diff options
| author | tron <tron> | 2010-08-16 12:26:22 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-08-16 12:26:22 +0000 |
| commit | b694846973418704635f4dc003240d0c822d68a8 (patch) | |
| tree | 5c6aa44b4c75e7ab29578f0a0abd7c960fd2462c | |
| parent | e04da62b3f5ffd4f4dc5fcbb2a0f28e49c9dfd3c (diff) | |
| download | pkgsrc-b694846973418704635f4dc003240d0c822d68a8.tar.gz | |
Pullup ticket #3207 - requested by taca
lang/ruby18-base: security patch
Revisions pulled up:
- lang/ruby18-base/Makefile 1.56
- lang/ruby18-base/distinfo 1.44
- lang/ruby18-base/patches/patch-ea 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 16 07:08:13 UTC 2010
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ea
Log Message:
Add a patch to fix for possible cross-site scripting (CVE-2010-0541)
from r29002 in Ruby's repository. (Sadly, Ruby 1.8.7 pl301 missed
this change...)
Bump PKGREVISION.
| -rw-r--r-- | lang/ruby18-base/Makefile | 4 | ||||
| -rw-r--r-- | lang/ruby18-base/distinfo | 3 | ||||
| -rw-r--r-- | lang/ruby18-base/patches/patch-ea | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile index ee8efc444ee..2f4c0ab4f6f 100644 --- a/lang/ruby18-base/Makefile +++ b/lang/ruby18-base/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.55 2010/06/02 13:27:57 taca Exp $ +# $NetBSD: Makefile,v 1.55.2.1 2010/08/16 12:26:22 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} -PKGREVISION= 5 +PKGREVISION= 6 MAINTAINER= taca@NetBSD.org HOMEPAGE= ${RUBY_HOMEPAGE} diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index 32b23e84858..9b44aae57a8 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.43 2010/06/02 13:27:57 taca Exp $ +$NetBSD: distinfo,v 1.43.2.1 2010/08/16 12:26:22 tron Exp $ SHA1 (ruby-1.8.7-p174.tar.bz2) = 9e84b49ad545ad54b8e7dc3c227eaaefeb1041aa RMD160 (ruby-1.8.7-p174.tar.bz2) = f854d456003af1e31d50330c88c3cb152c434249 @@ -25,3 +25,4 @@ SHA1 (patch-dw) = 51ad1f521713af85be9ae192049930285e89be41 SHA1 (patch-dx) = d25267d700f997b951a65c016f45347a8b1a1517 SHA1 (patch-dy) = 7c57240a1447346c8e6f2e4e9c7104b1a7d9dbc9 SHA1 (patch-dz) = 52af1fbf17b6e6df6112d08c291215d54a25af67 +SHA1 (patch-ea) = 85ad73f8bdb59bc78167bde021ce64879d3c234c diff --git a/lang/ruby18-base/patches/patch-ea b/lang/ruby18-base/patches/patch-ea new file mode 100644 index 00000000000..a5f45191157 --- /dev/null +++ b/lang/ruby18-base/patches/patch-ea @@ -0,0 +1,16 @@ +$NetBSD: patch-ea,v 1.1.2.2 2010/08/16 12:26:22 tron Exp $ + +* Fix for possible cross-site scripting (CVE-2010-0541) from r29002 in + Ruby's repository. + +--- lib/webrick/httpresponse.rb.orig 2008-06-06 08:05:24.000000000 +0000 ++++ lib/webrick/httpresponse.rb +@@ -209,7 +209,7 @@ module WEBrick + @keep_alive = false + self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR + end +- @header['content-type'] = "text/html" ++ @header['content-type'] = "text/html; charset=ISO-8859-1" + + if respond_to?(:create_error_page) + create_error_page() |