aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-04-10 18:34:30 +0200
committerRasmus Thomsen <oss@cogitri.dev>2021-04-15 07:50:10 +0000
commitf909d915f026f82a6ca1f6e93766a6a81e1ebeb5 (patch)
treef36f6198fe9b750aa33e9261075fa3f60e9a378b
parent3a7ac69d9f0dc006ed38ea6ae043f860f882980a (diff)
downloadaports-f909d915f026f82a6ca1f6e93766a6a81e1ebeb5.tar.gz
aports-f909d915f026f82a6ca1f6e93766a6a81e1ebeb5.tar.bz2
aports-f909d915f026f82a6ca1f6e93766a6a81e1ebeb5.tar.xz
main/ruby: security upgrade to 2.6.7
-rw-r--r--main/ruby/APKBUILD13
-rw-r--r--main/ruby/CVE-2020-25613.patch35
2 files changed, 7 insertions, 41 deletions
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index 04ebbca0b9..bee3420672 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -3,6 +3,9 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.6.7-r0:
+# - CVE-2021-28965
+# - CVE-2021-28966
# 2.6.6-r3:
# - CVE-2020-25613
# 2.6.6-r0:
@@ -36,9 +39,9 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.6.6
+pkgver=2.6.7
_abiver="${pkgver%.*}.0"
-pkgrel=3
+pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
url="https://www.ruby-lang.org/"
arch="all"
@@ -76,7 +79,6 @@ source="https://cache.ruby-lang.org/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.t
fix-get_main_stack.patch
avoid-rdoc-hook-when-its-failed-to-load-rdoc-library.patch
openssl-config-support-include-directive.patch
- CVE-2020-25613.patch
"
replaces="ruby-gems"
builddir="$srcdir/$pkgname-$pkgver"
@@ -364,10 +366,9 @@ _mvgem() {
done
}
-sha512sums="7c54aad974d13c140df0a7209cc111dada10ad402126271051222adb7f2b5053997353367f2cddf6c0336f67357f831aeab9f236851153c0db0d2014bf3e0614 ruby-2.6.6.tar.gz
+sha512sums="11689cb9a48d9a588c5526dc2581f11bcf56496ecf96a93d4bddc3e92327be29a9e7806fe19c1a774d5b9d681010936577738aae872d08950d472d04fa6c4dfa ruby-2.6.7.tar.gz
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch
814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch
8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch
cc6acabcf8d237ba75309f7c3b5fbe6bd68b2e355d2c4a656a50dea6dda4ab8153db90399b23d301ee463d56274f629aa40b2958646122f71925b4e2e602304d avoid-rdoc-hook-when-its-failed-to-load-rdoc-library.patch
-a67813d7aa3553ed336f04b17461c5129546afb71a2a7cca6d1b1c860f8dd5839ca2f7695c971369f295aced3580687a28881ccd6c305f6dbdfe6b0ecf584d0e openssl-config-support-include-directive.patch
-e4279a84b12f8ae4a842fc21975598fd47d39e688dee0beb6b0ad9cd48e246ce1f659c0ff4246e355b247f248f789e0e0dafcab0351d782f1ae053bcf7bc836f CVE-2020-25613.patch"
+a67813d7aa3553ed336f04b17461c5129546afb71a2a7cca6d1b1c860f8dd5839ca2f7695c971369f295aced3580687a28881ccd6c305f6dbdfe6b0ecf584d0e openssl-config-support-include-directive.patch"
diff --git a/main/ruby/CVE-2020-25613.patch b/main/ruby/CVE-2020-25613.patch
deleted file mode 100644
index ba8d4759b1..0000000000
--- a/main/ruby/CVE-2020-25613.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh <mame@ruby-lang.org>
-Date: Tue, 29 Sep 2020 13:15:58 +0900
-Subject: [PATCH] Make it more strict to interpret some headers
-
-Some regexps were too tolerant.
----
- lib/webrick/httprequest.rb | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
-index 294bd91..d34eac7 100644
---- a/lib/webrick/httprequest.rb
-+++ b/lib/webrick/httprequest.rb
-@@ -226,9 +226,9 @@
- raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
- end
-
-- if /close/io =~ self["connection"]
-+ if /\Aclose\z/io =~ self["connection"]
- @keep_alive = false
-- elsif /keep-alive/io =~ self["connection"]
-+ elsif /\Akeep-alive\z/io =~ self["connection"]
- @keep_alive = true
- elsif @http_version < "1.1"
- @keep_alive = false
-@@ -503,7 +503,7 @@
- return unless socket
- if tc = self['transfer-encoding']
- case tc
-- when /chunked/io then read_chunked(socket, block)
-+ when /\Achunked\z/io then read_chunked(socket, block)
- else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
- end
- elsif self['content-length'] || @remaining_size