FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Port details
rubygem-cgi_multipart_eof_fix Fix an exploitable bug in CGI multipart parsing
2.5.0 www on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port
Maintainer: ruby@FreeBSD.org search for ports maintained by this maintainer
Port Added: 08 Dec 2010 19:18:47
Also Listed In: rubygems
License: GPLv2 RUBY
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW: http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix
SVNWeb : Homepage : PortsMon

To install the port: cd /usr/ports/www/rubygem-cgi_multipart_eof_fix/ && make install clean
To add the package: pkg install rubygem-cgi_multipart_eof_fix

PKGNAME: rubygem-cgi_multipart_eof_fix

distinfo:

SHA256 (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = f6638858f2748f2701ae96fc7a939000f0feba1870011483d7d10662140cd672
SIZE (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = 11776


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Runtime dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Patch dependencies:
  1. ruby22 : lang/ruby22
  2. gem22 : devel/ruby-gems
Extract dependencies:
  1. ruby22 : lang/ruby22

This port is required by:

for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...
Configuration Options
     No options to configure

USES:
gem

Master Sites:
  1. https://rubygems.global.ssl.fastly.net/gems/

Number of commits found: 9

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
19 May 2016 10:53:06
Original commit files touched by this commit  2.5.0
Revision:415500
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-descrs, categories [p-x]*

Approved by:	portmgr blanket
27 Apr 2016 21:57:32
Original commit files touched by this commit  2.5.0
Revision:414136
swills search for other commits by this committer
Convert USES=gem:autoplist to USES=gem since autoplist is default
27 Apr 2016 16:36:42
Original commit files touched by this commit  2.5.0
Revision:414118
swills search for other commits by this committer
create USES=gem and update rubygem- ports to use it

Note that for now ports still have to have USE_RUBY=yes to use USES=gem

PR:		209041
Differential Revision:	https://reviews.freebsd.org/D6070
02 Jul 2015 16:01:08
Original commit files touched by this commit  2.5.0
Revision:391169
pgollucci search for other commits by this committer
Set NO_ARCH for remaining rubygem-* ports with no arch dependent files

Obtained from:  DEVELOPER_MODE
With Hat:       ruby@

Sponsored by:   RideCharge Inc / Curb
22 May 2015 20:22:07
Original commit files touched by this commit  2.5.0
Revision:387068
sunpoet search for other commits by this committer
- Add LICENSE
30 Oct 2013 03:00:33
Original commit files touched by this commit  2.5.0
Revision:332053
swills search for other commits by this committer
- Add stage support
20 Sep 2013 23:36:54
Original commit files touched by this commit  2.5.0
Revision:327776
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
www)
09 Dec 2010 02:31:11
Original commit files touched by this commit  2.5.0
pgollucci search for other commits by this committer
- pkg-desc WWW updates
08 Dec 2010 19:18:29
Original commit files touched by this commit  2.5.0
pgollucci search for other commits by this committer
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW:    http://blog.evanweaver.com/#cgi_multipart_eof_fix

Number of commits found: 9

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
apache24Dec 06
mod_http2-develDec 06
chromiumDec 05
ImageMagickDec 04
ImageMagick-nox11Dec 04
ImageMagick7Dec 04
ImageMagick7Dec 04
ImageMagick7-nox11Dec 04
ImageMagick7-nox11Dec 04
py-cryptographyDec 04
py-pillowDec 04
py3-pillowDec 04
qemuDec 04
qemu-develDec 04
qemu-sbrunoDec 04

35 vulnerabilities affecting 76 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 26935
Broken 313
Deprecated 149
Ignore 578
Forbidden 1
Restricted 214
No CDROM 82
Vulnerable 60
Expired 9
Set to expire 128
Interactive 0
new 24 hours 10
new 48 hours19
new 7 days58
new fortnight113
new month275

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.