[pkgsrc/trunk]: pkgsrc/lang lang/ruby24-base: update to 2.4.4, security release

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f33c220d29e4
branches:  trunk
changeset: 378063:f33c220d29e4
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Mar 29 03:04:47 2018 +0000

description:
lang/ruby24-base: update to 2.4.4, security release

Ruby 2.4.4 Released                     Posted by nagachika on 28 Mar 2018

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
  traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
  UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

There are also some bug fixes. See commit logs for more details.

diffstat:

 lang/ruby/rubyversion.mk                  |   8 ++++----
 lang/ruby24-base/Makefile                 |   7 +------
 lang/ruby24-base/distinfo                 |  18 +++++-------------
 lang/ruby24-base/patches/patch-man_erb.1  |  22 ----------------------
 lang/ruby24-base/patches/patch-man_irb.1  |  22 ----------------------
 lang/ruby24-base/patches/patch-man_ri.1   |  22 ----------------------
 lang/ruby24-base/patches/patch-man_ruby.1 |  22 ----------------------
 7 files changed, 10 insertions(+), 111 deletions(-)

diffs (185 lines):

diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby/rubyversion.mk
--- a/lang/ruby/rubyversion.mk  Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby/rubyversion.mk  Thu Mar 29 03:04:47 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.191 2018/02/25 12:24:15 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.192 2018/03/29 03:04:47 taca Exp $
 #
 
 # This file determines which Ruby version is used as a dependency for
@@ -216,7 +216,7 @@
 # current supported Ruby's version
 RUBY22_VERSION=                2.2.9
 RUBY23_VERSION=                2.3.6
-RUBY24_VERSION=                2.4.3
+RUBY24_VERSION=                2.4.4
 RUBY25_VERSION=                2.5.0
 
 # current API compatible version; used for version of shared library
@@ -314,9 +314,9 @@
 RUBY_RAKE_VERSION=     12.0.0
 RUBY_JSON_VERSION=     2.0.4
 
-RUBY_BIGDECIMAL_VERSION=       1.3.0
+RUBY_BIGDECIMAL_VERSION=       1.3.2
 RUBY_IO_CONSOLE_VERSION=       0.4.6
-RUBY_OPENSSL_VERSION=          2.0.5
+RUBY_OPENSSL_VERSION=          2.0.7
 RUBY_PSYCH_VERSION=            2.2.2
 RUBY_DID_YOU_MEAN_VERSION=     1.1.0
 RUBY_MINITEST_VERSION=         5.10.1
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/Makefile
--- a/lang/ruby24-base/Makefile Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby24-base/Makefile Thu Mar 29 03:04:47 2018 +0000
@@ -1,15 +1,10 @@
-# $NetBSD: Makefile,v 1.7 2018/02/19 16:46:58 taca Exp $
+# $NetBSD: Makefile,v 1.8 2018/03/29 03:04:47 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
-PKGREVISION=   2
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
-PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/7028/
-PATCHFILES=    rubygems-276-for-ruby24.patch
-PATCH_DIST_STRIP=      -p0
-
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/distinfo
--- a/lang/ruby24-base/distinfo Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby24-base/distinfo Thu Mar 29 03:04:47 2018 +0000
@@ -1,13 +1,9 @@
-$NetBSD: distinfo,v 1.8 2018/02/19 16:46:58 taca Exp $
+$NetBSD: distinfo,v 1.9 2018/03/29 03:04:47 taca Exp $
 
-SHA1 (ruby-2.4.3.tar.bz2) = 3ca96536320b915762d57fe1ee540df6810bf631
-RMD160 (ruby-2.4.3.tar.bz2) = f02b5ca6b577351c8852a99eecaa4d4a3dda026f
-SHA512 (ruby-2.4.3.tar.bz2) = fb4339e30c04d03b1422b6c32ede45902e072cd26325b36f3fc05c341d42eea6431d88718242dcc9ce24d9cad26f3d26772f2e806bd7d93f40be50268c318409
-Size (ruby-2.4.3.tar.bz2) = 12615068 bytes
-SHA1 (rubygems-276-for-ruby24.patch) = ed8c182b8c5391dcb975089c43a90786b398d274
-RMD160 (rubygems-276-for-ruby24.patch) = 5a5697d9520418a48fff24148e4b1263d3a3cd63
-SHA512 (rubygems-276-for-ruby24.patch) = f94248f7208c63db1a7c89537d8b1c541a8cf003d697bccaf8238004c45e9293d0ac9ae42fc97ef72fa761b97d8da1d049a863c96707721b04c90256f960e669
-Size (rubygems-276-for-ruby24.patch) = 19937 bytes
+SHA1 (ruby-2.4.4.tar.bz2) = 1cc548ba3eb821e29ab92ac13e1d5c7bf23b1526
+RMD160 (ruby-2.4.4.tar.bz2) = 38aacd0ef60f4927318bb06cc997304681638c1e
+SHA512 (ruby-2.4.4.tar.bz2) = ae632852a5f413561d8134e9ef3bb82adb37317696dd293ef92cb76709ecd45718f14116ecce35b12f1c2dd53ccae8dabc7a924a270072b697512d11f4922347
+Size (ruby-2.4.4.tar.bz2) = 12659705 bytes
 SHA1 (patch-configure) = a4013e4674be0060d2b0d43569b7695f6df7b4a7
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
 SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e
@@ -21,8 +17,4 @@
 SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
 SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
 SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
-SHA1 (patch-man_erb.1) = 2ae8a0400974922d6a637648ed0da2fedee98ed0
-SHA1 (patch-man_irb.1) = c6d127481fbc268efbd67fd273094363ca199c7f
-SHA1 (patch-man_ri.1) = d5a3479daa2d5e8185a186b5b450eec80fddbc57
-SHA1 (patch-man_ruby.1) = dcdb336ed5e5e2a4d07416f67c2f4a42c453d6f1
 SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_erb.1
--- a/lang/ruby24-base/patches/patch-man_erb.1  Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_erb.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/erb.1.orig     2016-09-26 12:39:18.000000000 +0000
-+++ man/erb.1
-@@ -143,11 +143,12 @@ class.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_irb.1
--- a/lang/ruby24-base/patches/patch-man_irb.1  Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_irb.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/irb.1.orig     2016-09-26 12:39:18.000000000 +0000
-+++ man/irb.1
-@@ -159,11 +159,12 @@ Personal irb initialization.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_ri.1
--- a/lang/ruby24-base/patches/patch-man_ri.1   Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_ri.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ri.1.orig      2016-09-26 12:39:18.000000000 +0000
-+++ man/ri.1
-@@ -166,11 +166,12 @@ Searches user-wide documents here.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_ruby.1
--- a/lang/ruby24-base/patches/patch-man_ruby.1 Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_ruby.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ruby.1.orig    2016-09-26 12:39:18.000000000 +0000
-+++ man/ruby.1
-@@ -641,11 +641,12 @@ Comprehensive catalog of Ruby libraries.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after they've been fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities