Revision bump, security bug 294797. Remove stale patch

Package-Manager: portage-2.2_rc52/cvs/Linux x86_64

2 files changed, 13 insertions, 13 deletions

diff --git a/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch b/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch
deleted file mode 100644
index a455b39f4635..000000000000
--- a/dev-ruby/actionpack/files/2.1.2-csrf-circumvention.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Patch from upstream git (commit 099a98e9) to fix bug #247549.
-
---- lib/action_controller/mime_type.rb.1
-+++ lib/action_controller/mime_type.rb
-@@ -18,7 +18,7 @@
-   #   end
-   class Type
-     @@html_types = Set.new [:html, :all]
--    @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
-+    @@unverifiable_types = Set.new [:json, :csv, :xml, :rss, :atom, :yaml]
-     cattr_reader :html_types, :unverifiable_types
- 
-     # A simple helper class used in parsing the accept header
diff --git a/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch b/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch
new file mode 100644
index 000000000000..01638dcceae1
--- /dev/null
+++ b/dev-ruby/actionpack/files/actionpack-2.2.3-strip_tags.patch
@@ -0,0 +1,13 @@
+Patch for bug 294797 (strip_tags XSS), based on upstream commit 785281ade8. -a3li@g.o
+
+--- action_controller/vendor/html-scanner/html/node.rb.orig	2009-11-28 12:09:54.476218352 +0100
++++ action_controller/vendor/html-scanner/html/node.rb	2009-11-28 12:10:12.748213673 +0100
+@@ -162,7 +162,7 @@
+           end
+           
+           closing = ( scanner.scan(/\//) ? :close : nil )
+-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
++          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
+           name.downcase!
+   
+           unless closing