6 files changed, 38 insertions, 5 deletions

diff --git a/www/ruby-actionpack3/Makefile b/www/ruby-actionpack3/Makefile
index 51847f19bcc..732de46faf1 100644
--- a/www/ruby-actionpack3/Makefile
+++ b/www/ruby-actionpack3/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2011/12/15 14:39:10 taca Exp $
+# $NetBSD: Makefile,v 1.11 2012/03/03 04:47:14 taca Exp $
 
 DISTNAME=	actionpack-${RUBY_RAILS3_VERSION}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	www
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
diff --git a/www/ruby-actionpack3/distinfo b/www/ruby-actionpack3/distinfo
index e7991cbe852..3d4bfe54706 100644
--- a/www/ruby-actionpack3/distinfo
+++ b/www/ruby-actionpack3/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2011/11/19 15:34:37 taca Exp $
+$NetBSD: distinfo,v 1.11 2012/03/03 04:47:14 taca Exp $
 
 SHA1 (actionpack-3.0.11.gem) = 2161526f06ead521d0473b2bbad7e4db4a20fd5a
 RMD160 (actionpack-3.0.11.gem) = e21ccd58f0051e053a2dea3f3a7b2d97b6483012
 Size (actionpack-3.0.11.gem) = 358912 bytes
+SHA1 (patch-lib_action__view_helpers_capture__helper.rb) = bfbb8431086bc97e0e8b98e6cc29cf6705ed5070
diff --git a/www/ruby-actionpack3/patches/patch-lib_action__view_helpers_capture__helper.rb b/www/ruby-actionpack3/patches/patch-lib_action__view_helpers_capture__helper.rb
new file mode 100644
index 00000000000..61d52a83e60
--- /dev/null
+++ b/www/ruby-actionpack3/patches/patch-lib_action__view_helpers_capture__helper.rb
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_action__view_helpers_capture__helper.rb,v 1.1 2012/03/03 04:47:14 taca Exp $
+
+Fix for CVE-2012-1099.
+
+--- lib/action_view/helpers/capture_helper.rb.orig	2012-03-03 04:21:54.000000000 +0000
++++ lib/action_view/helpers/capture_helper.rb
+@@ -179,7 +179,7 @@ module ActionView
+       def flush_output_buffer #:nodoc:
+         if output_buffer && !output_buffer.empty?
+           response.body_parts << output_buffer
+-          self.output_buffer = output_buffer[0,0]
++          self.output_buffer = output_buffer.respond_to?(:clone_empty) ? output_buffer.clone_empty : output_buffer[0, 0]
+           nil
+         end
+       end
diff --git a/www/ruby-actionpack31/Makefile b/www/ruby-actionpack31/Makefile
index 8e7a7fbcc18..bd696d4d8d3 100644
--- a/www/ruby-actionpack31/Makefile
+++ b/www/ruby-actionpack31/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2011/12/16 12:26:29 taca Exp $
+# $NetBSD: Makefile,v 1.2 2012/03/03 04:47:14 taca Exp $
 
 DISTNAME=	actionpack-${RUBY_RAILS_VERSION}
+PKGREVISION=	1
 CATEGORIES=	www
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
diff --git a/www/ruby-actionpack31/distinfo b/www/ruby-actionpack31/distinfo
index d8900230c68..6b2a0748bec 100644
--- a/www/ruby-actionpack31/distinfo
+++ b/www/ruby-actionpack31/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2011/12/16 12:26:29 taca Exp $
+$NetBSD: distinfo,v 1.2 2012/03/03 04:47:14 taca Exp $
 
 SHA1 (actionpack-3.1.3.gem) = 3869fcc993a4b4cdbed14bb0b03d12d2beeb6802
 RMD160 (actionpack-3.1.3.gem) = b9d474a97e3f64535c094d133bd337329d888acd
 Size (actionpack-3.1.3.gem) = 369664 bytes
+SHA1 (patch-lib_action__view_helpers_capture__helper.rb) = b1cbedccc782ac4c669c9360e003a1e38fc0baf2
diff --git a/www/ruby-actionpack31/patches/patch-lib_action__view_helpers_capture__helper.rb b/www/ruby-actionpack31/patches/patch-lib_action__view_helpers_capture__helper.rb
new file mode 100644
index 00000000000..7c8c07b36b5
--- /dev/null
+++ b/www/ruby-actionpack31/patches/patch-lib_action__view_helpers_capture__helper.rb
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_action__view_helpers_capture__helper.rb,v 1.1 2012/03/03 04:47:14 taca Exp $
+
+Fix for CVE-2012-1099.
+
+--- lib/action_view/helpers/capture_helper.rb.orig	2012-03-03 04:18:29.000000000 +0000
++++ lib/action_view/helpers/capture_helper.rb
+@@ -194,7 +194,7 @@ module ActionView
+       def flush_output_buffer #:nodoc:
+         if output_buffer && !output_buffer.empty?
+           response.body_parts << output_buffer
+-          self.output_buffer = output_buffer[0,0]
++          self.output_buffer = output_buffer.respond_to?(:clone_empty) ? output_buffer.clone_empty : output_buffer[0, 0]
+           nil
+         end
+       end