Add security fix for CVE-2014-2538.

Bump PKGREVISION.

3 files changed, 19 insertions, 3 deletions

diff --git a/www/ruby-rack-ssl/Makefile b/www/ruby-rack-ssl/Makefile
index 1c2a77724aa..e1abc6b1571 100644
--- a/www/ruby-rack-ssl/Makefile
+++ b/www/ruby-rack-ssl/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2013/03/10 09:16:46 taca Exp $
+# $NetBSD: Makefile,v 1.4 2014/03/21 01:06:47 taca Exp $
 
 DISTNAME=	rack-ssl-1.3.3
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	www
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
diff --git a/www/ruby-rack-ssl/distinfo b/www/ruby-rack-ssl/distinfo
index 55e0a196b1f..794700590ca 100644
--- a/www/ruby-rack-ssl/distinfo
+++ b/www/ruby-rack-ssl/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.2 2013/02/11 04:03:45 taca Exp $
+$NetBSD: distinfo,v 1.3 2014/03/21 01:06:47 taca Exp $
 
 SHA1 (rack-ssl-1.3.3.gem) = 5f9c879b43d909e3425f82d461bc5353e4bd6496
 RMD160 (rack-ssl-1.3.3.gem) = f784aead5548ba73f57048c0647dcea503b5b01b
 Size (rack-ssl-1.3.3.gem) = 5120 bytes
+SHA1 (patch-lib_rack_ssl.rb) = 2f1fbc07c36a5291b832a9ac67edad05f4b2266f
diff --git a/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb b/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb
new file mode 100644
index 00000000000..b9d24481052
--- /dev/null
+++ b/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_rack_ssl.rb,v 1.1 2014/03/21 01:06:47 taca Exp $
+
+Security fix for CVE-2014-2538.
+
+--- lib/rack/ssl.rb.orig	2014-03-19 13:38:14.000000000 +0000
++++ lib/rack/ssl.rb
+@@ -55,6 +55,8 @@ module Rack
+                                         'Location'     => url.to_s)
+ 
+         [status, headers, []]
++      rescue URI::InvalidURIError
++        [400, {"Content-Type" => "text/plain"}, []]
+       end
+ 
+       # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02