Sun Oct 4 03:45:26 2020 UTC ()
lang/ruby25-base: Add fix for CVE-2020-25613

Add fix for CVE-2020-25613.

Bump PKGREVISION.


(taca)
diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
diff -r0 -r1.1 pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
cvs diff -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Attic/Makefile (expand / switch to context diff)
--- pkgsrc/lang/ruby25-base/Attic/Makefile 2020/04/01 15:25:26 1.16
+++ pkgsrc/lang/ruby25-base/Attic/Makefile 2020/10/04 03:45:26 1.17
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2020/04/01 15:25:26 taca Exp $
+# $NetBSD: Makefile,v 1.17 2020/10/04 03:45:26 taca Exp $
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=	1
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
cvs diff -r1.13 -r1.14 pkgsrc/lang/ruby25-base/Attic/distinfo (expand / switch to context diff)
--- pkgsrc/lang/ruby25-base/Attic/distinfo 2020/04/01 15:25:26 1.13
+++ pkgsrc/lang/ruby25-base/Attic/distinfo 2020/10/04 03:45:26 1.14
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2020/04/01 15:25:26 taca Exp $
+$NetBSD: distinfo,v 1.14 2020/10/04 03:45:26 taca Exp $
 
 SHA1 (ruby-2.5.8.tar.xz) = d5ef8e8f28c098e6b7ea24924e0b0fee6e2f766c
 RMD160 (ruby-2.5.8.tar.xz) = 885ffaf5c394ff8779bbc4ee5e6cf0976aa3d6cf
@@ -17,4 +17,5 @@
 SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
 SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
 SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
+SHA1 (patch-lib_webrick_httprequest.rb) = 6e9eedbdceee3a1e6d8e5ec2f160ce8f705237ea
 SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
File Added: pkgsrc/lang/ruby25-base/patches/Attic/patch-lib_webrick_httprequest.rb
$NetBSD: patch-lib_webrick_httprequest.rb,v 1.1 2020/10/04 03:45:26 taca Exp $

Add fix for CVE-2020-25613.

--- lib/webrick/httprequest.rb.orig	2020-03-31 12:15:56.000000000 +0000
+++ lib/webrick/httprequest.rb
@@ -226,9 +226,9 @@ module WEBrick
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -475,7 +475,7 @@ module WEBrick
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size