diff options
author | tron <tron@pkgsrc.org> | 2015-09-03 18:49:44 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2015-09-03 18:49:44 +0000 |
commit | 4f43d633c4d70f7debf5e0280d07dbb65ee21975 (patch) | |
tree | eee0f90268ff35f6c99188ab1e0de5b3c5e4806e /lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb | |
parent | d8d68c248cffd817df3af0bac6c7f3c9fb865dc1 (diff) | |
download | pkgsrc-4f43d633c4d70f7debf5e0280d07dbb65ee21975.tar.gz |
Pullup ticket #4803 - requested by taca
lang/ruby21-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.146
- lang/ruby21-base/Makefile 1.15
- lang/ruby21-base/PLIST 1.7
- lang/ruby21-base/distinfo 1.19
- lang/ruby21-base/patches/patch-ext_tk_extconf.rb deleted
- lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb deleted
- lang/ruby21-base/patches/patch-ext_tk_tcltklib.c deleted
- lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 20 15:27:43 UTC 2015
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby21-base: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/ruby21-base/patches: patch-ext_tk_extconf.rb
patch-ext_tk_lib_tk.rb patch-ext_tk_tcltklib.c
patch-lib_rubygems_remote__fetcher.rb
Log Message:
Update ruby21-base to 2.1.7 (Ruby 2.1.7).
Release announce:
Ruby 2.1.7 Released
Posted by usa on 18 Aug 2015
Ruby 2.1.7 has been released.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, many bug fixes are also included. See tickets and ChangeLog for details.
Diffstat (limited to 'lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb')
-rw-r--r-- | lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index 8511d602784..00000000000 --- a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:03 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2014-02-06 02:59:36.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -90,7 +90,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |