aboutsummaryrefslogtreecommitdiffstats
path: root/lang/ruby18
diff options
context:
space:
mode:
authorstas <stas@FreeBSD.org>2006-12-05 04:33:04 +0800
committerstas <stas@FreeBSD.org>2006-12-05 04:33:04 +0800
commit1d60c19c6ba5faff82fd4d00b066daea5be1be7f (patch)
tree67414f78f2704f6a58199aef10a6c1b38c21803c /lang/ruby18
parent50a253442eb394688e3984309d1d5605b6b38e2a (diff)
downloadfreebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.tar.gz
freebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.tar.zst
freebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.zip
- Fix an another cgi library vulnerability
- Bump portrevision PR: ports/106287 Reported by: UEDA Hiroyuki <bsdmad@gmail.com> Obtained from: ruby cvs
Diffstat (limited to 'lang/ruby18')
-rw-r--r--lang/ruby18/Makefile2
-rw-r--r--lang/ruby18/files/patch-lib_cgi.rb31
2 files changed, 29 insertions, 4 deletions
diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile
index 6d73963f6b94..df95cd404e2c 100644
--- a/lang/ruby18/Makefile
+++ b/lang/ruby18/Makefile
@@ -7,7 +7,7 @@
PORTNAME= ruby
PORTVERSION= ${RUBY_PORTVERSION}
-PORTREVISION= 4
+PORTREVISION= 5
PORTEPOCH= 1
CATEGORIES= lang ruby ipv6
MASTER_SITES= ${MASTER_SITE_RUBY}
diff --git a/lang/ruby18/files/patch-lib_cgi.rb b/lang/ruby18/files/patch-lib_cgi.rb
index 1ab40f7e2afa..4d30b212eab6 100644
--- a/lang/ruby18/files/patch-lib_cgi.rb
+++ b/lang/ruby18/files/patch-lib_cgi.rb
@@ -1,6 +1,23 @@
---- lib/cgi.rb 2005-10-06 19:01:22.000000000 -0600
-+++ lib/cgi.rb 2006-09-22 16:38:08.000000000 -0600
-@@ -1017,7 +1017,7 @@
+--- lib/cgi.rb.orig Tue Aug 22 13:38:19 2006
++++ lib/cgi.rb Mon Dec 4 23:22:42 2006
+@@ -967,6 +967,7 @@
+ def read_multipart(boundary, content_length)
+ params = Hash.new([])
+ boundary = "--" + boundary
++ quoted_boundary = Regexp.quote(boundary, "n")
+ buf = ""
+ bufsize = 10 * 1024
+ boundary_end=""
+@@ -998,7 +999,7 @@
+ end
+ body.binmode if defined? body.binmode
+
+- until head and /#{boundary}(?:#{EOL}|--)/n.match(buf)
++ until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf)
+
+ if (not head) and /#{EOL}#{EOL}/n.match(buf)
+ buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do
+@@ -1018,14 +1019,14 @@
else
stdinput.read(content_length)
end
@@ -9,3 +26,11 @@
raise EOFError, "bad content body"
end
buf.concat(c)
+ content_length -= c.size
+ end
+
+- buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{boundary}([\r\n]{1,2}|--)/n) do
++ buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do
+ body.print $1
+ if "--" == $2
+ content_length = -1