mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-10 02:33:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b45fdb365db1d9b7ecec0096f26dc2b52141e479
poky/meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
Ashish Sharma 1c48e482e2 ruby: Fix CVE-2025-27219 
Upstream-Status: Backport from [9907b76dad]

(From OE-Core rev: 7e0a96b5c0b7a5ca593df83861086d0980ea72e9)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-15 06:40:07 -07:00

32 lines
1.1 KiB
Diff
Raw Blame History

From 9907b76dad0777ee300de236dad4b559e07596ab Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 21 Feb 2025 16:01:17 +0900
Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
Upstream-Status: Backport [https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab]
CVE: CVE-2025-27219
Signed-off-by: Ashish Sharma <asharma@mvista.com>
lib/cgi/cookie.rb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index 9498e2f..1c4ef6a 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
values ||= ""
values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
if cookies.has_key?(name)
- values = cookies[name].value + values
+ cookies[name].concat(values)
+ else
+ cookies[name] = Cookie.new(name, *values)
end
- cookies[name] = Cookie.new(name, *values)
end
cookies
Reference in New Issue View Git Blame Copy Permalink