pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/ruby26-base



Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Mar 12 04:19:09 UTC 2019

Modified Files:
        pkgsrc/lang/ruby26-base: Makefile distinfo

Log Message:
lang/ruby26-base: Add security patch for rubygems

Add security patch for rubygems, fixing these problem.

* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handling
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/ruby26-base/Makefile \
    pkgsrc/lang/ruby26-base/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/ruby26-base/Makefile
diff -u pkgsrc/lang/ruby26-base/Makefile:1.1 pkgsrc/lang/ruby26-base/Makefile:1.2
--- pkgsrc/lang/ruby26-base/Makefile:1.1        Sun Feb  3 13:41:33 2019
+++ pkgsrc/lang/ruby26-base/Makefile    Tue Mar 12 04:19:09 2019
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.1 2019/02/03 13:41:33 taca Exp $
+# $NetBSD: Makefile,v 1.2 2019/03/12 04:19:09 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
+PATCHFILES=    ruby-2.6.1-rubygems.patch
+PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/7664/
+
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
Index: pkgsrc/lang/ruby26-base/distinfo
diff -u pkgsrc/lang/ruby26-base/distinfo:1.1 pkgsrc/lang/ruby26-base/distinfo:1.2
--- pkgsrc/lang/ruby26-base/distinfo:1.1        Sun Feb  3 13:41:33 2019
+++ pkgsrc/lang/ruby26-base/distinfo    Tue Mar 12 04:19:09 2019
@@ -1,5 +1,9 @@
-$NetBSD: distinfo,v 1.1 2019/02/03 13:41:33 taca Exp $
+$NetBSD: distinfo,v 1.2 2019/03/12 04:19:09 taca Exp $
 
+SHA1 (ruby-2.6.1-rubygems.patch) = a12386ef79715b4693e02ad0c00034558b669181
+RMD160 (ruby-2.6.1-rubygems.patch) = f733d14223b8e4270b1114524b0e33f634a822ab
+SHA512 (ruby-2.6.1-rubygems.patch) = 2684ed9c326a989cc75ec25e976f7ffef107d10ccaa54cc83ad48b3fe6f36a1526e6f4bd3a45e29401908d2155e9c3f82b3be14a24ab8c7bef3431f1a0cbbd39
+Size (ruby-2.6.1-rubygems.patch) = 18026 bytes
 SHA1 (ruby-2.6.1.tar.xz) = ba5f4338bb642e3836dd80b73a9df0d1b6e079ae
 RMD160 (ruby-2.6.1.tar.xz) = adccca8036dfc34d00ea71d5a59a2a968de5187b
 SHA512 (ruby-2.6.1.tar.xz) = fb36289a955f0596c683cdadf1e4a9a9fd35222b1e1c6160c2e7cd82e5befd40a7aa4361e55f7a8f83c06ee899ec493821c7db34a60c4ac3bca0e874d33ef1a9



Home | Main Index | Thread Index | Old Index