ports/opt (2.2): [notify] ruby: update to 1.8.5-p2

crux at crux.nu crux at crux.nu
Wed Dec 6 07:06:57 UTC 2006


commit 9d0faa53ad05f101fddafb6311da68b1c659c95b
Author: Juergen Daubert <jue at jue.li>
Date:   Wed Dec 6 08:06:33 2006 +0100

    [notify] ruby: update to 1.8.5-p2
    
    Security update to finally fix CVE-2006-5467.
    See http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/

diff --git a/ruby/.md5sum b/ruby/.md5sum
index 718efd9..03d0b9f 100644
--- a/ruby/.md5sum
+++ b/ruby/.md5sum
@@ -1,3 +1,2 @@
-9d25f59d1c33a0b215f6c25260dcb536  ruby-1.8.5-cgi-dos-1.patch
+a3517a224716f79b14196adda3e88057  ruby-1.8.5-p2.tar.gz
 c29d1494e946c08c4731c3e4cdabb2cb  ruby-1.8.5.patch
-3fbb02294a8ca33d4684055adba5ed6f  ruby-1.8.5.tar.gz
diff --git a/ruby/Pkgfile b/ruby/Pkgfile
index 0fd5f5c..3347d0b 100644
--- a/ruby/Pkgfile
+++ b/ruby/Pkgfile
@@ -4,15 +4,14 @@
 # Depends on:  db, gdbm, ncurses, openssl, readline, zlib
 
 name=ruby
-version=1.8.5
-release=2
+version=1.8.5-p2
+release=1
 source=(ftp://ftp.ruby-lang.org/pub/$name/1.8/$name-$version.tar.gz \
-        $name-$version.patch $name-$version-cgi-dos-1.patch)
+        $name-1.8.5.patch)
 
 build () {
     cd $name-$version
-    patch -p1 < $SRC/$name-$version.patch
-    patch -p0 < $SRC/$name-$version-cgi-dos-1.patch
+    patch -p1 < $SRC/$name-1.8.5.patch
     ./configure --prefix=/usr \
                 --mandir=/usr/man \
                 --enable-shared \
diff --git a/ruby/ruby-1.8.5-cgi-dos-1.patch b/ruby/ruby-1.8.5-cgi-dos-1.patch
deleted file mode 100644
index a563c65..0000000
--- a/ruby/ruby-1.8.5-cgi-dos-1.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- lib/cgi.rb.orig	2006-08-22 18:38:19.000000000 +0900
-+++ lib/cgi.rb	2006-11-03 00:18:53.000000000 +0900
-@@ -1018,7 +1018,7 @@ class CGI
-               else
-                 stdinput.read(content_length)
-               end
--          if c.nil?
-+          if c.nil? || c.empty?
-             raise EOFError, "bad content body"
-           end
-           buf.concat(c)



More information about the CRUX mailing list