diff options
author | taca <taca@pkgsrc.org> | 2015-06-23 14:03:02 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2015-06-23 14:03:02 +0000 |
commit | 4523642b13d9ecf2247e6265268f98915a92555b (patch) | |
tree | a1e34b5114f065684a6851828bf66e1575d3a4d3 /lang/ruby200-base | |
parent | 1d18598b9885aacf57add59014b465bd342b71bc (diff) | |
download | pkgsrc-4523642b13d9ecf2247e6265268f98915a92555b.tar.gz |
Add security fix for rubygems, CVE-2015-3900.
Bump PKGREVISION.
Diffstat (limited to 'lang/ruby200-base')
-rw-r--r-- | lang/ruby200-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby200-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
3 files changed, 25 insertions, 2 deletions
diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile index 59d5c2f248e..627cae969dd 100644 --- a/lang/ruby200-base/Makefile +++ b/lang/ruby200-base/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.18 2015/06/21 14:58:06 jperkin Exp $ +# $NetBSD: Makefile,v 1.19 2015/06/23 14:03:02 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo index 9e0f3e15298..4816124ab9b 100644 --- a/lang/ruby200-base/distinfo +++ b/lang/ruby200-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.25 2015/04/30 03:34:31 taca Exp $ +$NetBSD: distinfo,v 1.26 2015/06/23 14:03:02 taca Exp $ SHA1 (ruby-2.0.0-p645.tar.bz2) = e724dd0e4a1e820a368be307aa0863a8ecf4b694 RMD160 (ruby-2.0.0-p645.tar.bz2) = cbfd9ca2a5fe5d6ea1d89da9fd934c864bf339ab @@ -26,6 +26,7 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = f4e40727d231b336c1d4c2303ac SHA1 (patch-lib_rubygems_install__update__options.rb) = 22cfafe090db72211253b8528937e5be0e677ebf SHA1 (patch-lib_rubygems_installer.rb) = 7ce68eaa5893c83780f7b4e1af44a88ae63a39cf SHA1 (patch-lib_rubygems_platform.rb) = 135f2e9d6c0c529da9ffcea4b96507675cdf1f16 +SHA1 (patch-lib_rubygems_remote__fetcher.rb) = e6acc25febd819ca835cd4306f863d76aa67b106 SHA1 (patch-lib_rubygems_specification.rb) = 2a283cb7854580616df2b35357281c0a881cedf1 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 diff --git a/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb new file mode 100644 index 00000000000..c4144cc9942 --- /dev/null +++ b/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb @@ -0,0 +1,21 @@ +$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:03:02 taca Exp $ + +Fix for CVE-2015-3900. + +--- lib/rubygems/remote_fetcher.rb.orig 2013-10-24 14:31:17.000000000 +0000 ++++ lib/rubygems/remote_fetcher.rb +@@ -103,7 +103,13 @@ class Gem::RemoteFetcher + rescue Resolv::ResolvError + uri + else +- URI.parse "#{res.target}#{uri.path}" ++ target = res.target.to_s.strip ++ ++ if /\.#{Regexp.quote(host)}\z/ =~ target ++ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" ++ end ++ ++ uri + end + end + |