commit: 96086551a781780b04640554ea0052e5e1674a47 Author: matoro <matoro <AT> users <DOT> noreply <DOT> github <DOT> com> AuthorDate: Wed Jun 15 04:40:00 2022 +0000 Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org> CommitDate: Sat Oct 22 21:33:11 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96086551
dev-ruby/sinatra: revbump 2.2.0-r1, enable ruby31 See: https://github.com/sinatra/sinatra/issues/1774 See: https://github.com/sinatra/sinatra/pull/1519 Signed-off-by: matoro <matoro <AT> users.noreply.github.com> Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org> dev-ruby/sinatra/files/backport-pr-1519.patch | 120 ++++++++++++++++++++++++++ dev-ruby/sinatra/sinatra-2.2.0-r1.ebuild | 40 +++++++++ 2 files changed, 160 insertions(+) diff --git a/dev-ruby/sinatra/files/backport-pr-1519.patch b/dev-ruby/sinatra/files/backport-pr-1519.patch new file mode 100644 index 000000000000..2521dcaf2881 --- /dev/null +++ b/dev-ruby/sinatra/files/backport-pr-1519.patch @@ -0,0 +1,120 @@ +From 6d34a2a1bee48961c25e1b53edac874a31c42060 Mon Sep 17 00:00:00 2001 +From: Jordan Owens <jkow...@gmail.com> +Date: Thu, 31 Jan 2019 22:32:45 -0500 +Subject: [PATCH] Internal Sinatra errors now extend Sinatra::Error + +By extending Sinatra::Error, an error class can set the http status +code on the response to a value other than 500. This commit fixes +issues #1204 and #1518 where an error raised by a third party library +that responded to http_status could set the status on the response. +Any error outside of Sinatra errors will now always return a 500 status. + +This fixes an issue where an exception could leak sensitive data in +the message to the browser. Errors that have http_status code 400 or +404 use the message as the body of the response. This is why it is +imperative that these errors extend Sinatra::Error so that this is +an explicit decision. +--- + lib/sinatra/base.rb | 22 ++++++++++++++-------- + test/mapped_error_test.rb | 6 +++--- + test/result_test.rb | 15 +++++++++++++++ + 3 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb +index 6dbb3ae57..4dfc9a8ae 100644 +--- a/lib/sinatra/base.rb ++++ b/lib/sinatra/base.rb +@@ -255,11 +255,14 @@ def call(env) + end + end + +- class BadRequest < TypeError #:nodoc: ++ class Error < StandardError #:nodoc: ++ end ++ ++ class BadRequest < Error #:nodoc: + def http_status; 400 end + end + +- class NotFound < NameError #:nodoc: ++ class NotFound < Error #:nodoc: + def http_status; 404 end + end + +@@ -1149,14 +1152,17 @@ def handle_exception!(boom) + end + @env['sinatra.error'] = boom + +- if boom.respond_to? :http_status and boom.http_status.between? 400, 599 +- status(boom.http_status) +- elsif settings.use_code? and boom.respond_to? :code and boom.code.between? 400, 599 +- status(boom.code) +- else +- status(500) ++ http_status = if boom.kind_of? Sinatra::Error ++ if boom.respond_to? :http_status ++ boom.http_status ++ elsif settings.use_code? && boom.respond_to?(:code) ++ boom.code ++ end + end + ++ http_status = 500 unless http_status && http_status.between?(400, 599) ++ status(http_status) ++ + if server_error? + dump_errors! boom if settings.dump_errors? + raise boom if settings.show_exceptions? and settings.show_exceptions != :after_handler +diff --git a/test/mapped_error_test.rb b/test/mapped_error_test.rb +index cb158a268..562e509dc 100644 +--- a/test/mapped_error_test.rb ++++ b/test/mapped_error_test.rb +@@ -6,15 +6,15 @@ class FooError < RuntimeError + class FooNotFound < Sinatra::NotFound + end + +-class FooSpecialError < RuntimeError ++class FooSpecialError < Sinatra::Error + def http_status; 501 end + end + +-class FooStatusOutOfRangeError < RuntimeError ++class FooStatusOutOfRangeError < Sinatra::Error + def code; 4000 end + end + +-class FooWithCode < RuntimeError ++class FooWithCode < Sinatra::Error + def code; 419 end + end + +diff --git a/test/result_test.rb b/test/result_test.rb +index cbb781319..67d163fc4 100644 +--- a/test/result_test.rb ++++ b/test/result_test.rb +@@ -1,5 +1,9 @@ + require File.expand_path('../helper', __FILE__) + ++class ThirdPartyError < RuntimeError ++ def http_status; 400 end ++end ++ + class ResultTest < Minitest::Test + it "sets response.body when result is a String" do + mock_app { get('/') { 'Hello World' } } +@@ -73,4 +77,15 @@ def res.each ; yield call ; end + assert_equal 205, status + assert_equal '', body + end ++ ++ it "sets status to 500 when raised error is not Sinatra::Error" do ++ mock_app do ++ set :raise_errors, false ++ get('/') { raise ThirdPartyError } ++ end ++ ++ get '/' ++ assert_equal 500, status ++ assert_equal '<h1>Internal Server Error</h1>', body ++ end + end diff --git a/dev-ruby/sinatra/sinatra-2.2.0-r1.ebuild b/dev-ruby/sinatra/sinatra-2.2.0-r1.ebuild new file mode 100644 index 000000000000..23ac1f9ff9cc --- /dev/null +++ b/dev-ruby/sinatra/sinatra-2.2.0-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +USE_RUBY="ruby26 ruby27 ruby30 ruby31" + +RUBY_FAKEGEM_TASK_TEST="MT_NO_PLUGINS=true test:core" + +RUBY_FAKEGEM_EXTRADOC="README.md AUTHORS.md CHANGELOG.md" + +RUBY_FAKEGEM_GEMSPEC="sinatra.gemspec" + +inherit ruby-fakegem + +DESCRIPTION="A DSL for quickly creating web applications in Ruby with minimal effort" +HOMEPAGE="http://www.sinatrarb.com/" +SRC_URI="https://github.com/sinatra/sinatra/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="MIT" +SLOT="2" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="" + +# Backport https://github.com/sinatra/sinatra/pull/1519 from master. +# Fixes https://github.com/sinatra/sinatra/issues/1774 +# Required for ruby31 compat. +# Should be removed on next release. +PATCHES=( "${FILESDIR}/backport-pr-1519.patch" ) + +ruby_add_rdepend " + dev-ruby/mustermann:1 + dev-ruby/rack:2.2 + ~dev-ruby/rack-protection-${PV} + dev-ruby/tilt:2" +ruby_add_bdepend "test? ( >=dev-ruby/rack-test-0.5.6 dev-ruby/erubis dev-ruby/builder <dev-ruby/activesupport-7 )" +ruby_add_bdepend "doc? ( dev-ruby/yard )" + +all_ruby_prepare() { + sed -i -e '/active_support\/core_ext\/hash/igem "activesupport", "<7"' test/helper.rb || die +}