From b1748af87f120b62540c7fd04c0e926dbaf1efd1 Mon Sep 17 00:00:00 2001 From: Vít Ondruch Date: Dec 08 2022 17:06:47 +0000 Subject: Fix CGI causing issue with leading '.' in domain names. The original issue broke rubygem-actionpack: https://github.com/rails/rails/issues/46578 https://github.com/rails/rails/pull/46595 rubygem-rack: https://github.com/rack/rack/pull/1988 And rack-test (where I have not checked details). --- diff --git a/ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch b/ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch new file mode 100644 index 0000000..21579c5 --- /dev/null +++ b/ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch @@ -0,0 +1,38 @@ +From 656f25987cf2885104d5b13c8d3f5b7d32f1b333 Mon Sep 17 00:00:00 2001 +From: Jean Boussier +Date: Wed, 23 Nov 2022 12:10:36 +0100 +Subject: [PATCH] [ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on + older rubies + +https://github.com/ruby/cgi/commit/05f0c58048 +--- + test/cgi/test_cgi_cookie.rb | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb +index e3ec4bea5286..6d31932d321a 100644 +--- a/test/cgi/test_cgi_cookie.rb ++++ b/test/cgi/test_cgi_cookie.rb +@@ -62,18 +62,18 @@ def test_cgi_cookie_new_complex + + def test_cgi_cookie_new_with_domain + h = {'name'=>'name1', 'value'=>'value1'} +- cookie = CGI::Cookie.new('domain'=>'a.example.com', **h) ++ cookie = CGI::Cookie.new(h.merge('domain'=>'a.example.com')) + assert_equal('a.example.com', cookie.domain) + +- cookie = CGI::Cookie.new('domain'=>'1.example.com', **h) ++ cookie = CGI::Cookie.new(h.merge('domain'=>'1.example.com')) + assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123') + + assert_raise(ArgumentError) { +- CGI::Cookie.new('domain'=>'-a.example.com', **h) ++ CGI::Cookie.new(h.merge('domain'=>'-a.example.com')) + } + + assert_raise(ArgumentError) { +- CGI::Cookie.new('domain'=>'a-.example.com', **h) ++ CGI::Cookie.new(h.merge('domain'=>'a-.example.com')) + } + end + diff --git a/ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch b/ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch new file mode 100644 index 0000000..f217281 --- /dev/null +++ b/ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch @@ -0,0 +1,44 @@ +From 745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649 Mon Sep 17 00:00:00 2001 +From: Xenor Chang +Date: Mon, 28 Nov 2022 12:34:06 +0800 +Subject: [PATCH] [ruby/cgi] Loosen the domain regex to accept '.' + (https://github.com/ruby/cgi/pull/29) + +* Loosen the domain regex to accept '.' + +Co-authored-by: Nobuyoshi Nakada + +https://github.com/ruby/cgi/commit/5e09d632f3 +Co-authored-by: Hiroshi SHIBATA +--- + lib/cgi/cookie.rb | 2 +- + test/cgi/test_cgi_cookie.rb | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb +index 1a9c1a82c123..9498e2f9faf9 100644 +--- a/lib/cgi/cookie.rb ++++ b/lib/cgi/cookie.rb +@@ -42,7 +42,7 @@ class Cookie < Array + + TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z" + PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z" +- DOMAIN_VALUE_RE = %r"\A(?