Sun Oct 4 03:45:26 2020 UTC ()
lang/ruby25-base: Add fix for CVE-2020-25613

Add fix for CVE-2020-25613.

Bump PKGREVISION.


(taca)
diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
diff -r0 -r1.1 pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
cvs diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/ruby25-base/Attic/Makefile 2020/04/01 15:25:26 1.16
+++ pkgsrc/lang/ruby25-base/Attic/Makefile 2020/10/04 03:45:26 1.17
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $ 1# $NetBSD: Makefile,v 1.17 2020/10/04 03:45:26 taca Exp $
2 2
3DISTNAME= ${RUBY_DISTNAME} 3DISTNAME= ${RUBY_DISTNAME}
4PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} 4PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
 5PKGREVISION= 1
5CATEGORIES= lang ruby 6CATEGORIES= lang ruby
6MASTER_SITES= ${MASTER_SITE_RUBY} 7MASTER_SITES= ${MASTER_SITE_RUBY}
7 8
8MAINTAINER= taca@NetBSD.org 9MAINTAINER= taca@NetBSD.org
9HOMEPAGE= ${RUBY_HOMEPAGE} 10HOMEPAGE= ${RUBY_HOMEPAGE}
10COMMENT= Ruby ${RUBY_VERSION} release minimum base package 11COMMENT= Ruby ${RUBY_VERSION} release minimum base package
11 12
12RUBY_VERSIONS_ACCEPTED= 25 13RUBY_VERSIONS_ACCEPTED= 25
13 14
14USE_GCC_RUNTIME= yes 15USE_GCC_RUNTIME= yes
15USE_TOOLS+= pax yacc pkg-config 16USE_TOOLS+= pax yacc pkg-config
16GNU_CONFIGURE= yes 17GNU_CONFIGURE= yes
17TEST_TARGET= test 18TEST_TARGET= test
cvs diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/ruby25-base/Attic/distinfo 2020/04/01 15:25:26 1.13
+++ pkgsrc/lang/ruby25-base/Attic/distinfo 2020/10/04 03:45:26 1.14
@@ -1,20 +1,21 @@ @@ -1,20 +1,21 @@
1$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $ 1$NetBSD: distinfo,v 1.14 2020/10/04 03:45:26 taca Exp $
2 2
3SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c 3SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c
4RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf 4RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf
5SHA512 (ruby-2.5.8.tar.xz) = 2886be764a454425c5beef2777c64a70ee0d048b07896b327633d904f5077fea4299526689f9e2ac4dcd2fc4811cf9a6c8ce75367ed35d29dfe1a54222872e0d 5SHA512 (ruby-2.5.8.tar.xz) = 2886be764a454425c5beef2777c64a70ee0d048b07896b327633d904f5077fea4299526689f9e2ac4dcd2fc4811cf9a6c8ce75367ed35d29dfe1a54222872e0d
6Size (ruby-2.5.8.tar.xz) = 11298404 bytes 6Size (ruby-2.5.8.tar.xz) = 11298404 bytes
7SHA1 (patch-configure) = 965f31ec3ae2fb91479f02cb3b19ea7518685718 7SHA1 (patch-configure) = 965f31ec3ae2fb91479f02cb3b19ea7518685718
8SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b 8SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
9SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e 9SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e
10SHA1 (patch-lib_rdoc_ri_driver.rb) = f4d3e59e35b608acd4edc17916142c7f033e6198 10SHA1 (patch-lib_rdoc_ri_driver.rb) = f4d3e59e35b608acd4edc17916142c7f033e6198
11SHA1 (patch-lib_rubygems.rb) = 1a5aa56308cff986ab8e65f523f8d19649ddf24c 11SHA1 (patch-lib_rubygems.rb) = 1a5aa56308cff986ab8e65f523f8d19649ddf24c
12SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 3d3495f616f11d009d6d36bb40e472bb010bce06 12SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 3d3495f616f11d009d6d36bb40e472bb010bce06
13SHA1 (patch-lib_rubygems_config__file.rb) = 6da2775ee1ba96a1e5a77878f0e7825c072a1121 13SHA1 (patch-lib_rubygems_config__file.rb) = 6da2775ee1ba96a1e5a77878f0e7825c072a1121
14SHA1 (patch-lib_rubygems_defaults.rb) = dfe70f128bd824509b37174deccd8908e3a0d6ee 14SHA1 (patch-lib_rubygems_defaults.rb) = dfe70f128bd824509b37174deccd8908e3a0d6ee
15SHA1 (patch-lib_rubygems_dependency__installer.rb) = 1776508907f17547ffe93f637d6f18d335061d76 15SHA1 (patch-lib_rubygems_dependency__installer.rb) = 1776508907f17547ffe93f637d6f18d335061d76
16SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3 16SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3
17SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec 17SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
18SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d 18SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
19SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4 19SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
 20SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea
20SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5 21SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
File Added: pkgsrc/lang/ruby25-base/patches/Attic/patch-lib_webrick_httprequest.rb
$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1 2020/10/04 03:45:26 taca Exp $

Add fix for CVE-2020-25613.

--- lib/webrick/httprequest.rb.orig	2020-03-31 12:15:56.000000000 +0000
+++ lib/webrick/httprequest.rb
@@ -226,9 +226,9 @@ module WEBrick
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -475,7 +475,7 @@ module WEBrick
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size