pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/ruby-rack-ssl Add security fix for CVE-2014-2538.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6cc04ef0524c
branches:  trunk
changeset: 632232:6cc04ef0524c
user:      taca <taca%pkgsrc.org@localhost>
date:      Fri Mar 21 01:06:47 2014 +0000

description:
Add security fix for CVE-2014-2538.

Bump PKGREVISION.

diffstat:

 www/ruby-rack-ssl/Makefile                      |   4 ++--
 www/ruby-rack-ssl/distinfo                      |   3 ++-
 www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diffs (43 lines):

diff -r 70567bfbc197 -r 6cc04ef0524c www/ruby-rack-ssl/Makefile
--- a/www/ruby-rack-ssl/Makefile        Thu Mar 20 22:21:37 2014 +0000
+++ b/www/ruby-rack-ssl/Makefile        Fri Mar 21 01:06:47 2014 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2013/03/10 09:16:46 taca Exp $
+# $NetBSD: Makefile,v 1.4 2014/03/21 01:06:47 taca Exp $
 
 DISTNAME=      rack-ssl-1.3.3
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 70567bfbc197 -r 6cc04ef0524c www/ruby-rack-ssl/distinfo
--- a/www/ruby-rack-ssl/distinfo        Thu Mar 20 22:21:37 2014 +0000
+++ b/www/ruby-rack-ssl/distinfo        Fri Mar 21 01:06:47 2014 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.2 2013/02/11 04:03:45 taca Exp $
+$NetBSD: distinfo,v 1.3 2014/03/21 01:06:47 taca Exp $
 
 SHA1 (rack-ssl-1.3.3.gem) = 5f9c879b43d909e3425f82d461bc5353e4bd6496
 RMD160 (rack-ssl-1.3.3.gem) = f784aead5548ba73f57048c0647dcea503b5b01b
 Size (rack-ssl-1.3.3.gem) = 5120 bytes
+SHA1 (patch-lib_rack_ssl.rb) = 2f1fbc07c36a5291b832a9ac67edad05f4b2266f
diff -r 70567bfbc197 -r 6cc04ef0524c www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb   Fri Mar 21 01:06:47 2014 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_rack_ssl.rb,v 1.1 2014/03/21 01:06:47 taca Exp $
+
+Security fix for CVE-2014-2538.
+
+--- lib/rack/ssl.rb.orig       2014-03-19 13:38:14.000000000 +0000
++++ lib/rack/ssl.rb
+@@ -55,6 +55,8 @@ module Rack
+                                         'Location'     => url.to_s)
+ 
+         [status, headers, []]
++      rescue URI::InvalidURIError
++        [400, {"Content-Type" => "text/plain"}, []]
+       end
+ 
+       # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02



Home | Main Index | Thread Index | Old Index