pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Add a patch to fix for possible cross...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ceb605cc4099
branches:  trunk
changeset: 578785:ceb605cc4099
user:      taca <taca%pkgsrc.org@localhost>
date:      Mon Aug 16 07:08:12 2010 +0000

description:
Add a patch to fix for possible cross-site scripting (CVE-2010-0541)
from r29002 in Ruby's repository.  (Sadly, Ruby 1.8.7 pl301 missed
this change...)

Bump PKGREVISION.

diffstat:

 lang/ruby18-base/Makefile         |   4 ++--
 lang/ruby18-base/distinfo         |   3 ++-
 lang/ruby18-base/patches/patch-ea |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (51 lines):

diff -r d3bf6f2ac64b -r ceb605cc4099 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Mon Aug 16 02:21:23 2010 +0000
+++ b/lang/ruby18-base/Makefile Mon Aug 16 07:08:12 2010 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.55 2010/06/02 13:27:57 taca Exp $
+# $NetBSD: Makefile,v 1.56 2010/08/16 07:08:12 taca Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
-PKGREVISION=   5
+PKGREVISION=   6
 
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
diff -r d3bf6f2ac64b -r ceb605cc4099 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Mon Aug 16 02:21:23 2010 +0000
+++ b/lang/ruby18-base/distinfo Mon Aug 16 07:08:12 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.43 2010/06/02 13:27:57 taca Exp $
+$NetBSD: distinfo,v 1.44 2010/08/16 07:08:13 taca Exp $
 
 SHA1 (ruby-1.8.7-p174.tar.bz2) = 9e84b49ad545ad54b8e7dc3c227eaaefeb1041aa
 RMD160 (ruby-1.8.7-p174.tar.bz2) = f854d456003af1e31d50330c88c3cb152c434249
@@ -25,3 +25,4 @@
 SHA1 (patch-dx) = d25267d700f997b951a65c016f45347a8b1a1517
 SHA1 (patch-dy) = 7c57240a1447346c8e6f2e4e9c7104b1a7d9dbc9
 SHA1 (patch-dz) = 52af1fbf17b6e6df6112d08c291215d54a25af67
+SHA1 (patch-ea) = 85ad73f8bdb59bc78167bde021ce64879d3c234c
diff -r d3bf6f2ac64b -r ceb605cc4099 lang/ruby18-base/patches/patch-ea
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ea Mon Aug 16 07:08:12 2010 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ea,v 1.1 2010/08/16 07:08:13 taca Exp $
+
+* Fix for possible cross-site scripting (CVE-2010-0541) from r29002 in
+  Ruby's repository.
+
+--- lib/webrick/httpresponse.rb.orig   2008-06-06 08:05:24.000000000 +0000
++++ lib/webrick/httpresponse.rb
+@@ -209,7 +209,7 @@ module WEBrick
+         @keep_alive = false
+         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
+       end
+-      @header['content-type'] = "text/html"
++      @header['content-type'] = "text/html; charset=ISO-8859-1"
+ 
+       if respond_to?(:create_error_page)
+         create_error_page()



Home | Main Index | Thread Index | Old Index