pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/ruby-mechanize



Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Feb  3 15:44:36 UTC 2021

Modified Files:
        pkgsrc/www/ruby-mechanize: Makefile PLIST distinfo

Log Message:
www/ruby-mechanize: update to 2.7.7

pkgsrc change: add "USE_LANGUAGES=      # empty"

2.7.7 / 2021-02-01

* Security fixes for CVE-2021-21289

  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected
  into several classes' methods via implicit use of Ruby's `Kernel.open`
  method. Exploitation is possible only if untrusted input is used as a
  local filename and passed to any of these calls:

  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
  - `Mechanize#download`: since v2.2 (see dc91667)
  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)

  See
  github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
  for more information.

  Also see #547, #548. Thank you, @kyoshidajp!

New Features

* Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557)
  @pvalena

Bug fix

* Ignore input fields with blank names (#542, #536)


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/ruby-mechanize/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-mechanize/PLIST
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-mechanize/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/ruby-mechanize/Makefile
diff -u pkgsrc/www/ruby-mechanize/Makefile:1.19 pkgsrc/www/ruby-mechanize/Makefile:1.20
--- pkgsrc/www/ruby-mechanize/Makefile:1.19     Sun Sep 23 16:53:58 2018
+++ pkgsrc/www/ruby-mechanize/Makefile  Wed Feb  3 15:44:35 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2018/09/23 16:53:58 taca Exp $
+# $NetBSD: Makefile,v 1.20 2021/02/03 15:44:35 taca Exp $
 
-DISTNAME=      mechanize-2.7.6
+DISTNAME=      mechanize-2.7.7
 CATEGORIES=    www
 
 MAINTAINER=    minskim%NetBSD.org@localhost
@@ -16,6 +16,9 @@ DEPENDS+=     ${RUBY_PKGPREFIX}-http-cookie>
 DEPENDS+=      ${RUBY_PKGPREFIX}-nokogiri>=1.6<2:../../textproc/ruby-nokogiri
 DEPENDS+=      ${RUBY_PKGPREFIX}-ntlm-http>=0.1<1:../../www/ruby-ntlm-http
 DEPENDS+=      ${RUBY_PKGPREFIX}-webrobots>=0.0<0.2:../../www/ruby-webrobots
+DEPENDS+=      ${RUBY_PKGPREFIX}-webrick>=1.7<2:../../www/ruby-webrick
+
+USE_LANGUAGES= # empty
 
 .include "../../lang/ruby/gem.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/www/ruby-mechanize/PLIST
diff -u pkgsrc/www/ruby-mechanize/PLIST:1.13 pkgsrc/www/ruby-mechanize/PLIST:1.14
--- pkgsrc/www/ruby-mechanize/PLIST:1.13        Tue Oct 18 15:50:43 2016
+++ pkgsrc/www/ruby-mechanize/PLIST     Wed Feb  3 15:44:35 2021
@@ -1,8 +1,8 @@
-@comment $NetBSD: PLIST,v 1.13 2016/10/18 15:50:43 taca Exp $
+@comment $NetBSD: PLIST,v 1.14 2021/02/03 15:44:35 taca Exp $
 ${GEM_HOME}/cache/${GEM_NAME}.gem
 ${GEM_LIBDIR}/.autotest
+${GEM_LIBDIR}/.github/workflows/ci-test.yml
 ${GEM_LIBDIR}/.gitignore
-${GEM_LIBDIR}/.travis.yml
 ${GEM_LIBDIR}/CHANGELOG.rdoc
 ${GEM_LIBDIR}/EXAMPLES.rdoc
 ${GEM_LIBDIR}/GUIDE.rdoc

Index: pkgsrc/www/ruby-mechanize/distinfo
diff -u pkgsrc/www/ruby-mechanize/distinfo:1.14 pkgsrc/www/ruby-mechanize/distinfo:1.15
--- pkgsrc/www/ruby-mechanize/distinfo:1.14     Sun Sep 23 16:53:58 2018
+++ pkgsrc/www/ruby-mechanize/distinfo  Wed Feb  3 15:44:35 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.14 2018/09/23 16:53:58 taca Exp $
+$NetBSD: distinfo,v 1.15 2021/02/03 15:44:35 taca Exp $
 
-SHA1 (mechanize-2.7.6.gem) = e57014f1bb5d0199cffd3d70bb25885fdcbc5970
-RMD160 (mechanize-2.7.6.gem) = 8c82192a2fc4b273d14c9626a53a3e98bd93eec2
-SHA512 (mechanize-2.7.6.gem) = e89eb75af169ba198e5a82ffe4ce3c0962bc3fb6793f88bc735b647b7816d0c78d8968c43d213071e017e7f836ab91ed0c546c9eb986647355a1d38b1ba18138
-Size (mechanize-2.7.6.gem) = 138752 bytes
+SHA1 (mechanize-2.7.7.gem) = 3270102df012ab42eda96c263a20a76262a34565
+RMD160 (mechanize-2.7.7.gem) = c7c29dabb4b706434dca65109c42b485b9b06bc6
+SHA512 (mechanize-2.7.7.gem) = 759bc6b2da8e0288edbe484b2ced02ce6ef49686a7a4c4ab0065e0f88799d23bc536a0ef160703726e83136857e893135a222aa295974e12f2b6988ecfbe7530
+Size (mechanize-2.7.7.gem) = 139264 bytes



Home | Main Index | Thread Index | Old Index