Projects
openEuler:20.03:LTS:SP1
ruby
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 20
View file
_service:tar_scm_kernel_repo:ruby.spec
Changed
@@ -1,6 +1,6 @@ Name: ruby Version: 2.5.8 -Release: 114 +Release: 115 Summary: Object-oriented scripting language interpreter License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD URL: https://www.ruby-lang.org/ @@ -39,6 +39,7 @@ Patch0014: CVE-2019-19246.patch Patch0015: CVE-2019-16163.patch Patch0016: CVE-2020-25613.patch +Patch0017: CVE-2021-41819.patch Patch6000: backport-0001-CVE-2021-28965.patch Patch6001: backport-0002-CVE-2021-28965.patch Patch6002: backport-CVE-2021-31799.patch @@ -581,6 +582,9 @@ %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.* %changelog +* Fri Jan 14 2022 yaoxin <yaoxin30@huawei.com> - 2.5.8-115 +- Fix CVE-2021-41819 + * Sat Jul 31 2021 shixuantong <shixuantong@huawei.com> - 2.5.8-114 - Type:cves - ID:CVE-2021-31799 CVE-2021-31810 CVE-2021-32066
View file
_service:tar_scm_kernel_repo:CVE-2021-41819.patch
Added
@@ -0,0 +1,38 @@ +From 052eb3a828b0f99bca39cfd800f6c2b91307dbd5 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <nobu@ruby-lang.org> +Date: Mon, 29 Jun 2020 10:29:25 +0900 +Subject: [PATCH] When parsing cookies, only decode the values + +--- + lib/cgi/cookie.rb | 1 - + test/cgi/test_cgi_cookie.rb | 5 +++++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb +index ae9ab58..6b0d89c 100644 +--- a/lib/cgi/cookie.rb ++++ b/lib/cgi/cookie.rb +@@ -165,7 +165,6 @@ def self.parse(raw_cookie) + raw_cookie.split(/;\s?/).each do |pairs| + name, values = pairs.split('=',2) + next unless name and values +- name = CGI.unescape(name) + values ||= "" + values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) } + if cookies.has_key?(name) +diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb +index 115a57e..985cc0d 100644 +--- a/test/cgi/test_cgi_cookie.rb ++++ b/test/cgi/test_cgi_cookie.rb +@@ -101,6 +101,11 @@ def test_cgi_cookie_parse + end + end + ++ def test_cgi_cookie_parse_not_decode_name ++ cookie_str = "%66oo=baz;foo=bar" ++ cookies = CGI::Cookie.parse(cookie_str) ++ assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies) ++ end + + def test_cgi_cookie_arrayinterface + cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.