[前][次][番号順一覧][スレッド一覧]

ruby-changes:65276

From: usa <ko1@a...>
Date: Tue, 16 Feb 2021 22:35:35 +0900 (JST)
Subject: [ruby-changes:65276] d6d2f179b0 (ruby_2_5): Backport webrick patch for CVE-2020-25613

https://git.ruby-lang.org/ruby.git/commit/?id=d6d2f179b0

From d6d2f179b02855ce07e8a114b3611dfc1f590986 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 16 Feb 2021 13:35:19 +0000
Subject: Backport webrick patch for CVE-2020-25613

[Backport #17201]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67893 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/webrick/httprequest.rb |  6 +++---
 lib/webrick/version.rb     |  2 +-
 version.h                  | 10 +++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
index b40bcb0..5cf5844 100644
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -226,9 +226,9 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httprequest.rb#L226
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -475,7 +475,7 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httprequest.rb#L475
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size
diff --git a/lib/webrick/version.rb b/lib/webrick/version.rb
index ee6b415..839afb1 100644
--- a/lib/webrick/version.rb
+++ b/lib/webrick/version.rb
@@ -14,5 +14,5 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/version.rb#L14
   ##
   # The WEBrick version
 
-  VERSION      = "1.4.2"
+  VERSION      = "1.4.2.1"
 end
diff --git a/version.h b/version.h
index 818752f..4239637 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1
 #define RUBY_VERSION "2.5.9"
-#define RUBY_RELEASE_DATE "2020-12-09"
-#define RUBY_PATCHLEVEL 227
+#define RUBY_RELEASE_DATE "2021-02-16"
+#define RUBY_PATCHLEVEL 228
 
-#define RUBY_RELEASE_YEAR 2020
-#define RUBY_RELEASE_MONTH 12
-#define RUBY_RELEASE_DAY 9
+#define RUBY_RELEASE_YEAR 2021
+#define RUBY_RELEASE_MONTH 2
+#define RUBY_RELEASE_DAY 16
 
 #include "ruby/version.h"
 
-- 
cgit v1.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]