Received: by mail.netbsd.org (Postfix, from userid 605) id 2D27384D3E; Sun, 23 Sep 2018 13:49:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 31DC884CD8 for ; Sun, 23 Sep 2018 13:49:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id RffB4_UUog9Y for ; Sun, 23 Sep 2018 13:49:00 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 5593484CCF for ; Sun, 23 Sep 2018 13:49:00 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 4AB69FBEE; Sun, 23 Sep 2018 13:49:00 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1537710540245280" MIME-Version: 1.0 Date: Sun, 23 Sep 2018 13:49:00 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/archivers/ruby-zip To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20180923134900.4AB69FBEE@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1537710540245280 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sun Sep 23 13:49:00 UTC 2018 Modified Files: pkgsrc/archivers/ruby-zip: Makefile PLIST distinfo Log Message: archivers/ruby-zip: update to 1.2.2 Various small bug fixes including CVE-2018-1000544 (absolute path traversal). To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/archivers/ruby-zip/Makefile cvs rdiff -u -r1.12 -r1.13 pkgsrc/archivers/ruby-zip/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/archivers/ruby-zip/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1537710540245280 Content-Disposition: inline Content-Length: 3802 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/archivers/ruby-zip/Makefile diff -u pkgsrc/archivers/ruby-zip/Makefile:1.17 pkgsrc/archivers/ruby-zip/Makefile:1.18 --- pkgsrc/archivers/ruby-zip/Makefile:1.17 Sat Mar 11 15:34:46 2017 +++ pkgsrc/archivers/ruby-zip/Makefile Sun Sep 23 13:49:00 2018 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.17 2017/03/11 15:34:46 taca Exp $ +# $NetBSD: Makefile,v 1.18 2018/09/23 13:49:00 taca Exp $ -DISTNAME= rubyzip-1.2.1 +DISTNAME= rubyzip-1.2.2 PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/ruby//} CATEGORIES= archivers Index: pkgsrc/archivers/ruby-zip/PLIST diff -u pkgsrc/archivers/ruby-zip/PLIST:1.12 pkgsrc/archivers/ruby-zip/PLIST:1.13 --- pkgsrc/archivers/ruby-zip/PLIST:1.12 Tue Mar 8 13:50:17 2016 +++ pkgsrc/archivers/ruby-zip/PLIST Sun Sep 23 13:49:00 2018 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.12 2016/03/08 13:50:17 taca Exp $ +@comment $NetBSD: PLIST,v 1.13 2018/09/23 13:49:00 taca Exp $ ${GEM_HOME}/cache/${GEM_NAME}.gem ${GEM_LIBDIR}/README.md ${GEM_LIBDIR}/Rakefile @@ -61,10 +61,25 @@ ${GEM_LIBDIR}/test/data/globTest.zip ${GEM_LIBDIR}/test/data/globTest/foo.txt ${GEM_LIBDIR}/test/data/globTest/foo/bar/baz/foo.txt ${GEM_LIBDIR}/test/data/globTest/food.txt +${GEM_LIBDIR}/test/data/gpbit3stored.zip ${GEM_LIBDIR}/test/data/mimetype ${GEM_LIBDIR}/test/data/notzippedruby.rb ${GEM_LIBDIR}/test/data/ntfs.zip ${GEM_LIBDIR}/test/data/oddExtraField.zip +${GEM_LIBDIR}/test/data/path_traversal/Makefile +${GEM_LIBDIR}/test/data/path_traversal/jwilk/README.md +${GEM_LIBDIR}/test/data/path_traversal/jwilk/absolute1.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/absolute2.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/dirsymlink.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/dirsymlink2a.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/dirsymlink2b.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/relative0.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/relative2.zip +${GEM_LIBDIR}/test/data/path_traversal/jwilk/symlink.zip +${GEM_LIBDIR}/test/data/path_traversal/relative1.zip +${GEM_LIBDIR}/test/data/path_traversal/tuzovakaoff/README.md +${GEM_LIBDIR}/test/data/path_traversal/tuzovakaoff/absolutepath.zip +${GEM_LIBDIR}/test/data/path_traversal/tuzovakaoff/symlink.zip ${GEM_LIBDIR}/test/data/rubycode.zip ${GEM_LIBDIR}/test/data/rubycode2.zip ${GEM_LIBDIR}/test/data/test.xls @@ -98,6 +113,7 @@ ${GEM_LIBDIR}/test/local_entry_test.rb ${GEM_LIBDIR}/test/output_stream_test.rb ${GEM_LIBDIR}/test/pass_thru_compressor_test.rb ${GEM_LIBDIR}/test/pass_thru_decompressor_test.rb +${GEM_LIBDIR}/test/path_traversal_test.rb ${GEM_LIBDIR}/test/samples/example_recursive_test.rb ${GEM_LIBDIR}/test/settings_test.rb ${GEM_LIBDIR}/test/test_helper.rb Index: pkgsrc/archivers/ruby-zip/distinfo diff -u pkgsrc/archivers/ruby-zip/distinfo:1.15 pkgsrc/archivers/ruby-zip/distinfo:1.16 --- pkgsrc/archivers/ruby-zip/distinfo:1.15 Sat Mar 11 15:34:46 2017 +++ pkgsrc/archivers/ruby-zip/distinfo Sun Sep 23 13:49:00 2018 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.15 2017/03/11 15:34:46 taca Exp $ +$NetBSD: distinfo,v 1.16 2018/09/23 13:49:00 taca Exp $ -SHA1 (rubyzip-1.2.1.gem) = 6db27c04c4051fdd163a759d294a66e89438ccbe -RMD160 (rubyzip-1.2.1.gem) = 7706dd78f3f465d27b29971b28a6268a0dd3461f -SHA512 (rubyzip-1.2.1.gem) = d2ce408dba3dfc6c005570504b58b11e3f3b17170734d34a1ce906c57e7f8c56beb856a1dbe66eeb854dd3d20a76108e347b9e596107d3693080d42a009eb95e -Size (rubyzip-1.2.1.gem) = 149504 bytes +SHA1 (rubyzip-1.2.2.gem) = c0e989661ce4e5cebf4c47e3e02a411521a55d1f +RMD160 (rubyzip-1.2.2.gem) = d8295b7e2ec075087499baf9685af09a55c051b0 +SHA512 (rubyzip-1.2.2.gem) = 2adbf775e8480a90bd25de7fc9a4094079a7b1f81266a3866b163da47dcc5d5b08a39ec4e00f892212d3849bd8974ce9179b44c06d447d3b0f984dec305724b8 +Size (rubyzip-1.2.2.gem) = 152576 bytes --_----------=_1537710540245280--