diff options
| author | taca <taca@pkgsrc.org> | 2012-04-29 16:11:17 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-04-29 16:11:17 +0000 |
| commit | d178ba6939a46194534a5a6be4d1a51876b55fc8 (patch) | |
| tree | 4537c36b784cfec8fb6433af79f1d7a77f636150 /www/ruby-mechanize/PLIST | |
| parent | 93ad96561f0ee239d6a565739d488fe777c407f5 (diff) | |
| download | pkgsrc-d178ba6939a46194534a5a6be4d1a51876b55fc8.tar.gz | |
Update ruby-mechanize to 2.4.
=== 2.4
* Security fix:
Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
malicious servers and have been removed.
In prior versions of mechanize only one set of HTTP authentication
credentials were allowed for all connections. If a mechanize instance
connected to more than one server then a malicious server detecting
mechanize could ask for HTTP Basic authentication. This would expose the
username and password intended only for one server.
Mechanize#auth and Mechanize#basic_auth now warn when used.
To fix the warning switch to Mechanize#add_auth which requires at the URI
the credentials are intended for, the username and the password.
Optionally an HTTP authentication realm or NTLM domain may be provided.
* Minor enhancement
* Improved exception messages for 401 Unauthorized responses. Mechanize now
tells you if you were missing credentials, had an incorrect password, etc.
Diffstat (limited to 'www/ruby-mechanize/PLIST')
| -rw-r--r-- | www/ruby-mechanize/PLIST | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/www/ruby-mechanize/PLIST b/www/ruby-mechanize/PLIST index 19ccbc5c230..1aa4adfbefe 100644 --- a/www/ruby-mechanize/PLIST +++ b/www/ruby-mechanize/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.7 2012/03/01 01:24:48 minskim Exp $ +@comment $NetBSD: PLIST,v 1.8 2012/04/29 16:11:17 taca Exp $ ${GEM_HOME}/cache/${GEM_NAME}.gem ${GEM_LIBDIR}/.autotest ${GEM_LIBDIR}/.gemtest @@ -49,6 +49,7 @@ ${GEM_LIBDIR}/lib/mechanize/http.rb ${GEM_LIBDIR}/lib/mechanize/http/agent.rb ${GEM_LIBDIR}/lib/mechanize/http/auth_challenge.rb ${GEM_LIBDIR}/lib/mechanize/http/auth_realm.rb +${GEM_LIBDIR}/lib/mechanize/http/auth_store.rb ${GEM_LIBDIR}/lib/mechanize/http/content_disposition_parser.rb ${GEM_LIBDIR}/lib/mechanize/http/www_authenticate_parser.rb ${GEM_LIBDIR}/lib/mechanize/image.rb @@ -148,6 +149,7 @@ ${GEM_LIBDIR}/test/test_mechanize_history.rb ${GEM_LIBDIR}/test/test_mechanize_http_agent.rb ${GEM_LIBDIR}/test/test_mechanize_http_auth_challenge.rb ${GEM_LIBDIR}/test/test_mechanize_http_auth_realm.rb +${GEM_LIBDIR}/test/test_mechanize_http_auth_store.rb ${GEM_LIBDIR}/test/test_mechanize_http_content_disposition_parser.rb ${GEM_LIBDIR}/test/test_mechanize_http_www_authenticate_parser.rb ${GEM_LIBDIR}/test/test_mechanize_image.rb |