Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id A23271A9217 for ; Sun, 4 Oct 2020 03:41:14 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 1606584DB2; Sun, 4 Oct 2020 03:41:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 90AC984D9C for ; Sun, 4 Oct 2020 03:41:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id hQx6H_jgcCbr for ; Sun, 4 Oct 2020 03:41:13 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 0839484D8C for ; Sun, 4 Oct 2020 03:41:13 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 014DDFB28; Sun, 4 Oct 2020 03:41:12 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_160178287215850" MIME-Version: 1.0 Date: Sun, 4 Oct 2020 03:41:12 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/lang/ruby26-base To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20201004034113.014DDFB28@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_160178287215850 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sun Oct 4 03:41:12 UTC 2020 Modified Files: pkgsrc/lang/ruby26-base: Makefile distinfo Added Files: pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb Log Message: lang/ruby26-base: Add fix for CVE-2020-25613 Add fix for CVE-2020-25613. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_160178287215850 Content-Disposition: inline Content-Length: 3026 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/ruby26-base/Makefile diff -u pkgsrc/lang/ruby26-base/Makefile:1.10 pkgsrc/lang/ruby26-base/Makefile:1.11 --- pkgsrc/lang/ruby26-base/Makefile:1.10 Wed Apr 1 15:21:57 2020 +++ pkgsrc/lang/ruby26-base/Makefile Sun Oct 4 03:41:12 2020 @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.10 2020/04/01 15:21:57 taca Exp $ +# $NetBSD: Makefile,v 1.11 2020/10/04 03:41:12 taca Exp $ DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} +PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} Index: pkgsrc/lang/ruby26-base/distinfo diff -u pkgsrc/lang/ruby26-base/distinfo:1.8 pkgsrc/lang/ruby26-base/distinfo:1.9 --- pkgsrc/lang/ruby26-base/distinfo:1.8 Wed Apr 1 15:21:57 2020 +++ pkgsrc/lang/ruby26-base/distinfo Sun Oct 4 03:41:12 2020 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2020/04/01 15:21:57 taca Exp $ +$NetBSD: distinfo,v 1.9 2020/10/04 03:41:12 taca Exp $ SHA1 (ruby-2.6.6.tar.xz) = 4dc8d4f7abc1d498b7bac68e82efc01a849f300f RMD160 (ruby-2.6.6.tar.xz) = 3091dc207ad5089305c105582e39f73ca9dfeb2b @@ -17,5 +17,6 @@ SHA1 (patch-lib_rubygems_dependency__ins SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3 SHA1 (patch-lib_rubygems_installer.rb) = bce2fe5bcc88ba15352c1e3017bdf97e19d0cbfa SHA1 (patch-lib_rubygems_platform.rb) = 8608f9e29728101789a990d73b4a6780054dd278 +SHA1 (patch-lib_webrick_httprequest.rb) = 71d2d01e27d23aa5f0b7bc77f2cda1fd85aeeab4 SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5 SHA1 (patch-thread__pthread.c) = ce3dfbc7e953cdd04522bcc8e443b60e541845ce Added files: Index: pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb diff -u /dev/null pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb:1.1 --- /dev/null Sun Oct 4 03:41:12 2020 +++ pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb Sun Oct 4 03:41:12 2020 @@ -0,0 +1,27 @@ +$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1 2020/10/04 03:41:12 taca Exp $ + +Add fix for CVE-2020-25613. + +--- lib/webrick/httprequest.rb.orig 2020-03-31 11:23:13.000000000 +0000 ++++ lib/webrick/httprequest.rb +@@ -226,9 +226,9 @@ module WEBrick + raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." + end + +- if /close/io =~ self["connection"] ++ if /\Aclose\z/io =~ self["connection"] + @keep_alive = false +- elsif /keep-alive/io =~ self["connection"] ++ elsif /\Akeep-alive\z/io =~ self["connection"] + @keep_alive = true + elsif @http_version < "1.1" + @keep_alive = false +@@ -503,7 +503,7 @@ module WEBrick + return unless socket + if tc = self['transfer-encoding'] + case tc +- when /chunked/io then read_chunked(socket, block) ++ when /\Achunked\z/io then read_chunked(socket, block) + else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." + end + elsif self['content-length'] || @remaining_size --_----------=_160178287215850--