git: 344c25a817dd - main - security/rubygem-omniauth-rails_csrf_protection: new port, required for gitlab-ce
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 07 Nov 2022 15:42:04 UTC
The branch main has been updated by mfechner:
URL: https://cgit.FreeBSD.org/ports/commit/?id=344c25a817dde021c682f72a4ffb3c63dbafbc3e
commit 344c25a817dde021c682f72a4ffb3c63dbafbc3e
Author: Matthias Fechner <mfechner@FreeBSD.org>
AuthorDate: 2022-10-20 15:21:22 +0000
Commit: Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2022-11-07 15:41:47 +0000
security/rubygem-omniauth-rails_csrf_protection: new port, required for gitlab-ce
---
security/Makefile | 1 +
.../rubygem-omniauth-rails_csrf_protection/Makefile | 21 +++++++++++++++++++++
.../rubygem-omniauth-rails_csrf_protection/distinfo | 3 +++
.../pkg-descr | 5 +++++
4 files changed, 30 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 0ffcd131c72d..dfcf1c84c852 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1097,6 +1097,7 @@
SUBDIR += rubygem-omniauth-jwt
SUBDIR += rubygem-omniauth-multipassword
SUBDIR += rubygem-omniauth-oauth2-generic
+ SUBDIR += rubygem-omniauth-rails_csrf_protection
SUBDIR += rubygem-omniauth-saml
SUBDIR += rubygem-omniauth-shibboleth
SUBDIR += rubygem-omniauth1
diff --git a/security/rubygem-omniauth-rails_csrf_protection/Makefile b/security/rubygem-omniauth-rails_csrf_protection/Makefile
new file mode 100644
index 000000000000..8bd530bec7e1
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/Makefile
@@ -0,0 +1,21 @@
+PORTNAME= omniauth-rails_csrf_protection
+PORTVERSION= 1.0.1
+CATEGORIES= security rubygems
+MASTER_SITES= RG
+
+MAINTAINER= mfechner@FreeBSD.org
+COMMENT= Mitigation against CVE-2015-9284 for OmniAuth
+WWW= https://github.com/cookpad/omniauth-rails_csrf_protection
+
+LICENSE= MIT
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS= rubygem-actionpack61>=4.2:www/rubygem-actionpack61 \
+ rubygem-omniauth>=2.0<3:security/rubygem-omniauth
+
+USES= gem
+USE_RUBY= yes
+
+NO_ARCH= yes
+
+.include <bsd.port.mk>
diff --git a/security/rubygem-omniauth-rails_csrf_protection/distinfo b/security/rubygem-omniauth-rails_csrf_protection/distinfo
new file mode 100644
index 000000000000..1b794d0064f9
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1665830346
+SHA256 (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = fc546aeb7d43b7b9d7737051c380156e61c8f080b898cd4934d523eaa7e59acf
+SIZE (rubygem/omniauth-rails_csrf_protection-1.0.1.gem) = 10752
diff --git a/security/rubygem-omniauth-rails_csrf_protection/pkg-descr b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr
new file mode 100644
index 000000000000..567c3562b734
--- /dev/null
+++ b/security/rubygem-omniauth-rails_csrf_protection/pkg-descr
@@ -0,0 +1,5 @@
+This gem provides a mitigation against CVE-2015-9284
+(Cross-Site Request Forgery on the request phrase when
+using OmniAuth gem with a Ruby on Rails application) by
+implementing a CSRF token verifier that directly utilize
+`ActionController::RequestForgeryProtection` code from Rails.