diff options
author | stas <stas@FreeBSD.org> | 2006-12-05 04:33:04 +0800 |
---|---|---|
committer | stas <stas@FreeBSD.org> | 2006-12-05 04:33:04 +0800 |
commit | 1d60c19c6ba5faff82fd4d00b066daea5be1be7f (patch) | |
tree | 67414f78f2704f6a58199aef10a6c1b38c21803c /lang/ruby18 | |
parent | 50a253442eb394688e3984309d1d5605b6b38e2a (diff) | |
download | freebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.tar.gz freebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.tar.zst freebsd-ports-gnome-1d60c19c6ba5faff82fd4d00b066daea5be1be7f.zip |
- Fix an another cgi library vulnerability
- Bump portrevision
PR: ports/106287
Reported by: UEDA Hiroyuki <bsdmad@gmail.com>
Obtained from: ruby cvs
Diffstat (limited to 'lang/ruby18')
-rw-r--r-- | lang/ruby18/Makefile | 2 | ||||
-rw-r--r-- | lang/ruby18/files/patch-lib_cgi.rb | 31 |
2 files changed, 29 insertions, 4 deletions
diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile index 6d73963f6b94..df95cd404e2c 100644 --- a/lang/ruby18/Makefile +++ b/lang/ruby18/Makefile @@ -7,7 +7,7 @@ PORTNAME= ruby PORTVERSION= ${RUBY_PORTVERSION} -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH= 1 CATEGORIES= lang ruby ipv6 MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby18/files/patch-lib_cgi.rb b/lang/ruby18/files/patch-lib_cgi.rb index 1ab40f7e2afa..4d30b212eab6 100644 --- a/lang/ruby18/files/patch-lib_cgi.rb +++ b/lang/ruby18/files/patch-lib_cgi.rb @@ -1,6 +1,23 @@ ---- lib/cgi.rb 2005-10-06 19:01:22.000000000 -0600 -+++ lib/cgi.rb 2006-09-22 16:38:08.000000000 -0600 -@@ -1017,7 +1017,7 @@ +--- lib/cgi.rb.orig Tue Aug 22 13:38:19 2006 ++++ lib/cgi.rb Mon Dec 4 23:22:42 2006 +@@ -967,6 +967,7 @@ + def read_multipart(boundary, content_length) + params = Hash.new([]) + boundary = "--" + boundary ++ quoted_boundary = Regexp.quote(boundary, "n") + buf = "" + bufsize = 10 * 1024 + boundary_end="" +@@ -998,7 +999,7 @@ + end + body.binmode if defined? body.binmode + +- until head and /#{boundary}(?:#{EOL}|--)/n.match(buf) ++ until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf) + + if (not head) and /#{EOL}#{EOL}/n.match(buf) + buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do +@@ -1018,14 +1019,14 @@ else stdinput.read(content_length) end @@ -9,3 +26,11 @@ raise EOFError, "bad content body" end buf.concat(c) + content_length -= c.size + end + +- buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{boundary}([\r\n]{1,2}|--)/n) do ++ buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do + body.print $1 + if "--" == $2 + content_length = -1 |