Sun Oct 4 03:45:26 2020 UTC ()
lang/ruby25-base: Add fix for CVE-2020-25613

Add fix for CVE-2020-25613.

Bump PKGREVISION.


(taca)
diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
diff -r0 -r1.1 pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
cvs diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Attic/Makefile (switch to unified diff)

--- pkgsrc/lang/ruby25-base/Attic/Makefile 2020/04/01 15:25:26 1.16
+++ pkgsrc/lang/ruby25-base/Attic/Makefile 2020/10/04 03:45:26 1.17
@@ -1,113 +1,114 @@ @@ -1,113 +1,114 @@
1# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $ 1# $NetBSD: Makefile,v 1.17 2020/10/04 03:45:26 taca Exp $
2 2
3DISTNAME= ${RUBY_DISTNAME} 3DISTNAME= ${RUBY_DISTNAME}
4PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} 4PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
 5PKGREVISION= 1
5CATEGORIES= lang ruby 6CATEGORIES= lang ruby
6MASTER_SITES= ${MASTER_SITE_RUBY} 7MASTER_SITES= ${MASTER_SITE_RUBY}
7 8
8MAINTAINER= taca@NetBSD.org 9MAINTAINER= taca@NetBSD.org
9HOMEPAGE= ${RUBY_HOMEPAGE} 10HOMEPAGE= ${RUBY_HOMEPAGE}
10COMMENT= Ruby ${RUBY_VERSION} release minimum base package 11COMMENT= Ruby ${RUBY_VERSION} release minimum base package
11 12
12RUBY_VERSIONS_ACCEPTED= 25 13RUBY_VERSIONS_ACCEPTED= 25
13 14
14USE_GCC_RUNTIME= yes 15USE_GCC_RUNTIME= yes
15USE_TOOLS+= pax yacc pkg-config 16USE_TOOLS+= pax yacc pkg-config
16GNU_CONFIGURE= yes 17GNU_CONFIGURE= yes
17TEST_TARGET= test 18TEST_TARGET= test
18CONFIGURE_ARGS+= --enable-shared --enable-install-static-library 19CONFIGURE_ARGS+= --enable-shared --enable-install-static-library
19WRKSRC= ${RUBY_WRKSRC} 20WRKSRC= ${RUBY_WRKSRC}
20 21
21.include "options.mk" 22.include "options.mk"
22.include "../../lang/ruby/platform.mk" 23.include "../../lang/ruby/platform.mk"
23 24
24.if !empty(RUBY_SUFFIX) 25.if !empty(RUBY_SUFFIX)
25CONFIGURE_ARGS+= --program-suffix=${RUBY_SUFFIX} 26CONFIGURE_ARGS+= --program-suffix=${RUBY_SUFFIX}
26CONFIGURE_ARGS+= --with-soname=${RUBY_NAME} 27CONFIGURE_ARGS+= --with-soname=${RUBY_NAME}
27CONFIGURE_ARGS+= --with-ruby-version=${RUBY_VER_DIR} 28CONFIGURE_ARGS+= --with-ruby-version=${RUBY_VER_DIR}
28CONFIGURE_ARGS+= --with-ruby-pc="ruby-${RUBY_VERSION}.pc" 29CONFIGURE_ARGS+= --with-ruby-pc="ruby-${RUBY_VERSION}.pc"
29.endif 30.endif
30 31
31CONFIGURE_ENV.Darwin+= ac_cv_prog_dsymutil= 32CONFIGURE_ENV.Darwin+= ac_cv_prog_dsymutil=
32 33
33DOCS= BSDL COPYING COPYING.ja ChangeLog LEGAL NEWS README.EXT README.EXT.ja \ 34DOCS= BSDL COPYING COPYING.ja ChangeLog LEGAL NEWS README.EXT README.EXT.ja \
34 README.ja.md README.md doc/ChangeLog-1.8.0 doc/ChangeLog-1.9.3 \ 35 README.ja.md README.md doc/ChangeLog-1.8.0 doc/ChangeLog-1.9.3 \
35 doc/ChangeLog-2.0.0 doc/ChangeLog-2.1.0 doc/ChangeLog-2.2.0 \ 36 doc/ChangeLog-2.0.0 doc/ChangeLog-2.1.0 doc/ChangeLog-2.2.0 \
36 doc/ChangeLog-2.3.0 doc/ChangeLog-2.4.0 doc/ChangeLog-2016 \ 37 doc/ChangeLog-2.3.0 doc/ChangeLog-2.4.0 doc/ChangeLog-2016 \
37 doc/ChangeLog-YARV doc/NEWS-1.8.7 doc/NEWS-1.9.1 doc/NEWS-1.9.2 \ 38 doc/ChangeLog-YARV doc/NEWS-1.8.7 doc/NEWS-1.9.1 doc/NEWS-1.9.2 \
38 doc/NEWS-1.9.3 doc/NEWS-2.0.0 doc/NEWS-2.1.0 doc/NEWS-2.2.0 \ 39 doc/NEWS-1.9.3 doc/NEWS-2.0.0 doc/NEWS-2.1.0 doc/NEWS-2.2.0 \
39 doc/NEWS-2.3.0 doc/NEWS-2.4.0 \ 40 doc/NEWS-2.3.0 doc/NEWS-2.4.0 \
40 doc/contributing.rdoc doc/contributors.rdoc doc/dtrace_probes.rdoc \ 41 doc/contributing.rdoc doc/contributors.rdoc doc/dtrace_probes.rdoc \
41 doc/etc.rd.ja doc/forwardable.rd.ja doc/globals.rdoc \ 42 doc/etc.rd.ja doc/forwardable.rd.ja doc/globals.rdoc \
42 doc/images/boottime-classes.png doc/irb/irb-tools.rd.ja \ 43 doc/images/boottime-classes.png doc/irb/irb-tools.rd.ja \
43 doc/irb/irb.rd.ja doc/keywords.rdoc doc/maintainers.rdoc \ 44 doc/irb/irb.rd.ja doc/keywords.rdoc doc/maintainers.rdoc \
44 doc/marshal.rdoc doc/pty/README.expect.ja doc/pty/README.ja \ 45 doc/marshal.rdoc doc/pty/README.expect.ja doc/pty/README.ja \
45 doc/regexp.rdoc doc/security.rdoc doc/shell.rd.ja \ 46 doc/regexp.rdoc doc/security.rdoc doc/shell.rd.ja \
46 doc/standard_library.rdoc doc/syntax/assignment.rdoc \ 47 doc/standard_library.rdoc doc/syntax/assignment.rdoc \
47 doc/syntax/calling_methods.rdoc doc/syntax/control_expressions.rdoc \ 48 doc/syntax/calling_methods.rdoc doc/syntax/control_expressions.rdoc \
48 doc/syntax/exceptions.rdoc doc/syntax/literals.rdoc \ 49 doc/syntax/exceptions.rdoc doc/syntax/literals.rdoc \
49 doc/syntax/methods.rdoc doc/syntax/miscellaneous.rdoc \ 50 doc/syntax/methods.rdoc doc/syntax/miscellaneous.rdoc \
50 doc/syntax/modules_and_classes.rdoc doc/syntax/precedence.rdoc \ 51 doc/syntax/modules_and_classes.rdoc doc/syntax/precedence.rdoc \
51 doc/syntax/refinements.rdoc doc/syntax.rdoc 52 doc/syntax/refinements.rdoc doc/syntax.rdoc
52EXT_DOCS= syslog/syslog.txt 53EXT_DOCS= syslog/syslog.txt
53 54
54BIGDECIMAL_EXAMPLES= linear.rb nlsolve.rb pi.rb 55BIGDECIMAL_EXAMPLES= linear.rb nlsolve.rb pi.rb
55OPENSSL_EXAMPLES= c_rehash.rb cert2text.rb certstore.rb cipher.rb \ 56OPENSSL_EXAMPLES= c_rehash.rb cert2text.rb certstore.rb cipher.rb \
56 crlstore.rb echo_cli.rb echo_svr.rb gen_csr.rb \ 57 crlstore.rb echo_cli.rb echo_svr.rb gen_csr.rb \
57 smime_read.rb smime_write.rb wget.rb 58 smime_read.rb smime_write.rb wget.rb
58REPLACE_RUBY= bin/erb bin/gem bin/irb bin/rdoc bin/ri \ 59REPLACE_RUBY= bin/erb bin/gem bin/irb bin/rdoc bin/ri \
59 gems/rake-${RUBY_RAKE_VERSION}/exe/rake \ 60 gems/rake-${RUBY_RAKE_VERSION}/exe/rake \
60 gems/net-telnet-${RUBY_NET_TELNET_VERSION}/bin/console \ 61 gems/net-telnet-${RUBY_NET_TELNET_VERSION}/bin/console \
61 gems/net-telnet-${RUBY_NET_TELNET_VERSION}/bin/setup 62 gems/net-telnet-${RUBY_NET_TELNET_VERSION}/bin/setup
62REPLACE_RUBY_DIRS= ext lib sample 63REPLACE_RUBY_DIRS= ext lib sample
63INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${RUBY_DOC}/images \ 64INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${RUBY_DOC}/images \
64 ${RUBY_DOC}/irb ${RUBY_DOC}/pty ${RUBY_DOC}/ripper \ 65 ${RUBY_DOC}/irb ${RUBY_DOC}/pty ${RUBY_DOC}/ripper \
65 ${RUBY_DOC}/stringio ${RUBY_DOC}/syntax \ 66 ${RUBY_DOC}/stringio ${RUBY_DOC}/syntax \
66 ${RUBY_EG}/bigdecimal ${RUBY_EG}/pty 67 ${RUBY_EG}/bigdecimal ${RUBY_EG}/pty
67# ${RUBY_ARCHINC} ${RUBY_ARCHLIB} 68# ${RUBY_ARCHINC} ${RUBY_ARCHLIB}
68EMPTY_DIRS= generator/template markup/simple_markup 69EMPTY_DIRS= generator/template markup/simple_markup
69 70
70NOT_PAX_MPROTECT_SAFE+= bin/${RUBY_NAME} 71NOT_PAX_MPROTECT_SAFE+= bin/${RUBY_NAME}
71 72
72pre-configure: 73pre-configure:
73 ${RM} -f ${WRKSRC}/ext/gdbm/extconf.rb 74 ${RM} -f ${WRKSRC}/ext/gdbm/extconf.rb
74 ${RM} -f ${WRKSRC}/ext/fiddle/extconf.rb 75 ${RM} -f ${WRKSRC}/ext/fiddle/extconf.rb
75 ${RM} -f ${WRKSRC}/ext/readline/extconf.rb 76 ${RM} -f ${WRKSRC}/ext/readline/extconf.rb
76 ${TOUCH} ${WRKSRC}/prelude.c 77 ${TOUCH} ${WRKSRC}/prelude.c
77 78
78pre-install: 79pre-install:
79 cd ${WRKSRC}/lib; \ 80 cd ${WRKSRC}/lib; \
80 ${FIND} . \( -name '*.orig' -o -name '*.orig_dist' \) \ 81 ${FIND} . \( -name '*.orig' -o -name '*.orig_dist' \) \
81 -exec ${RM} -f {} \; 82 -exec ${RM} -f {} \;
82.for f in ${EMPTY_DIRS} 83.for f in ${EMPTY_DIRS}
83 ${RMDIR} ${WRKSRC}/lib/rdoc/${f} 2>/dev/null || ${TRUE} 84 ${RMDIR} ${WRKSRC}/lib/rdoc/${f} 2>/dev/null || ${TRUE}
84.endfor 85.endfor
85 86
86post-install: 87post-install:
87.for f in ${DOCS} 88.for f in ${DOCS}
88 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${RUBY_DOC}/${f:C/^doc\///} 89 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${RUBY_DOC}/${f:C/^doc\///}
89.endfor 90.endfor
90.for f in ${EXT_DOCS} 91.for f in ${EXT_DOCS}
91 ${INSTALL_DATA} ${WRKSRC}/ext/${f} ${DESTDIR}${PREFIX}/${RUBY_DOC} 92 ${INSTALL_DATA} ${WRKSRC}/ext/${f} ${DESTDIR}${PREFIX}/${RUBY_DOC}
92.endfor 93.endfor
93 cd ${WRKSRC}/ext/ripper; ${PAX} -rw README ${DESTDIR}${PREFIX}/${RUBY_DOC}/ripper 94 cd ${WRKSRC}/ext/ripper; ${PAX} -rw README ${DESTDIR}${PREFIX}/${RUBY_DOC}/ripper
94 cd ${WRKSRC}/ext/stringio; ${PAX} -rw README.md ${DESTDIR}${PREFIX}/${RUBY_DOC}/stringio 95 cd ${WRKSRC}/ext/stringio; ${PAX} -rw README.md ${DESTDIR}${PREFIX}/${RUBY_DOC}/stringio
95 cd ${WRKSRC}/sample; ${PAX} -rw . ${DESTDIR}${PREFIX}/${RUBY_EG} 96 cd ${WRKSRC}/sample; ${PAX} -rw . ${DESTDIR}${PREFIX}/${RUBY_EG}
96.for f in ${BIGDECIMAL_EXAMPLES} 97.for f in ${BIGDECIMAL_EXAMPLES}
97 ${INSTALL_DATA} ${RUBY_WRKSRC}/ext/bigdecimal/sample/${f} \ 98 ${INSTALL_DATA} ${RUBY_WRKSRC}/ext/bigdecimal/sample/${f} \
98 ${DESTDIR}${PREFIX}/${RUBY_EG}/bigdecimal 99 ${DESTDIR}${PREFIX}/${RUBY_EG}/bigdecimal
99.endfor 100.endfor
100.for f in ${OPENSSL_EXAMPLES} 101.for f in ${OPENSSL_EXAMPLES}
101 ${INSTALL_DATA} ${RUBY_WRKSRC}/sample/openssl/${f} \ 102 ${INSTALL_DATA} ${RUBY_WRKSRC}/sample/openssl/${f} \
102 ${DESTDIR}${PREFIX}/${RUBY_EG}/openssl 103 ${DESTDIR}${PREFIX}/${RUBY_EG}/openssl
103.endfor 104.endfor
104 ${CHMOD} -R g-w ${DESTDIR}${PREFIX}/${GEM_HOME}/gems 105 ${CHMOD} -R g-w ${DESTDIR}${PREFIX}/${GEM_HOME}/gems
105 ${RUBY_GENERATE_PLIST} 106 ${RUBY_GENERATE_PLIST}
106 107
107.include "../../mk/bdb.buildlink3.mk" 108.include "../../mk/bdb.buildlink3.mk"
108.include "../../converters/libiconv/buildlink3.mk" 109.include "../../converters/libiconv/buildlink3.mk"
109.include "../../devel/zlib/buildlink3.mk" 110.include "../../devel/zlib/buildlink3.mk"
110.include "../../security/openssl/buildlink3.mk" 111.include "../../security/openssl/buildlink3.mk"
111.include "../../textproc/libyaml/buildlink3.mk" 112.include "../../textproc/libyaml/buildlink3.mk"
112.include "../../lang/ruby/Makefile.common" 113.include "../../lang/ruby/Makefile.common"
113.include "../../mk/bsd.pkg.mk" 114.include "../../mk/bsd.pkg.mk"
cvs diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/Attic/distinfo (switch to unified diff)

--- pkgsrc/lang/ruby25-base/Attic/distinfo 2020/04/01 15:25:26 1.13
+++ pkgsrc/lang/ruby25-base/Attic/distinfo 2020/10/04 03:45:26 1.14
@@ -1,20 +1,21 @@ @@ -1,20 +1,21 @@
1$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $ 1$NetBSD: distinfo,v 1.14 2020/10/04 03:45:26 taca Exp $
2 2
3SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c 3SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c
4RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf 4RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf
5SHA512 (ruby-2.5.8.tar.xz) = 2886be764a454425c5beef2777c64a70ee0d048b07896b327633d904f5077fea4299526689f9e2ac4dcd2fc4811cf9a6c8ce75367ed35d29dfe1a54222872e0d 5SHA512 (ruby-2.5.8.tar.xz) = 2886be764a454425c5beef2777c64a70ee0d048b07896b327633d904f5077fea4299526689f9e2ac4dcd2fc4811cf9a6c8ce75367ed35d29dfe1a54222872e0d
6Size (ruby-2.5.8.tar.xz) = 11298404 bytes 6Size (ruby-2.5.8.tar.xz) = 11298404 bytes
7SHA1 (patch-configure) = 965f31ec3ae2fb91479f02cb3b19ea7518685718 7SHA1 (patch-configure) = 965f31ec3ae2fb91479f02cb3b19ea7518685718
8SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b 8SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
9SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e 9SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e
10SHA1 (patch-lib_rdoc_ri_driver.rb) = f4d3e59e35b608acd4edc17916142c7f033e6198 10SHA1 (patch-lib_rdoc_ri_driver.rb) = f4d3e59e35b608acd4edc17916142c7f033e6198
11SHA1 (patch-lib_rubygems.rb) = 1a5aa56308cff986ab8e65f523f8d19649ddf24c 11SHA1 (patch-lib_rubygems.rb) = 1a5aa56308cff986ab8e65f523f8d19649ddf24c
12SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 3d3495f616f11d009d6d36bb40e472bb010bce06 12SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 3d3495f616f11d009d6d36bb40e472bb010bce06
13SHA1 (patch-lib_rubygems_config__file.rb) = 6da2775ee1ba96a1e5a77878f0e7825c072a1121 13SHA1 (patch-lib_rubygems_config__file.rb) = 6da2775ee1ba96a1e5a77878f0e7825c072a1121
14SHA1 (patch-lib_rubygems_defaults.rb) = dfe70f128bd824509b37174deccd8908e3a0d6ee 14SHA1 (patch-lib_rubygems_defaults.rb) = dfe70f128bd824509b37174deccd8908e3a0d6ee
15SHA1 (patch-lib_rubygems_dependency__installer.rb) = 1776508907f17547ffe93f637d6f18d335061d76 15SHA1 (patch-lib_rubygems_dependency__installer.rb) = 1776508907f17547ffe93f637d6f18d335061d76
16SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3 16SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3
17SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec 17SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
18SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d 18SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
19SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4 19SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
 20SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea
20SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5 21SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
File Added: pkgsrc/lang/ruby25-base/patches/Attic/patch-lib_webrick_httprequest.rb
$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1 2020/10/04 03:45:26 taca Exp $

Add fix for CVE-2020-25613.

--- lib/webrick/httprequest.rb.orig	2020-03-31 12:15:56.000000000 +0000
+++ lib/webrick/httprequest.rb
@@ -226,9 +226,9 @@ module WEBrick
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -475,7 +475,7 @@ module WEBrick
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size