diff options
author | spz <spz@pkgsrc.org> | 2020-10-21 19:58:57 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2020-10-21 19:58:57 +0000 |
commit | 30b15c36d55cbb808c9e3704218151f76e62c123 (patch) | |
tree | 645a090df42ed80c69b4052261747520d14512c4 | |
parent | 9c77ee32dc0748add3490bd765d076fd5dc70c29 (diff) | |
download | pkgsrc-30b15c36d55cbb808c9e3704218151f76e62c123.tar.gz |
Pullup ticket #6337 - requested by taca
lang/ruby26-base: security patch
Revisions pulled up:
- lang/ruby26-base/Makefile 1.11
- lang/ruby26-base/distinfo 1.9
- lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:41:12 UTC 2020
Modified Files:
pkgsrc/lang/ruby26-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby26-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb
-rw-r--r-- | lang/ruby26-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby26-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/lang/ruby26-base/Makefile b/lang/ruby26-base/Makefile index c39e59ad13d..f5bfcd41a71 100644 --- a/lang/ruby26-base/Makefile +++ b/lang/ruby26-base/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.10 2020/04/01 15:21:57 taca Exp $ +# $NetBSD: Makefile,v 1.10.4.1 2020/10/21 19:58:57 spz Exp $ DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby26-base/distinfo b/lang/ruby26-base/distinfo index 5428d2860dc..fdcbcd7e1f7 100644 --- a/lang/ruby26-base/distinfo +++ b/lang/ruby26-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2020/04/01 15:21:57 taca Exp $ +$NetBSD: distinfo,v 1.8.4.1 2020/10/21 19:58:57 spz Exp $ SHA1 (ruby-2.6.6.tar.xz) = 4dc8d4f7abc1d498b7bac68e82efc01a849f300f RMD160 (ruby-2.6.6.tar.xz) = 3091dc207ad5089305c105582e39f73ca9dfeb2b @@ -17,5 +17,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = 1776508907f17547ffe93f637d6 SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3 SHA1 (patch-lib_rubygems_installer.rb) = bce2fe5bcc88ba15352c1e3017bdf97e19d0cbfa SHA1 (patch-lib_rubygems_platform.rb) = 8608f9e29728101789a990d73b4a6780054dd278 +SHA1 (patch-lib_webrick_httprequest.rb) = 71d2d01e27d23aa5f0b7bc77f2cda1fd85aeeab4 SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5 SHA1 (patch-thread__pthread.c) = ce3dfbc7e953cdd04522bcc8e443b60e541845ce diff --git a/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb b/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb new file mode 100644 index 00000000000..ff83ce8b1e7 --- /dev/null +++ b/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb @@ -0,0 +1,27 @@ +$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1.2.2 2020/10/21 19:58:57 spz Exp $ + +Add fix for CVE-2020-25613. + +--- lib/webrick/httprequest.rb.orig 2020-03-31 11:23:13.000000000 +0000 ++++ lib/webrick/httprequest.rb +@@ -226,9 +226,9 @@ module WEBrick + raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." + end + +- if /close/io =~ self["connection"] ++ if /\Aclose\z/io =~ self["connection"] + @keep_alive = false +- elsif /keep-alive/io =~ self["connection"] ++ elsif /\Akeep-alive\z/io =~ self["connection"] + @keep_alive = true + elsif @http_version < "1.1" + @keep_alive = false +@@ -503,7 +503,7 @@ module WEBrick + return unless socket + if tc = self['transfer-encoding'] + case tc +- when /chunked/io then read_chunked(socket, block) ++ when /\Achunked\z/io then read_chunked(socket, block) + else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." + end + elsif self['content-length'] || @remaining_size |