[pkgsrc/trunk]: pkgsrc/lang lang/ruby23-base: update to 2.3.7, security release

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b4ea41e18f97
branches:  trunk
changeset: 378065:b4ea41e18f97
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Mar 29 03:09:35 2018 +0000

description:
lang/ruby23-base: update to 2.3.7, security release

Ruby 2.3.7 Released                             Posted by usa on 28 Mar 2018

Ruby 2.3.7 has been released.

This release includes about 70 bug fixes after the previous release, and also
includes several security fixes.  Please check the topics below for details.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
  traversal in tempfile and tmpdir
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
  UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

See the ChangeLog for details.

After this release, we will end the normal maintenance phase of Ruby 2.3, and
start the security maintenance phase of it.  This means that after the release
of 2.3.7 we will never backport any bug fixes to 2.3 except security fixes.
The term of the security maintenance phase is scheduled for 1 year.  By the
end of this term, official support of Ruby 2.3 will be over.  Therefore, we
recommend that you start planning to upgrade to Ruby 2.5 or 2.4.

diffstat:

 lang/ruby/rubyversion.mk                  |   4 ++--
 lang/ruby23-base/Makefile                 |   7 +------
 lang/ruby23-base/distinfo                 |  18 +++++-------------
 lang/ruby23-base/patches/patch-man_erb.1  |  24 ------------------------
 lang/ruby23-base/patches/patch-man_irb.1  |  24 ------------------------
 lang/ruby23-base/patches/patch-man_ri.1   |  24 ------------------------
 lang/ruby23-base/patches/patch-man_ruby.1 |  24 ------------------------
 7 files changed, 8 insertions(+), 117 deletions(-)

diffs (182 lines):

diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby/rubyversion.mk
--- a/lang/ruby/rubyversion.mk  Thu Mar 29 03:06:57 2018 +0000
+++ b/lang/ruby/rubyversion.mk  Thu Mar 29 03:09:35 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.193 2018/03/29 03:06:57 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.194 2018/03/29 03:09:35 taca Exp $
 #
 
 # This file determines which Ruby version is used as a dependency for
@@ -215,7 +215,7 @@
 
 # current supported Ruby's version
 RUBY22_VERSION=                2.2.9
-RUBY23_VERSION=                2.3.6
+RUBY23_VERSION=                2.3.7
 RUBY24_VERSION=                2.4.4
 RUBY25_VERSION=                2.5.1
 
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/Makefile
--- a/lang/ruby23-base/Makefile Thu Mar 29 03:06:57 2018 +0000
+++ b/lang/ruby23-base/Makefile Thu Mar 29 03:09:35 2018 +0000
@@ -1,15 +1,10 @@
-# $NetBSD: Makefile,v 1.15 2018/02/23 15:26:14 wiz Exp $
+# $NetBSD: Makefile,v 1.16 2018/03/29 03:09:35 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
-PKGREVISION=   2
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
-PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/7029/
-PATCHFILES=    rubygems-276-for-ruby23.patch
-PATCH_DIST_STRIP=      -p0
-
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/distinfo
--- a/lang/ruby23-base/distinfo Thu Mar 29 03:06:57 2018 +0000
+++ b/lang/ruby23-base/distinfo Thu Mar 29 03:09:35 2018 +0000
@@ -1,13 +1,9 @@
-$NetBSD: distinfo,v 1.15 2018/02/19 16:46:26 taca Exp $
+$NetBSD: distinfo,v 1.16 2018/03/29 03:09:35 taca Exp $
 
-SHA1 (ruby-2.3.6.tar.bz2) = 07c3b66d544dd22c22fbae3f16cfb3eeb88b7b1e
-RMD160 (ruby-2.3.6.tar.bz2) = 664e027a6f172212ac8ebff3aa9b99df4e99906b
-SHA512 (ruby-2.3.6.tar.bz2) = bc3c7a115745a38e44bd91eb5637b1e412011c471d9749db7960185ef75737b944dd0e524f22432809649952ca7d93f46d458990e9cd2b0db5ca8abf4bc8ea99
-Size (ruby-2.3.6.tar.bz2) = 14429114 bytes
-SHA1 (rubygems-276-for-ruby23.patch) = 859334e0313e522826b28c4878611f34c46b7526
-RMD160 (rubygems-276-for-ruby23.patch) = c4d7718b7e4845811bf54917ca185ac49c75d6b3
-SHA512 (rubygems-276-for-ruby23.patch) = b2b363bec953aa4cfd17bd501753a621b829d5052780f33c6d74d813f128f703a4dd59db53ac59860aed6f741fd1a77b1ef173523f0f8b49b91282e5c8181961
-Size (rubygems-276-for-ruby23.patch) = 19953 bytes
+SHA1 (ruby-2.3.7.tar.bz2) = 3bb88965405da5e4de2432eeb445fffa8a66fb33
+RMD160 (ruby-2.3.7.tar.bz2) = cb8f83f773a0d1cfc8595148ac61aff253f6b67d
+SHA512 (ruby-2.3.7.tar.bz2) = e72754f7703f0706c4b0bccd053035536053451fe069a55427984cc0bc5692b86bd51c243c5f62f78527c66b08300d2e4aa19b73e6ded13d6020aa2450e66a7d
+Size (ruby-2.3.7.tar.bz2) = 14421177 bytes
 SHA1 (patch-configure) = 3737bf52082288b02e7382d71a322f4822c5abe4
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
 SHA1 (patch-ext_openssl_ossl__ssl.c) = 24e794aae278da6204e29212d9e2add0b0119ea4
@@ -22,9 +18,5 @@
 SHA1 (patch-lib_rubygems_installer.rb) = 37218b0ebf874095dce8b92bc30b5beb720e13a2
 SHA1 (patch-lib_rubygems_platform.rb) = 244a6698636012235882ae606ae3a3b4dffd3faf
 SHA1 (patch-lib_rubygems_specification.rb) = 46f517d6128d1366c0a302a7d04d2caec7ec948f
-SHA1 (patch-man_erb.1) = a03758f5ae399463b140fbac92c39e6ccc9d18bd
-SHA1 (patch-man_irb.1) = bf3cd43511ddc51a41dced16f2be1c9f8018d226
-SHA1 (patch-man_ri.1) = d8917e7a08bbc3eb41349570cc658d40c1b3463f
-SHA1 (patch-man_ruby.1) = c6d1de29fe470024b926226615d97d485dececd9
 SHA1 (patch-test_rubygems_test__gem.rb) = 47cc7af18fc5f30d6d695e70851cfaf3205a9266
 SHA1 (patch-tool_rbinstall.rb) = 159b657293029cb5bc096d7c23ae85fe05c88ba2
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/patches/patch-man_erb.1
--- a/lang/ruby23-base/patches/patch-man_erb.1  Thu Mar 29 03:06:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-man_erb.1,v 1.1 2015/12/30 14:59:42 taca Exp $
-
-* Fix mdoc markup.
-
---- man/erb.1.orig     2015-05-23 09:38:49.000000000 +0000
-+++ man/erb.1
-@@ -143,12 +143,12 @@ class.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
--.Aq security%ruby-lang.org@localhost Ns
--.Li .
-+.It
-+Security vulnerabilities should be reported via an email to
-+.Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System (http://bugs.ruby-lang.org).
- Do not report security vulnerabilities
- via the system because it publishes the vulnerabilities immediately.
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/patches/patch-man_irb.1
--- a/lang/ruby23-base/patches/patch-man_irb.1  Thu Mar 29 03:06:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-man_irb.1,v 1.1 2015/12/30 14:59:42 taca Exp $
-
-* Fix mdoc markup.
-
---- man/irb.1.orig     2015-05-23 09:38:49.000000000 +0000
-+++ man/irb.1
-@@ -159,12 +159,12 @@ Personal irb initialization.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
--.Aq security%ruby-lang.org@localhost Ns
--.Li .
-+.It
-+Security vulnerabilities should be reported via an email to
-+.Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System (http://bugs.ruby-lang.org).
- Do not report security vulnerabilities
- via the system because it publishes the vulnerabilities immediately.
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/patches/patch-man_ri.1
--- a/lang/ruby23-base/patches/patch-man_ri.1   Thu Mar 29 03:06:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-man_ri.1,v 1.1 2015/12/30 14:59:42 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ri.1.orig      2015-05-23 09:38:49.000000000 +0000
-+++ man/ri.1
-@@ -166,12 +166,12 @@ Searches user-wide documents here.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
--.Aq security%ruby-lang.org@localhost Ns
--.Li .
-+.It
-+Security vulnerabilities should be reported via an email to
-+.Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System (http://bugs.ruby-lang.org).
- Do not report security vulnerabilities
- via the system because it publishes the vulnerabilities immediately.
diff -r 87c497db11c2 -r b4ea41e18f97 lang/ruby23-base/patches/patch-man_ruby.1
--- a/lang/ruby23-base/patches/patch-man_ruby.1 Thu Mar 29 03:06:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-man_ruby.1,v 1.1 2015/12/30 14:59:42 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ruby.1.orig    2015-11-15 02:04:37.000000000 +0000
-+++ man/ruby.1
-@@ -632,12 +632,12 @@ Comprehensive catalog of Ruby libraries.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
--.Aq security%ruby-lang.org@localhost Ns
--.Li .
-+.It
-+Security vulnerabilities should be reported via an email to
-+.Aq security%ruby-lang.org@localhost .
- Reported problems will be published after they've been fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System (https://bugs.ruby-lang.org/).
- Do not report security vulnerabilities
- via the system because it publishes the vulnerabilities immediately.