diff options
author | taca <taca@pkgsrc.org> | 2021-02-03 15:44:35 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2021-02-03 15:44:35 +0000 |
commit | 92ec9bfdbd549be061b790b59998b0f296cb62d0 (patch) | |
tree | b4d6fea43920de48a8d360c8ce7c23c31c45676d | |
parent | f54fb48860e238ed9c7ad42a797b6ffe5d446f73 (diff) | |
download | pkgsrc-92ec9bfdbd549be061b790b59998b0f296cb62d0.tar.gz |
www/ruby-mechanize: update to 2.7.7
pkgsrc change: add "USE_LANGUAGES= # empty"
2.7.7 / 2021-02-01
* Security fixes for CVE-2021-21289
Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected
into several classes' methods via implicit use of Ruby's `Kernel.open`
method. Exploitation is possible only if untrusted input is used as a
local filename and passed to any of these calls:
- `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
- `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
- `Mechanize#download`: since v2.2 (see dc91667)
- `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
- `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
- `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
See
github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
for more information.
Also see #547, #548. Thank you, @kyoshidajp!
New Features
* Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557)
@pvalena
Bug fix
* Ignore input fields with blank names (#542, #536)
-rw-r--r-- | www/ruby-mechanize/Makefile | 7 | ||||
-rw-r--r-- | www/ruby-mechanize/PLIST | 4 | ||||
-rw-r--r-- | www/ruby-mechanize/distinfo | 10 |
3 files changed, 12 insertions, 9 deletions
diff --git a/www/ruby-mechanize/Makefile b/www/ruby-mechanize/Makefile index 76b9fdf9c33..cc44638adc4 100644 --- a/www/ruby-mechanize/Makefile +++ b/www/ruby-mechanize/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.19 2018/09/23 16:53:58 taca Exp $ +# $NetBSD: Makefile,v 1.20 2021/02/03 15:44:35 taca Exp $ -DISTNAME= mechanize-2.7.6 +DISTNAME= mechanize-2.7.7 CATEGORIES= www MAINTAINER= minskim@NetBSD.org @@ -16,6 +16,9 @@ DEPENDS+= ${RUBY_PKGPREFIX}-http-cookie>=1.0<2:../../www/ruby-http-cookie DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.6<2:../../textproc/ruby-nokogiri DEPENDS+= ${RUBY_PKGPREFIX}-ntlm-http>=0.1<1:../../www/ruby-ntlm-http DEPENDS+= ${RUBY_PKGPREFIX}-webrobots>=0.0<0.2:../../www/ruby-webrobots +DEPENDS+= ${RUBY_PKGPREFIX}-webrick>=1.7<2:../../www/ruby-webrick + +USE_LANGUAGES= # empty .include "../../lang/ruby/gem.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/ruby-mechanize/PLIST b/www/ruby-mechanize/PLIST index f8c66458996..2e611424ffb 100644 --- a/www/ruby-mechanize/PLIST +++ b/www/ruby-mechanize/PLIST @@ -1,8 +1,8 @@ -@comment $NetBSD: PLIST,v 1.13 2016/10/18 15:50:43 taca Exp $ +@comment $NetBSD: PLIST,v 1.14 2021/02/03 15:44:35 taca Exp $ ${GEM_HOME}/cache/${GEM_NAME}.gem ${GEM_LIBDIR}/.autotest +${GEM_LIBDIR}/.github/workflows/ci-test.yml ${GEM_LIBDIR}/.gitignore -${GEM_LIBDIR}/.travis.yml ${GEM_LIBDIR}/CHANGELOG.rdoc ${GEM_LIBDIR}/EXAMPLES.rdoc ${GEM_LIBDIR}/GUIDE.rdoc diff --git a/www/ruby-mechanize/distinfo b/www/ruby-mechanize/distinfo index ed4ef349148..63155c9215e 100644 --- a/www/ruby-mechanize/distinfo +++ b/www/ruby-mechanize/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.14 2018/09/23 16:53:58 taca Exp $ +$NetBSD: distinfo,v 1.15 2021/02/03 15:44:35 taca Exp $ -SHA1 (mechanize-2.7.6.gem) = e57014f1bb5d0199cffd3d70bb25885fdcbc5970 -RMD160 (mechanize-2.7.6.gem) = 8c82192a2fc4b273d14c9626a53a3e98bd93eec2 -SHA512 (mechanize-2.7.6.gem) = e89eb75af169ba198e5a82ffe4ce3c0962bc3fb6793f88bc735b647b7816d0c78d8968c43d213071e017e7f836ab91ed0c546c9eb986647355a1d38b1ba18138 -Size (mechanize-2.7.6.gem) = 138752 bytes +SHA1 (mechanize-2.7.7.gem) = 3270102df012ab42eda96c263a20a76262a34565 +RMD160 (mechanize-2.7.7.gem) = c7c29dabb4b706434dca65109c42b485b9b06bc6 +SHA512 (mechanize-2.7.7.gem) = 759bc6b2da8e0288edbe484b2ced02ce6ef49686a7a4c4ab0065e0f88799d23bc536a0ef160703726e83136857e893135a222aa295974e12f2b6988ecfbe7530 +Size (mechanize-2.7.7.gem) = 139264 bytes |