[pkgsrc/trunk]: pkgsrc/www/ruby-rack-ssl Update ruby-rack-ssl to 1.4.1.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/ruby-rack-ssl Update ruby-rack-ssl to 1.4.1.
From: taca <taca%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 17:32:14 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/537c74eb41d7
branches:  trunk
changeset: 648330:537c74eb41d7
user:      taca <taca%pkgsrc.org@localhost>
date:      Fri Mar 13 17:31:37 2015 +0000

description:
Update ruby-rack-ssl to 1.4.1.

* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.

  Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
  the resulting exception. This creates an attack vector for XSS attacks.

* Added more installation/usage instructions into the README

* Return 400 instead of 404 in case of InvalidURIError

* Include Content-Type in 400 response.
  To stay compatible with old Rack versions.

* Skip URI parsing Request#url
  URI may fail to parse some legit URL paths.

diffstat:

 www/ruby-rack-ssl/Makefile                      |   5 ++---
 www/ruby-rack-ssl/distinfo                      |   9 ++++-----
 www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb |  15 ---------------
 3 files changed, 6 insertions(+), 23 deletions(-)

diffs (46 lines):

diff -r db65218ac95e -r 537c74eb41d7 www/ruby-rack-ssl/Makefile
--- a/www/ruby-rack-ssl/Makefile        Fri Mar 13 17:27:44 2015 +0000
+++ b/www/ruby-rack-ssl/Makefile        Fri Mar 13 17:31:37 2015 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2014/03/21 01:06:47 taca Exp $
+# $NetBSD: Makefile,v 1.5 2015/03/13 17:31:37 taca Exp $
 
-DISTNAME=      rack-ssl-1.3.3
-PKGREVISION=   2
+DISTNAME=      rack-ssl-1.4.1
 CATEGORIES=    www
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r db65218ac95e -r 537c74eb41d7 www/ruby-rack-ssl/distinfo
--- a/www/ruby-rack-ssl/distinfo        Fri Mar 13 17:27:44 2015 +0000
+++ b/www/ruby-rack-ssl/distinfo        Fri Mar 13 17:31:37 2015 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.3 2014/03/21 01:06:47 taca Exp $
+$NetBSD: distinfo,v 1.4 2015/03/13 17:31:37 taca Exp $
 
-SHA1 (rack-ssl-1.3.3.gem) = 5f9c879b43d909e3425f82d461bc5353e4bd6496
-RMD160 (rack-ssl-1.3.3.gem) = f784aead5548ba73f57048c0647dcea503b5b01b
-Size (rack-ssl-1.3.3.gem) = 5120 bytes
-SHA1 (patch-lib_rack_ssl.rb) = 2f1fbc07c36a5291b832a9ac67edad05f4b2266f
+SHA1 (rack-ssl-1.4.1.gem) = 87f2fb53c6882436b8d522288993d658dc7025ce
+RMD160 (rack-ssl-1.4.1.gem) = ec435a9c691245fa77d4f0f5a60d57707b0353a1
+Size (rack-ssl-1.4.1.gem) = 6144 bytes
diff -r db65218ac95e -r 537c74eb41d7 www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb
--- a/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb   Fri Mar 13 17:27:44 2015 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-lib_rack_ssl.rb,v 1.1 2014/03/21 01:06:47 taca Exp $
-
-Security fix for CVE-2014-2538.
-
---- lib/rack/ssl.rb.orig       2014-03-19 13:38:14.000000000 +0000
-+++ lib/rack/ssl.rb
-@@ -55,6 +55,8 @@ module Rack
-                                         'Location'     => url.to_s)
- 
-         [status, headers, []]
-+      rescue URI::InvalidURIError
-+        [400, {"Content-Type" => "text/plain"}, []]
-       end
- 
-       # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/ruby-docile Update ruby-docile to 1.1.5.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Note remove of php53 package.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/ruby-docile Update ruby-docile to 1.1.5.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Note remove of php53 package.
Indexes:

Home | Main Index | Thread Index | Old Index