summaryrefslogtreecommitdiff
path: root/devel
diff options
context:
space:
mode:
Diffstat (limited to 'devel')
-rw-r--r--devel/ruby-activesupport3/Makefile3
-rw-r--r--devel/ruby-activesupport3/distinfo3
-rw-r--r--devel/ruby-activesupport3/patches/patch-lib_active__support_core__ext_string_output__safety.rb93
-rw-r--r--devel/ruby-activesupport31/Makefile4
-rw-r--r--devel/ruby-activesupport31/distinfo3
-rw-r--r--devel/ruby-activesupport31/patches/patch-lib_active__support_core__ext_string_output__safety.rb93
6 files changed, 194 insertions, 5 deletions
diff --git a/devel/ruby-activesupport3/Makefile b/devel/ruby-activesupport3/Makefile
index b3a95d37968..13328097af4 100644
--- a/devel/ruby-activesupport3/Makefile
+++ b/devel/ruby-activesupport3/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.5 2011/12/13 15:53:37 taca Exp $
+# $NetBSD: Makefile,v 1.5.2.1 2012/03/05 23:28:39 tron Exp $
DISTNAME= activesupport-${RUBY_RAILS_VERSION}
+PKGREVISION= 1
CATEGORIES= devel
MAINTAINER= pkgsrc-users@NetBSD.org
diff --git a/devel/ruby-activesupport3/distinfo b/devel/ruby-activesupport3/distinfo
index a44a799eb6a..59c3926e265 100644
--- a/devel/ruby-activesupport3/distinfo
+++ b/devel/ruby-activesupport3/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2011/11/19 15:32:34 taca Exp $
+$NetBSD: distinfo,v 1.10.2.1 2012/03/05 23:28:39 tron Exp $
SHA1 (activesupport-3.0.11.gem) = 45fd29d5663d4bf90c8695d04aaead2023525789
RMD160 (activesupport-3.0.11.gem) = cb66549165f8b6d57e8cf3883559c6884d92bf7d
Size (activesupport-3.0.11.gem) = 304640 bytes
+SHA1 (patch-lib_active__support_core__ext_string_output__safety.rb) = 655215cb063e589d922d0efdb48d5884dafe396a
diff --git a/devel/ruby-activesupport3/patches/patch-lib_active__support_core__ext_string_output__safety.rb b/devel/ruby-activesupport3/patches/patch-lib_active__support_core__ext_string_output__safety.rb
new file mode 100644
index 00000000000..8a0392a8802
--- /dev/null
+++ b/devel/ruby-activesupport3/patches/patch-lib_active__support_core__ext_string_output__safety.rb
@@ -0,0 +1,93 @@
+$NetBSD: patch-lib_active__support_core__ext_string_output__safety.rb,v 1.1.2.2 2012/03/05 23:28:40 tron Exp $
+
+Fix for CVE-2012-1099.
+
+--- lib/active_support/core_ext/string/output_safety.rb.orig 2012-03-03 03:54:59.000000000 +0000
++++ lib/active_support/core_ext/string/output_safety.rb
+@@ -85,23 +85,41 @@ module ActiveSupport #:nodoc:
+ end
+ end
+
++ def [](*args)
++ return super if args.size < 2
++
++ if html_safe?
++ new_safe_buffer = super
++ new_safe_buffer.instance_eval { @html_safe = true }
++ new_safe_buffer
++ else
++ to_str[*args]
++ end
++ end
++
+ def safe_concat(value)
+- raise SafeConcatError if dirty?
++ raise SafeConcatError unless html_safe?
+ original_concat(value)
+ end
+
+ def initialize(*)
+- @dirty = false
++ @html_safe = true
+ super
+ end
+
+ def initialize_copy(other)
+ super
+- @dirty = other.dirty?
++ @html_safe = other.html_safe?
++ end
++
++ def clone_empty
++ new_safe_buffer = self[0, 0]
++ new_safe_buffer.instance_variable_set(:@dirty, @dirty)
++ new_safe_buffer
+ end
+
+ def concat(value)
+- if dirty? || value.html_safe?
++ if !html_safe? || value.html_safe?
+ super(value)
+ else
+ super(ERB::Util.h(value))
+@@ -114,7 +132,7 @@ module ActiveSupport #:nodoc:
+ end
+
+ def html_safe?
+- !dirty?
++ defined?(@html_safe) && @html_safe
+ end
+
+ def to_s
+@@ -132,23 +150,17 @@ module ActiveSupport #:nodoc:
+ for unsafe_method in UNSAFE_STRING_METHODS
+ if 'String'.respond_to?(unsafe_method)
+ class_eval <<-EOT, __FILE__, __LINE__ + 1
+- def #{unsafe_method}(*args)
+- super.to_str
+- end
+-
+- def #{unsafe_method}!(*args)
+- @dirty = true
+- super
+- end
++ def #{unsafe_method}(*args, &block) # def capitalize(*args, &block)
++ to_str.#{unsafe_method}(*args, &block) # to_str.capitalize(*args, &block)
++ end # end
++
++ def #{unsafe_method}!(*args) # def capitalize!(*args)
++ @html_safe = false # @html_safe = false
++ super # super
++ end # end
+ EOT
+ end
+ end
+-
+- protected
+-
+- def dirty?
+- @dirty
+- end
+ end
+ end
+
diff --git a/devel/ruby-activesupport31/Makefile b/devel/ruby-activesupport31/Makefile
index 9ed714b07d7..9a10763b891 100644
--- a/devel/ruby-activesupport31/Makefile
+++ b/devel/ruby-activesupport31/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2011/12/17 17:48:10 taca Exp $
+# $NetBSD: Makefile,v 1.2.2.1 2012/03/05 23:28:40 tron Exp $
DISTNAME= activesupport-${RUBY_RAILS_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= devel
MAINTAINER= pkgsrc-users@NetBSD.org
diff --git a/devel/ruby-activesupport31/distinfo b/devel/ruby-activesupport31/distinfo
index 19a667ed4d4..326151c3d1e 100644
--- a/devel/ruby-activesupport31/distinfo
+++ b/devel/ruby-activesupport31/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2011/12/16 12:15:16 taca Exp $
+$NetBSD: distinfo,v 1.1.1.1.2.1 2012/03/05 23:28:40 tron Exp $
SHA1 (activesupport-3.1.3.gem) = a36dddf8a1cda7b1b7e601ab3645628db705e518
RMD160 (activesupport-3.1.3.gem) = a55b5f3b4d304dca257cf5ac302a1621cd14a091
Size (activesupport-3.1.3.gem) = 309760 bytes
+SHA1 (patch-lib_active__support_core__ext_string_output__safety.rb) = fb870b00210f8403691eee216331452ade8d7110
diff --git a/devel/ruby-activesupport31/patches/patch-lib_active__support_core__ext_string_output__safety.rb b/devel/ruby-activesupport31/patches/patch-lib_active__support_core__ext_string_output__safety.rb
new file mode 100644
index 00000000000..a2523d6c4fd
--- /dev/null
+++ b/devel/ruby-activesupport31/patches/patch-lib_active__support_core__ext_string_output__safety.rb
@@ -0,0 +1,93 @@
+$NetBSD: patch-lib_active__support_core__ext_string_output__safety.rb,v 1.1.2.2 2012/03/05 23:28:40 tron Exp $
+
+Fix for CVE-2012-1099.
+
+--- lib/active_support/core_ext/string/output_safety.rb.orig 2012-03-03 03:59:36.000000000 +0000
++++ lib/active_support/core_ext/string/output_safety.rb
+@@ -86,23 +86,41 @@ module ActiveSupport #:nodoc:
+ end
+ end
+
++ def [](*args)
++ return super if args.size < 2
++
++ if html_safe?
++ new_safe_buffer = super
++ new_safe_buffer.instance_eval { @html_safe = true }
++ new_safe_buffer
++ else
++ to_str[*args]
++ end
++ end
++
+ def safe_concat(value)
+- raise SafeConcatError if dirty?
++ raise SafeConcatError unless html_safe?
+ original_concat(value)
+ end
+
+ def initialize(*)
+- @dirty = false
++ @html_safe = true
+ super
+ end
+
+ def initialize_copy(other)
+ super
+- @dirty = other.dirty?
++ @html_safe = other.html_safe?
++ end
++
++ def clone_empty
++ new_safe_buffer = self[0, 0]
++ new_safe_buffer.instance_variable_set(:@dirty, @dirty)
++ new_safe_buffer
+ end
+
+ def concat(value)
+- if dirty? || value.html_safe?
++ if !html_safe? || value.html_safe?
+ super(value)
+ else
+ super(ERB::Util.h(value))
+@@ -115,7 +133,7 @@ module ActiveSupport #:nodoc:
+ end
+
+ def html_safe?
+- !dirty?
++ defined?(@html_safe) && @html_safe
+ end
+
+ def to_s
+@@ -138,23 +156,17 @@ module ActiveSupport #:nodoc:
+ for unsafe_method in UNSAFE_STRING_METHODS
+ if 'String'.respond_to?(unsafe_method)
+ class_eval <<-EOT, __FILE__, __LINE__ + 1
+- def #{unsafe_method}(*args)
+- super.to_str
+- end
+-
+- def #{unsafe_method}!(*args)
+- @dirty = true
+- super
+- end
++ def #{unsafe_method}(*args, &block) # def capitalize(*args, &block)
++ to_str.#{unsafe_method}(*args, &block) # to_str.capitalize(*args, &block)
++ end # end
++
++ def #{unsafe_method}!(*args) # def capitalize!(*args)
++ @html_safe = false # @html_safe = false
++ super # super
++ end # end
+ EOT
+ end
+ end
+-
+- protected
+-
+- def dirty?
+- @dirty
+- end
+ end
+ end
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 06:32:24 +0000