Received: by mail.netbsd.org (Postfix, from userid 605)
	id AEDA984D34; Wed, 30 Aug 2017 03:33:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 4142384D2C
	for <pkgsrc-changes@NetBSD.org>; Wed, 30 Aug 2017 03:33:40 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id ic8xn2WnbFbY for <pkgsrc-changes@netbsd.org>;
	Wed, 30 Aug 2017 03:33:39 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id BAB4D84CDD
	for <pkgsrc-changes@NetBSD.org>; Wed, 30 Aug 2017 03:33:39 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id B8D07FA97; Wed, 30 Aug 2017 03:33:39 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_150406401933100"
MIME-Version: 1.0
Date: Wed, 30 Aug 2017 03:33:39 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/lang/ruby24-base
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20170830033339.B8D07FA97@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_150406401933100
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Aug 30 03:33:39 UTC 2017

Modified Files:
	pkgsrc/lang/ruby24-base: Makefile distinfo

Log Message:
Add patch to fix vulnerabilities of rubygems.

https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

* a DNS request hijacking vulnerability
* an ANSI escape sequence vulnerability
* a DoS vulernerability in the query command
* a vulnerability in the gem installer that allowed a malicious gem to
  overwrite arbitrary files

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby24-base/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby24-base/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_150406401933100
Content-Disposition: inline
Content-Length: 2592
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/ruby24-base/Makefile
diff -u pkgsrc/lang/ruby24-base/Makefile:1.3 pkgsrc/lang/ruby24-base/Makefile:1.4
--- pkgsrc/lang/ruby24-base/Makefile:1.3	Tue Jun 27 15:25:19 2017
+++ pkgsrc/lang/ruby24-base/Makefile	Wed Aug 30 03:33:39 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2017/06/27 15:25:19 jperkin Exp $
+# $NetBSD: Makefile,v 1.4 2017/08/30 03:33:39 taca Exp $
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
@@ -6,6 +6,10 @@ PKGREVISION=	1
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
+PATCH_SITES=	https://bugs.ruby-lang.org/attachments/download/6692/ \
+		https://bugs.ruby-lang.org/attachments/download/6693/
+PATCHFILES=	rubygems-2612-ruby24.patch rubygems-2613-ruby24.patch
+
 MAINTAINER=	taca@NetBSD.org
 HOMEPAGE=	${RUBY_HOMEPAGE}
 COMMENT=	Ruby ${RUBY_VERSION} release minimum base package

Index: pkgsrc/lang/ruby24-base/distinfo
diff -u pkgsrc/lang/ruby24-base/distinfo:1.2 pkgsrc/lang/ruby24-base/distinfo:1.3
--- pkgsrc/lang/ruby24-base/distinfo:1.2	Tue Jun 27 15:25:19 2017
+++ pkgsrc/lang/ruby24-base/distinfo	Wed Aug 30 03:33:39 2017
@@ -1,9 +1,17 @@
-$NetBSD: distinfo,v 1.2 2017/06/27 15:25:19 jperkin Exp $
+$NetBSD: distinfo,v 1.3 2017/08/30 03:33:39 taca Exp $
 
 SHA1 (ruby-2.4.1.tar.bz2) = b0bec75c260dcb81ca386fafef27bd718f8c28ad
 RMD160 (ruby-2.4.1.tar.bz2) = 02f0be92b3fb3fbb4bd1f945359c0d45297cefc6
 SHA512 (ruby-2.4.1.tar.bz2) = 1c80d4c30ecb51758a193b26b76802a06d214de7f15570f1e85b5fae4cec81bda7237f086b81f6f2b5767f2e93d347ad1fa3f49d7b5c2e084d5f57c419503f74
 Size (ruby-2.4.1.tar.bz2) = 12571597 bytes
+SHA1 (rubygems-2612-ruby24.patch) = 5da389b3858c8392a58ab1ab25c654e174c23857
+RMD160 (rubygems-2612-ruby24.patch) = db0542664fa3e4ac3b5f50a83644b2dca2c30a75
+SHA512 (rubygems-2612-ruby24.patch) = 03d4925fab0c5b47e033a69cb3b5807f9af218b745cfee57487e5120fbd468e568ba498709aae3adcce80d9584692e9cd71f659e79ba1ad5c2dc318610ae3dd2
+Size (rubygems-2612-ruby24.patch) = 13536 bytes
+SHA1 (rubygems-2613-ruby24.patch) = 002496ebe06922edf106638b80a29f9311411a42
+RMD160 (rubygems-2613-ruby24.patch) = 8476e8a8cf5ec19886f01dc2c4e3999b495a2105
+SHA512 (rubygems-2613-ruby24.patch) = 94c9963d6c917ded90f12748d61083e2a5cb8e41ae61c50b329930aaa6104eaec5426c32cbc3a8fe01e48564d004cfbc3eea2a5c1e1bb598fc4dad69d2ea5c93
+Size (rubygems-2613-ruby24.patch) = 11119 bytes
 SHA1 (patch-configure) = 680a13e6405a8aab61eba078f6d88488b426885c
 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
 SHA1 (patch-ext_openssl_ossl__ssl.c) = 03ec33b438f3269910d10fb221d1cfe8df33c9ee


--_----------=_150406401933100--