pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2025Q2] pkgsrc/lang
Module Name: pkgsrc
Committed By: maya
Date: Thu Jul 17 02:32:56 UTC 2025
Modified Files:
pkgsrc/lang/ruby [pkgsrc-2025Q2]: rubyversion.mk
pkgsrc/lang/ruby33 [pkgsrc-2025Q2]: Makefile distinfo
Added Files:
pkgsrc/lang/ruby33/patches [pkgsrc-2025Q2]: patch-lib_resolv.rb
patch-test_resolv_test__dns.rb
Log Message:
Pullup ticket #6987 - requested by taca
lang/ruby33: Security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.300
- lang/ruby33/Makefile 1.6
- lang/ruby33/distinfo 1.13
- lang/ruby33/patches/patch-lib_resolv.rb 1.1
- lang/ruby33/patches/patch-test_resolv_test__dns.rb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 13 15:32:01 UTC 2025
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby33: Makefile distinfo
Added Files:
pkgsrc/lang/ruby33/patches: patch-lib_resolv.rb
patch-test_resolv_test__dns.rb
Log Message:
lang/ruby33: update resolv gem
Update resolve gem to 0.3.1 to fix security problem of CVE-2025-24294.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.298.2.1 -r1.298.2.2 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.5 -r1.5.4.1 pkgsrc/lang/ruby33/Makefile
cvs rdiff -u -r1.12 -r1.12.2.1 pkgsrc/lang/ruby33/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/lang/ruby33/patches/patch-lib_resolv.rb \
pkgsrc/lang/ruby33/patches/patch-test_resolv_test__dns.rb
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/ruby/rubyversion.mk
diff -u pkgsrc/lang/ruby/rubyversion.mk:1.298.2.1 pkgsrc/lang/ruby/rubyversion.mk:1.298.2.2
--- pkgsrc/lang/ruby/rubyversion.mk:1.298.2.1 Thu Jul 17 02:17:59 2025
+++ pkgsrc/lang/ruby/rubyversion.mk Thu Jul 17 02:32:56 2025
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.298.2.1 2025/07/17 02:17:59 maya Exp $
+# $NetBSD: rubyversion.mk,v 1.298.2.2 2025/07/17 02:32:56 maya Exp $
#
# This file determines which Ruby version is used as a dependency for
@@ -419,7 +419,7 @@ RUBY_RDOC_VER= 6.6.3.1
RUBY_READLINE_VER= 0.0.4
RUBY_RELINE_VER= 0.5.10
RUBY_RESOLV_REPLACE_VER= 0.1.1
-RUBY_RESOLV_VER= 0.3.0
+RUBY_RESOLV_VER= 0.3.1
RUBY_RINDA_VER= 0.2.0
RUBY_RUBY2_KEYWORDS_VER= 0.0.5
RUBY_SECURERANDOM_VER= 0.3.1
Index: pkgsrc/lang/ruby33/Makefile
diff -u pkgsrc/lang/ruby33/Makefile:1.5 pkgsrc/lang/ruby33/Makefile:1.5.4.1
--- pkgsrc/lang/ruby33/Makefile:1.5 Thu Jan 2 06:31:58 2025
+++ pkgsrc/lang/ruby33/Makefile Thu Jul 17 02:32:56 2025
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2025/01/02 06:31:58 taca Exp $
+# $NetBSD: Makefile,v 1.5.4.1 2025/07/17 02:32:56 maya Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-${RUBY_VERSION}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
Index: pkgsrc/lang/ruby33/distinfo
diff -u pkgsrc/lang/ruby33/distinfo:1.12 pkgsrc/lang/ruby33/distinfo:1.12.2.1
--- pkgsrc/lang/ruby33/distinfo:1.12 Mon Apr 21 20:54:56 2025
+++ pkgsrc/lang/ruby33/distinfo Thu Jul 17 02:32:56 2025
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2025/04/21 20:54:56 wiz Exp $
+$NetBSD: distinfo,v 1.12.2.1 2025/07/17 02:32:56 maya Exp $
BLAKE2s (ruby-3.3.8.tar.xz) = f7d0fed309c307262b8d5c30781add4d363c2bbf19db7ffc5a5567c414553976
SHA512 (ruby-3.3.8.tar.xz) = 71c2f3ac9955e088fa885fd2ff695e67362a770a5d33e5160081eda3dd298ca2c692e299b03d757caecfbc94043fedc4ad093de84c505585d480cb36bbf978b9
@@ -9,6 +9,7 @@ SHA1 (patch-ext_openssl_openssl__missing
SHA1 (patch-include_ruby_internal_static__assert.h) = 7d5c3ae7ff674b9b34639924fcf08237164de9f8
SHA1 (patch-lib_mkmf.rb) = 4a3cd18548dbdf43a13695d4e76f817c0347e335
SHA1 (patch-lib_rdoc_encoding.rb) = 0e82d2942d9bfcb67dc7c994889d7bc5ec2ae85a
+SHA1 (patch-lib_resolv.rb) = b091b1207c6bceafca2b2f65cc3e197377a73b91
SHA1 (patch-lib_rubygems.rb) = 81af71ae9b0c3fef2ad1de88a542b3ece14b4519
SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 66c475a5308deb2ed5096b88cf65549732f87421
SHA1 (patch-lib_rubygems_config__file.rb) = 584f8cd9ef1d1b9bf25efc7e85c2219166db7ac9
@@ -16,6 +17,7 @@ SHA1 (patch-lib_rubygems_dependency__ins
SHA1 (patch-lib_rubygems_install__update__options.rb) = 0cd0816e1cd7c84c1dab1e091787c4dc38d28273
SHA1 (patch-lib_rubygems_installer.rb) = 4ef74b4f79837a929e81bcd0e7eba9061a442304
SHA1 (patch-lib_rubygems_platform.rb) = bde36a8fc1ba2fbf4d6fb8829bc116fb4d09b404
+SHA1 (patch-test_resolv_test__dns.rb) = 4f26c9b1643a4af71f3389bfda17e416297f902c
SHA1 (patch-test_rubygems_test__gem.rb) = 32f7c7d7f8a024c045d78c2bce93944fc3113d04
SHA1 (patch-thread__pthread.c) = 7c1231933a2d6ce9d56891ab512371841697fbca
SHA1 (patch-tool_ifchange) = 1814cd41f0b0a93b181799cb117bd1f57068cf33
Added files:
Index: pkgsrc/lang/ruby33/patches/patch-lib_resolv.rb
diff -u /dev/null pkgsrc/lang/ruby33/patches/patch-lib_resolv.rb:1.1.2.2
--- /dev/null Thu Jul 17 02:32:56 2025
+++ pkgsrc/lang/ruby33/patches/patch-lib_resolv.rb Thu Jul 17 02:32:56 2025
@@ -0,0 +1,35 @@
+$NetBSD: patch-lib_resolv.rb,v 1.1.2.2 2025/07/17 02:32:56 maya Exp $
+
+Update resolv gem to 0.3.1.
+
+--- lib/resolv.rb.orig 2025-04-09 09:23:04.000000000 +0000
++++ lib/resolv.rb
+@@ -37,7 +37,7 @@ end
+
+ class Resolv
+
+- VERSION = "0.3.0"
++ VERSION = "0.3.1"
+
+ ##
+ # Looks up the first IP address for +name+.
+@@ -1655,6 +1655,7 @@ class Resolv
+ prev_index = @index
+ save_index = nil
+ d = []
++ size = -1
+ while true
+ raise DecodeError.new("limit exceeded") if @limit <= @index
+ case @data.getbyte(@index)
+@@ -1675,7 +1676,10 @@ class Resolv
+ end
+ @index = idx
+ else
+- d << self.get_label
++ l = self.get_label
++ d << l
++ size += 1 + l.string.bytesize
++ raise DecodeError.new("name label data exceed 255 octets") if size > 255
+ end
+ end
+ end
Index: pkgsrc/lang/ruby33/patches/patch-test_resolv_test__dns.rb
diff -u /dev/null pkgsrc/lang/ruby33/patches/patch-test_resolv_test__dns.rb:1.1.2.2
--- /dev/null Thu Jul 17 02:32:56 2025
+++ pkgsrc/lang/ruby33/patches/patch-test_resolv_test__dns.rb Thu Jul 17 02:32:56 2025
@@ -0,0 +1,20 @@
+$NetBSD: patch-test_resolv_test__dns.rb,v 1.1.2.2 2025/07/17 02:32:56 maya Exp $
+
+Update resolv gem to 0.3.1.
+
+--- test/resolv/test_dns.rb.orig 2025-04-09 09:23:04.000000000 +0000
++++ test/resolv/test_dns.rb
+@@ -589,6 +589,13 @@ class TestResolvDNS < Test::Unit::TestCa
+ assert_operator(2**14, :<, m.to_s.length)
+ end
+
++ def test_too_long_address
++ too_long_address_message = [0, 0, 1, 0, 0, 0].pack("n*") + "\x01x" * 129 + [0, 0, 0].pack("cnn")
++ assert_raise_with_message(Resolv::DNS::DecodeError, /name label data exceed 255 octets/) do
++ Resolv::DNS::Message.decode too_long_address_message
++ end
++ end
++
+ def assert_no_fd_leak
+ socket = assert_throw(self) do |tag|
+ Resolv::DNS.stub(:bind_random_port, ->(s, *) {throw(tag, s)}) do
Home |
Main Index |
Thread Index |
Old Index