pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2023Q2] pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Jul 4 15:44:44 UTC 2023
Modified Files:
pkgsrc/lang/ruby [pkgsrc-2023Q2]: rubyversion.mk
pkgsrc/lang/ruby30-base [pkgsrc-2023Q2]: Makefile distinfo
Added Files:
pkgsrc/lang/ruby30-base/patches [pkgsrc-2023Q2]:
patch-lib_uri_rfc2396__parser.rb patch-lib_uri_rfc3986__parser.rb
patch-lib_uri_version.rb
Log Message:
Pullup ticket #6768 - requested by taca
lang/ruby30-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.266
- lang/ruby30-base/Makefile 1.10
- lang/ruby30-base/distinfo 1.13
- lang/ruby30-base/patches/patch-lib_uri_rfc2396__parser.rb 1.1
- lang/ruby30-base/patches/patch-lib_uri_rfc3986__parser.rb 1.1
- lang/ruby30-base/patches/patch-lib_uri_version.rb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jun 29 15:37:17 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby30-base/patches: patch-lib_uri_rfc2396__parser.rb
patch-lib_uri_rfc3986__parser.rb patch-lib_uri_version.rb
Log Message:
lang/ruby30-base: update bundled gem uri to 0.10.3
Fix CVE-2023-36617: ReDoS vulnerability in URI.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.265 -r1.265.2.1 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.9.6.1 pkgsrc/lang/ruby30-base/Makefile
cvs rdiff -u -r1.12 -r1.12.2.1 pkgsrc/lang/ruby30-base/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc2396__parser.rb \
pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc3986__parser.rb \
pkgsrc/lang/ruby30-base/patches/patch-lib_uri_version.rb
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/ruby/rubyversion.mk
diff -u pkgsrc/lang/ruby/rubyversion.mk:1.265 pkgsrc/lang/ruby/rubyversion.mk:1.265.2.1
--- pkgsrc/lang/ruby/rubyversion.mk:1.265 Tue May 30 15:53:27 2023
+++ pkgsrc/lang/ruby/rubyversion.mk Tue Jul 4 15:44:43 2023
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.265 2023/05/30 15:53:27 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.265.2.1 2023/07/04 15:44:43 bsiegert Exp $
#
# This file determines which Ruby version is used as a dependency for
@@ -347,7 +347,7 @@ RUBY_TMPDIR_VER= 0.1.2
RUBY_TRACER_VER= 0.1.1
RUBY_TSORT_VER= 0.1.0
RUBY_UN_VER= 0.1.0
-RUBY_URI_VER= 0.10.2
+RUBY_URI_VER= 0.10.3
RUBY_WEAKREF_VER= 0.1.1
RUBY_YAML_VER= 0.1.1
RUBY_ZLIB_VER= 2.0.0
Index: pkgsrc/lang/ruby30-base/Makefile
diff -u pkgsrc/lang/ruby30-base/Makefile:1.9 pkgsrc/lang/ruby30-base/Makefile:1.9.6.1
--- pkgsrc/lang/ruby30-base/Makefile:1.9 Sat Nov 26 13:07:52 2022
+++ pkgsrc/lang/ruby30-base/Makefile Tue Jul 4 15:44:43 2023
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.9 2022/11/26 13:07:52 taca Exp $
+# $NetBSD: Makefile,v 1.9.6.1 2023/07/04 15:44:43 bsiegert Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
Index: pkgsrc/lang/ruby30-base/distinfo
diff -u pkgsrc/lang/ruby30-base/distinfo:1.12 pkgsrc/lang/ruby30-base/distinfo:1.12.2.1
--- pkgsrc/lang/ruby30-base/distinfo:1.12 Sat Apr 1 09:08:51 2023
+++ pkgsrc/lang/ruby30-base/distinfo Tue Jul 4 15:44:43 2023
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2023/04/01 09:08:51 taca Exp $
+$NetBSD: distinfo,v 1.12.2.1 2023/07/04 15:44:43 bsiegert Exp $
BLAKE2s (ruby-3.0.6.tar.xz) = c774fdd29b34f60212f74897455185476bc8bfad5007d1123e8d14d42f172295
SHA512 (ruby-3.0.6.tar.xz) = abbf883cd9f3ddbd171df8f8c3cd35d930623c4c01a5e01387de0aee9811cca7604b82163e18e04f809773bf1ca5a450f13f62f3db14f191f610e116ae4fa6f8
@@ -19,5 +19,8 @@ SHA1 (patch-lib_rubygems_dependency__ins
SHA1 (patch-lib_rubygems_install__update__options.rb) = 1e953b5a517a805fd7184e359fbc06e67a5ff9b3
SHA1 (patch-lib_rubygems_installer.rb) = 03fcd57d4e7ea03cf2ffc3d219fd489e30361014
SHA1 (patch-lib_rubygems_platform.rb) = dc4c1073ffe331c06c477ee4b281db7aeb76fa92
+SHA1 (patch-lib_uri_rfc2396__parser.rb) = a6ccd7ab379c6f2d02a5fc11ec2cf8340d2e5b51
+SHA1 (patch-lib_uri_rfc3986__parser.rb) = 2329adf39719ab0ff86ddb91295ed1b2c24152cc
+SHA1 (patch-lib_uri_version.rb) = 602c3431eafc14fe12102c9bd484450dbdfa0337
SHA1 (patch-test_rubygems_test__gem.rb) = e624da5b9c49f9409160a7b0fdd2efad17986cab
SHA1 (patch-thread__pthread.c) = 7c1231933a2d6ce9d56891ab512371841697fbca
Added files:
Index: pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc2396__parser.rb
diff -u /dev/null pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc2396__parser.rb:1.1.2.2
--- /dev/null Tue Jul 4 15:44:44 2023
+++ pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc2396__parser.rb Tue Jul 4 15:44:43 2023
@@ -0,0 +1,17 @@
+$NetBSD: patch-lib_uri_rfc2396__parser.rb,v 1.1.2.2 2023/07/04 15:44:43 bsiegert Exp $
+
+Fix for CVE-2023-36617 updating uri to 0.10.3.
+
+--- lib/uri/rfc2396_parser.rb.orig 2023-03-30 12:41:03.000000000 +0000
++++ lib/uri/rfc2396_parser.rb
+@@ -491,8 +491,8 @@ module URI
+ ret = {}
+
+ # for URI::split
+- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
++ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
++ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+
+ # for URI::extract
+ ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
Index: pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc3986__parser.rb
diff -u /dev/null pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc3986__parser.rb:1.1.2.2
--- /dev/null Tue Jul 4 15:44:44 2023
+++ pkgsrc/lang/ruby30-base/patches/patch-lib_uri_rfc3986__parser.rb Tue Jul 4 15:44:43 2023
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_uri_rfc3986__parser.rb,v 1.1.2.2 2023/07/04 15:44:43 bsiegert Exp $
+
+Fix for CVE-2023-36617 updating uri to 0.10.3.
+
+--- lib/uri/rfc3986_parser.rb.orig 2023-03-30 12:41:03.000000000 +0000
++++ lib/uri/rfc3986_parser.rb
+@@ -95,7 +95,7 @@ module URI
+ QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ OPAQUE: /\A(?:[^\/].*)?\z/,
+- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
++ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
+ }
+ end
+
Index: pkgsrc/lang/ruby30-base/patches/patch-lib_uri_version.rb
diff -u /dev/null pkgsrc/lang/ruby30-base/patches/patch-lib_uri_version.rb:1.1.2.2
--- /dev/null Tue Jul 4 15:44:44 2023
+++ pkgsrc/lang/ruby30-base/patches/patch-lib_uri_version.rb Tue Jul 4 15:44:43 2023
@@ -0,0 +1,14 @@
+$NetBSD: patch-lib_uri_version.rb,v 1.1.2.2 2023/07/04 15:44:43 bsiegert Exp $
+
+Fix for CVE-2023-36617 updating uri to 0.10.3.
+
+--- lib/uri/version.rb.orig 2023-03-30 12:41:03.000000000 +0000
++++ lib/uri/version.rb
+@@ -1,6 +1,6 @@
+ module URI
+ # :stopdoc:
+- VERSION_CODE = '001002'.freeze
++ VERSION_CODE = '001003'.freeze
+ VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
+ # :startdoc:
+ end
Home |
Main Index |
Thread Index |
Old Index