Re: CVS commit: pkgsrc/lang/ruby25-base

To: taca%netbsd.org@localhost
Subject: Re: CVS commit: pkgsrc/lang/ruby25-base
From: Ryo ONODERA <ryo%tetera.org@localhost>
Date: Sun, 04 Oct 2020 13:18:03 +0900

Hi,

lang/ruby/rubyversion.mk is also updated to get new RUBY??_VERSIONs.
Could you commit your lang/ruby/rubyversion.mk too?

Thank you.

"Takahiro Kambe" <taca%netbsd.org@localhost> writes:

> Module Name:  pkgsrc
> Committed By: taca
> Date:         Sun Oct  4 03:45:26 UTC 2020
>
> Modified Files:
>       pkgsrc/lang/ruby25-base: Makefile distinfo
> Added Files:
>       pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
>
> Log Message:
> lang/ruby25-base: Add fix for CVE-2020-25613
>
> Add fix for CVE-2020-25613.
>
> Bump PKGREVISION.
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
> cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
> cvs rdiff -u -r0 -r1.1 \
>     pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
> Modified files:
>
> Index: pkgsrc/lang/ruby25-base/Makefile
> diff -u pkgsrc/lang/ruby25-base/Makefile:1.16 pkgsrc/lang/ruby25-base/Makefile:1.17
> --- pkgsrc/lang/ruby25-base/Makefile:1.16     Wed Apr  1 15:25:26 2020
> +++ pkgsrc/lang/ruby25-base/Makefile  Sun Oct  4 03:45:26 2020
> @@ -1,7 +1,8 @@
> -# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $
> +# $NetBSD: Makefile,v 1.17 2020/10/04 03:45:26 taca Exp $
>  
>  DISTNAME=    ${RUBY_DISTNAME}
>  PKGNAME=     ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
> +PKGREVISION= 1
>  CATEGORIES=  lang ruby
>  MASTER_SITES=        ${MASTER_SITE_RUBY}
>  
>
> Index: pkgsrc/lang/ruby25-base/distinfo
> diff -u pkgsrc/lang/ruby25-base/distinfo:1.13 pkgsrc/lang/ruby25-base/distinfo:1.14
> --- pkgsrc/lang/ruby25-base/distinfo:1.13     Wed Apr  1 15:25:26 2020
> +++ pkgsrc/lang/ruby25-base/distinfo  Sun Oct  4 03:45:26 2020
> @@ -1,4 +1,4 @@
> -$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $
> +$NetBSD: distinfo,v 1.14 2020/10/04 03:45:26 taca Exp $
>  
>  SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c
>  RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf
> @@ -17,4 +17,5 @@ SHA1 (patch-lib_rubygems_install__update
>  SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
>  SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
>  SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
> +SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea
>  SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
>
> Added files:
>
> Index: pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
> diff -u /dev/null pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb:1.1
> --- /dev/null Sun Oct  4 03:45:26 2020
> +++ pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb  Sun Oct  4 03:45:26 2020
> @@ -0,0 +1,27 @@
> +$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1 2020/10/04 03:45:26 taca Exp $
> +
> +Add fix for CVE-2020-25613.
> +
> +--- lib/webrick/httprequest.rb.orig  2020-03-31 12:15:56.000000000 +0000
> ++++ lib/webrick/httprequest.rb
> +@@ -226,9 +226,9 @@ module WEBrick
> +         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
> +       end
> + 
> +-      if /close/io =~ self["connection"]
> ++      if /\Aclose\z/io =~ self["connection"]
> +         @keep_alive = false
> +-      elsif /keep-alive/io =~ self["connection"]
> ++      elsif /\Akeep-alive\z/io =~ self["connection"]
> +         @keep_alive = true
> +       elsif @http_version < "1.1"
> +         @keep_alive = false
> +@@ -475,7 +475,7 @@ module WEBrick
> +       return unless socket
> +       if tc = self['transfer-encoding']
> +         case tc
> +-        when /chunked/io then read_chunked(socket, block)
> ++        when /\Achunked\z/io then read_chunked(socket, block)
> +         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
> +         end
> +       elsif self['content-length'] || @remaining_size
>

-- 
Ryo ONODERA // ryo%tetera.org@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Follow-Ups:
- Re: CVS commit: pkgsrc/lang/ruby25-base
  - From: Takahiro Kambe

References:
- CVS commit: pkgsrc/lang/ruby25-base
  - From: Takahiro Kambe

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/lang/ruby
Previous by Thread: CVS commit: pkgsrc/lang/ruby25-base
Next by Thread: Re: CVS commit: pkgsrc/lang/ruby25-base
Indexes:

Home | Main Index | Thread Index | Old Index