[Mongrel] mongrel, gem & cgi_multipart_eof_fix updates

Sam Giffney samuelgiffney at gmail.com
Thu Feb 8 20:37:23 EST 2007


This might just have affected my particular setup but thought it might
be worth noting for others.

>gem -v
0.9.2

>gem list --local
cgi_multipart_eof_fix (1.0.0)
    Fix an exploitable bug in CGI multipart parsing which affects Ruby
    <= 1.8.5.
mongrel (1.0.1, 1.0, 0.3.20, 0.3.18, 0.3.13.4)
    A small fast HTTP library and server that runs Rails, Camping, Nitro
    and Iowa apps.

>gem outdated
cgi_multipart_eof_fix (1.0.0 < 1.0.0)

which I thought was weird. Reinstalling the latest mongrel didn't
update the cgi_multipart_eof_fix

>gem install mongrel --source=http://mongrel.rubyforge.org/releases/
Building native extensions.  This could take a while...
Successfully installed mongrel-1.0.1
Installing ri documentation for mongrel-1.0.1...
Installing RDoc documentation for mongrel-1.0.1...

but uninstalling

>gem uninstall cgi_multipart_eof_fix
You have requested to uninstall the gem:
        cgi_multipart_eof_fix-1.0.0
mongrel-1.0.1 depends on [cgi_multipart_eof_fix (>= 1.0.0)]

then reinstalling mongrel updated it

>gem install mongrel --source=http://mongrel.rubyforge.org/releases/
Building native extensions.  This could take a while...
Successfully installed mongrel-1.0.1
Successfully installed cgi_multipart_eof_fix-2.1
Installing ri documentation for mongrel-1.0.1...
Installing ri documentation for cgi_multipart_eof_fix-2.1...
Installing RDoc documentation for mongrel-1.0.1...
Installing RDoc documentation for cgi_multipart_eof_fix-2.1...

Maybe just my system, or some weird rubygem thang. Hopefully of
interest to someone.
Thanks Zed.
Sam


More information about the Mongrel-users mailing list