svn commit: r388252 - in branches/2015Q2/www/rubygem-rest-client: . files

Michael Moll mmoll at FreeBSD.org
Mon Jun 1 18:51:48 UTC 2015 

Author: mmoll
Date: Mon Jun  1 18:51:45 2015
New Revision: 388252
URL: https://svnweb.freebsd.org/changeset/ports/388252

Log:
  www/rubygem-rest-client: import two security fixes
  
  This is a direct commit to branches/2015Q2, as rubygem-rest-client was
  already updated to 1.8.0 in head.
  
  PR:		200504
  Differential Revision:	https://reviews.freebsd.org/D2707
  Approved by:	ports-secteam (delphij)
  Security:	CVE-2015-1820
  Security:	CVE-2015-3448

Added:
  branches/2015Q2/www/rubygem-rest-client/files/
  branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb   (contents, props changed)
  branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb   (contents, props changed)
  branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb   (contents, props changed)
  branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb   (contents, props changed)
  branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec   (contents, props changed)
Modified:
  branches/2015Q2/www/rubygem-rest-client/Makefile

Modified: branches/2015Q2/www/rubygem-rest-client/Makefile
==============================================================================
--- branches/2015Q2/www/rubygem-rest-client/Makefile	Mon Jun  1 18:44:14 2015	(r388251)
+++ branches/2015Q2/www/rubygem-rest-client/Makefile	Mon Jun  1 18:51:45 2015	(r388252)
@@ -3,13 +3,15 @@
 
 PORTNAME=	rest-client
 PORTVERSION=	1.6.7
+PORTREVISION=	1
 CATEGORIES=	www rubygems
 MASTER_SITES=	RG
 
 MAINTAINER=	renchap at cocoa-x.com
 COMMENT=	Simple Simple HTTP and REST client for Ruby
 
-RUN_DEPENDS=	rubygem-mime-types>=1.16:${PORTSDIR}/misc/rubygem-mime-types
+RUN_DEPENDS=	rubygem-http-cookie>=1.0.2:${PORTSDIR}/www/rubygem-http-cookie \
+		rubygem-mime-types>=1.16:${PORTSDIR}/misc/rubygem-mime-types
 
 USE_RUBY=		yes
 USE_RUBYGEMS=		yes

Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_abstract__response.rb	Mon Jun  1 18:51:45 2015	(r388252)
@@ -0,0 +1,94 @@
+--- lib/restclient/abstract_response.rb.orig	2015-06-01 12:01:41 UTC
++++ lib/restclient/abstract_response.rb
+@@ -1,10 +1,11 @@
+ require 'cgi'
++require 'http-cookie'
+ 
+ module RestClient
+ 
+   module AbstractResponse
+ 
+-    attr_reader :net_http_res, :args
++    attr_reader :net_http_res, :args, :request
+ 
+     # HTTP status code
+     def code
+@@ -22,11 +23,36 @@ module RestClient
+       @raw_headers ||= @net_http_res.to_hash
+     end
+ 
++    def response_set_vars(net_http_res, args, request)
++      @net_http_res = net_http_res
++      @args = args
++      @request = request
++    end
++
+     # Hash of cookies extracted from response headers
+     def cookies
+-      @cookies ||= (self.headers[:set_cookie] || {}).inject({}) do |out, cookie_content|
+-        out.merge parse_cookie(cookie_content)
++      hash = {}
++
++      cookie_jar.cookies.each do |cookie|
++        hash[cookie.name] = cookie.value
+       end
++
++      hash
++    end
++
++    # Cookie jar extracted from response headers.
++    #
++    # @return [HTTP::CookieJar]
++    #
++    def cookie_jar
++      return @cookie_jar if @cookie_jar
++
++      jar = HTTP::CookieJar.new
++      headers.fetch(:set_cookie, []).each do |cookie|
++        jar.parse(cookie, @request.url)
++      end
++
++      @cookie_jar = jar
+     end
+ 
+     # Return the default behavior corresponding to the response code:
+@@ -61,25 +87,28 @@ module RestClient
+ 
+     # Follow a redirection
+     def follow_redirection request = nil, result = nil, & block
++      new_args = @args.dup
++
+       url = headers[:location]
+       if url !~ /^http/
+-        url = URI.parse(args[:url]).merge(url).to_s
++        url = URI.parse(request.url).merge(url).to_s
+       end
+-      args[:url] = url
++      new_args[:url] = url
+       if request
+         if request.max_redirects == 0
+           raise MaxRedirectsReached
+         end
+-        args[:password] = request.password
+-        args[:user] = request.user
+-        args[:headers] = request.headers
+-        args[:max_redirects] = request.max_redirects - 1
+-        # pass any cookie set in the result
+-        if result && result['set-cookie']
+-          args[:headers][:cookies] = (args[:headers][:cookies] || {}).merge(parse_cookie(result['set-cookie']))
+-        end
++        new_args[:password] = request.password
++        new_args[:user] = request.user
++        new_args[:headers] = request.headers
++        new_args[:max_redirects] = request.max_redirects - 1
++
++        # TODO: figure out what to do with original :cookie, :cookies values
++        new_args[:headers]['Cookie'] = HTTP::Cookie.cookie_value(
++          cookie_jar.cookies(new_args.fetch(:url)))
+       end
+-      Request.execute args, &block
++
++      Request.execute(new_args, &block)
+     end
+ 
+     def AbstractResponse.beautify_headers(headers)

Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_raw__response.rb	Mon Jun  1 18:51:45 2015	(r388252)
@@ -0,0 +1,18 @@
+--- lib/restclient/raw_response.rb.orig	2015-06-01 12:01:41 UTC
++++ lib/restclient/raw_response.rb
+@@ -13,12 +13,13 @@ module RestClient
+ 
+     include AbstractResponse
+ 
+-    attr_reader :file
++    attr_reader :file, :request
+ 
+-    def initialize tempfile, net_http_res, args
++    def initialize(tempfile, net_http_res, args, request)
+       @net_http_res = net_http_res
+       @args = args
+       @file = tempfile
++      @request = request
+     end
+ 
+     def to_s

Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_request.rb	Mon Jun  1 18:51:45 2015	(r388252)
@@ -0,0 +1,14 @@
+--- lib/restclient/request.rb.orig	2015-06-01 12:01:41 UTC
++++ lib/restclient/request.rb
+@@ -219,9 +219,9 @@ module RestClient
+     def process_result res, & block
+       if @raw_response
+         # We don't decode raw requests
+-        response = RawResponse.new(@tf, res, args)
++        response = RawResponse.new(@tf, res, args, self)
+       else
+-        response = Response.create(Request.decode(res['content-encoding'], res.body), res, args)
++        response = Response.create(Request.decode(res['content-encoding'], res.body), res, args, self)
+       end
+ 
+       if block_given?

Added: branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/www/rubygem-rest-client/files/patch-lib_restclient_response.rb	Mon Jun  1 18:51:45 2015	(r388252)
@@ -0,0 +1,22 @@
+--- lib/restclient/response.rb.orig	2015-06-01 12:01:41 UTC
++++ lib/restclient/response.rb
+@@ -6,17 +6,14 @@ module RestClient
+ 
+     include AbstractResponse
+ 
+-    attr_accessor :args, :body, :net_http_res
+-
+     def body
+       self
+     end
+ 
+-    def Response.create body, net_http_res, args
++    def self.create body, net_http_res, args, request
+       result = body || ''
+       result.extend Response
+-      result.net_http_res = net_http_res
+-      result.args = args
++      result.response_set_vars(net_http_res, args, request)
+       result
+     end
+ 

Added: branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/www/rubygem-rest-client/files/patch-rest-client.gemspec	Mon Jun  1 18:51:45 2015	(r388252)
@@ -0,0 +1,21 @@
+--- rest-client.gemspec.orig	2015-06-01 12:01:42 UTC
++++ rest-client.gemspec
+@@ -24,15 +24,18 @@ Gem::Specification.new do |s|
+ 
+     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+       s.add_runtime_dependency(%q<mime-types>, [">= 1.16"])
++      s.add_runtime_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"])
+       s.add_development_dependency(%q<webmock>, [">= 0.9.1"])
+       s.add_development_dependency(%q<rspec>, [">= 0"])
+     else
+       s.add_dependency(%q<mime-types>, [">= 1.16"])
++      s.add_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"])
+       s.add_dependency(%q<webmock>, [">= 0.9.1"])
+       s.add_dependency(%q<rspec>, [">= 0"])
+     end
+   else
+     s.add_dependency(%q<mime-types>, [">= 1.16"])
++    s.add_dependency(%q<http-cookie>, [">= 1.0.2", "< 2.0"])
+     s.add_dependency(%q<webmock>, [">= 0.9.1"])
+     s.add_dependency(%q<rspec>, [">= 0"])
+   end

More information about the svn-ports-all mailing list