diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-03-12 21:55:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-03-12 21:55:15 +0000 |
commit | 7218e1b46bceac05841e90472501742d905fb3fc (patch) | |
tree | 56fae051db521b8fce8014cbc8b11484885b14b3 /www-servers/puma | |
parent | 6d691ad5b6239929063441bbd14c489e92e7396e (diff) |
gentoo resync : 12.03.2021
Diffstat (limited to 'www-servers/puma')
-rw-r--r-- | www-servers/puma/Manifest | 1 | ||||
-rw-r--r-- | www-servers/puma/files/puma-4.3.4-cve-2020-11077.patch | 115 |
2 files changed, 0 insertions, 116 deletions
diff --git a/www-servers/puma/Manifest b/www-servers/puma/Manifest index 93ecb5f7f652..7c6de707f556 100644 --- a/www-servers/puma/Manifest +++ b/www-servers/puma/Manifest @@ -1,6 +1,5 @@ AUX puma-3.12.1-ruby26-waitpid.patch 1722 BLAKE2B cee9b9e89cf098a387481d754732f54274ce0f9580568e62496513d58d46578f81c13df2aa98d2da218bf9d8ad581e8728ff60be488905493e9acc6b88012a88 SHA512 86f826d7f9ac8a50d62f8cf2b87b0df5f7ce55c1a5e4ac7b928b756ece809e30750bb2a7c3c50dc95f9edcb463e9c453b5d3eb84ffe44952904200b5337351ad AUX puma-3.12.5-cve-2020-11077.patch 3490 BLAKE2B 08f103ed5a5cf9878404f04c139476c730f7a663681aa6cc0107c033317826ed803b72b384034b08b361ed7c99683fe3d90d51c5f97708647750db9edf59e15c SHA512 25f26889e74c98e5ee45dbdb2dad356099d15c70027f32fa2500e0f5b40d742d376b7f29560dde985c3652064f6bdec8dd411154301f6c89b1ef356632570c29 -AUX puma-4.3.4-cve-2020-11077.patch 3578 BLAKE2B 34ed185950223fe952f29c98aa80211f8b066ec9d89a04ce4900b6fa654521ac4abb3ae4fd6ae9f56c3143649b0d07bb1a1b66691522c1a9d0ee4d574fe9c58b SHA512 1df326102f6efd0b0aec4918ddda8beba467a76fb863cb0f117d9f073cd6adfdc4dbcb5b698cff8a43404794aa0171e5c124bdf9e0b8ab4161475c6ab3bbd95e DIST puma-3.12.5.tar.gz 219175 BLAKE2B 55e80fba8fd84004090cb8d30b6fd01652f1beb1d1216c5d41ce46c616677504fa867f9701ed2631f4edc956c9377d72c6fd4a1b61e99fdbb50ea371b170a0c0 SHA512 1e6721844cbabab0cfb8b1707625723061821dae3ee06a3330075f787ae580e6836d9cbe436e63dc4602253ad1da3b56135316c923c03bbbae454d9457a44aec DIST puma-5.1.1.tar.gz 284807 BLAKE2B 59ba17129e55e79aa2f8092d60a5643840bd996b7832d421cb72538fc48b0fb302353bedef56cc9b115bdfb15b33b0f453bfbf759b2e9552a9490a8b0cef3090 SHA512 8653c622c21dca2116219702e801d7aa3272f0771fd5c2d5149927edbd504a9838fb0d442bfc5dc523035a94dad25946738a5dda954fdaa74a9a00c85ed9f86e DIST puma-5.2.0.tar.gz 292173 BLAKE2B e09e524ef651a674373e0c5281832fef2e016f58e9623968e11c47135f7bcddb72c6458e74e85f4264c40f49222161d9749c3c29295d5470e47e7b0382e96bab SHA512 3e97f17be3926ff23b03def55dd1c9f015750a5aec74f0fa1551d20c9f386e0ec1a9e676dc0df49ae12129be6768a7d2f7df7a944dd2ec3d44f8243098dc7950 diff --git a/www-servers/puma/files/puma-4.3.4-cve-2020-11077.patch b/www-servers/puma/files/puma-4.3.4-cve-2020-11077.patch deleted file mode 100644 index 673641a91627..000000000000 --- a/www-servers/puma/files/puma-4.3.4-cve-2020-11077.patch +++ /dev/null @@ -1,115 +0,0 @@ -From f3b409c565d67557c04ad37c10a42dd8cad0b655 Mon Sep 17 00:00:00 2001 -From: Evan Phoenix <evan@phx.io> -Date: Tue, 19 May 2020 15:20:10 -0700 -Subject: [PATCH] Reduce ambiguity of headers - ---- - ext/puma_http11/http11_parser.c | 4 +++- - ext/puma_http11/http11_parser.rl | 4 +++- - lib/puma/server.rb | 31 +++++++++++++++++++++++++++++++ - 3 files changed, 37 insertions(+), 2 deletions(-) - -diff --git a/ext/puma_http11/http11_parser.c b/ext/puma_http11/http11_parser.c -index 0b5fdabc3..bf1dd89ab 100644 ---- a/ext/puma_http11/http11_parser.c -+++ b/ext/puma_http11/http11_parser.c -@@ -14,12 +14,14 @@ - - /* - * capitalizes all lower-case ASCII characters, -- * converts dashes to underscores. -+ * converts dashes to underscores, and underscores to commas. - */ - static void snake_upcase_char(char *c) - { - if (*c >= 'a' && *c <= 'z') - *c &= ~0x20; -+ else if (*c == '_') -+ *c = ','; - else if (*c == '-') - *c = '_'; - } -diff --git a/ext/puma_http11/http11_parser.rl b/ext/puma_http11/http11_parser.rl -index 880c1d40b..62452ba7c 100644 ---- a/ext/puma_http11/http11_parser.rl -+++ b/ext/puma_http11/http11_parser.rl -@@ -12,12 +12,14 @@ - - /* - * capitalizes all lower-case ASCII characters, -- * converts dashes to underscores. -+ * converts dashes to underscores, and underscores to commas. - */ - static void snake_upcase_char(char *c) - { - if (*c >= 'a' && *c <= 'z') - *c &= ~0x20; -+ else if (*c == '_') -+ *c = ','; - else if (*c == '-') - *c = '_'; - } -diff --git a/lib/puma/server.rb b/lib/puma/server.rb -index b8e8a7b48..0e123687c 100644 ---- a/lib/puma/server.rb -+++ b/lib/puma/server.rb -@@ -672,6 +672,37 @@ def handle_request(req, lines) - } - end - -+ # Fixup any headers with , in the name to have _ now. We emit -+ # headers with , in them during the parse phase to avoid ambiguity -+ # with the - to _ conversion for critical headers. But here for -+ # compatibility, we'll convert them back. This code is written to -+ # avoid allocation in the common case (ie there are no headers -+ # with , in their names), that's why it has the extra conditionals. -+ -+ to_delete = nil -+ to_add = nil -+ -+ env.each do |k,v| -+ if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING" -+ if to_delete -+ to_delete << k -+ else -+ to_delete = [k] -+ end -+ -+ unless to_add -+ to_add = {} -+ end -+ -+ to_add[k.gsub(",", "_")] = v -+ end -+ end -+ -+ if to_delete -+ to_delete.each { |k| env.delete(k) } -+ env.merge! to_add -+ end -+ - # A rack extension. If the app writes #call'ables to this - # array, we will invoke them when the request is done. - # -From 6d87ed2101dab40e6aaa85b0df01433cfb84df53 Mon Sep 17 00:00:00 2001 -From: Evan Phoenix <evan@phx.io> -Date: Tue, 19 May 2020 15:34:06 -0700 -Subject: [PATCH] Adjust test to match real world value - ---- - test/test_puma_server.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/test_puma_server.rb b/test/test_puma_server.rb -index 75fcc22e8..a10490a71 100644 ---- a/test/test_puma_server.rb -+++ b/test/test_puma_server.rb -@@ -151,7 +151,7 @@ def test_default_server_port_respects_x_forwarded_proto - - req = Net::HTTP::Get.new("/") - req['HOST'] = "example.com" -- req['X_FORWARDED_PROTO'] = "https,http" -+ req['X-FORWARDED-PROTO'] = "https,http" - - res = Net::HTTP.start @host, @server.connected_port do |http| - http.request(req) |