Subject: CVS commit: pkgsrc/lang/ruby25-base
From: Takahiro Kambe
Date: 2019-03-12 05:22:34
Message id: 20190312042234.4183DFB16@cvs.NetBSD.org

Log Message:
lang/ruby25-base: Add security patch for rubygems

Add security patch for rubygems, fixing these problem.

* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors

https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

Since original patch included in official announce dose not cleanly applied to
Ruby 2.5.3, use a local version which drop patch to none existing test.

Bump PKGREVISION.

Files:
RevisionActionfile
1.8modifypkgsrc/lang/ruby25-base/Makefile
1.9modifypkgsrc/lang/ruby25-base/distinfo