aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/ruby/APKBUILD15
-rw-r--r--main/ruby/CVE-2020-25613.patch35
2 files changed, 8 insertions, 42 deletions
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index 1364117efd..8738c5fc05 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -3,6 +3,9 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.5.9-r0:
+# - CVE-2021-28965
+# - CVE-2021-28966
# 2.5.8-r1:
# - CVE-2020-25613
# 2.5.8-r0:
@@ -36,11 +39,11 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.5.8
+pkgver=2.5.9
_abiver="${pkgver%.*}.0"
-pkgrel=1
+pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
-url="http://www.ruby-lang.org/en/"
+url="https://www.ruby-lang.org/"
arch="all"
license="Ruby BSD-2-Clause"
depends="ca-certificates"
@@ -74,7 +77,6 @@ source="https://cache.ruby-lang.org/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.t
rubygems-avoid-platform-specific-gems.patch
test_insns-lower-recursion-depth.patch
fix-get_main_stack.patch
- CVE-2020-25613.patch
"
replaces="ruby-gems"
builddir="$srcdir/$pkgname-$pkgver"
@@ -350,8 +352,7 @@ _mvgem() {
done
}
-sha512sums="ec8bf18b5ef8bf14a568dfb50cbddcc4bb13241f07b0de969e7b60cc261fb4e08fefeb5236bcf620bc690af112a9ab7f7c89f5b8a03fd3430e58804227b5041f ruby-2.5.8.tar.gz
+sha512sums="5c9a6703b4c8d6e365856d7815e202f24659078d4c8e7a5059443453032b73b28e7ab2b8a6fa995c92c8e7f4838ffa6f9eec31593854e2fc3fc35532cb2db788 ruby-2.5.9.tar.gz
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch
814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch
-8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch
-b57686e6815e72ab1b836e2d347255954562dc00b93c9128cabb4d55e4483abd188f422a7de592dbce361e97536c6f3fcd05b390ca8e0b81a4ff2b608e9666ed CVE-2020-25613.patch"
+8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch"
diff --git a/main/ruby/CVE-2020-25613.patch b/main/ruby/CVE-2020-25613.patch
deleted file mode 100644
index f11b9f6312..0000000000
--- a/main/ruby/CVE-2020-25613.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh <mame@ruby-lang.org>
-Date: Tue, 29 Sep 2020 13:15:58 +0900
-Subject: [PATCH] Make it more strict to interpret some headers
-
-Some regexps were too tolerant.
----
- lib/webrick/httprequest.rb | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
-index 294bd91..d34eac7 100644
---- a/lib/webrick/httprequest.rb
-+++ b/lib/webrick/httprequest.rb
-@@ -226,9 +226,9 @@
- raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
- end
-
-- if /close/io =~ self["connection"]
-+ if /\Aclose\z/io =~ self["connection"]
- @keep_alive = false
-- elsif /keep-alive/io =~ self["connection"]
-+ elsif /\Akeep-alive\z/io =~ self["connection"]
- @keep_alive = true
- elsif @http_version < "1.1"
- @keep_alive = false
-@@ -475,7 +475,7 @@
- return unless socket
- if tc = self['transfer-encoding']
- case tc
-- when /chunked/io then read_chunked(socket, block)
-+ when /\Achunked\z/io then read_chunked(socket, block)
- else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
- end
- elsif self['content-length'] || @remaining_size