commit 174ebda6dd84c792e15a13a2abbfd1920ff5160c Author: Juergen Daubert <jue@jue.li> Date: Wed Nov 8 16:43:11 2006 +0100 [security] ruby: see http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467 diff --git a/ruby/.md5sum b/ruby/.md5sum index 8c9a194..718efd9 100644 --- a/ruby/.md5sum +++ b/ruby/.md5sum @@ -1,2 +1,3 @@ +9d25f59d1c33a0b215f6c25260dcb536 ruby-1.8.5-cgi-dos-1.patch c29d1494e946c08c4731c3e4cdabb2cb ruby-1.8.5.patch 3fbb02294a8ca33d4684055adba5ed6f ruby-1.8.5.tar.gz diff --git a/ruby/Pkgfile b/ruby/Pkgfile index 0825307..0fd5f5c 100644 --- a/ruby/Pkgfile +++ b/ruby/Pkgfile @@ -5,13 +5,14 @@ name=ruby version=1.8.5 -release=1 +release=2 source=(ftp://ftp.ruby-lang.org/pub/$name/1.8/$name-$version.tar.gz \ - $name-$version.patch) + $name-$version.patch $name-$version-cgi-dos-1.patch) build () { cd $name-$version patch -p1 < $SRC/$name-$version.patch + patch -p0 < $SRC/$name-$version-cgi-dos-1.patch ./configure --prefix=/usr \ --mandir=/usr/man \ --enable-shared \ diff --git a/ruby/ruby-1.8.5-cgi-dos-1.patch b/ruby/ruby-1.8.5-cgi-dos-1.patch new file mode 100644 index 0000000..a563c65 --- /dev/null +++ b/ruby/ruby-1.8.5-cgi-dos-1.patch @@ -0,0 +1,11 @@ +--- lib/cgi.rb.orig 2006-08-22 18:38:19.000000000 +0900 ++++ lib/cgi.rb 2006-11-03 00:18:53.000000000 +0900 +@@ -1018,7 +1018,7 @@ class CGI + else + stdinput.read(content_length) + end +- if c.nil? ++ if c.nil? || c.empty? + raise EOFError, "bad content body" + end + buf.concat(c)