[security] ruby: see http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467

2006-11-08 16:43:11 +01:00 · 2006-11-08 16:43:11 +01:00 · 174ebda6dd
commit 174ebda6dd
parent 65358044bb
3 changed files with 15 additions and 2 deletions
--- a/ruby/.md5sum
+++ b/ruby/.md5sum
@ -1,2 +1,3 @@
+9d25f59d1c33a0b215f6c25260dcb536  ruby-1.8.5-cgi-dos-1.patch
 c29d1494e946c08c4731c3e4cdabb2cb  ruby-1.8.5.patch
 3fbb02294a8ca33d4684055adba5ed6f  ruby-1.8.5.tar.gz
--- a/ruby/Pkgfile
+++ b/ruby/Pkgfile
@ -5,13 +5,14 @@

 name=ruby
 version=1.8.5
-release=1
+release=2
 source=(ftp://ftp.ruby-lang.org/pub/$name/1.8/$name-$version.tar.gz \
-        $name-$version.patch)
+        $name-$version.patch $name-$version-cgi-dos-1.patch)

 build () {
    cd $name-$version
    patch -p1 < $SRC/$name-$version.patch
+    patch -p0 < $SRC/$name-$version-cgi-dos-1.patch
    ./configure --prefix=/usr \
                --mandir=/usr/man \
                --enable-shared \
--- a/ruby/ruby-1.8.5-cgi-dos-1.patch
+++ b/ruby/ruby-1.8.5-cgi-dos-1.patch
@ -0,0 +1,11 @@
+--- lib/cgi.rb.orig	2006-08-22 18:38:19.000000000 +0900
+++ lib/cgi.rb	2006-11-03 00:18:53.000000000 +0900
+@@ -1018,7 +1018,7 @@ class CGI
+               else
+                 stdinput.read(content_length)
+               end
+-          if c.nil?
+          if c.nil? || c.empty?
+             raise EOFError, "bad content body"
+           end
+           buf.concat(c)