Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/lang/ruby22-base
From: S.P.Zeidler
Date: 2017-09-15 21:25:03
Message id: 20170915192503.33C05FA98@cvs.NetBSD.org

Log Message:
Pullup ticket #5543 - requested by taca
lang/ruby22-base: security and build fixes

Revisions pulled up:
- lang/ruby22-base/Makefile                                     1.18
- lang/ruby22-base/distinfo                                     1.18-1.19
- lang/ruby22-base/patches/patch-configure                      1.5

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul  6 16:35:05 UTC 2017

   Modified Files:
   	pkgsrc/lang/ruby22-base: distinfo
   	pkgsrc/lang/ruby22-base/patches: patch-configure
   	pkgsrc/lang/ruby23-base: distinfo
   	pkgsrc/lang/ruby23-base/patches: patch-configure

   Log Message:
   Fix build problem when PKGSRC_USE_RELRO is not "no".

   * Pass LDFLAGS to LIBRUBY_DLDFLAGS via DLDFLAGS as Ruby 2.4 dose.

   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/ruby22-base/distinfo
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/ruby22-base/patches/patch-configure

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 30 03:32:55 UTC 2017

   Modified Files:
   	pkgsrc/lang/ruby22-base: Makefile distinfo

   Log Message:
   Add patch to fix vulnerabilities of rubygems.

   https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

   * a DNS request hijacking vulnerability
   * an ANSI escape sequence vulnerability
   * a DoS vulernerability in the query command
   * a vulnerability in the gem installer that allowed a malicious gem to
     overwrite arbitrary files

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/ruby22-base/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/ruby22-base/distinfo

Files:
RevisionActionfile
1.17.2.1modifypkgsrc/lang/ruby22-base/Makefile
1.17.2.1modifypkgsrc/lang/ruby22-base/distinfo
1.4.10.1modifypkgsrc/lang/ruby22-base/patches/patch-configure