Mon Jun 8 17:52:41 2020 UTC ()
Pullup ticket #6223 - requested by taca
www/ruby-puma: security fix

Revisions pulled up:
- www/ruby-puma/Makefile                                        1.23
- www/ruby-puma/distinfo                                        1.18

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun May 24 13:47:49 UTC 2020

   Modified Files:
   	pkgsrc/www/ruby-puma: Makefile distinfo

   Log Message:
   www/ruby-puma: update to 4.3.5

   Update ruby-puma to 4.3.5.

   4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22

   Each patchlevel release contains a separate security fix. We recommend
   simply upgrading to 4.3.5/3.12.6.

   * Security

     Fix: Fixed two separate HTTP smuggling vulnerabilities that used the
     Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.


(bsiegert)
diff -r1.22 -r1.22.2.1 pkgsrc/www/ruby-puma/Makefile
diff -r1.17 -r1.17.2.1 pkgsrc/www/ruby-puma/distinfo
cvs diff -r1.22 -r1.22.2.1 pkgsrc/www/ruby-puma/Makefile (expand / switch to unified diff)

--- pkgsrc/www/ruby-puma/Makefile 2020/03/01 02:52:25 1.22
+++ pkgsrc/www/ruby-puma/Makefile 2020/06/08 17:52:41 1.22.2.1
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.22 2020/03/01 02:52:25 taca Exp $ 1# $NetBSD: Makefile,v 1.22.2.1 2020/06/08 17:52:41 bsiegert Exp $
2 2
3DISTNAME= puma-4.3.3 3DISTNAME= puma-4.3.5
4CATEGORIES= www 4CATEGORIES= www
5 5
6MAINTAINER= taca@NetBSD.org 6MAINTAINER= taca@NetBSD.org
7HOMEPAGE= https://puma.io/ 7HOMEPAGE= https://puma.io/
8COMMENT= Modern concurrent web server for Ruby 8COMMENT= Modern concurrent web server for Ruby
9LICENSE= mit 9LICENSE= mit
10 10
11DEPENDS+= ${RUBY_PKGPREFIX}-nio4r>=2.0<3:../../net/ruby-nio4r 11DEPENDS+= ${RUBY_PKGPREFIX}-nio4r>=2.0<3:../../net/ruby-nio4r
12 12
13RUBYGEM_OPTIONS+= --format-executable 13RUBYGEM_OPTIONS+= --format-executable
14USE_GCC_RUNTIME= yes 14USE_GCC_RUNTIME= yes
15 15
16.include "../../lang/ruby/gem.mk" 16.include "../../lang/ruby/gem.mk"
cvs diff -r1.17 -r1.17.2.1 pkgsrc/www/ruby-puma/distinfo (expand / switch to unified diff)

--- pkgsrc/www/ruby-puma/distinfo 2020/03/01 02:52:25 1.17
+++ pkgsrc/www/ruby-puma/distinfo 2020/06/08 17:52:41 1.17.2.1
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.17 2020/03/01 02:52:25 taca Exp $ 1$NetBSD: distinfo,v 1.17.2.1 2020/06/08 17:52:41 bsiegert Exp $
2 2
3SHA1 (puma-4.3.3.gem) = fe73c9cffc842eb7fe07ea1ec01dad9ddc40976f 3SHA1 (puma-4.3.5.gem) = d7652ab00d3791508b17f51a9f88a72b6584aeb8
4RMD160 (puma-4.3.3.gem) = 4777976662b29a3e9a34fb4fbca8d950d24a4a88 4RMD160 (puma-4.3.5.gem) = 80c23f63ae471d6914178a520630c3fefe72624c
5SHA512 (puma-4.3.3.gem) = 12d6cfd483f6c10f61ab1480e15ad32bbb878f451a9cf1b5e07f54b41608ff265f5963c018c6b73b247dd58fda4c2f47bba1975e8e61df37cb788280fbb4ed0e 5SHA512 (puma-4.3.5.gem) = 7271d2c6d12094fdc9c17ae93f14f6c83e6e007f46359940e40e37b712b5e8deb9646640333a5e0cfe92ccc8d5fb85b490d4a5899489031ea3caccca55a3ae94
6Size (puma-4.3.3.gem) = 174592 bytes 6Size (puma-4.3.5.gem) = 175104 bytes