CVS commit: pkgsrc/www/ruby-cgi

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Mar  2 14:51:54 UTC 2025

Added Files:
        pkgsrc/www/ruby-cgi: DESCR Makefile PLIST distinfo

Log Message:
www/ruby-cgi: add package version 0.4.2

ruby-cgi contains newer version of cgi gem which is default gem of Ruby.

This package intends to handle these security problem of cgi gem in Ruby.

        CVE-2025-27219: Denial of Service in CGI::Cookie.parse
        CVE-2025-27220: ReDoS in CGI::Util#escapeElement
        CVE-2025-27221: userinfo leakage in URI#join, URI#merge and URI#+

CGI

CGI is a large class, providing several categories of methods, many of which
are mixed in from other modules.  Some of the documentation is in this
class, some in the modules CGI::QueryExtension and CGI::HtmlExtension.  See
CGI::Cookie for specific information on handling cookies, and cgi/session.rb
(CGI::Session) for information on sessions.

For queries, CGI provides methods to get at environmental variables,
parameters, cookies, and multipart request data.  For responses, CGI
provides methods for writing output and generating HTML.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/www/ruby-cgi/DESCR pkgsrc/www/ruby-cgi/Makefile \
    pkgsrc/www/ruby-cgi/PLIST pkgsrc/www/ruby-cgi/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/www/ruby-cgi/DESCR
diff -u /dev/null pkgsrc/www/ruby-cgi/DESCR:1.1
--- /dev/null   Sun Mar  2 14:51:54 2025
+++ pkgsrc/www/ruby-cgi/DESCR   Sun Mar  2 14:51:54 2025
@@ -0,0 +1,11 @@
+CGI
+
+CGI is a large class, providing several categories of methods, many of which
+are mixed in from other modules.  Some of the documentation is in this
+class, some in the modules CGI::QueryExtension and CGI::HtmlExtension.  See
+CGI::Cookie for specific information on handling cookies, and cgi/session.rb
+(CGI::Session) for information on sessions.
+
+For queries, CGI provides methods to get at environmental variables,
+parameters, cookies, and multipart request data.  For responses, CGI
+provides methods for writing output and generating HTML.
Index: pkgsrc/www/ruby-cgi/Makefile
diff -u /dev/null pkgsrc/www/ruby-cgi/Makefile:1.1
--- /dev/null   Sun Mar  2 14:51:54 2025
+++ pkgsrc/www/ruby-cgi/Makefile        Sun Mar  2 14:51:54 2025
@@ -0,0 +1,14 @@
+# $NetBSD: Makefile,v 1.1 2025/03/02 14:51:54 taca Exp $
+
+DISTNAME=      cgi-0.4.2
+CATEGORIES=    www
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      https://github.com/ruby/cgi
+COMMENT=       Support for the Common Gateway Interface protocol
+LICENSE=       2-clause-bsd OR ruby-license
+
+#USE_LANGUAGES=        # none
+
+.include "../../lang/ruby/gem.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/www/ruby-cgi/PLIST
diff -u /dev/null pkgsrc/www/ruby-cgi/PLIST:1.1
--- /dev/null   Sun Mar  2 14:51:54 2025
+++ pkgsrc/www/ruby-cgi/PLIST   Sun Mar  2 14:51:54 2025
@@ -0,0 +1,19 @@
+@comment $NetBSD: PLIST,v 1.1 2025/03/02 14:51:54 taca Exp $
+${GEM_HOME}/cache/${GEM_NAME}.gem
+${GEM_EXTSDIR}/cgi/escape.${RUBY_DLEXT}
+${GEM_EXTSDIR}/gem.build_complete
+${GEM_LIBDIR}/BSDL
+${GEM_LIBDIR}/COPYING
+${GEM_LIBDIR}/README.md
+${GEM_LIBDIR}/ext/cgi/escape/depend
+${GEM_LIBDIR}/ext/cgi/escape/escape.c
+${GEM_LIBDIR}/ext/cgi/escape/extconf.rb
+${GEM_LIBDIR}/lib/cgi.rb
+${GEM_LIBDIR}/lib/cgi/cookie.rb
+${GEM_LIBDIR}/lib/cgi/core.rb
+${GEM_LIBDIR}/lib/cgi/escape.${RUBY_DLEXT}
+${GEM_LIBDIR}/lib/cgi/html.rb
+${GEM_LIBDIR}/lib/cgi/session.rb
+${GEM_LIBDIR}/lib/cgi/session/pstore.rb
+${GEM_LIBDIR}/lib/cgi/util.rb
+${GEM_HOME}/specifications/${GEM_NAME}.gemspec
Index: pkgsrc/www/ruby-cgi/distinfo
diff -u /dev/null pkgsrc/www/ruby-cgi/distinfo:1.1
--- /dev/null   Sun Mar  2 14:51:54 2025
+++ pkgsrc/www/ruby-cgi/distinfo        Sun Mar  2 14:51:54 2025
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2025/03/02 14:51:54 taca Exp $
+
+BLAKE2s (cgi-0.4.2.gem) = 7b6edec906877c6aae68b467f658d6de38c1de5b32b5147914564400c74e956b
+SHA512 (cgi-0.4.2.gem) = 40c736597d2bea6c61087449ad98a01d843d8922ffa218fbb29e138d7b86e37800165c049f1f444274ad668d67f95d90c408df8e513dd618dd9e9f905787430f
+Size (cgi-0.4.2.gem) = 37888 bytes