diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2021-04-10 18:42:56 +0200 |
|---|---|---|
| committer | Rasmus Thomsen <oss@cogitri.dev> | 2021-04-15 07:50:13 +0000 |
| commit | 01eff515fd61d0e5ca50334d1e74c6d23dadddd1 (patch) | |
| tree | 5617c610d5aea569d7b36f6bffb284d336c127d2 | |
| parent | 1ea7b7b7864f666c68224cbfc9f18e135a92d176 (diff) | |
main/ruby: security upgrade to 2.5.9
| -rw-r--r-- | main/ruby/APKBUILD | 15 | ||||
| -rw-r--r-- | main/ruby/CVE-2020-25613.patch | 35 |
2 files changed, 8 insertions, 42 deletions
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD index 1364117efd6..8738c5fc059 100644 --- a/main/ruby/APKBUILD +++ b/main/ruby/APKBUILD @@ -3,6 +3,9 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> # # secfixes: +# 2.5.9-r0: +# - CVE-2021-28965 +# - CVE-2021-28966 # 2.5.8-r1: # - CVE-2020-25613 # 2.5.8-r0: @@ -36,11 +39,11 @@ # - CVE-2017-17405 # pkgname=ruby -pkgver=2.5.8 +pkgver=2.5.9 _abiver="${pkgver%.*}.0" -pkgrel=1 +pkgrel=0 pkgdesc="An object-oriented language for quick and easy programming" -url="http://www.ruby-lang.org/en/" +url="https://www.ruby-lang.org/" arch="all" license="Ruby BSD-2-Clause" depends="ca-certificates" @@ -74,7 +77,6 @@ source="https://cache.ruby-lang.org/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.t rubygems-avoid-platform-specific-gems.patch test_insns-lower-recursion-depth.patch fix-get_main_stack.patch - CVE-2020-25613.patch " replaces="ruby-gems" builddir="$srcdir/$pkgname-$pkgver" @@ -350,8 +352,7 @@ _mvgem() { done } -sha512sums="ec8bf18b5ef8bf14a568dfb50cbddcc4bb13241f07b0de969e7b60cc261fb4e08fefeb5236bcf620bc690af112a9ab7f7c89f5b8a03fd3430e58804227b5041f ruby-2.5.8.tar.gz +sha512sums="5c9a6703b4c8d6e365856d7815e202f24659078d4c8e7a5059443453032b73b28e7ab2b8a6fa995c92c8e7f4838ffa6f9eec31593854e2fc3fc35532cb2db788 ruby-2.5.9.tar.gz cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch 814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch -8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch -b57686e6815e72ab1b836e2d347255954562dc00b93c9128cabb4d55e4483abd188f422a7de592dbce361e97536c6f3fcd05b390ca8e0b81a4ff2b608e9666ed CVE-2020-25613.patch" +8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch" diff --git a/main/ruby/CVE-2020-25613.patch b/main/ruby/CVE-2020-25613.patch deleted file mode 100644 index f11b9f6312b..00000000000 --- a/main/ruby/CVE-2020-25613.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001 -From: Yusuke Endoh <mame@ruby-lang.org> -Date: Tue, 29 Sep 2020 13:15:58 +0900 -Subject: [PATCH] Make it more strict to interpret some headers - -Some regexps were too tolerant. ---- - lib/webrick/httprequest.rb | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb -index 294bd91..d34eac7 100644 ---- a/lib/webrick/httprequest.rb -+++ b/lib/webrick/httprequest.rb -@@ -226,9 +226,9 @@ - raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." - end - -- if /close/io =~ self["connection"] -+ if /\Aclose\z/io =~ self["connection"] - @keep_alive = false -- elsif /keep-alive/io =~ self["connection"] -+ elsif /\Akeep-alive\z/io =~ self["connection"] - @keep_alive = true - elsif @http_version < "1.1" - @keep_alive = false -@@ -475,7 +475,7 @@ - return unless socket - if tc = self['transfer-encoding'] - case tc -- when /chunked/io then read_chunked(socket, block) -+ when /\Achunked\z/io then read_chunked(socket, block) - else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." - end - elsif self['content-length'] || @remaining_size |