pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2020Q3]: pkgsrc/lang/ruby25-base Pullup ticket #6338 - request...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a98e3455084e
branches: pkgsrc-2020Q3
changeset: 440928:a98e3455084e
user: spz <spz%pkgsrc.org@localhost>
date: Wed Oct 21 20:02:44 2020 +0000
description:
Pullup ticket #6338 - requested by taca
lang/ruby25-base: security patch
Revisions pulled up:
- lang/ruby25-base/Makefile 1.17
- lang/ruby25-base/distinfo 1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:45:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby25-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby25-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
diffstat:
lang/ruby25-base/Makefile | 3 +-
lang/ruby25-base/distinfo | 3 +-
lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb | 27 +++++++++++++++
3 files changed, 31 insertions(+), 2 deletions(-)
diffs (59 lines):
diff -r 8b7a49ff4919 -r a98e3455084e lang/ruby25-base/Makefile
--- a/lang/ruby25-base/Makefile Wed Oct 21 19:58:57 2020 +0000
+++ b/lang/ruby25-base/Makefile Wed Oct 21 20:02:44 2020 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $
+# $NetBSD: Makefile,v 1.16.4.1 2020/10/21 20:02:44 spz Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
diff -r 8b7a49ff4919 -r a98e3455084e lang/ruby25-base/distinfo
--- a/lang/ruby25-base/distinfo Wed Oct 21 19:58:57 2020 +0000
+++ b/lang/ruby25-base/distinfo Wed Oct 21 20:02:44 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $
+$NetBSD: distinfo,v 1.13.4.1 2020/10/21 20:02:44 spz Exp $
SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c
RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf
@@ -17,4 +17,5 @@
SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
+SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea
SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
diff -r 8b7a49ff4919 -r a98e3455084e lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb Wed Oct 21 20:02:44 2020 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1.2.2 2020/10/21 20:02:44 spz Exp $
+
+Add fix for CVE-2020-25613.
+
+--- lib/webrick/httprequest.rb.orig 2020-03-31 12:15:56.000000000 +0000
++++ lib/webrick/httprequest.rb
+@@ -226,9 +226,9 @@ module WEBrick
+ raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
+ end
+
+- if /close/io =~ self["connection"]
++ if /\Aclose\z/io =~ self["connection"]
+ @keep_alive = false
+- elsif /keep-alive/io =~ self["connection"]
++ elsif /\Akeep-alive\z/io =~ self["connection"]
+ @keep_alive = true
+ elsif @http_version < "1.1"
+ @keep_alive = false
+@@ -475,7 +475,7 @@ module WEBrick
+ return unless socket
+ if tc = self['transfer-encoding']
+ case tc
+- when /chunked/io then read_chunked(socket, block)
++ when /\Achunked\z/io then read_chunked(socket, block)
+ else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
+ end
+ elsif self['content-length'] || @remaining_size
Home |
Main Index |
Thread Index |
Old Index