www/ruby-mechanize: update to 2.7.7 pkgsrc change: add "USE_LANGUAGES= # empty" 2.7.7 / 2021-02-01 * Security fixes for CVE-2021-21289 Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes' methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed) - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4) - `Mechanize#download`: since v2.2 (see dc91667) - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0) - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519) - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5) See github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more information. Also see #547, #548. Thank you, @kyoshidajp! New Features * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena Bug fix * Ignore input fields with blank names (#542, #536)diff -r1.19 -r1.20 pkgsrc/www/ruby-mechanize/Makefile
(taca)
| @@ -1,21 +1,24 @@ | @@ -1,21 +1,24 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.19 2018/09/23 16:53:58 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.20 2021/02/03 15:44:35 taca Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= mechanize-2.7.6 | 3 | DISTNAME= mechanize-2.7.7 | |
| 4 | CATEGORIES= www | 4 | CATEGORIES= www | |
| 5 | 5 | |||
| 6 | MAINTAINER= minskim@NetBSD.org | 6 | MAINTAINER= minskim@NetBSD.org | |
| 7 | HOMEPAGE= https://github.com/sparklemotion/mechanize | 7 | HOMEPAGE= https://github.com/sparklemotion/mechanize | |
| 8 | COMMENT= Library to automate interaction with websites | 8 | COMMENT= Library to automate interaction with websites | |
| 9 | LICENSE= mit | 9 | LICENSE= mit | |
| 10 | 10 | |||
| 11 | DEPENDS+= ${RUBY_PKGPREFIX}-net-http-digest_auth>=1.1.1:../../www/ruby-net-http-digest_auth | 11 | DEPENDS+= ${RUBY_PKGPREFIX}-net-http-digest_auth>=1.1.1:../../www/ruby-net-http-digest_auth | |
| 12 | DEPENDS+= ${RUBY_PKGPREFIX}-net-http-persistent>=2.5.2:../../www/ruby-net-http-persistent | 12 | DEPENDS+= ${RUBY_PKGPREFIX}-net-http-persistent>=2.5.2:../../www/ruby-net-http-persistent | |
| 13 | DEPENDS+= ${RUBY_PKGPREFIX}-mime-types>=1.17.2:../../mail/ruby-mime-types | 13 | DEPENDS+= ${RUBY_PKGPREFIX}-mime-types>=1.17.2:../../mail/ruby-mime-types | |
| 14 | DEPENDS+= ${RUBY_PKGPREFIX}-domain_name>=0.5.1<1:../../net/ruby-domain_name | 14 | DEPENDS+= ${RUBY_PKGPREFIX}-domain_name>=0.5.1<1:../../net/ruby-domain_name | |
| 15 | DEPENDS+= ${RUBY_PKGPREFIX}-http-cookie>=1.0<2:../../www/ruby-http-cookie | 15 | DEPENDS+= ${RUBY_PKGPREFIX}-http-cookie>=1.0<2:../../www/ruby-http-cookie | |
| 16 | DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.6<2:../../textproc/ruby-nokogiri | 16 | DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.6<2:../../textproc/ruby-nokogiri | |
| 17 | DEPENDS+= ${RUBY_PKGPREFIX}-ntlm-http>=0.1<1:../../www/ruby-ntlm-http | 17 | DEPENDS+= ${RUBY_PKGPREFIX}-ntlm-http>=0.1<1:../../www/ruby-ntlm-http | |
| 18 | DEPENDS+= ${RUBY_PKGPREFIX}-webrobots>=0.0<0.2:../../www/ruby-webrobots | 18 | DEPENDS+= ${RUBY_PKGPREFIX}-webrobots>=0.0<0.2:../../www/ruby-webrobots | |
| 19 | DEPENDS+= ${RUBY_PKGPREFIX}-webrick>=1.7<2:../../www/ruby-webrick | |||
| 20 | ||||
| 21 | USE_LANGUAGES= # empty | |||
| 19 | 22 | |||
| 20 | .include "../../lang/ruby/gem.mk" | 23 | .include "../../lang/ruby/gem.mk" | |
| 21 | .include "../../mk/bsd.pkg.mk" | 24 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.13 2016/10/18 15:50:43 taca Exp $ | 1 | @comment $NetBSD: PLIST,v 1.14 2021/02/03 15:44:35 taca Exp $ | |
| 2 | ${GEM_HOME}/cache/${GEM_NAME}.gem | 2 | ${GEM_HOME}/cache/${GEM_NAME}.gem | |
| 3 | ${GEM_LIBDIR}/.autotest | 3 | ${GEM_LIBDIR}/.autotest | |
| 4 | ${GEM_LIBDIR}/.github/workflows/ci-test.yml | |||
| 4 | ${GEM_LIBDIR}/.gitignore | 5 | ${GEM_LIBDIR}/.gitignore | |
| 5 | ${GEM_LIBDIR}/.travis.yml | |||
| 6 | ${GEM_LIBDIR}/CHANGELOG.rdoc | 6 | ${GEM_LIBDIR}/CHANGELOG.rdoc | |
| 7 | ${GEM_LIBDIR}/EXAMPLES.rdoc | 7 | ${GEM_LIBDIR}/EXAMPLES.rdoc | |
| 8 | ${GEM_LIBDIR}/GUIDE.rdoc | 8 | ${GEM_LIBDIR}/GUIDE.rdoc | |
| 9 | ${GEM_LIBDIR}/Gemfile | 9 | ${GEM_LIBDIR}/Gemfile | |
| 10 | ${GEM_LIBDIR}/LICENSE.rdoc | 10 | ${GEM_LIBDIR}/LICENSE.rdoc | |
| 11 | ${GEM_LIBDIR}/README.rdoc | 11 | ${GEM_LIBDIR}/README.rdoc | |
| 12 | ${GEM_LIBDIR}/Rakefile | 12 | ${GEM_LIBDIR}/Rakefile | |
| 13 | ${GEM_LIBDIR}/examples/flickr_upload.rb | 13 | ${GEM_LIBDIR}/examples/flickr_upload.rb | |
| 14 | ${GEM_LIBDIR}/examples/mech-dump.rb | 14 | ${GEM_LIBDIR}/examples/mech-dump.rb | |
| 15 | ${GEM_LIBDIR}/examples/proxy_req.rb | 15 | ${GEM_LIBDIR}/examples/proxy_req.rb | |
| 16 | ${GEM_LIBDIR}/examples/rubygems.rb | 16 | ${GEM_LIBDIR}/examples/rubygems.rb | |
| 17 | ${GEM_LIBDIR}/examples/spider.rb | 17 | ${GEM_LIBDIR}/examples/spider.rb | |
| 18 | ${GEM_LIBDIR}/examples/wikipedia_links_to_philosophy.rb | 18 | ${GEM_LIBDIR}/examples/wikipedia_links_to_philosophy.rb |
| @@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
| 1 | $NetBSD: distinfo,v 1.14 2018/09/23 16:53:58 taca Exp $ | 1 | $NetBSD: distinfo,v 1.15 2021/02/03 15:44:35 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (mechanize-2.7.6.gem) = e57014f1bb5d0199cffd3d70bb25885fdcbc5970 | 3 | SHA1 (mechanize-2.7.7.gem) = 3270102df012ab42eda96c263a20a76262a34565 | |
| 4 | RMD160 (mechanize-2.7.6.gem) = 8c82192a2fc4b273d14c9626a53a3e98bd93eec2 | 4 | RMD160 (mechanize-2.7.7.gem) = c7c29dabb4b706434dca65109c42b485b9b06bc6 | |
| 5 | SHA512 (mechanize-2.7.6.gem) = e89eb75af169ba198e5a82ffe4ce3c0962bc3fb6793f88bc735b647b7816d0c78d8968c43d213071e017e7f836ab91ed0c546c9eb986647355a1d38b1ba18138 | 5 | SHA512 (mechanize-2.7.7.gem) = 759bc6b2da8e0288edbe484b2ced02ce6ef49686a7a4c4ab0065e0f88799d23bc536a0ef160703726e83136857e893135a222aa295974e12f2b6988ecfbe7530 | |
| 6 | Size (mechanize-2.7.6.gem) = 138752 bytes | 6 | Size (mechanize-2.7.7.gem) = 139264 bytes |