diff options
author | spz <spz@pkgsrc.org> | 2020-10-21 20:02:44 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2020-10-21 20:02:44 +0000 |
commit | 3baf060c8643fa56f183e26061e2ce1861ede592 (patch) | |
tree | 8b2fd9da8a425dca001c1b7bee0226501421bba5 | |
parent | 30b15c36d55cbb808c9e3704218151f76e62c123 (diff) | |
download | pkgsrc-3baf060c8643fa56f183e26061e2ce1861ede592.tar.gz |
Pullup ticket #6338 - requested by taca
lang/ruby25-base: security patch
Revisions pulled up:
- lang/ruby25-base/Makefile 1.17
- lang/ruby25-base/distinfo 1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:45:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby25-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby25-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
-rw-r--r-- | lang/ruby25-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby25-base/distinfo | 3 | ||||
-rw-r--r-- | lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/lang/ruby25-base/Makefile b/lang/ruby25-base/Makefile index eb2d0a6ba11..2fb902d18a8 100644 --- a/lang/ruby25-base/Makefile +++ b/lang/ruby25-base/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $ +# $NetBSD: Makefile,v 1.16.4.1 2020/10/21 20:02:44 spz Exp $ DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby25-base/distinfo b/lang/ruby25-base/distinfo index c8f3bfe3b69..149423dfb67 100644 --- a/lang/ruby25-base/distinfo +++ b/lang/ruby25-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $ +$NetBSD: distinfo,v 1.13.4.1 2020/10/21 20:02:44 spz Exp $ SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf @@ -17,4 +17,5 @@ SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e35 SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4 +SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5 diff --git a/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb b/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb new file mode 100644 index 00000000000..c746c47a375 --- /dev/null +++ b/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb @@ -0,0 +1,27 @@ +$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1.2.2 2020/10/21 20:02:44 spz Exp $ + +Add fix for CVE-2020-25613. + +--- lib/webrick/httprequest.rb.orig 2020-03-31 12:15:56.000000000 +0000 ++++ lib/webrick/httprequest.rb +@@ -226,9 +226,9 @@ module WEBrick + raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." + end + +- if /close/io =~ self["connection"] ++ if /\Aclose\z/io =~ self["connection"] + @keep_alive = false +- elsif /keep-alive/io =~ self["connection"] ++ elsif /\Akeep-alive\z/io =~ self["connection"] + @keep_alive = true + elsif @http_version < "1.1" + @keep_alive = false +@@ -475,7 +475,7 @@ module WEBrick + return unless socket + if tc = self['transfer-encoding'] + case tc +- when /chunked/io then read_chunked(socket, block) ++ when /\Achunked\z/io then read_chunked(socket, block) + else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." + end + elsif self['content-length'] || @remaining_size |