Backport webrick patch for CVE-2020-25613

[Backport #17201]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67892 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

6 files changed, 8 insertions, 8 deletions

diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
index e402099a30..c73f48c6df 100644
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -226,9 +226,9 @@ module WEBrick
         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
       end
 
-      if /close/io =~ self["connection"]
+      if /\Aclose\z/io =~ self["connection"]
         @keep_alive = false
-      elsif /keep-alive/io =~ self["connection"]
+      elsif /\Akeep-alive\z/io =~ self["connection"]
         @keep_alive = true
       elsif @http_version < "1.1"
         @keep_alive = false
@@ -503,7 +503,7 @@ module WEBrick
       return unless socket
       if tc = self['transfer-encoding']
         case tc
-        when /chunked/io then read_chunked(socket, block)
+        when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
         end
       elsif self['content-length'] || @remaining_size
diff --git a/lib/webrick/version.rb b/lib/webrick/version.rb
index ee6b415eef..c23df9a912 100644
--- a/lib/webrick/version.rb
+++ b/lib/webrick/version.rb
@@ -14,5 +14,5 @@ module WEBrick
   ##
   # The WEBrick version
 
-  VERSION      = "1.4.2"
+  VERSION      = "1.4.4"
 end
diff --git a/test/webrick/test_httpproxy.rb b/test/webrick/test_httpproxy.rb
index a9f6f7d610..504eb1f915 100644
--- a/test/webrick/test_httpproxy.rb
+++ b/test/webrick/test_httpproxy.rb
@@ -213,7 +213,7 @@ class TestWEBrickHTTPProxy < Test::Unit::TestCase
         end
       end
     end
-  end
+  end if RUBY_VERSION >= '2.5'
 
   def make_certificate(key, cn)
     subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=#{cn}")
diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb
index a6e70da7e8..2e5d44940c 100644
--- a/test/webrick/test_httpserver.rb
+++ b/test/webrick/test_httpserver.rb
@@ -253,7 +253,7 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase
       server.virtual_host(WEBrick::HTTPServer.new(vhost_config))
 
       Thread.pass while server.status != :Running
-      sleep 1 if RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait
+      sleep 1 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait
       assert_equal(1, started, log.call)
       assert_equal(0, stopped, log.call)
       assert_equal(0, accepted, log.call)
diff --git a/test/webrick/test_server.rb b/test/webrick/test_server.rb
index 5f7f3a0b58..8162a186db 100644
--- a/test/webrick/test_server.rb
+++ b/test/webrick/test_server.rb
@@ -65,7 +65,7 @@ class TestWEBrickServer < Test::Unit::TestCase
     }
     TestWEBrick.start_server(Echo, config){|server, addr, port, log|
       true while server.status != :Running
-      sleep 1 if RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait
+      sleep 1 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # server.status behaves unexpectedly with --jit-wait
       assert_equal(1, started, log.call)
       assert_equal(0, stopped, log.call)
       assert_equal(0, accepted, log.call)
diff --git a/version.h b/version.h
index 10897716f8..373ee70a65 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.6.7"
 #define RUBY_RELEASE_DATE "2021-01-31"
-#define RUBY_PATCHLEVEL 152
+#define RUBY_PATCHLEVEL 153
 
 #define RUBY_RELEASE_YEAR 2021
 #define RUBY_RELEASE_MONTH 1