Package: ruby-mechanize | Debian Sources

Package: ruby-mechanize / 2.7.6-1+deb10u1

Metadata

Package	Version	Patches format
ruby-mechanize	2.7.6-1+deb10u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
dont_require_rubygems \| (download)	lib/mechanize/test_case.rb \| 9 6 + 3 - 0 ! 1 file changed, 6 insertions(+), 3 deletions(-)	remove the 'rubygems' call Debian's pkg-ruby-extras policy disallows Rubygems to be called from within packages
set_path_for_test \| (download)	lib/mechanize/test_case.rb \| 4 3 + 1 - 0 ! lib/mechanize/test_case/gzip_servlet.rb \| 4 3 + 1 - 0 ! 2 files changed, 6 insertions(+), 2 deletions(-)	fix the provided path for te tests lib/mechanize/test_case.rb assumes the tests are run inside a Gems-installed system, and fails to find the tests' data. Fix it by setting the right path for our build environment.
0003 Replace dep on ntlm http by rubyntlm.patch \| (download)	mechanize.gemspec \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	replace dep on ntlm-http by rubyntlm
CVE 2021 21289.patch \| (download)	lib/mechanize.rb \| 2 1 + 1 - 0 ! lib/mechanize/cookie_jar.rb \| 4 2 + 2 - 0 ! lib/mechanize/download.rb \| 2 1 + 1 - 0 ! lib/mechanize/file.rb \| 2 1 + 1 - 0 ! lib/mechanize/file_response.rb \| 2 1 + 1 - 0 ! lib/mechanize/test_case.rb \| 4 2 + 2 - 0 ! lib/mechanize/test_case/gzip_servlet.rb \| 2 1 + 1 - 0 ! lib/mechanize/test_case/verb_servlet.rb \| 10 4 + 6 - 0 ! test/test_mechanize.rb \| 8 8 + 0 - 0 ! test/test_mechanize_cookie_jar.rb \| 30 30 + 0 - 0 ! test/test_mechanize_download.rb \| 13 12 + 1 - 0 ! test/test_mechanize_file.rb \| 9 9 + 0 - 0 ! test/test_mechanize_file_response.rb \| 22 20 + 2 - 0 ! 13 files changed, 92 insertions(+), 18 deletions(-)	[patch 1/7] fix(security): prevent command injection in cookiejar Related to https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g

1