From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=3.0 tests=AWL,BAYES_00,
	DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY
	shortcircuit=no autolearn=no autolearn_force=no version=3.4.2
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by dcvr.yhbt.net (Postfix) with ESMTP id 6C0151F4B4
	for <normalperson@yhbt.net>; Sun, 11 Oct 2020 06:37:14 +0000 (UTC)
Received: from neon.ruby-lang.org (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id 5689212097D;
	Sun, 11 Oct 2020 15:36:36 +0900 (JST)
Received: from xtrwkhkc.outbound-mail.sendgrid.net
 (xtrwkhkc.outbound-mail.sendgrid.net [167.89.16.28])
 by neon.ruby-lang.org (Postfix) with ESMTPS id 0C3C1120927
 for <ruby-core@ruby-lang.org>; Sun, 11 Oct 2020 15:36:33 +0900 (JST)
Received: by filterdrecv-p3mdw1-6685f47d68-p8qbn with SMTP id
 filterdrecv-p3mdw1-6685f47d68-p8qbn-17-5F82A80F-2A
 2020-10-11 06:37:03.747661444 +0000 UTC m=+288064.194543788
Received: from herokuapp.com (unknown) by geopod-ismtpd-5-3 (SG) with ESMTP
 id DaxprcvBQz69PzFa3PiEAw for <ruby-core@ruby-lang.org>;
 Sun, 11 Oct 2020 06:37:03.673 +0000 (UTC)
Date: Sun, 11 Oct 2020 06:37:03 +0000 (UTC)
From: nagachika00@gmail.com
Message-ID: <redmine.journal-87979.20201011063703.572@ruby-lang.org>
References: <redmine.issue-17201.20200929090807.572@ruby-lang.org>
Mime-Version: 1.0
X-Redmine-MailingListIntegration-Message-Ids: 76233
X-Redmine-Project: ruby-master
X-Redmine-Issue-Tracker: Bug
X-Redmine-Issue-Id: 17201
X-Redmine-Issue-Author: hsbt
X-Redmine-Sender: nagachika
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-SG-EID: =?us-ascii?Q?O2wxg26uOO6cft6GjkEp=2FGevTnH9lR=2FEdG60AX3F8=2FCzOoCiTJFpi10qALSOxd?=
 =?us-ascii?Q?TB1HHhMsHm=2Fns5cT0K0IYt8JCgbS7gaZvcQWpp8?=
 =?us-ascii?Q?0RvAIri5gMl+psSBH+0zF96bqfF+qdcJyKtZNfw?=
 =?us-ascii?Q?4oobZDX0UE2ndpWPXLoKmT9SZWItLuUR5UZ+NCd?=
 =?us-ascii?Q?ikm1HdA9TM=2F60fflEi2oheqtrv7PWPF3TiacKEE?=
 =?us-ascii?Q?kA=2FgbxOG0Di1UVvSo=3D?=
To: ruby-core@ruby-lang.org
X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA==
X-ML-Name: ruby-core
X-Mail-Count: 100368
Subject: [ruby-core:100368] [Ruby master Bug#17201] Backport webrick patch
	for CVE-2020-25613
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #17201 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 2.5: REQUIRED, 2.6: REQUIRED, 2.7: REQUIRED to 2.5: REQUIRED, 2.6: REQUIRED, 2.7: DONE

I'm afraid that I did backport the changeset d23d2f3f6fbb5d787b0dd80675c489a692be23e2 solely at 828c34e58b63d64558ec0f2d1d7ae401c5e6b21f.
I applied the remaining part of the patch into ruby_2_7 at 48ac73769772317d6c3f864f087ef930a47120d9.

----------------------------------------
Bug #17201: Backport webrick patch for CVE-2020-25613
https://bugs.ruby-lang.org/issues/17201#change-87979

* Author: hsbt (Hiroshi SHIBATA)
* Status: Closed
* Priority: Normal
* Backport: 2.5: REQUIRED, 2.6: REQUIRED, 2.7: DONE
----------------------------------------
I created the patch sets for Ruby 2.5, 2.6 and 2.7 for CVE-2020-25613

---Files--------------------------------
ruby_2_7_webrick_1_6_1.patch (1.95 KB)
ruby_2_6_webrick_1_4_4.patch (2.94 KB)
ruby_2_5_webrick.patch (1.26 KB)


-- 
https://bugs.ruby-lang.org/