head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2010.09.10.03.29.00;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2010.08.16.07.08.13;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.08.16.07.08.13;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.08.16.12.26.22;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update ruby18-base to 1.8.7.302 (Ruby 1.8.7 patchlevel 302).

Since many changes from previous release, please refer
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/.

Note: Since all security updates are already in previous package,
This update dosen't include any securify fix.
@
text
@$NetBSD: patch-ea,v 1.1 2010/08/16 07:08:13 taca Exp $

* Fix for possible cross-site scripting (CVE-2010-0541) from r29002 in
  Ruby's repository.

--- lib/webrick/httpresponse.rb.orig	2008-06-06 08:05:24.000000000 +0000
+++ lib/webrick/httpresponse.rb
@@@@ -209,7 +209,7 @@@@ module WEBrick
         @@keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @@header['content-type'] = "text/html"
+      @@header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
@


1.1
log
@Add a patch to fix for possible cross-site scripting (CVE-2010-0541)
from r29002 in Ruby's repository.  (Sadly, Ruby 1.8.7 pl301 missed
this change...)

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ea was added on branch pkgsrc-2010Q2 on 2010-08-16 12:26:22 +0000
@
text
@d1 16
@


1.1.2.2
log
@Pullup ticket #3207 - requested by taca
lang/ruby18-base: security patch

Revisions pulled up:
- lang/ruby18-base/Makefile			1.56
- lang/ruby18-base/distinfo			1.44
- lang/ruby18-base/patches/patch-ea		1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Aug 16 07:08:13 UTC 2010

Modified Files:
	pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
	pkgsrc/lang/ruby18-base/patches: patch-ea

Log Message:
Add a patch to fix for possible cross-site scripting (CVE-2010-0541)
from r29002 in Ruby's repository.  (Sadly, Ruby 1.8.7 pl301 missed
this change...)

Bump PKGREVISION.
@
text
@a0 16
$NetBSD: patch-ea,v 1.1 2010/08/16 07:08:13 taca Exp $

* Fix for possible cross-site scripting (CVE-2010-0541) from r29002 in
  Ruby's repository.

--- lib/webrick/httpresponse.rb.orig	2008-06-06 08:05:24.000000000 +0000
+++ lib/webrick/httpresponse.rb
@@@@ -209,7 +209,7 @@@@ module WEBrick
         @@keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @@header['content-type'] = "text/html"
+      @@header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
@