CVS commit: [pkgsrc-2026Q1] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2026Q1] pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sat, 9 May 2026 16:21:05 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat May  9 16:21:05 UTC 2026

Modified Files:
        pkgsrc/lang/ruby [pkgsrc-2026Q1]: rubyversion.mk
        pkgsrc/lang/ruby40 [pkgsrc-2026Q1]: Makefile PLIST distinfo

Log Message:
Pullup ticket #7103 - requested by taca
lang/ruby40: security fix

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.320
- lang/ruby40/Makefile                                          1.2
- lang/ruby40/PLIST                                             1.2
- lang/ruby40/distinfo                                          1.5

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue May  5 14:09:07 UTC 2026

   Modified Files:
        pkgsrc/lang/ruby: rubyversion.mk
        pkgsrc/lang/ruby40: Makefile PLIST distinfo

   Log Message:
   lang/ruby: update to 4.0.3

   4.0.3 (2026-04-21)

   What's Changed

   * Prohibit def_method on marshal-loaded ERB instances (CVE-2026-41316)


To generate a diff of this commit:
cvs rdiff -u -r1.314.2.3 -r1.314.2.4 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.1 -r1.1.2.1 pkgsrc/lang/ruby40/Makefile \
    pkgsrc/lang/ruby40/PLIST
cvs rdiff -u -r1.4 -r1.4.2.1 pkgsrc/lang/ruby40/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/ruby/rubyversion.mk
diff -u pkgsrc/lang/ruby/rubyversion.mk:1.314.2.3 pkgsrc/lang/ruby/rubyversion.mk:1.314.2.4
--- pkgsrc/lang/ruby/rubyversion.mk:1.314.2.3   Wed Apr  1 21:16:41 2026
+++ pkgsrc/lang/ruby/rubyversion.mk     Sat May  9 16:21:05 2026
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.314.2.3 2026/04/01 21:16:41 maya Exp $
+# $NetBSD: rubyversion.mk,v 1.314.2.4 2026/05/09 16:21:05 bsiegert Exp $
 #
 
 # This file determines which Ruby version is used as a dependency for
@@ -215,7 +215,7 @@ RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/rub
 RUBY32_VERSION=                3.2.11
 RUBY33_VERSION=                3.3.11
 RUBY34_VERSION=                3.4.9
-RUBY40_VERSION=                4.0.2
+RUBY40_VERSION=                4.0.3
 
 # current API compatible version; used for version of shared library
 RUBY32_API_VERSION=    3.2.0
@@ -572,7 +572,7 @@ RUBY_CGI_VER=                       0.4.2   #
 RUBY_DELEGATE_VER=             0.6.1
 RUBY_DID_YOU_MEAN_VER=         2.0.0
 RUBY_ENGLISH_VER=              0.8.1
-RUBY_ERB_VER=                  6.0.1
+RUBY_ERB_VER=                  6.0.1.1
 RUBY_ERROR_HIGHLIGHT_VER=      0.7.1
 RUBY_FILEUTILS_VER=            1.8.0
 RUBY_FIND_VER=                 0.2.0

Index: pkgsrc/lang/ruby40/Makefile
diff -u pkgsrc/lang/ruby40/Makefile:1.1 pkgsrc/lang/ruby40/Makefile:1.1.2.1
--- pkgsrc/lang/ruby40/Makefile:1.1     Tue Feb  3 16:00:33 2026
+++ pkgsrc/lang/ruby40/Makefile Sat May  9 16:21:05 2026
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1 2026/02/03 16:00:33 taca Exp $
+# $NetBSD: Makefile,v 1.1.2.1 2026/05/09 16:21:05 bsiegert Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-${RUBY_VERSION}
@@ -47,7 +47,7 @@ CONFIGURE_ARGS+=      --with-ruby-pc="ruby-${
 CONFIGURE_ENV+=                ac_cv_path_MJIT_CC=${CC:Q}
 CONFIGURE_ENV.Darwin+= ac_cv_prog_dsymutil=
 
-DOCS=          BSDL CONTRIBUTING.md COPYING COPYING.ja ChangeLog GPL \
+DOCS=          BSDL CONTRIBUTING.md COPYING COPYING.ja GPL \
                KNOWNBUGS.rb LEGAL NEWS.md README.ja.md README.md \
                README.EXT README.EXT.ja
 
Index: pkgsrc/lang/ruby40/PLIST
diff -u pkgsrc/lang/ruby40/PLIST:1.1 pkgsrc/lang/ruby40/PLIST:1.1.2.1
--- pkgsrc/lang/ruby40/PLIST:1.1        Tue Feb  3 16:00:33 2026
+++ pkgsrc/lang/ruby40/PLIST    Sat May  9 16:21:05 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2026/02/03 16:00:33 taca Exp $
+@comment $NetBSD: PLIST,v 1.1.2.1 2026/05/09 16:21:05 bsiegert Exp $
 bin/bundle${RUBY_SUFFIX}
 bin/bundler${RUBY_SUFFIX}
 bin/erb${RUBY_SUFFIX}
@@ -2897,7 +2897,6 @@ ${RUBY_DOC}/BSDL
 ${RUBY_DOC}/CONTRIBUTING.md
 ${RUBY_DOC}/COPYING
 ${RUBY_DOC}/COPYING.ja
-${RUBY_DOC}/ChangeLog
 ${RUBY_DOC}/ChangeLog.prev/ChangeLog-0.06_to_0.52
 ${RUBY_DOC}/ChangeLog.prev/ChangeLog-0.50_to_0.60
 ${RUBY_DOC}/ChangeLog.prev/ChangeLog-0.60_to_1.1

Index: pkgsrc/lang/ruby40/distinfo
diff -u pkgsrc/lang/ruby40/distinfo:1.4 pkgsrc/lang/ruby40/distinfo:1.4.2.1
--- pkgsrc/lang/ruby40/distinfo:1.4     Sun Mar 22 13:20:18 2026
+++ pkgsrc/lang/ruby40/distinfo Sat May  9 16:21:05 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.4 2026/03/22 13:20:18 taca Exp $
+$NetBSD: distinfo,v 1.4.2.1 2026/05/09 16:21:05 bsiegert Exp $
 
-BLAKE2s (ruby-4.0.2.tar.xz) = 3a09b9377bff12ff0fa5e1ee4688d4b0e57cc6676afbc891f9820eb49849650b
-SHA512 (ruby-4.0.2.tar.xz) = be71a5452068dfc3c86b8ec07456b3fdf6dc64e8c0cd16c358fc4ed8ac08707a9c28285ea8a79dbef82031d8c93c71032a82a0b45f3c9ac5325bf3b70d06fbf2
-Size (ruby-4.0.2.tar.xz) = 17874724 bytes
+BLAKE2s (ruby-4.0.3.tar.xz) = 0d31978571c4c160cce72d1bab331681206800c6ec1fb61f63f9947c9d2186be
+SHA512 (ruby-4.0.3.tar.xz) = 5816fb264ce76df59f4bfe0cadceb45025fada2e61f2c14024d6b03f63d304820cddf94afcf82a4951fd12f3b0d9148683f856f3f2245d56042fc8407b6cbff5
+Size (ruby-4.0.3.tar.xz) = 17878572 bytes
 SHA1 (patch-.bundle_gems_rdoc-7.0.3_lib_rdoc_encoding.rb) = e46514327db9c2fb7f6eccd9c8af52e85c6310cd
 SHA1 (patch-.bundle_gems_rdoc-7.0.3_lib_rdoc_generator_template_aliki___header.rhtml) = e8752b12058f5e71e31d696de65da9360dc5d12d
 SHA1 (patch-common.mk) = c23eed58427b2fd4ba8fdb3692f609701a666c6d

Prev by Date: CVS commit: pkgsrc/net/libnfs
Previous by Thread: CVS commit: pkgsrc/net/libnfs
Indexes:

Home | Main Index | Thread Index | Old Index