pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2025Q2] pkgsrc/lang
Module Name: pkgsrc
Committed By: maya
Date: Thu Jul 17 02:18:00 UTC 2025
Modified Files:
pkgsrc/lang/ruby [pkgsrc-2025Q2]: rubyversion.mk
pkgsrc/lang/ruby32-base [pkgsrc-2025Q2]: Makefile distinfo
Added Files:
pkgsrc/lang/ruby32-base/patches [pkgsrc-2025Q2]:
patch-lib_resolv.gemspec patch-lib_resolv.rb
patch-test_resolv_test__dns.rb
Log Message:
Pullup ticket #6986 - requested by taca
lang/ruby32-base: Security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.299
- lang/ruby32-base/Makefile 1.11
- lang/ruby32-base/distinfo 1.16
- lang/ruby32-base/patches/patch-lib_resolv.gemspec 1.1
- lang/ruby32-base/patches/patch-lib_resolv.rb 1.1
- lang/ruby32-base/patches/patch-test_resolv_test__dns.rb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 13 15:23:00 UTC 2025
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby32-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby32-base/patches: patch-lib_resolv.gemspec
patch-lib_resolv.rb patch-test_resolv_test__dns.rb
Log Message:
lang/ruby32-base: update resolv gem
Update resolve gem to 0.2.3 to fix security problem of CVE-2025-24294.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.298 -r1.298.2.1 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.10 -r1.10.4.1 pkgsrc/lang/ruby32-base/Makefile
cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/lang/ruby32-base/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.gemspec \
pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.rb \
pkgsrc/lang/ruby32-base/patches/patch-test_resolv_test__dns.rb
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/ruby/rubyversion.mk
diff -u pkgsrc/lang/ruby/rubyversion.mk:1.298 pkgsrc/lang/ruby/rubyversion.mk:1.298.2.1
--- pkgsrc/lang/ruby/rubyversion.mk:1.298 Tue May 27 16:14:47 2025
+++ pkgsrc/lang/ruby/rubyversion.mk Thu Jul 17 02:17:59 2025
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.298 2025/05/27 16:14:47 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.298.2.1 2025/07/17 02:17:59 maya Exp $
#
# This file determines which Ruby version is used as a dependency for
@@ -324,7 +324,7 @@ RUBY_READLINE_VER= 0.0.3
RUBY_READLINE_EXT_VER= 0.1.5
RUBY_RELINE_VER= 0.3.2
RUBY_RESOLV_REPLACE_VER= 0.1.1
-RUBY_RESOLV_VER= 0.2.2
+RUBY_RESOLV_VER= 0.2.3
RUBY_RINDA_VER= 0.1.1
RUBY_RUBY2_KEYWORDS_VER= 0.0.5
RUBY_SECURERANDOM_VER= 0.2.2
Index: pkgsrc/lang/ruby32-base/Makefile
diff -u pkgsrc/lang/ruby32-base/Makefile:1.10 pkgsrc/lang/ruby32-base/Makefile:1.10.4.1
--- pkgsrc/lang/ruby32-base/Makefile:1.10 Thu Mar 27 14:12:02 2025
+++ pkgsrc/lang/ruby32-base/Makefile Thu Jul 17 02:18:00 2025
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2025/03/27 14:12:02 taca Exp $
+# $NetBSD: Makefile,v 1.10.4.1 2025/07/17 02:18:00 maya Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
Index: pkgsrc/lang/ruby32-base/distinfo
diff -u pkgsrc/lang/ruby32-base/distinfo:1.15 pkgsrc/lang/ruby32-base/distinfo:1.15.2.1
--- pkgsrc/lang/ruby32-base/distinfo:1.15 Mon Apr 21 20:54:55 2025
+++ pkgsrc/lang/ruby32-base/distinfo Thu Jul 17 02:18:00 2025
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2025/04/21 20:54:55 wiz Exp $
+$NetBSD: distinfo,v 1.15.2.1 2025/07/17 02:18:00 maya Exp $
BLAKE2s (ruby-3.2.8.tar.xz) = 717b23027da787963039642204ff08d23cfe242d58f0ca7371d621194c96d1c0
SHA512 (ruby-3.2.8.tar.xz) = 19ff96619945d907e509803b85ecf21750ffa4ae033045272feb43c183ab180d0033b98cf47c18804e448f01bc1928e3b833c61c98446dbe6be31fb9ea6b059d
@@ -9,6 +9,8 @@ SHA1 (patch-ext_openssl_openssl__missing
SHA1 (patch-include_ruby_internal_static__assert.h) = 7d5c3ae7ff674b9b34639924fcf08237164de9f8
SHA1 (patch-lib_mkmf.rb) = 4a3cd18548dbdf43a13695d4e76f817c0347e335
SHA1 (patch-lib_rdoc_encoding.rb) = 0e82d2942d9bfcb67dc7c994889d7bc5ec2ae85a
+SHA1 (patch-lib_resolv.gemspec) = bf2fa504fcb2451a3b6b4e6d30a30d01f876c166
+SHA1 (patch-lib_resolv.rb) = 1a04a55d54e7d45c7147605b6335f6623ddd92c1
SHA1 (patch-lib_rubygems.rb) = 060549c43b84f73c77432a72cdcf22941be4eb17
SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 66c475a5308deb2ed5096b88cf65549732f87421
SHA1 (patch-lib_rubygems_config__file.rb) = 1da55a32d931f91321636401e94d89f78f9fa622
@@ -16,6 +18,7 @@ SHA1 (patch-lib_rubygems_dependency__ins
SHA1 (patch-lib_rubygems_install__update__options.rb) = 0cd0816e1cd7c84c1dab1e091787c4dc38d28273
SHA1 (patch-lib_rubygems_installer.rb) = 1c94047a24362b3597dac7ea156982a09cb93234
SHA1 (patch-lib_rubygems_platform.rb) = 58094b26520623f258ecf035084f4aa7226e9686
+SHA1 (patch-test_resolv_test__dns.rb) = 98fd0533ad92bfb6729abd107d75c4ca436fd660
SHA1 (patch-test_rubygems_test__gem.rb) = 32f7c7d7f8a024c045d78c2bce93944fc3113d04
SHA1 (patch-thread__pthread.c) = 7c1231933a2d6ce9d56891ab512371841697fbca
SHA1 (patch-tool_ifchange) = 1814cd41f0b0a93b181799cb117bd1f57068cf33
Added files:
Index: pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.gemspec
diff -u /dev/null pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.gemspec:1.1.2.2
--- /dev/null Thu Jul 17 02:18:00 2025
+++ pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.gemspec Thu Jul 17 02:18:00 2025
@@ -0,0 +1,14 @@
+$NetBSD: patch-lib_resolv.gemspec,v 1.1.2.2 2025/07/17 02:18:00 maya Exp $
+
+Update resolv gem to 0.2.3.
+
+--- lib/resolv.gemspec.orig 2025-03-26 04:18:02.000000000 +0000
++++ lib/resolv.gemspec
+@@ -1,6 +1,6 @@
+ Gem::Specification.new do |spec|
+ spec.name = "resolv"
+- spec.version = "0.2.2"
++ spec.version = "0.2.3"
+ spec.authors = ["Tanaka Akira"]
+ spec.email = ["akr%fsij.org@localhost"]
+
Index: pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.rb
diff -u /dev/null pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.rb:1.1.2.2
--- /dev/null Thu Jul 17 02:18:00 2025
+++ pkgsrc/lang/ruby32-base/patches/patch-lib_resolv.rb Thu Jul 17 02:18:00 2025
@@ -0,0 +1,26 @@
+$NetBSD: patch-lib_resolv.rb,v 1.1.2.2 2025/07/17 02:18:00 maya Exp $
+
+Update resolv gem to 0.2.3.
+
+--- lib/resolv.rb.orig 2025-03-26 04:18:02.000000000 +0000
++++ lib/resolv.rb
+@@ -1624,6 +1624,7 @@ class Resolv
+ prev_index = @index
+ save_index = nil
+ d = []
++ size = -1
+ while true
+ raise DecodeError.new("limit exceeded") if @limit <= @index
+ case @data.getbyte(@index)
+@@ -1644,7 +1645,10 @@ class Resolv
+ end
+ @index = idx
+ else
+- d << self.get_label
++ l = self.get_label
++ d << l
++ size += 1 + l.string.bytesize
++ raise DecodeError.new("name label data exceed 255 octets") if size > 255
+ end
+ end
+ end
Index: pkgsrc/lang/ruby32-base/patches/patch-test_resolv_test__dns.rb
diff -u /dev/null pkgsrc/lang/ruby32-base/patches/patch-test_resolv_test__dns.rb:1.1.2.2
--- /dev/null Thu Jul 17 02:18:00 2025
+++ pkgsrc/lang/ruby32-base/patches/patch-test_resolv_test__dns.rb Thu Jul 17 02:18:00 2025
@@ -0,0 +1,20 @@
+$NetBSD: patch-test_resolv_test__dns.rb,v 1.1.2.2 2025/07/17 02:18:00 maya Exp $
+
+Update resolv gem to 0.2.3.
+
+--- test/resolv/test_dns.rb.orig 2025-03-26 04:18:02.000000000 +0000
++++ test/resolv/test_dns.rb
+@@ -416,6 +416,13 @@ class TestResolvDNS < Test::Unit::TestCa
+ assert_operator(2**14, :<, m.to_s.length)
+ end
+
++ def test_too_long_address
++ too_long_address_message = [0, 0, 1, 0, 0, 0].pack("n*") + "\x01x" * 129 + [0, 0, 0].pack("cnn")
++ assert_raise_with_message(Resolv::DNS::DecodeError, /name label data exceed 255 octets/) do
++ Resolv::DNS::Message.decode too_long_address_message
++ end
++ end
++
+ def assert_no_fd_leak
+ socket = assert_throw(self) do |tag|
+ Resolv::DNS.stub(:bind_random_port, ->(s, *) {throw(tag, s)}) do
Home |
Main Index |
Thread Index |
Old Index