aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Fechner <mfechner@FreeBSD.org>2022-10-20 15:21:22 +0000
committerMatthias Fechner <mfechner@FreeBSD.org>2022-11-07 15:41:47 +0000
commit344c25a817dde021c682f72a4ffb3c63dbafbc3e (patch)
treebd4f8992bf045706ef21576cb9e63a9da07fa1ef
parentb26cad3b7848b86c4514de8be91ad93fecee6bdd (diff)
downloadports-344c25a817dde021c682f72a4ffb3c63dbafbc3e.tar.gz
ports-344c25a817dde021c682f72a4ffb3c63dbafbc3e.zip
security/rubygem-omniauth-rails_csrf_protection: new port, required for gitlab-ce
-rw-r--r--security/Makefile1
-rw-r--r--security/rubygem-omniauth-rails_csrf_protection/Makefile21
-rw-r--r--security/rubygem-omniauth-rails_csrf_protection/distinfo3
-rw-r--r--security/rubygem-omniauth-rails_csrf_protection/pkg-descr5
4 files changed, 30 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 0ffcd131c72d..dfcf1c84c852 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1097,6 +1097,7 @@
SUBDIR += rubygem-omniauth-jwt
SUBDIR += rubygem-omniauth-multipassword
SUBDIR += rubygem-omniauth-oauth2-generic
+ SUBDIR += rubygem-omniauth-rails_csrf_protection
SUBDIR += rubygem-omniauth-saml
SUBDIR += rubygem-omniauth-shibboleth
SUBDIR += rubygem-omniauth1
diff --git a/security/rubygem-omniauth-rails_csrf_protection/Makefile b/security/rubygem-omniauth-rails_csrf_protection/Makefile
new file mode 100644
index 000000000000..8bd530bec7e1
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/Makefile
@@ -0,0 +1,21 @@
+PORTNAME= omniauth-rails_csrf_protection
+PORTVERSION= 1.0.1
+CATEGORIES= security rubygems
+MASTER_SITES= RG
+
+MAINTAINER= mfechner@FreeBSD.org
+COMMENT= Mitigation against CVE-2015-9284 for OmniAuth
+WWW= https://github.com/cookpad/omniauth-rails_csrf_protection
+
+LICENSE= MIT
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS= rubygem-actionpack61>=4.2:www/rubygem-actionpack61 \
+ rubygem-omniauth>=2.0<3:security/rubygem-omniauth
+
+USES= gem
+USE_RUBY= yes
+
+NO_ARCH= yes
+
+.include <bsd.port.mk>
diff --git a/security/rubygem-omniauth-rails_csrf_protection/distinfo b/security/rubygem-omniauth-rails_csrf_protection/distinfo
new file mode 100644
index 000000000000..1b794d0064f9
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1665830346
+SHA256 (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = fc546aeb7d43b7b9d7737051c380156e61c8f080b898cd4934d523eaa7e59acf
+SIZE (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = 10752
diff --git a/security/rubygem-omniauth-rails_csrf_protection/pkg-descr b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr
new file mode 100644
index 000000000000..567c3562b734
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr
@@ -0,0 +1,5 @@
+This gem provides a mitigation against CVE-2015-9284
+(Cross-Site Request Forgery on the request phrase when
+using OmniAuth gem with a Ruby on Rails application) by
+implementing a CSRF token verifier that directly utilize
+`ActionController::RequestForgeryProtection` code from Rails.