[arch-commits] Commit in ruby/trunk (PKGBUILD webrick.patch)
Date: Friday, October 2, 2020 @ 15:11:00 Author: anatolik Revision: 397077 upgpkg: ruby 2.7.2-1 Modified: ruby/trunk/PKGBUILD Deleted: ruby/trunk/webrick.patch ---+ PKGBUILD | 12 webrick.patch | 40 2 files changed, 4 insertions(+), 48 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-10-02 14:34:18 UTC (rev 397076) +++ PKGBUILD2020-10-02 15:11:00 UTC (rev 397077) @@ -4,8 +4,8 @@ # Contributor: Jeramy Rutley pkgname=(ruby ruby-docs) -pkgver=2.7.1 -pkgrel=4 +pkgver=2.7.2 +pkgrel=1 arch=(x86_64) url='https://www.ruby-lang.org/en/' license=(BSD custom) @@ -12,17 +12,13 @@ depends=(libxcrypt) makedepends=(gdbm openssl libffi doxygen graphviz libyaml ttf-dejavu tk) options=(!emptydirs) -source=(https://cache.ruby-lang.org/pub/ruby/${pkgver:0:3}/ruby-${pkgver}.tar.xz -webrick.patch) # simplified upstream patch https://github.com/ruby/ruby/commit/828c34e58b63d64558ec0f2d1d7ae401c5e6b21f -sha512sums=('79f98b1ea98e0b10ec79da1883e8fc84d48ffe5c09ae945cbebde94365e35a589d919aac965f74d70ca7e21370ecee631ac5a8f9c4eac61d62f5aa629f27bf31' - '60688c02bdbed087dc41613e335abd5602964f13e0cdf900ed2f7a830eb4d10a93396e8ef6e87a5c17aa6c50f63098199aa729302c8e6cf44505eecec2aed9e2') +source=(https://cache.ruby-lang.org/pub/ruby/${pkgver:0:3}/ruby-${pkgver}.tar.xz) +sha512sums=('7972278b096aa768c7adf2befd26003e18781a29ca317640317d30d93d6e963ded197724c8e2f1dfe1e838c5647176d414a74732a62e931fb50d6f2e0f777349') prepare() { cd ruby-${pkgver} # remove bundled gems, we are going to ship them as separate packages rm -rf gems/ - - patch -p1 < ../webrick.patch # FS#68051 CVE-2020-25613 } build() { Deleted: webrick.patch === --- webrick.patch 2020-10-02 14:34:18 UTC (rev 397076) +++ webrick.patch 2020-10-02 15:11:00 UTC (rev 397077) @@ -1,40 +0,0 @@ -From 828c34e58b63d64558ec0f2d1d7ae401c5e6b21f Mon Sep 17 00:00:00 2001 -From: nagachika -Date: Tue, 29 Sep 2020 22:46:14 +0900 -Subject: [PATCH] merge revision(s) d23d2f3f6fbb5d787b0dd80675c489a692be23e2: - - [ruby/webrick] Make it more strict to interpret some headers - - Some regexps were too tolerant. - - https://github.com/ruby/webrick/commit/8946bb38b4 - lib/webrick/httprequest.rb | 6 +++--- - version.h | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb -index 87dc879175c0..6af0cee97dbf 100644 a/lib/webrick/httprequest.rb -+++ b/lib/webrick/httprequest.rb -@@ -226,9 +226,9 @@ def parse(socket=nil) - raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." - end - -- if /close/io =~ self["connection"] -+ if /\Aclose\z/io =~ self["connection"] - @keep_alive = false -- elsif /keep-alive/io =~ self["connection"] -+ elsif /\Akeep-alive\z/io =~ self["connection"] - @keep_alive = true - elsif @http_version < "1.1" - @keep_alive = false -@@ -503,7 +503,7 @@ def read_body(socket, block) - return unless socket - if tc = self['transfer-encoding'] - case tc --when /chunked/io then read_chunked(socket, block) -+when /\Achunked\z/io then read_chunked(socket, block) - else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." - end - elsif self['content-length'] || @remaining_size
[arch-commits] Commit in ruby/trunk (PKGBUILD webrick.patch)
Date: Wednesday, September 30, 2020 @ 22:12:49 Author: anatolik Revision: 397016 FS#68051: Patch for CVE-2020-25613 Added: ruby/trunk/webrick.patch Modified: ruby/trunk/PKGBUILD ---+ PKGBUILD | 10 +++--- webrick.patch | 40 2 files changed, 47 insertions(+), 3 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-09-30 20:59:15 UTC (rev 397015) +++ PKGBUILD2020-09-30 22:12:49 UTC (rev 397016) @@ -5,7 +5,7 @@ pkgname=(ruby ruby-docs) pkgver=2.7.1 -pkgrel=3 +pkgrel=4 arch=(x86_64) url='https://www.ruby-lang.org/en/' license=(BSD custom) @@ -12,13 +12,17 @@ depends=(libxcrypt) makedepends=(gdbm openssl libffi doxygen graphviz libyaml ttf-dejavu tk) options=(!emptydirs) -source=(https://cache.ruby-lang.org/pub/ruby/${pkgver:0:3}/ruby-${pkgver}.tar.xz) -sha512sums=('79f98b1ea98e0b10ec79da1883e8fc84d48ffe5c09ae945cbebde94365e35a589d919aac965f74d70ca7e21370ecee631ac5a8f9c4eac61d62f5aa629f27bf31') +source=(https://cache.ruby-lang.org/pub/ruby/${pkgver:0:3}/ruby-${pkgver}.tar.xz +webrick.patch) # simplified upstream patch https://github.com/ruby/ruby/commit/828c34e58b63d64558ec0f2d1d7ae401c5e6b21f +sha512sums=('79f98b1ea98e0b10ec79da1883e8fc84d48ffe5c09ae945cbebde94365e35a589d919aac965f74d70ca7e21370ecee631ac5a8f9c4eac61d62f5aa629f27bf31' + '60688c02bdbed087dc41613e335abd5602964f13e0cdf900ed2f7a830eb4d10a93396e8ef6e87a5c17aa6c50f63098199aa729302c8e6cf44505eecec2aed9e2') prepare() { cd ruby-${pkgver} # remove bundled gems, we are going to ship them as separate packages rm -rf gems/ + + patch -p1 < ../webrick.patch # FS#68051 CVE-2020-25613 } build() { Added: webrick.patch === --- webrick.patch (rev 0) +++ webrick.patch 2020-09-30 22:12:49 UTC (rev 397016) @@ -0,0 +1,40 @@ +From 828c34e58b63d64558ec0f2d1d7ae401c5e6b21f Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Tue, 29 Sep 2020 22:46:14 +0900 +Subject: [PATCH] merge revision(s) d23d2f3f6fbb5d787b0dd80675c489a692be23e2: + + [ruby/webrick] Make it more strict to interpret some headers + + Some regexps were too tolerant. + + https://github.com/ruby/webrick/commit/8946bb38b4 +--- + lib/webrick/httprequest.rb | 6 +++--- + version.h | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb +index 87dc879175c0..6af0cee97dbf 100644 +--- a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb +@@ -226,9 +226,9 @@ def parse(socket=nil) + raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." + end + +- if /close/io =~ self["connection"] ++ if /\Aclose\z/io =~ self["connection"] + @keep_alive = false +- elsif /keep-alive/io =~ self["connection"] ++ elsif /\Akeep-alive\z/io =~ self["connection"] + @keep_alive = true + elsif @http_version < "1.1" + @keep_alive = false +@@ -503,7 +503,7 @@ def read_body(socket, block) + return unless socket + if tc = self['transfer-encoding'] + case tc +-when /chunked/io then read_chunked(socket, block) ++when /\Achunked\z/io then read_chunked(socket, block) + else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." + end + elsif self['content-length'] || @remaining_size