packages/rubygem-excon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 fix CVE-2019-16779

Browse Source 
From: @programmer12
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-11-01 07:38:16 +00:00 committed by Gitee
commit 9815fdbf92
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2019-16779.patch Normal file
View File

@ -0,0 +1,67 @@
From 0ca3cd81f43bf250df08a209a9ee709584935600 Mon Sep 17 00:00:00 2001
From: geemus <geemus@gmail.com>
Date: Mon, 1 Nov 2021 10:20:15 +0800
Subject: [PATCH] fix for leftover data with interrupted persistent connections
---
lib/excon/connection.rb | 9 ++++++++-
tests/rackups/basic.rb | 8 ++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/lib/excon/connection.rb b/lib/excon/connection.rb
index d27827f..25f89a3 100644
--- a/lib/excon/connection.rb
+++ b/lib/excon/connection.rb
@@ -252,6 +252,11 @@ module Excon
datum[:connection] = self
+ # cleanup data left behind on persistent connection after interrupt
+ if datum[:persistent] && !@persistent_socket_reusable
+ reset
+ end
+
datum[:stack] = datum[:middlewares].map do |middleware|
lambda {|stack| middleware.new(stack)}
end.reverse.inject(self) do |middlewares, middleware|
@@ -260,8 +265,9 @@ module Excon
datum = datum[:stack].request_call(datum)
unless datum[:pipeline]
+ @persistent_socket_reusable = false
datum = response(datum)
-
+ @persistent_socket_reusable = true
if datum[:persistent]
if key = datum[:response][:headers].keys.detect {|k| k.casecmp('Connection') == 0 }
if datum[:response][:headers][key].casecmp('close') == 0
@@ -330,6 +336,7 @@ module Excon
if old_socket = sockets.delete(@socket_key)
old_socket.close rescue nil
end
+ @persistent_socket_reusable = true
end
# Generate HTTP request verb methods
diff --git a/tests/rackups/basic.rb b/tests/rackups/basic.rb
index 0bddd9a..e474a58 100644
--- a/tests/rackups/basic.rb
+++ b/tests/rackups/basic.rb
@@ -31,6 +31,14 @@ class Basic < Sinatra::Base
get('/echo dirty') do
echo
end
+
+ get('/foo') do
+ 'foo'
+ end
+
+ get('/bar') do
+ 'bar'
+ end
private
--
2.27.0

7
rubygem-excon.spec
View File

@ -2,12 +2,13 @@
%global gem_name excon %global gem_name excon
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Version: 0.62.0 Version: 0.62.0
Release: 2 Release: 3
Summary: Speed, persistence, http(s) Summary: Speed, persistence, http(s)
License: MIT License: MIT
URL: https://github.com/excon/excon URL: https://github.com/excon/excon
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
Patch0: rubygem-excon-0.62.0-Ruby-2.6-escapes-InvalidURIError-output.patch Patch0: rubygem-excon-0.62.0-Ruby-2.6-escapes-InvalidURIError-output.patch
Patch1: CVE-2019-16779.patch
BuildRequires: ruby(release) rubygems-devel ruby %{_bindir}/openssl rubygem-rack BuildRequires: ruby(release) rubygems-devel ruby %{_bindir}/openssl rubygem-rack
BuildRequires: rubygem-shindo rubygem(activesupport) rubygem(delorean) rubygem(eventmachine) BuildRequires: rubygem-shindo rubygem(activesupport) rubygem(delorean) rubygem(eventmachine)
BuildRequires: rubygem(open4) rubygem(puma) rubygem(sinatra) rubygem(rspec) BuildRequires: rubygem(open4) rubygem(puma) rubygem(sinatra) rubygem(rspec)
@ -27,6 +28,7 @@ Documentation for %{name}.
%prep %prep
%setup -q -n %{gem_name}-%{version} %setup -q -n %{gem_name}-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1
sed -i "/ciphers/ s/'.*'/'PROFILE=SYSTEM'/" lib/excon/constants.rb sed -i "/ciphers/ s/'.*'/'PROFILE=SYSTEM'/" lib/excon/constants.rb
%build %build
@ -74,6 +76,9 @@ popd
%{gem_instdir}/tests %{gem_instdir}/tests
%changelog %changelog
* Mon Nov 1 2021 liwu <liwu13@huawei.com> - 0.62.0-3
- Fix CVE-2019-16779
* Sat Sep 5 2020 liyanan <liyanan32@huawei.com> - 0.62.0-2 * Sat Sep 5 2020 liyanan <liyanan32@huawei.com> - 0.62.0-2
- fix build fail - fix build fail