CVS commit: pkgsrc/lang/ruby23-base

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/ruby23-base
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Wed, 30 Aug 2017 03:33:17 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Aug 30 03:33:17 UTC 2017

Modified Files:
        pkgsrc/lang/ruby23-base: Makefile distinfo

Log Message:
Add patch to fix vulnerabilities of rubygems.

https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

* a DNS request hijacking vulnerability
* an ANSI escape sequence vulnerability
* a DoS vulernerability in the query command
* a vulnerability in the gem installer that allowed a malicious gem to
  overwrite arbitrary files

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby23-base/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby23-base/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/ruby23-base/Makefile
diff -u pkgsrc/lang/ruby23-base/Makefile:1.9 pkgsrc/lang/ruby23-base/Makefile:1.10
--- pkgsrc/lang/ruby23-base/Makefile:1.9        Tue May 30 15:46:22 2017
+++ pkgsrc/lang/ruby23-base/Makefile    Wed Aug 30 03:33:17 2017
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.9 2017/05/30 15:46:22 taca Exp $
+# $NetBSD: Makefile,v 1.10 2017/08/30 03:33:17 taca Exp $
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
+PATCH_SITES=   https://bugs.ruby-lang.org/attachments/download/6691/
+PATCHFILES=    rubygems-2613-ruby23.patch
+
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      ${RUBY_HOMEPAGE}
 COMMENT=       Ruby ${RUBY_VERSION} release minimum base package

Index: pkgsrc/lang/ruby23-base/distinfo
diff -u pkgsrc/lang/ruby23-base/distinfo:1.8 pkgsrc/lang/ruby23-base/distinfo:1.9
--- pkgsrc/lang/ruby23-base/distinfo:1.8        Mon Jul 24 13:38:42 2017
+++ pkgsrc/lang/ruby23-base/distinfo    Wed Aug 30 03:33:17 2017
@@ -1,9 +1,13 @@
-$NetBSD: distinfo,v 1.8 2017/07/24 13:38:42 taca Exp $
+$NetBSD: distinfo,v 1.9 2017/08/30 03:33:17 taca Exp $
 
 SHA1 (ruby-2.3.4.tar.bz2) = f5b18e7149ec7620444c91962e695708829d0216
 RMD160 (ruby-2.3.4.tar.bz2) = a44c9f342a401e75c33a2442b9460b2b1ef7f0f5
 SHA512 (ruby-2.3.4.tar.bz2) = ad1f16142615498232d0de85149585be1d2c5de2bc40ec160d272a09e098ef6f317d8b25026001735261fd1c5bc0d1f8513a8474e89f0d86eed5b2fe7338d64e
 Size (ruby-2.3.4.tar.bz2) = 14434361 bytes
+SHA1 (rubygems-2613-ruby23.patch) = 69a6c97a18493f61ad1fce0a4bb4aed2ba440c9c
+RMD160 (rubygems-2613-ruby23.patch) = c27c1d5e3104eaa51752d8be924ef9bdee19f3ea
+SHA512 (rubygems-2613-ruby23.patch) = 5cade80e97959ce68008e86df0ca3aba0a131f087a4b476ec6a53bef363504b56316733d522ec54d19fbbdcdb04586c403dd8f0322812faf425b9f496578705d
+Size (rubygems-2613-ruby23.patch) = 11119 bytes
 SHA1 (patch-compile.c) = c17c1b4088bd4e7be0212b78ec0215d27013a52c
 SHA1 (patch-configure) = 9325d9527e96a8f56078c6b78d3f1334803b0d94
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b

Prev by Date: CVS commit: pkgsrc/lang/ruby22-base
Next by Date: CVS commit: pkgsrc/lang/ruby24-base
Previous by Thread: CVS commit: pkgsrc/lang/ruby22-base
Next by Thread: CVS commit: pkgsrc/lang/ruby24-base
Indexes:

Home | Main Index | Thread Index | Old Index