Date: Mon, 1 Jun 2015 18:51:46 +0000 (UTC) From: Michael Moll <mmoll@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r388252 - in branches/2015Q2/www/rubygem-rest-client: . files Message-ID: <201506011851.t51IpkrS048334@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mmoll Date: Mon Jun 1 18:51:45 2015 New Revision: 388252 URL: https://svnweb.freebsd.org/changeset/ports/388252 Log: www/rubygem-rest-client: import two security fixes This is a direct commit to branches/2015Q2, as rubygem-rest-client was already updated to 1.8.0 in head. PR: 200504 Differential Revision: https://reviews.freebsd.org/D2707 Approved by: ports-secteam (delphij) Security: CVE-2015-1820 Security: CVE-2015-3448 Added: branches/2015Q2/www/rubygem-rest-client/files/ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb (contents, props changed) branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb (contents, props changed) branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb (contents, props changed) branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb (contents, props changed) branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec (contents, props changed) Modified: branches/2015Q2/www/rubygem-rest-client/Makefile Modified: branches/2015Q2/www/rubygem-rest-client/Makefile ============================================================================== --- branches/2015Q2/www/rubygem-rest-client/Makefile Mon Jun 1 18:44:14 2015 (r388251) +++ branches/2015Q2/www/rubygem-rest-client/Makefile Mon Jun 1 18:51:45 2015 (r388252) @@ -3,13 +3,15 @@ PORTNAME= rest-client PORTVERSION= 1.6.7 +PORTREVISION= 1 CATEGORIES= www rubygems MASTER_SITES= RG MAINTAINER= renchap@cocoa-x.com COMMENT= Simple Simple HTTP and REST client for Ruby -RUN_DEPENDS= rubygem-mime-types>=1.16:${PORTSDIR}/misc/rubygem-mime-types +RUN_DEPENDS= rubygem-http-cookie>=1.0.2:${PORTSDIR}/www/rubygem-http-cookie \ + rubygem-mime-types>=1.16:${PORTSDIR}/misc/rubygem-mime-types USE_RUBY= yes USE_RUBYGEMS= yes Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb Mon Jun 1 18:51:45 2015 (r388252) @@ -0,0 +1,94 @@ +--- lib/restclient/abstract_response.rb.orig 2015-06-01 12:01:41 UTC ++++ lib/restclient/abstract_response.rb +@@ -1,10 +1,11 @@ + require 'cgi' ++require 'http-cookie' + + module RestClient + + module AbstractResponse + +- attr_reader :net_http_res, :args ++ attr_reader :net_http_res, :args, :request + + # HTTP status code + def code +@@ -22,11 +23,36 @@ module RestClient + @raw_headers ||= @net_http_res.to_hash + end + ++ def response_set_vars(net_http_res, args, request) ++ @net_http_res = net_http_res ++ @args = args ++ @request = request ++ end ++ + # Hash of cookies extracted from response headers + def cookies +- @cookies ||= (self.headers[:set_cookie] || {}).inject({}) do |out, cookie_content| +- out.merge parse_cookie(cookie_content) ++ hash = {} ++ ++ cookie_jar.cookies.each do |cookie| ++ hash[cookie.name] = cookie.value + end ++ ++ hash ++ end ++ ++ # Cookie jar extracted from response headers. ++ # ++ # @return [HTTP::CookieJar] ++ # ++ def cookie_jar ++ return @cookie_jar if @cookie_jar ++ ++ jar = HTTP::CookieJar.new ++ headers.fetch(:set_cookie, []).each do |cookie| ++ jar.parse(cookie, @request.url) ++ end ++ ++ @cookie_jar = jar + end + + # Return the default behavior corresponding to the response code: +@@ -61,25 +87,28 @@ module RestClient + + # Follow a redirection + def follow_redirection request = nil, result = nil, & block ++ new_args = @args.dup ++ + url = headers[:location] + if url !~ /^http/ +- url = URI.parse(args[:url]).merge(url).to_s ++ url = URI.parse(request.url).merge(url).to_s + end +- args[:url] = url ++ new_args[:url] = url + if request + if request.max_redirects == 0 + raise MaxRedirectsReached + end +- args[:password] = request.password +- args[:user] = request.user +- args[:headers] = request.headers +- args[:max_redirects] = request.max_redirects - 1 +- # pass any cookie set in the result +- if result && result['set-cookie'] +- args[:headers][:cookies] = (args[:headers][:cookies] || {}).merge(parse_cookie(result['set-cookie'])) +- end ++ new_args[:password] = request.password ++ new_args[:user] = request.user ++ new_args[:headers] = request.headers ++ new_args[:max_redirects] = request.max_redirects - 1 ++ ++ # TODO: figure out what to do with original :cookie, :cookies values ++ new_args[:headers]['Cookie'] = HTTP::Cookie.cookie_value( ++ cookie_jar.cookies(new_args.fetch(:url))) + end +- Request.execute args, &block ++ ++ Request.execute(new_args, &block) + end + + def AbstractResponse.beautify_headers(headers) Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb Mon Jun 1 18:51:45 2015 (r388252) @@ -0,0 +1,18 @@ +--- lib/restclient/raw_response.rb.orig 2015-06-01 12:01:41 UTC ++++ lib/restclient/raw_response.rb +@@ -13,12 +13,13 @@ module RestClient + + include AbstractResponse + +- attr_reader :file ++ attr_reader :file, :request + +- def initialize tempfile, net_http_res, args ++ def initialize(tempfile, net_http_res, args, request) + @net_http_res = net_http_res + @args = args + @file = tempfile ++ @request = request + end + + def to_s Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb Mon Jun 1 18:51:45 2015 (r388252) @@ -0,0 +1,14 @@ +--- lib/restclient/request.rb.orig 2015-06-01 12:01:41 UTC ++++ lib/restclient/request.rb +@@ -219,9 +219,9 @@ module RestClient + def process_result res, & block + if @raw_response + # We don't decode raw requests +- response = RawResponse.new(@tf, res, args) ++ response = RawResponse.new(@tf, res, args, self) + else +- response = Response.create(Request.decode(res['content-encoding'], res.body), res, args) ++ response = Response.create(Request.decode(res['content-encoding'], res.body), res, args, self) + end + + if block_given? Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb Mon Jun 1 18:51:45 2015 (r388252) @@ -0,0 +1,22 @@ +--- lib/restclient/response.rb.orig 2015-06-01 12:01:41 UTC ++++ lib/restclient/response.rb +@@ -6,17 +6,14 @@ module RestClient + + include AbstractResponse + +- attr_accessor :args, :body, :net_http_res +- + def body + self + end + +- def Response.create body, net_http_res, args ++ def self.create body, net_http_res, args, request + result = body || '' + result.extend Response +- result.net_http_res = net_http_res +- result.args = args ++ result.response_set_vars(net_http_res, args, request) + result + end + Added: branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec Mon Jun 1 18:51:45 2015 (r388252) @@ -0,0 +1,21 @@ +--- rest-client.gemspec.orig 2015-06-01 12:01:42 UTC ++++ rest-client.gemspec +@@ -24,15 +24,18 @@ Gem::Specification.new do |s| + + if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then + s.add_runtime_dependency(%q<mime-types>, [">= 1.16"]) ++ s.add_runtime_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"]) + s.add_development_dependency(%q<webmock>, [">= 0.9.1"]) + s.add_development_dependency(%q<rspec>, [">= 0"]) + else + s.add_dependency(%q<mime-types>, [">= 1.16"]) ++ s.add_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"]) + s.add_dependency(%q<webmock>, [">= 0.9.1"]) + s.add_dependency(%q<rspec>, [">= 0"]) + end + else + s.add_dependency(%q<mime-types>, [">= 1.16"]) ++ s.add_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"]) + s.add_dependency(%q<webmock>, [">= 0.9.1"]) + s.add_dependency(%q<rspec>, [">= 0"]) + end
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506011851.t51IpkrS048334>