby/gems/${REV}/specifications/minitest-5.10.1.gemspec lib/ruby/gems/${REV}/specifications/net-telnet-0.1.1.gemspec Index: 2.5/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/Makefile,v retrieving revision 1.9 diff -u -p -r1.9 Makefile --- 2.5/Makefile 25 Jun 2019 20:25:21 -0000 1.9 +++ 2.5/Makefile 28 Aug 2019 18:00:33 -0000 @@ -1,7 +1,6 @@ # $OpenBSD: Makefile,v 1.9 2019/06/25 20:25:21 sthen Exp $ -VERSION = 2.5.5 -REVISION-main = 0 +VERSION = 2.5.6 SHARED_LIBS = ruby25 0.0 NEXTVER = 2.6 Index: 2.5/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/distinfo,v retrieving revision 1.5 diff -u -p -r1.5 distinfo --- 2.5/distinfo 15 Mar 2019 16:45:36 -0000 1.5 +++ 2.5/distinfo 28 Aug 2019 18:00:33 -0000 @@ -1,2 +1,2 @@ -SHA256 (ruby-2.5.5.tar.gz) = KKlF/fNA5roE/IkLmGSDQuPMz9bSI6SPOBBXLxGyUUw= -SIZE (ruby-2.5.5.tar.gz) = 15996436 +SHA256 (ruby-2.5.6.tar.gz) = HX7QbGcwIM0SpzftaGRwVS6Omdcrgs08JtqjEVw2vqc= +SIZE (ruby-2.5.6.tar.gz) = 17684288 Index: 2.5/patches/patch-compile_c =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/patches/patch-compile_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-compile_c --- 2.5/patches/patch-compile_c 31 Mar 2018 21:12:45 -0000 1.2 +++ 2.5/patches/patch-compile_c 28 Aug 2019 18:00:33 -0000 @@ -5,7 +5,7 @@ Disable peephole optimizer on sparc64, s Index: compile.c --- compile.c.orig +++ compile.c -@@ -2407,6 +2407,9 @@ static int +@@ -2456,6 +2456,9 @@ static int iseq_peephole_optimize(rb_iseq_t *iseq, LINK_ELEMENT *list, const int do_tailcallopt) { INSN *const iobj = (INSN *)list; Index: 2.5/patches/patch-configure =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/patches/patch-configure,v retrieving revision 1.2 diff -u -p -r1.2 patch-configure --- 2.5/patches/patch-configure 31 Mar 2018 21:12:45 -0000 1.2 +++ 2.5/patches/patch-configure 28 Aug 2019 18:00:33 -0000 @@ -14,7 +14,7 @@ in earlier ruby versions). Index: configure --- configure.orig +++ configure -@@ -19989,14 +19989,14 @@ fi +@@ -20003,14 +20003,14 @@ fi if test $rb_cv_page_size_log != no; then : cat >>confdefs.h <<_ACEOF @@ -31,7 +31,7 @@ Index: configure _ACEOF -@@ -26268,7 +26268,7 @@ fi +@@ -26282,7 +26282,7 @@ fi openbsd*|mirbsd*) : SOLIBS='$(LIBS)' @@ -40,7 +40,7 @@ Index: configure ;; #( solaris*) : -@@ -27743,7 +27743,7 @@ _ACEOF +@@ -27757,7 +27757,7 @@ _ACEOF else Index: 2.5/patches/patch-ext_openssl_extconf_rb =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/patches/patch-ext_openssl_extconf_rb,v retrieving revision 1.1 diff -u -p -r1.1 patch-ext_openssl_extconf_rb --- 2.5/patches/patch-ext_openssl_extconf_rb 23 Feb 2018 09:54:25 -0000 1.1 +++ 2.5/patches/patch-ext_openssl_extconf_rb 28 Aug 2019 18:00:33 -0000 @@ -3,7 +3,7 @@ $OpenBSD: patch-ext_openssl_extconf_rb,v Index: ext/openssl/extconf.rb --- ext/openssl/extconf.rb.orig +++ ext/openssl/extconf.rb -@@ -134,6 +134,7 @@ have_func("HMAC_CTX_free") +@@ -144,6 +144,7 @@ have_func("HMAC_CTX_free") OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") Index: 2.5/patches/patch-file_c =================================================================== RCS file: 2.5/patches/patch-file_c diff -N 2.5/patches/patch-file_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ 2.5/patches/patch-file_c 28 Aug 2019 18:00:33 -0000 @@ -0,0 +1,112 @@ +$OpenBSD$ + +Backport use of realpath(3) for File.realpath to allow unveil(2) to work. + +Index: file.c +--- file.c.orig ++++ file.c +@@ -131,6 +131,9 @@ int flock(int, int); + # define UTIME_EINVAL + #endif + ++#include <limits.h> ++#include <stdlib.h> ++ + VALUE rb_cFile; + VALUE rb_mFileTest; + VALUE rb_cStat; +@@ -4057,7 +4060,7 @@ realpath_rec(long *prefixlenp, VALUE *resolvedp, const + } + + static VALUE +-rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++rb_check_realpath_emulate(VALUE basedir, VALUE path, enum rb_realpath_mode mode) + { + long prefixlen; + VALUE resolved; +@@ -4151,6 +4154,76 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, + return resolved; + } + ++static VALUE rb_file_join(VALUE ary); ++ ++static VALUE ++rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++{ ++ VALUE unresolved_path; ++ rb_encoding *origenc; ++ char *resolved_ptr = NULL; ++ VALUE resolved; ++ ++ if (mode == RB_REALPATH_DIR) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ } ++ ++ unresolved_path = rb_str_dup_frozen(path); ++ origenc = rb_enc_get(unresolved_path); ++ if (*RSTRING_PTR(unresolved_path) != '/' && !NIL_P(basedir)) { ++ unresolved_path = rb_file_join(rb_ary_new_from_args(2, basedir, unresolved_path)); ++ } ++ unresolved_path = TO_OSPATH(unresolved_path); ++ ++ if((resolved_ptr = realpath(RSTRING_PTR(unresolved_path), NULL)) == NULL) { ++ /* glibc realpath(3) does not allow /path/to/file.rb/../other_file.rb, ++ returning ENOTDIR in that case. ++ glibc realpath(3) can also return ENOENT for paths that exist, ++ such as /dev/fd/5. ++ Fallback to the emulated approach in either of those cases. */ ++ if (errno == ENOTDIR || ++ (errno == ENOENT && rb_file_exist_p(0, unresolved_path))) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ ++ } ++ if (mode == RB_REALPATH_CHECK) { ++ return Qnil; ++ } ++ rb_sys_fail_path(unresolved_path); ++ } ++ resolved = ospath_new(resolved_ptr, strlen(resolved_ptr), rb_filesystem_encoding()); ++ free(resolved_ptr); ++ ++ if (mode == RB_REALPATH_STRICT || mode == RB_REALPATH_CHECK) { ++ struct stat st; ++ ++ if (rb_stat(resolved, &st) < 0) { ++ if (mode == RB_REALPATH_STRICT) { ++ rb_sys_fail_path(unresolved_path); ++ } ++ return Qnil; ++ } ++ } ++ ++ if (origenc != rb_enc_get(resolved)) { ++ if (!rb_enc_str_asciionly_p(resolved)) { ++ resolved = rb_str_conv_enc(resolved, NULL, origenc); ++ } ++ rb_enc_associate(resolved, origenc); ++ } ++ ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_filesystem_encoding()); ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_ascii8bit_encoding()); ++ } ++ } ++ ++ rb_obj_taint(resolved); ++ RB_GC_GUARD(unresolved_path); ++ return resolved; ++} ++ + VALUE + rb_realpath_internal(VALUE basedir, VALUE path, int strict) + { +@@ -4572,8 +4645,6 @@ rb_file_s_split(VALUE klass, VALUE path) + FilePathStringValue(path); /* get rid of converting twice */ + return rb_assoc_new(rb_file_dirname(path), rb_file_s_basename(1,&path)); + } +- +-static VALUE rb_file_join(VALUE ary); + + static VALUE + file_inspect_join(VALUE ary, VALUE arg, int recur) Index: 2.5/pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/pkg/PLIST-main,v retrieving revision 1.2 diff -u -p -r1.2 PLIST-main --- 2.5/pkg/PLIST-main 22 Oct 2018 14:46:53 -0000 1.2 +++ 2.5/pkg/PLIST-main 28 Aug 2019 18:00:33 -0000 @@ -366,7 +366,6 @@ lib/ruby/${REV}/rdoc/generator/template/ lib/ruby/${REV}/rdoc/generator/template/darkfish/index.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/js/ lib/ruby/${REV}/rdoc/generator/template/darkfish/js/darkfish.js -lib/ruby/${REV}/rdoc/generator/template/darkfish/js/jquery.js lib/ruby/${REV}/rdoc/generator/template/darkfish/js/search.js lib/ruby/${REV}/rdoc/generator/template/darkfish/page.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/servlet_not_found.rhtml @@ -1213,10 +1212,10 @@ lib/ruby/gems/${REV}/gems/rake-12.3.0/li lib/ruby/gems/${REV}/gems/rake-12.3.0/lib/rake/version.rb lib/ruby/gems/${REV}/gems/rake-12.3.0/lib/rake/win32.rb lib/ruby/gems/${REV}/gems/rake-12.3.0/rake.gemspec -lib/ruby/gems/${REV}/gems/rdoc-6.0.1/ -lib/ruby/gems/${REV}/gems/rdoc-6.0.1/exe/ -lib/ruby/gems/${REV}/gems/rdoc-6.0.1/exe/rdoc25 -lib/ruby/gems/${REV}/gems/rdoc-6.0.1/exe/ri25 +lib/ruby/gems/${REV}/gems/rdoc-6.0.1.1/ +lib/ruby/gems/${REV}/gems/rdoc-6.0.1.1/exe/ +lib/ruby/gems/${REV}/gems/rdoc-6.0.1.1/exe/rdoc25 +lib/ruby/gems/${REV}/gems/rdoc-6.0.1.1/exe/ri25 lib/ruby/gems/${REV}/gems/test-unit-3.2.7/ lib/ruby/gems/${REV}/gems/test-unit-3.2.7/COPYING lib/ruby/gems/${REV}/gems/test-unit-3.2.7/GPL @@ -1378,7 +1377,7 @@ lib/ruby/gems/${REV}/specifications/defa lib/ruby/gems/${REV}/specifications/default/json-2.1.0.gemspec lib/ruby/gems/${REV}/specifications/default/openssl-2.1.2.gemspec lib/ruby/gems/${REV}/specifications/default/psych-3.0.2.gemspec -lib/ruby/gems/${REV}/specifications/default/rdoc-6.0.1.gemspec +lib/ruby/gems/${REV}/specifications/default/rdoc-6.0.1.1.gemspec lib/ruby/gems/${REV}/specifications/default/scanf-1.0.0.gemspec lib/ruby/gems/${REV}/specifications/default/sdbm-1.0.0.gemspec lib/ruby/gems/${REV}/specifications/default/stringio-0.0.1.gemspec Index: 2.6/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/Makefile,v retrieving revision 1.6 diff -u -p -r1.6 Makefile --- 2.6/Makefile 25 Jun 2019 20:25:21 -0000 1.6 +++ 2.6/Makefile 28 Aug 2019 18:00:33 -0000 @@ -1,14 +1,9 @@ # $OpenBSD: Makefile,v 1.6 2019/06/25 20:25:21 sthen Exp $ -VERSION = 2.6.3 +VERSION = 2.6.4 DISTNAME = ruby-${VERSION} SHARED_LIBS = ruby26 0.0 NEXTVER = 2.7 - -REVISION-main = 1 -MASTER_SITES0 = https://github.com/ruby/ruby/commit/ -PATCHFILES = 1ef39d8d099f145222b9352423af16a2bab6e05b.patch:0 -PATCH_DIST_STRIP = -p1 PSEUDO_FLAVORS= no_ri_docs bootstrap # Do not build the RI docs on slow arches Index: 2.6/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/distinfo,v retrieving revision 1.5 diff -u -p -r1.5 distinfo --- 2.6/distinfo 27 May 2019 21:42:01 -0000 1.5 +++ 2.6/distinfo 28 Aug 2019 18:00:33 -0000 @@ -1,4 +1,2 @@ -SHA256 (1ef39d8d099f145222b9352423af16a2bab6e05b.patch) = eiBIYlSeJXKklacgt8QHVE6arFAY9eCjWODxjNWBXVg= -SHA256 (ruby-2.6.3.tar.gz) = V3/TeV8iuNkcHU5nM2N7A5TUCC22WfzPIkx3Siscgvs= -SIZE (1ef39d8d099f145222b9352423af16a2bab6e05b.patch) = 2584 -SIZE (ruby-2.6.3.tar.gz) = 16784748 +SHA256 (ruby-2.6.4.tar.gz) = T8HYunVQWzeXAgpv/IWovP9q3E2rrjQ7ZXK/KB7heTc= +SIZE (ruby-2.6.4.tar.gz) = 16503137 Index: 2.6/patches/patch-file_c =================================================================== RCS file: 2.6/patches/patch-file_c diff -N 2.6/patches/patch-file_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ 2.6/patches/patch-file_c 28 Aug 2019 18:00:33 -0000 @@ -0,0 +1,112 @@ +$OpenBSD$ + +Backport use of realpath(3) for File.realpath to allow unveil(2) to work. + +Index: file.c +--- file.c.orig ++++ file.c +@@ -132,6 +132,9 @@ int flock(int, int); + # define UTIME_EINVAL + #endif + ++#include <limits.h> ++#include <stdlib.h> ++ + VALUE rb_cFile; + VALUE rb_mFileTest; + VALUE rb_cStat; +@@ -4064,7 +4067,7 @@ realpath_rec(long *prefixlenp, VALUE *resolvedp, const + } + + static VALUE +-rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++rb_check_realpath_emulate(VALUE basedir, VALUE path, enum rb_realpath_mode mode) + { + long prefixlen; + VALUE resolved; +@@ -4158,6 +4161,76 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, + return resolved; + } + ++static VALUE rb_file_join(VALUE ary); ++ ++static VALUE ++rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode) ++{ ++ VALUE unresolved_path; ++ rb_encoding *origenc; ++ char *resolved_ptr = NULL; ++ VALUE resolved; ++ ++ if (mode == RB_REALPATH_DIR) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ } ++ ++ unresolved_path = rb_str_dup_frozen(path); ++ origenc = rb_enc_get(unresolved_path); ++ if (*RSTRING_PTR(unresolved_path) != '/' && !NIL_P(basedir)) { ++ unresolved_path = rb_file_join(rb_ary_new_from_args(2, basedir, unresolved_path)); ++ } ++ unresolved_path = TO_OSPATH(unresolved_path); ++ ++ if((resolved_ptr = realpath(RSTRING_PTR(unresolved_path), NULL)) == NULL) { ++ /* glibc realpath(3) does not allow /path/to/file.rb/../other_file.rb, ++ returning ENOTDIR in that case. ++ glibc realpath(3) can also return ENOENT for paths that exist, ++ such as /dev/fd/5. ++ Fallback to the emulated approach in either of those cases. */ ++ if (errno == ENOTDIR || ++ (errno == ENOENT && rb_file_exist_p(0, unresolved_path))) { ++ return rb_check_realpath_emulate(basedir, path, mode); ++ ++ } ++ if (mode == RB_REALPATH_CHECK) { ++ return Qnil; ++ } ++ rb_sys_fail_path(unresolved_path); ++ } ++ resolved = ospath_new(resolved_ptr, strlen(resolved_ptr), rb_filesystem_encoding()); ++ free(resolved_ptr); ++ ++ if (mode == RB_REALPATH_STRICT || mode == RB_REALPATH_CHECK) { ++ struct stat st; ++ ++ if (rb_stat(resolved, &st) < 0) { ++ if (mode == RB_REALPATH_STRICT) { ++ rb_sys_fail_path(unresolved_path); ++ } ++ return Qnil; ++ } ++ } ++ ++ if (origenc != rb_enc_get(resolved)) { ++ if (!rb_enc_str_asciionly_p(resolved)) { ++ resolved = rb_str_conv_enc(resolved, NULL, origenc); ++ } ++ rb_enc_associate(resolved, origenc); ++ } ++ ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_filesystem_encoding()); ++ if(rb_enc_str_coderange(resolved) == ENC_CODERANGE_BROKEN) { ++ rb_enc_associate(resolved, rb_ascii8bit_encoding()); ++ } ++ } ++ ++ rb_obj_taint(resolved); ++ RB_GC_GUARD(unresolved_path); ++ return resolved; ++} ++ + VALUE + rb_realpath_internal(VALUE basedir, VALUE path, int strict) + { +@@ -4579,8 +4652,6 @@ rb_file_s_split(VALUE klass, VALUE path) + FilePathStringValue(path); /* get rid of converting twice */ + return rb_assoc_new(rb_file_dirname(path), rb_file_s_basename(1,&path)); + } +- +-static VALUE rb_file_join(VALUE ary); + + static VALUE + file_inspect_join(VALUE ary, VALUE arg, int recur) Index: 2.6/pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/pkg/PLIST-main,v retrieving revision 1.4 diff -u -p -r1.4 PLIST-main --- 2.6/pkg/PLIST-main 26 Apr 2019 15:46:28 -0000 1.4 +++ 2.6/pkg/PLIST-main 28 Aug 2019 18:00:33 -0000 @@ -42,7 +42,7 @@ include/ruby-${REV}/ruby/util.h include/ruby-${REV}/ruby/version.h include/ruby-${REV}/ruby/vm.h include/ruby-${REV}/${SUB}/ -include/ruby-${REV}/${SUB}/rb_mjit_min_header-2.6.3.h +include/ruby-${REV}/${SUB}/rb_mjit_min_header-2.6.4.h include/ruby-${REV}/${SUB}/ruby/ include/ruby-${REV}/${SUB}/ruby/config.h lib/libruby26.so @@ -655,7 +655,6 @@ lib/ruby/${REV}/rdoc/generator/template/ lib/ruby/${REV}/rdoc/generator/template/darkfish/index.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/js/ lib/ruby/${REV}/rdoc/generator/template/darkfish/js/darkfish.js -lib/ruby/${REV}/rdoc/generator/template/darkfish/js/jquery.js lib/ruby/${REV}/rdoc/generator/template/darkfish/js/search.js lib/ruby/${REV}/rdoc/generator/template/darkfish/page.rhtml lib/ruby/${REV}/rdoc/generator/template/darkfish/servlet_not_found.rhtml @@ -1521,10 +1520,10 @@ lib/ruby/gems/${REV}/gems/rake-12.3.2/li lib/ruby/gems/${REV}/gems/rake-12.3.2/lib/rake/version.rb lib/ruby/gems/${REV}/gems/rake-12.3.2/lib/rake/win32.rb lib/ruby/gems/${REV}/gems/rake-12.3.2/rake.gemspec -lib/ruby/gems/${REV}/gems/rdoc-6.1.0/ -lib/ruby/gems/${REV}/gems/rdoc-6.1.0/exe/ -lib/ruby/gems/${REV}/gems/rdoc-6.1.0/exe/rdoc -lib/ruby/gems/${REV}/gems/rdoc-6.1.0/exe/ri +lib/ruby/gems/${REV}/gems/rdoc-6.1.2/ +lib/ruby/gems/${REV}/gems/rdoc-6.1.2/exe/ +lib/ruby/gems/${REV}/gems/rdoc-6.1.2/exe/rdoc +lib/ruby/gems/${REV}/gems/rdoc-6.1.2/exe/ri lib/ruby/gems/${REV}/gems/test-unit-3.2.9/ lib/ruby/gems/${REV}/gems/test-unit-3.2.9/COPYING lib/ruby/gems/${REV}/gems/test-unit-3.2.9/GPL @@ -1696,7 +1695,7 @@ lib/ruby/gems/${REV}/specifications/defa lib/ruby/gems/${REV}/specifications/default/ostruct-0.1.0.gemspec lib/ruby/gems/${REV}/specifications/default/prime-0.1.0.gemspec lib/ruby/gems/${REV}/specifications/default/psych-3.1.0.gemspec -lib/ruby/gems/${REV}/specifications/default/rdoc-6.1.0.gemspec +lib/ruby/gems/${REV}/specifications/default/rdoc-6.1.2.gemspec lib/ruby/gems/${REV}/specifications/default/rexml-3.1.9.gemspec lib/ruby/gems/${REV}/specifications/default/rss-0.2.7.gemspec lib/ruby/gems/${REV}/specifications/default/scanf-1.0.0.gemspec