rpms/ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CGI causing issue with leading '.' in domain names.

Browse Source 
The original issue broke rubygem-actionpack:

https://github.com/rails/rails/issues/46578
https://github.com/rails/rails/pull/46595

rubygem-rack:

https://github.com/rack/rack/pull/1988

And rack-test (where I have not checked details).
This commit is contained in:
Vít Ondruch 2022-12-08 13:12:40 +01:00
parent 2cdb051166
commit b1748af87f
3 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch Normal file
View File

@ -0,0 +1,38 @@
From 656f25987cf2885104d5b13c8d3f5b7d32f1b333 Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Wed, 23 Nov 2022 12:10:36 +0100
Subject: [PATCH] [ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on
older rubies
https://github.com/ruby/cgi/commit/05f0c58048
---
test/cgi/test_cgi_cookie.rb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index e3ec4bea5286..6d31932d321a 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -62,18 +62,18 @@ def test_cgi_cookie_new_complex
def test_cgi_cookie_new_with_domain
h = {'name'=>'name1', 'value'=>'value1'}
- cookie = CGI::Cookie.new('domain'=>'a.example.com', **h)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'a.example.com'))
assert_equal('a.example.com', cookie.domain)
- cookie = CGI::Cookie.new('domain'=>'1.example.com', **h)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'1.example.com'))
assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
assert_raise(ArgumentError) {
- CGI::Cookie.new('domain'=>'-a.example.com', **h)
+ CGI::Cookie.new(h.merge('domain'=>'-a.example.com'))
}
assert_raise(ArgumentError) {
- CGI::Cookie.new('domain'=>'a-.example.com', **h)
+ CGI::Cookie.new(h.merge('domain'=>'a-.example.com'))
}
end

44
ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch Normal file
View File

@ -0,0 +1,44 @@
From 745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649 Mon Sep 17 00:00:00 2001
From: Xenor Chang <tubaxenor@gmail.com>
Date: Mon, 28 Nov 2022 12:34:06 +0800
Subject: [PATCH] [ruby/cgi] Loosen the domain regex to accept '.'
(https://github.com/ruby/cgi/pull/29)
* Loosen the domain regex to accept '.'
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
https://github.com/ruby/cgi/commit/5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
---
lib/cgi/cookie.rb | 2 +-
test/cgi/test_cgi_cookie.rb | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index 1a9c1a82c123..9498e2f9faf9 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -42,7 +42,7 @@ class Cookie < Array
TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
- DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
+ DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
# Create a new CGI::Cookie object.
#
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 6d31932d321a..eadae4531365 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -65,6 +65,9 @@ def test_cgi_cookie_new_with_domain
cookie = CGI::Cookie.new(h.merge('domain'=>'a.example.com'))
assert_equal('a.example.com', cookie.domain)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'.example.com'))
+ assert_equal('.example.com', cookie.domain)
+
cookie = CGI::Cookie.new(h.merge('domain'=>'1.example.com'))
assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')

10
ruby.spec
View File

@ -190,6 +190,13 @@ Patch27: ruby-irb-1.4.1-drop-rdoc-hard-dep.patch
# Set soft dependency on RDoc in input-method.rb in IRB. # Set soft dependency on RDoc in input-method.rb in IRB.
# https://github.com/ruby/irb/pull/395 # https://github.com/ruby/irb/pull/395
Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch
# CGI is now too restrictive about leading '.' in domain, leading to failures
# in Rack, rack-test or ActionPack.
# https://github.com/ruby/ruby/commit/656f25987cf2885104d5b13c8d3f5b7d32f1b333
Patch29: ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch
# https://github.com/ruby/cgi/pull/29
# https://github.com/ruby/ruby/commit/745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649
Patch30: ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick Suggests: rubypick
@ -661,6 +668,8 @@ rm -rf ext/fiddle/libffi*
%patch24 -p1 %patch24 -p1
%patch27 -p1 %patch27 -p1
%patch28 -p1 %patch28 -p1
%patch29 -p1
%patch30 -p1
# Provide an example of usage of the tapset: # Provide an example of usage of the tapset:
cp -a %{SOURCE3} . cp -a %{SOURCE3} .
@ -1540,6 +1549,7 @@ mv test/ruby/test_jit.rb{,.disable} || :
%changelog %changelog
* Thu Dec 08 2022 Vít Ondruch <vondruch@redhat.com> - 3.1.3-173 * Thu Dec 08 2022 Vít Ondruch <vondruch@redhat.com> - 3.1.3-173
- Disable MJIT test cases on i686 due to issues with PCH. - Disable MJIT test cases on i686 due to issues with PCH.
- Fix CGI causing issue with leading '.' in domain names.
* Thu Nov 24 2022 Vít Ondruch <vondruch@redhat.com> - 3.1.3-172 * Thu Nov 24 2022 Vít Ondruch <vondruch@redhat.com> - 3.1.3-172
- Upgrade to Ruby 3.1.3. - Upgrade to Ruby 3.1.3.