pkgsrc.se | The NetBSD package collection

Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/lang/ruby23-base
From: S.P.Zeidler
Date: 2017-09-15 21:25:13
Message id: 20170915192513.4A1A1FA98@cvs.NetBSD.org

Log Message:
Pullup ticket #5544 - requested by taca
lang/ruby23-base: security and build fixes

Revisions pulled up:
- lang/ruby23-base/Makefile                                     1.10
- lang/ruby23-base/distinfo                                     1.7-1.9
- lang/ruby23-base/patches/patch-compile.c                      1.1
- lang/ruby23-base/patches/patch-configure                      1.3

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul  6 16:35:05 UTC 2017

   Modified Files:
   	pkgsrc/lang/ruby22-base: distinfo
   	pkgsrc/lang/ruby22-base/patches: patch-configure
   	pkgsrc/lang/ruby23-base: distinfo
   	pkgsrc/lang/ruby23-base/patches: patch-configure

   Log Message:
   Fix build problem when PKGSRC_USE_RELRO is not "no".

   * Pass LDFLAGS to LIBRUBY_DLDFLAGS via DLDFLAGS as Ruby 2.4 dose.

   To generate a diff of this commit:
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby23-base/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby23-base/patches/patch-configure

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jul 24 13:38:42 UTC 2017

   Modified Files:
   	pkgsrc/lang/ruby23-base: distinfo
   Added Files:
   	pkgsrc/lang/ruby23-base/patches: patch-compile.c

   Log Message:
   Fix build problem when set PKGSRC_USE_STACK_CHECK to "yes", which \ 
reported
   by wiz@ via private mail.

   The problem exists basic use of auto variable.

   To generate a diff of this commit:
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby23-base/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/ruby23-base/patches/patch-compile.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 30 03:33:17 UTC 2017

   Modified Files:
   	pkgsrc/lang/ruby23-base: Makefile distinfo

   Log Message:
   Add patch to fix vulnerabilities of rubygems.

   https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

   * a DNS request hijacking vulnerability
   * an ANSI escape sequence vulnerability
   * a DoS vulernerability in the query command
   * a vulnerability in the gem installer that allowed a malicious gem to
     overwrite arbitrary files

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby23-base/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby23-base/distinfo

Files:

Revision	Action	file
1.9.2.1	modify	pkgsrc/lang/ruby23-base/Makefile
1.6.2.1	modify	pkgsrc/lang/ruby23-base/distinfo
1.2.10.1	modify	pkgsrc/lang/ruby23-base/patches/patch-configure
1.2.2.2	add	pkgsrc/lang/ruby23-base/patches/patch-compile.c