Revision bump, security bug 294797. Remove stale patch

(Portage version: 2.2_rc52/cvs/Linux x86_64)

4 files changed, 47 insertions, 14 deletions

diff --git a/dev-ruby/actionpack/ChangeLog b/dev-ruby/actionpack/ChangeLog
index 5ea3e57484d7..3beac690b29c 100644
--- a/dev-ruby/actionpack/ChangeLog
+++ b/dev-ruby/actionpack/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-ruby/actionpack
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-ruby/actionpack/ChangeLog,v 1.129 2009/11/28 09:19:32 a3li Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-ruby/actionpack/ChangeLog,v 1.130 2009/11/28 11:18:29 a3li Exp $
+
+*actionpack-2.2.3-r1 (28 Nov 2009)
+
+  28 Nov 2009; Alex Legler <a3li@gentoo.org>
+  -files/2.1.2-csrf-circumvention.patch, +actionpack-2.2.3-r1.ebuild,
+  +files/actionpack-2.2.3-strip_tags.patch:
+  Revision bump, security bug 294797. Remove stale patch
 
 *actionpack-2.3.5 (28 Nov 2009)
 
diff --git a/dev-ruby/actionpack/actionpack-2.2.3-r1.ebuild b/dev-ruby/actionpack/actionpack-2.2.3-r1.ebuild
new file mode 100644
index 000000000000..ba7974edc076
--- /dev/null
+++ b/dev-ruby/actionpack/actionpack-2.2.3-r1.ebuild
@@ -0,0 +1,26 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-ruby/actionpack/actionpack-2.2.3-r1.ebuild,v 1.1 2009/11/28 11:18:29 a3li Exp $
+
+inherit ruby gems
+USE_RUBY="ruby18"
+
+DESCRIPTION="Eases web-request routing, handling, and response."
+HOMEPAGE="http://rubyforge.org/projects/actionpack/"
+
+LICENSE="MIT"
+SLOT="2.2"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+DEPEND=">=dev-lang/ruby-1.8.5
+	=dev-ruby/activesupport-2.2.3"
+
+src_install() {
+	gems_src_install
+
+	# Patch for bug 294797.
+	# Yes, I know, but we cannot patch gems in a different way *yet*.
+	cd "${D}/$(gem18 env gemdir)/gems/${P}/lib" || die "cd failed"
+	epatch "${FILESDIR}/${P}-strip_tags.patch"
+}
diff --git a/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch b/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch
deleted file mode 100644
index a455b39f4635..000000000000
--- a/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Patch from upstream git (commit 099a98e9) to fix bug #247549.
-
---- lib/action_controller/mime_type.rb.1
-+++ lib/action_controller/mime_type.rb
-@@ -18,7 +18,7 @@
-   #   end
-   class Type
-     @@html_types = Set.new [:html, :all]
--    @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
-+    @@unverifiable_types = Set.new [:json, :csv, :xml, :rss, :atom, :yaml]
-     cattr_reader :html_types, :unverifiable_types
- 
-     # A simple helper class used in parsing the accept header
diff --git a/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch b/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch
new file mode 100644
index 000000000000..01638dcceae1
--- /dev/null
+++ b/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch
@@ -0,0 +1,13 @@
+Patch for bug 294797 (strip_tags XSS), based on upstream commit 785281ade8. -a3li@g.o
+
+--- action_controller/vendor/html-scanner/html/node.rb.orig	2009-11-28 12:09:54.476218352 +0100
++++ action_controller/vendor/html-scanner/html/node.rb	2009-11-28 12:10:12.748213673 +0100
+@@ -162,7 +162,7 @@
+           end
+           
+           closing = ( scanner.scan(/\//) ? :close : nil )
+-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
++          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
+           name.downcase!
+   
+           unless closing