Received: by mail.netbsd.org (Postfix, from userid 605) id BEB2284DE7; Thu, 29 Mar 2018 03:06:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C1C1484D68 for ; Thu, 29 Mar 2018 03:06:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id DInht5-o2TXH for ; Thu, 29 Mar 2018 03:06:58 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id E865E84D47 for ; Thu, 29 Mar 2018 03:06:57 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D876AFB40; Thu, 29 Mar 2018 03:06:57 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1522292817255580" MIME-Version: 1.0 Date: Thu, 29 Mar 2018 03:06:57 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/lang To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20180329030657.D876AFB40@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1522292817255580 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Thu Mar 29 03:06:57 UTC 2018 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby25-base: Makefile distinfo Log Message: lang/ruby25-base: update to 2.5.1, security release Ruby 2.5.1 Released Posted by naruse on 28 Mar 2018 Ruby 2.5.1 has been released. This release includes some bug fixes and some security fixes. * CVE-2017-17742: HTTP response splitting in WEBrick * CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir * CVE-2018-8777: DoS by large request in WEBrick * CVE-2018-8778: Buffer under-read in String#unpack * CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket * CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir * Multiple vulnerabilities in RubyGems There are also some bug fixes. See commit logs for more details. To generate a diff of this commit: cvs rdiff -u -r1.192 -r1.193 pkgsrc/lang/ruby/rubyversion.mk cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/ruby25-base/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby25-base/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1522292817255580 Content-Disposition: inline Content-Length: 3239 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/ruby/rubyversion.mk diff -u pkgsrc/lang/ruby/rubyversion.mk:1.192 pkgsrc/lang/ruby/rubyversion.mk:1.193 --- pkgsrc/lang/ruby/rubyversion.mk:1.192 Thu Mar 29 03:04:47 2018 +++ pkgsrc/lang/ruby/rubyversion.mk Thu Mar 29 03:06:57 2018 @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.192 2018/03/29 03:04:47 taca Exp $ +# $NetBSD: rubyversion.mk,v 1.193 2018/03/29 03:06:57 taca Exp $ # # This file determines which Ruby version is used as a dependency for @@ -217,7 +217,7 @@ RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/rub RUBY22_VERSION= 2.2.9 RUBY23_VERSION= 2.3.6 RUBY24_VERSION= 2.4.4 -RUBY25_VERSION= 2.5.0 +RUBY25_VERSION= 2.5.1 # current API compatible version; used for version of shared library RUBY22_API_VERSION= 2.2.0 Index: pkgsrc/lang/ruby25-base/Makefile diff -u pkgsrc/lang/ruby25-base/Makefile:1.4 pkgsrc/lang/ruby25-base/Makefile:1.5 --- pkgsrc/lang/ruby25-base/Makefile:1.4 Mon Feb 19 16:47:17 2018 +++ pkgsrc/lang/ruby25-base/Makefile Thu Mar 29 03:06:57 2018 @@ -1,15 +1,10 @@ -# $NetBSD: Makefile,v 1.4 2018/02/19 16:47:17 taca Exp $ +# $NetBSD: Makefile,v 1.5 2018/03/29 03:06:57 taca Exp $ DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} -PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} -PATCH_SITES= https://bugs.ruby-lang.org/attachments/download/7027/ -PATCHFILES= rubygems-276-for-ruby25.patch -PATCH_DIST_STRIP= -p0 - MAINTAINER= taca@NetBSD.org HOMEPAGE= ${RUBY_HOMEPAGE} COMMENT= Ruby ${RUBY_VERSION} release minimum base package Index: pkgsrc/lang/ruby25-base/distinfo diff -u pkgsrc/lang/ruby25-base/distinfo:1.5 pkgsrc/lang/ruby25-base/distinfo:1.6 --- pkgsrc/lang/ruby25-base/distinfo:1.5 Mon Feb 19 16:47:17 2018 +++ pkgsrc/lang/ruby25-base/distinfo Thu Mar 29 03:06:57 2018 @@ -1,13 +1,9 @@ -$NetBSD: distinfo,v 1.5 2018/02/19 16:47:17 taca Exp $ +$NetBSD: distinfo,v 1.6 2018/03/29 03:06:57 taca Exp $ -SHA1 (ruby-2.5.0.tar.bz2) = 827b9a3bcffa86d1fc9ed96d403cb9dc37731688 -RMD160 (ruby-2.5.0.tar.bz2) = e09d8b3f89d3b494231026cf1295c5bf5da794e5 -SHA512 (ruby-2.5.0.tar.bz2) = 8f6fdf6708e7470f55bc009db2567cd8d4e633ad0678d83a015441ecf5b5d88bd7da8fb8533a42157ff83b74d00b6dc617d39bbb17fc2c6c12287a1d8eaa0f2c -Size (ruby-2.5.0.tar.bz2) = 13955820 bytes -SHA1 (rubygems-276-for-ruby25.patch) = 3fe8a6a0307ea2e3f029a0dc5f8113583ccbb241 -RMD160 (rubygems-276-for-ruby25.patch) = 8177f1c9a7900b0a797b563be0e51c37f03962d8 -SHA512 (rubygems-276-for-ruby25.patch) = 83db7e4cc2c9b4f793cc9ecf1a2c3b37c55ca7dff6515ca7e6f4b5d797d3fa111b11b1c8eb11578c05078c61d4d37198e5ee382f4d9f910a01283dbb74432b7d -Size (rubygems-276-for-ruby25.patch) = 79238 bytes +SHA1 (ruby-2.5.1.tar.bz2) = 251fdb5ac10783b036fe923aa7986be582062361 +RMD160 (ruby-2.5.1.tar.bz2) = a4cd4e9b38103d65da2954681d5d0c34b17b69ae +SHA512 (ruby-2.5.1.tar.bz2) = 82e799ecf7257a9f5fe8691c50a478b0f91bd4bdca50341c839634b0da5cd76c5556965cb9437264b66438434c94210c949fe9dab88cbc5b3b7fa34b5382659b +Size (ruby-2.5.1.tar.bz2) = 14000644 bytes SHA1 (patch-configure) = 965f31ec3ae2fb91479f02cb3b19ea7518685718 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e --_----------=_1522292817255580--