ruby-changes:65098
From: usa <ko1@a...>
Date: Sun, 31 Jan 2021 18:56:41 +0900 (JST)
Subject: [ruby-changes:65098] 8b49c3e4bc (ruby_2_6): Backport webrick patch for CVE-2020-25613
https://git.ruby-lang.org/ruby.git/commit/?id=8b49c3e4bc From 8b49c3e4bc767bec8a66ac81cbda033330fb2703 Mon Sep 17 00:00:00 2001 From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Sun, 31 Jan 2021 09:56:27 +0000 Subject: Backport webrick patch for CVE-2020-25613 [Backport #17201] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67892 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/webrick/httprequest.rb | 6 +++--- lib/webrick/version.rb | 2 +- test/webrick/test_httpproxy.rb | 2 +- test/webrick/test_httpserver.rb | 2 +- test/webrick/test_server.rb | 2 +- version.h | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index e402099..c73f48c 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -226,9 +226,9 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httprequest.rb#L226 raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." end - if /close/io =~ self["connection"] + if /\Aclose\z/io =~ self["connection"] @keep_alive = false - elsif /keep-alive/io =~ self["connection"] + elsif /\Akeep-alive\z/io =~ self["connection"] @keep_alive = true elsif @http_version < "1.1" @keep_alive = false @@ -503,7 +503,7 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httprequest.rb#L503 return unless socket if tc = self['transfer-encoding'] case tc - when /chunked/io then read_chunked(socket, block) + when /\Achunked\z/io then read_chunked(socket, block) else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." end elsif self['content-length'] || @remaining_size diff --git a/lib/webrick/version.rb b/lib/webrick/version.rb index ee6b415..c23df9a 100644 --- a/lib/webrick/version.rb +++ b/lib/webrick/version.rb @@ -14,5 +14,5 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/version.rb#L14 ## # The WEBrick version - VERSION = "1.4.2" + VERSION = "1.4.4" end diff --git a/test/webrick/test_httpproxy.rb b/test/webrick/test_httpproxy.rb index a9f6f7d..504eb1f 100644 --- a/test/webrick/test_httpproxy.rb +++ b/test/webrick/test_httpproxy.rb @@ -213,7 +213,7 @@ class TestWEBrickHTTPProxy < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpproxy.rb#L213 end end end - end + end if RUBY_VERSION >= '2.5' def make_certificate(key, cn) subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=#{cn}") diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb index a6e70da..2e5d449 100644 --- a/test/webrick/test_httpserver.rb +++ b/test/webrick/test_httpserver.rb @@ -253,7 +253,7 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpserver.rb#L253 server.virtual_host(WEBrick::HTTPServer.new(vhost_config)) Thread.pass while server.status != :Running - sleep 1 if RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait + sleep 1 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait assert_equal(1, started, log.call) assert_equal(0, stopped, log.call) assert_equal(0, accepted, log.call) diff --git a/test/webrick/test_server.rb b/test/webrick/test_server.rb index 5f7f3a0..8162a18 100644 --- a/test/webrick/test_server.rb +++ b/test/webrick/test_server.rb @@ -65,7 +65,7 @@ class TestWEBrickServer < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/webrick/test_server.rb#L65 } TestWEBrick.start_server(Echo, config){|server, addr, port, log| true while server.status != :Running - sleep 1 if RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait + sleep 1 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait assert_equal(1, started, log.call) assert_equal(0, stopped, log.call) assert_equal(0, accepted, log.call) diff --git a/version.h b/version.h index 1089771..373ee70 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1 #define RUBY_VERSION "2.6.7" #define RUBY_RELEASE_DATE "2021-01-31" -#define RUBY_PATCHLEVEL 152 +#define RUBY_PATCHLEVEL 153 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 1 -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/