Pullup ticket #6223 - requested by taca www/ruby-puma: security fix Revisions pulled up: - www/ruby-puma/Makefile 1.23 - www/ruby-puma/distinfo 1.18 --- Module Name: pkgsrc Committed By: taca Date: Sun May 24 13:47:49 UTC 2020 Modified Files: pkgsrc/www/ruby-puma: Makefile distinfo Log Message: www/ruby-puma: update to 4.3.5 Update ruby-puma to 4.3.5. 4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22 Each patchlevel release contains a separate security fix. We recommend simply upgrading to 4.3.5/3.12.6. * Security Fix: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.diff -r1.22 -r1.22.2.1 pkgsrc/www/ruby-puma/Makefile
(bsiegert)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.22 2020/03/01 02:52:25 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.22.2.1 2020/06/08 17:52:41 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= puma-4.3.3 | 3 | DISTNAME= puma-4.3.5 | |
4 | CATEGORIES= www | 4 | CATEGORIES= www | |
5 | 5 | |||
6 | MAINTAINER= taca@NetBSD.org | 6 | MAINTAINER= taca@NetBSD.org | |
7 | HOMEPAGE= https://puma.io/ | 7 | HOMEPAGE= https://puma.io/ | |
8 | COMMENT= Modern concurrent web server for Ruby | 8 | COMMENT= Modern concurrent web server for Ruby | |
9 | LICENSE= mit | 9 | LICENSE= mit | |
10 | 10 | |||
11 | DEPENDS+= ${RUBY_PKGPREFIX}-nio4r>=2.0<3:../../net/ruby-nio4r | 11 | DEPENDS+= ${RUBY_PKGPREFIX}-nio4r>=2.0<3:../../net/ruby-nio4r | |
12 | 12 | |||
13 | RUBYGEM_OPTIONS+= --format-executable | 13 | RUBYGEM_OPTIONS+= --format-executable | |
14 | USE_GCC_RUNTIME= yes | 14 | USE_GCC_RUNTIME= yes | |
15 | 15 | |||
16 | .include "../../lang/ruby/gem.mk" | 16 | .include "../../lang/ruby/gem.mk" |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | $NetBSD: distinfo,v 1.17 2020/03/01 02:52:25 taca Exp $ | 1 | $NetBSD: distinfo,v 1.17.2.1 2020/06/08 17:52:41 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (puma-4.3.3.gem) = fe73c9cffc842eb7fe07ea1ec01dad9ddc40976f | 3 | SHA1 (puma-4.3.5.gem) = d7652ab00d3791508b17f51a9f88a72b6584aeb8 | |
4 | RMD160 (puma-4.3.3.gem) = 4777976662b29a3e9a34fb4fbca8d950d24a4a88 | 4 | RMD160 (puma-4.3.5.gem) = 80c23f63ae471d6914178a520630c3fefe72624c | |
5 | SHA512 (puma-4.3.3.gem) = 12d6cfd483f6c10f61ab1480e15ad32bbb878f451a9cf1b5e07f54b41608ff265f5963c018c6b73b247dd58fda4c2f47bba1975e8e61df37cb788280fbb4ed0e | 5 | SHA512 (puma-4.3.5.gem) = 7271d2c6d12094fdc9c17ae93f14f6c83e6e007f46359940e40e37b712b5e8deb9646640333a5e0cfe92ccc8d5fb85b490d4a5899489031ea3caccca55a3ae94 | |
6 | Size (puma-4.3.3.gem) = 174592 bytes | 6 | Size (puma-4.3.5.gem) = 175104 bytes |