diff options
author | Matthias Fechner <mfechner@FreeBSD.org> | 2022-10-20 15:21:22 +0000 |
---|---|---|
committer | Matthias Fechner <mfechner@FreeBSD.org> | 2022-11-07 15:41:47 +0000 |
commit | 344c25a817dde021c682f72a4ffb3c63dbafbc3e (patch) | |
tree | bd4f8992bf045706ef21576cb9e63a9da07fa1ef | |
parent | b26cad3b7848b86c4514de8be91ad93fecee6bdd (diff) | |
download | ports-344c25a817dde021c682f72a4ffb3c63dbafbc3e.tar.gz ports-344c25a817dde021c682f72a4ffb3c63dbafbc3e.zip |
security/rubygem-omniauth-rails_csrf_protection: new port, required for gitlab-ce
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/rubygem-omniauth-rails_csrf_protection/Makefile | 21 | ||||
-rw-r--r-- | security/rubygem-omniauth-rails_csrf_protection/distinfo | 3 | ||||
-rw-r--r-- | security/rubygem-omniauth-rails_csrf_protection/pkg-descr | 5 |
4 files changed, 30 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 0ffcd131c72d..dfcf1c84c852 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1097,6 +1097,7 @@ SUBDIR += rubygem-omniauth-jwt SUBDIR += rubygem-omniauth-multipassword SUBDIR += rubygem-omniauth-oauth2-generic + SUBDIR += rubygem-omniauth-rails_csrf_protection SUBDIR += rubygem-omniauth-saml SUBDIR += rubygem-omniauth-shibboleth SUBDIR += rubygem-omniauth1 diff --git a/security/rubygem-omniauth-rails_csrf_protection/Makefile b/security/rubygem-omniauth-rails_csrf_protection/Makefile new file mode 100644 index 000000000000..8bd530bec7e1 --- /dev/null +++ b/security/rubygem-omniauth-rails_csrf_protection/Makefile @@ -0,0 +1,21 @@ +PORTNAME= omniauth-rails_csrf_protection +PORTVERSION= 1.0.1 +CATEGORIES= security rubygems +MASTER_SITES= RG + +MAINTAINER= mfechner@FreeBSD.org +COMMENT= Mitigation against CVE-2015-9284 for OmniAuth +WWW= https://github.com/cookpad/omniauth-rails_csrf_protection + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE.txt + +RUN_DEPENDS= rubygem-actionpack61>=4.2:www/rubygem-actionpack61 \ + rubygem-omniauth>=2.0<3:security/rubygem-omniauth + +USES= gem +USE_RUBY= yes + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/rubygem-omniauth-rails_csrf_protection/distinfo b/security/rubygem-omniauth-rails_csrf_protection/distinfo new file mode 100644 index 000000000000..1b794d0064f9 --- /dev/null +++ b/security/rubygem-omniauth-rails_csrf_protection/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1665830346 +SHA256 (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = fc546aeb7d43b7b9d7737051c380156e61c8f080b898cd4934d523eaa7e59acf +SIZE (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = 10752 diff --git a/security/rubygem-omniauth-rails_csrf_protection/pkg-descr b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr new file mode 100644 index 000000000000..567c3562b734 --- /dev/null +++ b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr @@ -0,0 +1,5 @@ +This gem provides a mitigation against CVE-2015-9284 +(Cross-Site Request Forgery on the request phrase when +using OmniAuth gem with a Ruby on Rails application) by +implementing a CSRF token verifier that directly utilize +`ActionController::RequestForgeryProtection` code from Rails. |