CVS commit: [pkgsrc-2020Q3] pkgsrc/lang/ruby26-base

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2020Q3] pkgsrc/lang/ruby26-base
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Wed, 21 Oct 2020 19:58:57 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Wed Oct 21 19:58:57 UTC 2020

Modified Files:
        pkgsrc/lang/ruby26-base [pkgsrc-2020Q3]: Makefile distinfo
Added Files:
        pkgsrc/lang/ruby26-base/patches [pkgsrc-2020Q3]:
            patch-lib_webrick_httprequest.rb

Log Message:
Pullup ticket #6337 - requested by taca
lang/ruby26-base: security patch

Revisions pulled up:
- lang/ruby26-base/Makefile                                     1.11
- lang/ruby26-base/distinfo                                     1.9
- lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb     1.1

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Oct  4 03:41:12 UTC 2020

   Modified Files:
        pkgsrc/lang/ruby26-base: Makefile distinfo
   Added Files:
        pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb

   Log Message:
   lang/ruby26-base: Add fix for CVE-2020-25613

   Add fix for CVE-2020-25613.

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.10.4.1 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.8 -r1.8.4.1 pkgsrc/lang/ruby26-base/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/ruby26-base/Makefile
diff -u pkgsrc/lang/ruby26-base/Makefile:1.10 pkgsrc/lang/ruby26-base/Makefile:1.10.4.1
--- pkgsrc/lang/ruby26-base/Makefile:1.10       Wed Apr  1 15:21:57 2020
+++ pkgsrc/lang/ruby26-base/Makefile    Wed Oct 21 19:58:57 2020
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2020/04/01 15:21:57 taca Exp $
+# $NetBSD: Makefile,v 1.10.4.1 2020/10/21 19:58:57 spz Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 

Index: pkgsrc/lang/ruby26-base/distinfo
diff -u pkgsrc/lang/ruby26-base/distinfo:1.8 pkgsrc/lang/ruby26-base/distinfo:1.8.4.1
--- pkgsrc/lang/ruby26-base/distinfo:1.8        Wed Apr  1 15:21:57 2020
+++ pkgsrc/lang/ruby26-base/distinfo    Wed Oct 21 19:58:57 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2020/04/01 15:21:57 taca Exp $
+$NetBSD: distinfo,v 1.8.4.1 2020/10/21 19:58:57 spz Exp $
 
 SHA1 (ruby-2.6.6.tar.xz) = 4dc8d4f7abc1d498b7bac68e82efc01a849f300f
 RMD160 (ruby-2.6.6.tar.xz) = 3091dc207ad5089305c105582e39f73ca9dfeb2b
@@ -17,5 +17,6 @@ SHA1 (patch-lib_rubygems_dependency__ins
 SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3
 SHA1 (patch-lib_rubygems_installer.rb) = bce2fe5bcc88ba15352c1e3017bdf97e19d0cbfa
 SHA1 (patch-lib_rubygems_platform.rb) = 8608f9e29728101789a990d73b4a6780054dd278
+SHA1 (patch-lib_webrick_httprequest.rb) = 71d2d01e27d23aa5f0b7bc77f2cda1fd85aeeab4
 SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
 SHA1 (patch-thread__pthread.c) = ce3dfbc7e953cdd04522bcc8e443b60e541845ce

Added files:

Index: pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb
diff -u /dev/null pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb:1.1.2.2
--- /dev/null   Wed Oct 21 19:58:57 2020
+++ pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb    Wed Oct 21 19:58:57 2020
@@ -0,0 +1,27 @@
+$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1.2.2 2020/10/21 19:58:57 spz Exp $
+
+Add fix for CVE-2020-25613.
+
+--- lib/webrick/httprequest.rb.orig    2020-03-31 11:23:13.000000000 +0000
++++ lib/webrick/httprequest.rb
+@@ -226,9 +226,9 @@ module WEBrick
+         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
+       end
+ 
+-      if /close/io =~ self["connection"]
++      if /\Aclose\z/io =~ self["connection"]
+         @keep_alive = false
+-      elsif /keep-alive/io =~ self["connection"]
++      elsif /\Akeep-alive\z/io =~ self["connection"]
+         @keep_alive = true
+       elsif @http_version < "1.1"
+         @keep_alive = false
+@@ -503,7 +503,7 @@ module WEBrick
+       return unless socket
+       if tc = self['transfer-encoding']
+         case tc
+-        when /chunked/io then read_chunked(socket, block)
++        when /\Achunked\z/io then read_chunked(socket, block)
+         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
+         end
+       elsif self['content-length'] || @remaining_size

Prev by Date: CVS commit: [pkgsrc-2020Q3] pkgsrc/lang
Next by Date: CVS commit: pkgsrc/net
Previous by Thread: CVS commit: [pkgsrc-2020Q3] pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/net
Indexes:

Home | Main Index | Thread Index | Old Index