diff options
author | taca <taca@pkgsrc.org> | 2015-06-23 14:03:02 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2015-06-23 14:03:02 +0000 |
commit | 4523642b13d9ecf2247e6265268f98915a92555b (patch) | |
tree | a1e34b5114f065684a6851828bf66e1575d3a4d3 /lang/ruby22-base | |
parent | 1d18598b9885aacf57add59014b465bd342b71bc (diff) | |
download | pkgsrc-4523642b13d9ecf2247e6265268f98915a92555b.tar.gz |
Add security fix for rubygems, CVE-2015-3900.
Bump PKGREVISION.
Diffstat (limited to 'lang/ruby22-base')
-rw-r--r-- | lang/ruby22-base/Makefile | 4 | ||||
-rw-r--r-- | lang/ruby22-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
3 files changed, 25 insertions, 3 deletions
diff --git a/lang/ruby22-base/Makefile b/lang/ruby22-base/Makefile index a5956dc720d..f9e719a5b00 100644 --- a/lang/ruby22-base/Makefile +++ b/lang/ruby22-base/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.2 2015/04/30 03:27:52 taca Exp $ +# $NetBSD: Makefile,v 1.3 2015/06/23 14:04:40 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby22-base/distinfo b/lang/ruby22-base/distinfo index a140b64ae66..6b6dcff6e3a 100644 --- a/lang/ruby22-base/distinfo +++ b/lang/ruby22-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2015/04/30 03:27:52 taca Exp $ +$NetBSD: distinfo,v 1.5 2015/06/23 14:04:40 taca Exp $ SHA1 (ruby-2.2.2.tar.bz2) = de97ec6132ac76bb7c0f92b5ca4682138093af1b RMD160 (ruby-2.2.2.tar.bz2) = af9f1c4de12fc25c0d6e20bf339cc13e7d89df2d @@ -15,6 +15,7 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = 33279f961cc4c530f0d81c8b415 SHA1 (patch-lib_rubygems_install__update__options.rb) = 8ec3a2387f3a83e19d76b7a900ebf3b37bdcc043 SHA1 (patch-lib_rubygems_installer.rb) = 864f3f8fe2949aedd85f730e447d8495f58d3b25 SHA1 (patch-lib_rubygems_platform.rb) = 2bddd029a2678de5a5d016af33f629caa712fbce +SHA1 (patch-lib_rubygems_remote__fetcher.rb) = 02c149b7b29e457dad909ebec38691440e192816 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = b07be05375977cfac0f88765a95e85db4f858885 diff --git a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb new file mode 100644 index 00000000000..66ffba2fd3d --- /dev/null +++ b/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb @@ -0,0 +1,21 @@ +$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:40 taca Exp $ + +Fix for CVE-2015-3900. + +--- lib/rubygems/remote_fetcher.rb.orig 2014-11-17 03:55:02.000000000 +0000 ++++ lib/rubygems/remote_fetcher.rb +@@ -94,7 +94,13 @@ class Gem::RemoteFetcher + rescue Resolv::ResolvError + uri + else +- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" ++ target = res.target.to_s.strip ++ ++ if /\.#{Regexp.quote(host)}\z/ =~ target ++ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" ++ end ++ ++ uri + end + end + |