head	1.2;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.11.17.06.03.03;	author svnexp;	state Exp;
branches;
next	1.1;

1.1
date	2010.12.08.19.18.29;	author pgollucci;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Switch exporter over
@
text
@# Ports collection makefile for:	rubygem-cgi_multipart_eof_fix
# Date created:				December 08, 2010
# Whom:					Philip M. Gollucci <pgollucci@@p6m7g8.com>
#
# $FreeBSD: head/www/rubygem-cgi_multipart_eof_fix/Makefile 300897 2012-07-14 14:29:18Z beat $

PORTNAME=	cgi_multipart_eof_fix
PORTVERSION=	2.5.0
CATEGORIES=	www rubygems
MASTER_SITES=	RG

MAINTAINER=	ruby@@FreeBSD.org
COMMENT=	Fix an exploitable bug in CGI multipart parsing

USE_RUBY=	yes
USE_RUBYGEMS=	yes
RUBYGEM_AUTOPLIST=	yes

.include <bsd.port.mk>
@


1.1
log
@Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW:    http://blog.evanweaver.com/#cgi_multipart_eof_fix
@
text
@d5 1
a5 1
# $FreeBSD$
@

