diff options
author | taca <taca@pkgsrc.org> | 2018-09-08 16:59:45 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2018-09-08 16:59:45 +0000 |
commit | a49218a9c031942eb6370818806f0fbc83637c21 (patch) | |
tree | 7d72e761f4754d52d9c571ea3c14896abadc20af /misc | |
parent | a1b38b817158dbe454ccbaf5444d2eef7a1cd6f2 (diff) | |
download | pkgsrc-a49218a9c031942eb6370818806f0fbc83637c21.tar.gz |
misc/ruby-sprockets22 Add fix for CVE-2018-3760
* Add fix for CVE-2018-3760.
* pkgsrc change: update HOMEPAGE.
Diffstat (limited to 'misc')
-rw-r--r-- | misc/ruby-sprockets22/Makefile | 6 | ||||
-rw-r--r-- | misc/ruby-sprockets22/distinfo | 3 | ||||
-rw-r--r-- | misc/ruby-sprockets22/patches/patch-lib_sprockets_server.rb | 15 |
3 files changed, 20 insertions, 4 deletions
diff --git a/misc/ruby-sprockets22/Makefile b/misc/ruby-sprockets22/Makefile index ef5a2ad6f57..066f632852d 100644 --- a/misc/ruby-sprockets22/Makefile +++ b/misc/ruby-sprockets22/Makefile @@ -1,12 +1,12 @@ -# $NetBSD: Makefile,v 1.6 2017/09/02 14:58:36 taca Exp $ +# $NetBSD: Makefile,v 1.7 2018/09/08 16:59:45 taca Exp $ DISTNAME= sprockets-2.2.3 PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/sprockets/sprockets22/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= https://github.com/sstephenson/sprockets +HOMEPAGE= https://github.com/rails/sprockets COMMENT= Rack-based asset packaging system LICENSE= mit diff --git a/misc/ruby-sprockets22/distinfo b/misc/ruby-sprockets22/distinfo index b2de32e12b9..2cfb178e98a 100644 --- a/misc/ruby-sprockets22/distinfo +++ b/misc/ruby-sprockets22/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.3 2015/11/03 23:49:51 agc Exp $ +$NetBSD: distinfo,v 1.4 2018/09/08 16:59:45 taca Exp $ SHA1 (sprockets-2.2.3.gem) = c81e5cada0dfa45298678e57401819b13b7cb1ae RMD160 (sprockets-2.2.3.gem) = 83647cf6b27a3474127ea3c96bfb80865c5af39d SHA512 (sprockets-2.2.3.gem) = f4192aa296cdf5a92fd0b30e3184e1f8fda85fcdc91d6a60f309853599eea4d6cde780b930e2d2d34eeff66d5bd76b614cd24b70264c84234cf4ae9ab884ca51 Size (sprockets-2.2.3.gem) = 37376 bytes +SHA1 (patch-lib_sprockets_server.rb) = f3141893a9f2171a3692d8cbfa96339c9982c190 diff --git a/misc/ruby-sprockets22/patches/patch-lib_sprockets_server.rb b/misc/ruby-sprockets22/patches/patch-lib_sprockets_server.rb new file mode 100644 index 00000000000..abcb128201b --- /dev/null +++ b/misc/ruby-sprockets22/patches/patch-lib_sprockets_server.rb @@ -0,0 +1,15 @@ +$NetBSD: patch-lib_sprockets_server.rb,v 1.1 2018/09/08 16:59:45 taca Exp $ + +Try to avoid CVE-2018-3760. + +--- lib/sprockets/server.rb.orig 2018-06-20 01:37:23.885194827 +0000 ++++ lib/sprockets/server.rb +@@ -90,7 +90,7 @@ module Sprockets + # + # http://example.org/assets/../../../etc/passwd + # +- path.include?("..") || Pathname.new(path).absolute? ++ path.include?("..") || Pathname.new(path).absolute? || path.include?("://") + end + + # Returns a 403 Forbidden response tuple |