Received: by mail.netbsd.org (Postfix, from userid 605) id 367E484E6C; Thu, 6 Oct 2022 14:19:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6690084E61 for ; Thu, 6 Oct 2022 14:19:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id OVv8yxV-J_RA for ; Thu, 6 Oct 2022 14:19:01 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id A802784D8A for ; Thu, 6 Oct 2022 14:19:01 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 9BACFFA90; Thu, 6 Oct 2022 14:19:01 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1665065941141310" MIME-Version: 1.0 Date: Thu, 6 Oct 2022 14:19:01 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/databases/ruby-sqlite3 To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20221006141901.9BACFFA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1665065941141310 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Thu Oct 6 14:19:01 UTC 2022 Modified Files: pkgsrc/databases/ruby-sqlite3: Makefile PLIST distinfo Log Message: databases/ruby-sqlite3: update to 1.5.2 1.5.2 (2022-10-01) Packaging This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation. v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. [#352] 1.5.1 (2022-09-29) Dependencies * Vendored sqlite is updated to v3.39.4. Security The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update. In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow. For more information please see GHSA-mgvv-5mxp-xq67. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 pkgsrc/databases/ruby-sqlite3/Makefile cvs rdiff -u -r1.19 -r1.20 pkgsrc/databases/ruby-sqlite3/PLIST cvs rdiff -u -r1.26 -r1.27 pkgsrc/databases/ruby-sqlite3/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1665065941141310 Content-Disposition: inline Content-Length: 2705 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/databases/ruby-sqlite3/Makefile diff -u pkgsrc/databases/ruby-sqlite3/Makefile:1.56 pkgsrc/databases/ruby-sqlite3/Makefile:1.57 --- pkgsrc/databases/ruby-sqlite3/Makefile:1.56 Sun Sep 11 16:05:14 2022 +++ pkgsrc/databases/ruby-sqlite3/Makefile Thu Oct 6 14:19:01 2022 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.56 2022/09/11 16:05:14 taca Exp $ +# $NetBSD: Makefile,v 1.57 2022/10/06 14:19:01 taca Exp $ -DISTNAME= sqlite3-1.5.0 -PKGREVISION= 1 +DISTNAME= sqlite3-1.5.2 CATEGORIES= databases MAINTAINER= pkgsrc-users@NetBSD.org Index: pkgsrc/databases/ruby-sqlite3/PLIST diff -u pkgsrc/databases/ruby-sqlite3/PLIST:1.19 pkgsrc/databases/ruby-sqlite3/PLIST:1.20 --- pkgsrc/databases/ruby-sqlite3/PLIST:1.19 Fri Sep 9 13:17:47 2022 +++ pkgsrc/databases/ruby-sqlite3/PLIST Thu Oct 6 14:19:01 2022 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.19 2022/09/09 13:17:47 taca Exp $ +@comment $NetBSD: PLIST,v 1.20 2022/10/06 14:19:01 taca Exp $ ${GEM_HOME}/build_info/${GEM_NAME}.info ${GEM_HOME}/cache/${GEM_NAME}.gem ${GEM_EXTSDIR}/gem.build_complete @@ -12,6 +12,7 @@ ${GEM_LIBDIR}/Gemfile ${GEM_LIBDIR}/LICENSE ${GEM_LIBDIR}/LICENSE-DEPENDENCIES ${GEM_LIBDIR}/README.md +${GEM_LIBDIR}/dependencies.yml ${GEM_LIBDIR}/ext/sqlite3/aggregator.c ${GEM_LIBDIR}/ext/sqlite3/aggregator.h ${GEM_LIBDIR}/ext/sqlite3/backup.c @@ -39,6 +40,7 @@ ${GEM_LIBDIR}/lib/sqlite3/statement.rb ${GEM_LIBDIR}/lib/sqlite3/translator.rb ${GEM_LIBDIR}/lib/sqlite3/value.rb ${GEM_LIBDIR}/lib/sqlite3/version.rb +${GEM_LIBDIR}/ports/archives/sqlite-autoconf-3390400.tar.gz ${GEM_LIBDIR}/test/helper.rb ${GEM_LIBDIR}/test/test_backup.rb ${GEM_LIBDIR}/test/test_collation.rb Index: pkgsrc/databases/ruby-sqlite3/distinfo diff -u pkgsrc/databases/ruby-sqlite3/distinfo:1.26 pkgsrc/databases/ruby-sqlite3/distinfo:1.27 --- pkgsrc/databases/ruby-sqlite3/distinfo:1.26 Fri Sep 9 13:17:47 2022 +++ pkgsrc/databases/ruby-sqlite3/distinfo Thu Oct 6 14:19:01 2022 @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.26 2022/09/09 13:17:47 taca Exp $ +$NetBSD: distinfo,v 1.27 2022/10/06 14:19:01 taca Exp $ -BLAKE2s (sqlite3-1.5.0.gem) = bc9dcb58e741a9471ded882ffde9fa20da40ce004415f5fae37edb0025dfc373 -SHA512 (sqlite3-1.5.0.gem) = 52303d3994e25bc994f86fac03b40b3bdb7eb688ae386ca583bacab74b68dd493c470f854884036d350b23ba366448605314bf080343a5684f9c999d73c1ab38 -Size (sqlite3-1.5.0.gem) = 3102720 bytes +BLAKE2s (sqlite3-1.5.2.gem) = 3ada0749d73f5e24dc1162b58028a092e5ce42c4e4d53b92e04da629cff90378 +SHA512 (sqlite3-1.5.2.gem) = 2fed4140beee19c2fa695e219de2dfb107e112b80ae9b0524961e3de0f92482cd0510e39cc5f04287ed275fc135eaf449bd90dd224961b7c4968e2c8e639a30b +Size (sqlite3-1.5.2.gem) = 3134976 bytes --_----------=_1665065941141310--