diff options
| author | taca <taca@pkgsrc.org> | 2015-03-13 17:31:37 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2015-03-13 17:31:37 +0000 |
| commit | d629efab3e7992243337c3112456fe5b92e87204 (patch) | |
| tree | 6c0c492bfcf24965f9efe1f3ff20c6d6a8dcfa1f /www | |
| parent | 67039e3576c389f99f3a66beaed1baa18f56863a (diff) | |
| download | pkgsrc-d629efab3e7992243337c3112456fe5b92e87204.tar.gz | |
Update ruby-rack-ssl to 1.4.1.
* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.
* Added more installation/usage instructions into the README
* Return 400 instead of 404 in case of InvalidURIError
* Include Content-Type in 400 response.
To stay compatible with old Rack versions.
* Skip URI parsing Request#url
URI may fail to parse some legit URL paths.
Diffstat (limited to 'www')
| -rw-r--r-- | www/ruby-rack-ssl/Makefile | 5 | ||||
| -rw-r--r-- | www/ruby-rack-ssl/distinfo | 9 | ||||
| -rw-r--r-- | www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb | 15 |
3 files changed, 6 insertions, 23 deletions
diff --git a/www/ruby-rack-ssl/Makefile b/www/ruby-rack-ssl/Makefile index e1abc6b1571..f387414133e 100644 --- a/www/ruby-rack-ssl/Makefile +++ b/www/ruby-rack-ssl/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.4 2014/03/21 01:06:47 taca Exp $ +# $NetBSD: Makefile,v 1.5 2015/03/13 17:31:37 taca Exp $ -DISTNAME= rack-ssl-1.3.3 -PKGREVISION= 2 +DISTNAME= rack-ssl-1.4.1 CATEGORIES= www MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/www/ruby-rack-ssl/distinfo b/www/ruby-rack-ssl/distinfo index 794700590ca..5794d326d79 100644 --- a/www/ruby-rack-ssl/distinfo +++ b/www/ruby-rack-ssl/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.3 2014/03/21 01:06:47 taca Exp $ +$NetBSD: distinfo,v 1.4 2015/03/13 17:31:37 taca Exp $ -SHA1 (rack-ssl-1.3.3.gem) = 5f9c879b43d909e3425f82d461bc5353e4bd6496 -RMD160 (rack-ssl-1.3.3.gem) = f784aead5548ba73f57048c0647dcea503b5b01b -Size (rack-ssl-1.3.3.gem) = 5120 bytes -SHA1 (patch-lib_rack_ssl.rb) = 2f1fbc07c36a5291b832a9ac67edad05f4b2266f +SHA1 (rack-ssl-1.4.1.gem) = 87f2fb53c6882436b8d522288993d658dc7025ce +RMD160 (rack-ssl-1.4.1.gem) = ec435a9c691245fa77d4f0f5a60d57707b0353a1 +Size (rack-ssl-1.4.1.gem) = 6144 bytes diff --git a/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb b/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb deleted file mode 100644 index b9d24481052..00000000000 --- a/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-lib_rack_ssl.rb,v 1.1 2014/03/21 01:06:47 taca Exp $ - -Security fix for CVE-2014-2538. - ---- lib/rack/ssl.rb.orig 2014-03-19 13:38:14.000000000 +0000 -+++ lib/rack/ssl.rb -@@ -55,6 +55,8 @@ module Rack - 'Location' => url.to_s) - - [status, headers, []] -+ rescue URI::InvalidURIError -+ [400, {"Content-Type" => "text/plain"}, []] - end - - # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 |