[pkgsrc/trunk]: pkgsrc/lang Add patch to fix vulnerabilities of rubygems.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang Add patch to fix vulnerabilities of rubygems.
From: taca <taca%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 07:45:32 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/696b7e29409c
branches:  trunk
changeset: 367340:696b7e29409c
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed Aug 30 03:32:55 2017 +0000

description:
Add patch to fix vulnerabilities of rubygems.

https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

* a DNS request hijacking vulnerability
* an ANSI escape sequence vulnerability
* a DoS vulernerability in the query command
* a vulnerability in the gem installer that allowed a malicious gem to
  overwrite arbitrary files

Bump PKGREVISION.

diffstat:

 lang/ruby22-base/Makefile |   6 +++++-
 lang/ruby22-base/distinfo |   6 +++++-
 lang/ruby23-base/Makefile |   6 +++++-
 lang/ruby23-base/distinfo |   6 +++++-
 lang/ruby24-base/Makefile |   6 +++++-
 lang/ruby24-base/distinfo |  10 +++++++++-
 6 files changed, 34 insertions(+), 6 deletions(-)

diffs (116 lines):

diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby22-base/Makefile
--- a/lang/ruby22-base/Makefile Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby22-base/Makefile Wed Aug 30 03:32:55 2017 +0000
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.17 2017/05/30 15:46:21 taca Exp $
+# $NetBSD: Makefile,v 1.18 2017/08/30 03:32:55 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
+PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/6690/
+PATCHFILES=    rubygems-2613-ruby22.patch
+
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby22-base/distinfo
--- a/lang/ruby22-base/distinfo Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby22-base/distinfo Wed Aug 30 03:32:55 2017 +0000
@@ -1,9 +1,13 @@
-$NetBSD: distinfo,v 1.18 2017/07/06 16:35:05 taca Exp $
+$NetBSD: distinfo,v 1.19 2017/08/30 03:32:55 taca Exp $
 
 SHA1 (ruby-2.2.7.tar.bz2) = 0b5b79f55a1e7a7c2f6600e75167c1b9cc435042
 RMD160 (ruby-2.2.7.tar.bz2) = 5aef4d373a0ea7434b7c32098b43ecc6fba542a6
 SHA512 (ruby-2.2.7.tar.bz2) = 83756cd1c91516962b83961e0de59d858618f7ed3e9795f930aab4f199d47a95ed8f867d8aa9b51d508be26d9babf2140117c88241168bac41e6ef702cfadf20
 Size (ruby-2.2.7.tar.bz2) = 13381078 bytes
+SHA1 (rubygems-2613-ruby22.patch) = e5199afa6cfbe07f729dafab5f1358e7ed193b84
+RMD160 (rubygems-2613-ruby22.patch) = b80aa70e6ba6f5b62d4797b5d0f6e9390203a7ce
+SHA512 (rubygems-2613-ruby22.patch) = 301a32b3107ab03642a900660b8b43a62263e55a0d6d645ca4dd95d38e0c5068e84c1ec85ef0cd7bb2063433fcf26f0037cf32e6cb149f8a74950d3e2c083ab2
+Size (rubygems-2613-ruby22.patch) = 11094 bytes
 SHA1 (patch-configure) = fda86ab23ec6291f3a51001793686904d4433b38
 SHA1 (patch-ext_dbm_extconf.rb) = ee932265052613d458375ad1a760a09fefb9d959
 SHA1 (patch-ext_openssl_ossl__ssl.c) = e887a5576959921da116a5cee629c25610169593
diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby23-base/Makefile
--- a/lang/ruby23-base/Makefile Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby23-base/Makefile Wed Aug 30 03:32:55 2017 +0000
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.9 2017/05/30 15:46:22 taca Exp $
+# $NetBSD: Makefile,v 1.10 2017/08/30 03:33:17 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
+PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/6691/
+PATCHFILES=    rubygems-2613-ruby23.patch
+
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby23-base/distinfo
--- a/lang/ruby23-base/distinfo Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby23-base/distinfo Wed Aug 30 03:32:55 2017 +0000
@@ -1,9 +1,13 @@
-$NetBSD: distinfo,v 1.8 2017/07/24 13:38:42 taca Exp $
+$NetBSD: distinfo,v 1.9 2017/08/30 03:33:17 taca Exp $
 
 SHA1 (ruby-2.3.4.tar.bz2) = f5b18e7149ec7620444c91962e695708829d0216
 RMD160 (ruby-2.3.4.tar.bz2) = a44c9f342a401e75c33a2442b9460b2b1ef7f0f5
 SHA512 (ruby-2.3.4.tar.bz2) = ad1f16142615498232d0de85149585be1d2c5de2bc40ec160d272a09e098ef6f317d8b25026001735261fd1c5bc0d1f8513a8474e89f0d86eed5b2fe7338d64e
 Size (ruby-2.3.4.tar.bz2) = 14434361 bytes
+SHA1 (rubygems-2613-ruby23.patch) = 69a6c97a18493f61ad1fce0a4bb4aed2ba440c9c
+RMD160 (rubygems-2613-ruby23.patch) = c27c1d5e3104eaa51752d8be924ef9bdee19f3ea
+SHA512 (rubygems-2613-ruby23.patch) = 5cade80e97959ce68008e86df0ca3aba0a131f087a4b476ec6a53bef363504b56316733d522ec54d19fbbdcdb04586c403dd8f0322812faf425b9f496578705d
+Size (rubygems-2613-ruby23.patch) = 11119 bytes
 SHA1 (patch-compile.c) = c17c1b4088bd4e7be0212b78ec0215d27013a52c
 SHA1 (patch-configure) = 9325d9527e96a8f56078c6b78d3f1334803b0d94
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby24-base/Makefile
--- a/lang/ruby24-base/Makefile Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby24-base/Makefile Wed Aug 30 03:32:55 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2017/06/27 15:25:19 jperkin Exp $
+# $NetBSD: Makefile,v 1.4 2017/08/30 03:33:39 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
@@ -6,6 +6,10 @@
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
+PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/6692/ \
+               https://bugs.ruby-lang.org/attachments/download/6693/
+PATCHFILES=    rubygems-2612-ruby24.patch rubygems-2613-ruby24.patch
+
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
diff -r f295e1f3ee43 -r 696b7e29409c lang/ruby24-base/distinfo
--- a/lang/ruby24-base/distinfo Tue Aug 29 23:38:24 2017 +0000
+++ b/lang/ruby24-base/distinfo Wed Aug 30 03:32:55 2017 +0000
@@ -1,9 +1,17 @@
-$NetBSD: distinfo,v 1.2 2017/06/27 15:25:19 jperkin Exp $
+$NetBSD: distinfo,v 1.3 2017/08/30 03:33:39 taca Exp $
 
 SHA1 (ruby-2.4.1.tar.bz2) = b0bec75c260dcb81ca386fafef27bd718f8c28ad
 RMD160 (ruby-2.4.1.tar.bz2) = 02f0be92b3fb3fbb4bd1f945359c0d45297cefc6
 SHA512 (ruby-2.4.1.tar.bz2) = 1c80d4c30ecb51758a193b26b76802a06d214de7f15570f1e85b5fae4cec81bda7237f086b81f6f2b5767f2e93d347ad1fa3f49d7b5c2e084d5f57c419503f74
 Size (ruby-2.4.1.tar.bz2) = 12571597 bytes
+SHA1 (rubygems-2612-ruby24.patch) = 5da389b3858c8392a58ab1ab25c654e174c23857
+RMD160 (rubygems-2612-ruby24.patch) = db0542664fa3e4ac3b5f50a83644b2dca2c30a75
+SHA512 (rubygems-2612-ruby24.patch) = 03d4925fab0c5b47e033a69cb3b5807f9af218b745cfee57487e5120fbd468e568ba498709aae3adcce80d9584692e9cd71f659e79ba1ad5c2dc318610ae3dd2
+Size (rubygems-2612-ruby24.patch) = 13536 bytes
+SHA1 (rubygems-2613-ruby24.patch) = 002496ebe06922edf106638b80a29f9311411a42
+RMD160 (rubygems-2613-ruby24.patch) = 8476e8a8cf5ec19886f01dc2c4e3999b495a2105
+SHA512 (rubygems-2613-ruby24.patch) = 94c9963d6c917ded90f12748d61083e2a5cb8e41ae61c50b329930aaa6104eaec5426c32cbc3a8fe01e48564d004cfbc3eea2a5c1e1bb598fc4dad69d2ea5c93
+Size (rubygems-2613-ruby24.patch) = 11119 bytes
 SHA1 (patch-configure) = 680a13e6405a8aab61eba078f6d88488b426885c
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
 SHA1 (patch-ext_openssl_ossl__ssl.c) = 03ec33b438f3269910d10fb221d1cfe8df33c9ee
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Note update of ruby-base packages:
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated games/hitori to 3.22.3
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Note update of ruby-base packages:
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated games/hitori to 3.22.3
Indexes:
Home | Main Index | Thread Index | Old Index