diff options
| author | minskim <minskim> | 2009-09-12 22:19:56 +0000 |
|---|---|---|
| committer | minskim <minskim> | 2009-09-12 22:19:56 +0000 |
| commit | b6101aab7de62e0a6fa48ea8db0d250cf2b67d4d (patch) | |
| tree | c0d6b9833ba66f5cfa9dd847905f174e00901fd2 /www | |
| parent | c9fa2e87fdd24ba764cecbd7d0331b4a7e23841b (diff) | |
| download | pkgsrc-b6101aab7de62e0a6fa48ea8db0d250cf2b67d4d.tar.gz | |
Remove an unused patch.
Diffstat (limited to 'www')
| -rw-r--r-- | www/ruby-actionpack/patches/patch-aa | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/www/ruby-actionpack/patches/patch-aa b/www/ruby-actionpack/patches/patch-aa deleted file mode 100644 index e6037d72efb..00000000000 --- a/www/ruby-actionpack/patches/patch-aa +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-aa,v 1.3 2009/07/16 11:00:25 minskim Exp $ - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422 -rails git commit 056ddbdcfb07f0b5c7e6ed8a35f6c3b55b4ab489 - ---- lib/action_controller/http_authentication.rb.orig 2009-07-16 03:45:19.000000000 -0700 -+++ lib/action_controller/http_authentication.rb -@@ -183,7 +183,7 @@ module ActionController - request.env['REDIRECT_X_HTTP_AUTHORIZATION'] - end - -- # Raises error unless the request credentials response value matches the expected value. -+ # Returns false unless the request credentials response value matches the expected value. - # First try the password as a ha1 digest password. If this fails, then try it as a plain - # text password. - def validate_digest_response(request, realm, &password_procedure) -@@ -192,6 +192,7 @@ module ActionController - - if valid_nonce && realm == credentials[:realm] && opaque == credentials[:opaque] - password = password_procedure.call(credentials[:username]) -+ return false unless password - - [true, false].any? do |password_is_ha1| - expected = expected_response(request.env['REQUEST_METHOD'], request.env['REQUEST_URI'], credentials, password, password_is_ha1) |