FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Port details
rubygem-cgi_multipart_eof_fix Fix an exploitable bug in CGI multipart parsing
2.5.0 www on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port
Maintainer: ruby@FreeBSD.org search for ports maintained by this maintainer
Port Added: 08 Dec 2010 19:18:47
Also Listed In: rubygems
License: GPLv2 RUBY
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW: http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix
SVNWeb : Homepage : PortsMon

To install the port: cd /usr/ports/www/rubygem-cgi_multipart_eof_fix/ && make install clean
To add the package: pkg install rubygem-cgi_multipart_eof_fix

PKGNAME: rubygem-cgi_multipart_eof_fix

distinfo:

SHA256 (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = f6638858f2748f2701ae96fc7a939000f0feba1870011483d7d10662140cd672
SIZE (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = 11776


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Runtime dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Patch dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Extract dependencies:
  1. ruby22 : lang/ruby22

This port is required by:

for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...
Configuration Options
     No options to configure

USES:
gem

Master Sites:
  1. https://rubygems.global.ssl.fastly.net/gems/

Number of commits found: 9

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
19 May 2016 10:53:06
Original commit files touched by this commit  2.5.0
Revision:415500
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-descrs, categories [p-x]*

Approved by:	portmgr blanket
27 Apr 2016 21:57:32
Original commit files touched by this commit  2.5.0
Revision:414136
swills search for other commits by this committer
Convert USES=gem:autoplist to USES=gem since autoplist is default
27 Apr 2016 16:36:42
Original commit files touched by this commit  2.5.0
Revision:414118
swills search for other commits by this committer
create USES=gem and update rubygem- ports to use it

Note that for now ports still have to have USE_RUBY=yes to use USES=gem

PR:		209041
Differential Revision:	https://reviews.freebsd.org/D6070
02 Jul 2015 16:01:08
Original commit files touched by this commit  2.5.0
Revision:391169
pgollucci search for other commits by this committer
Set NO_ARCH for remaining rubygem-* ports with no arch dependent files

Obtained from:  DEVELOPER_MODE
With Hat:       ruby@

Sponsored by:   RideCharge Inc / Curb
22 May 2015 20:22:07
Original commit files touched by this commit  2.5.0
Revision:387068
sunpoet search for other commits by this committer
- Add LICENSE
30 Oct 2013 03:00:33
Original commit files touched by this commit  2.5.0
Revision:332053
swills search for other commits by this committer
- Add stage support
20 Sep 2013 23:36:54
Original commit files touched by this commit  2.5.0
Revision:327776
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
www)
09 Dec 2010 02:31:11
Original commit files touched by this commit  2.5.0
pgollucci search for other commits by this committer
- pkg-desc WWW updates
08 Dec 2010 19:18:29
Original commit files touched by this commit  2.5.0
pgollucci search for other commits by this committer
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW:    http://blog.evanweaver.com/#cgi_multipart_eof_fix

Number of commits found: 9

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
chromiumJul 22
krb5-114Jul 21
mariadb100-server*Jul 21
mariadb101-server*Jul 21
mariadb55-server*Jul 21
mysql55-server*Jul 21
mysql56-server*Jul 21
mysql57-server*Jul 21
openoffice-4Jul 21
openoffice-develJul 21
percona55-server*Jul 21
typo3Jul 18
typo3-ltsJul 18
atutorJul 16
atutorJul 16

18 vulnerabilities affecting 35 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 26062
Broken 82
Deprecated 122
Ignore 353
Forbidden 0
Restricted 201
No CDROM 83
Vulnerable 74
Expired 10
Set to expire 109
Interactive 0
new 24 hours 1
new 48 hours4
new 7 days23
new fortnight86
new month160

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.