head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.2; locks; strict; comment @# @; 1.1 date 2026.05.06.05.28.23; author taca; state Exp; branches 1.1.2.1; next ; commitid GDUOM6Rmv0RIkIEG; 1.1.2.1 date 2026.05.06.05.28.23; author bsiegert; state dead; branches; next 1.1.2.2; commitid sY27BZHY7cVl1aFG; 1.1.2.2 date 2026.05.09.16.52.08; author bsiegert; state Exp; branches; next ; commitid sY27BZHY7cVl1aFG; desc @@ 1.1 log @lang/ruby33: update default gem erb to 4.0.3.1 Update default gem erb to 4.0.3.1 to fix security problem of CVE-2026-41316. Bump PKGREVISION. @ text @$NetBSD$ Update to erb 4.0.3.1 to fix CVE-2026-41316. --- test/erb/test_erb.rb.orig 2026-03-26 00:05:04.000000000 +0000 +++ test/erb/test_erb.rb @@@@ -714,6 +714,33 @@@@ EOS assert_raise(ArgumentError) {erb.result} end + def test_prohibited_marshal_load_def_method + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_method(Class.new, 'render')} + end + + def test_prohibited_marshal_load_def_module + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_module} + end + + def test_prohibited_marshal_load_def_class + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_class} + end + def test_multi_line_comment_lineno erb = ERB.new(<<~EOS) <%= __LINE__ %> @ 1.1.2.1 log @file patch-test_erb_test__erb.rb was added on branch pkgsrc-2026Q1 on 2026-05-09 16:52:08 +0000 @ text @d1 40 @ 1.1.2.2 log @Pullup ticket #7105 - requested by taca lang/ruby33: security fix Revisions pulled up: - lang/ruby/rubyversion.mk 1.322 - lang/ruby33/Makefile 1.11 - lang/ruby33/distinfo 1.17 - lang/ruby33/patches/patch-lib_erb.rb 1.1 - lang/ruby33/patches/patch-lib_erb_version.rb 1.1 - lang/ruby33/patches/patch-test_erb_test__erb.rb 1.1 --- Module Name: pkgsrc Committed By: taca Date: Wed May 6 05:28:23 UTC 2026 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby33: Makefile distinfo Added Files: pkgsrc/lang/ruby33/patches: patch-lib_erb.rb patch-lib_erb_version.rb patch-test_erb_test__erb.rb Log Message: lang/ruby33: update default gem erb to 4.0.3.1 Update default gem erb to 4.0.3.1 to fix security problem of CVE-2026-41316. Bump PKGREVISION. @ text @a0 40 $NetBSD: patch-test_erb_test__erb.rb,v 1.1 2026/05/06 05:28:23 taca Exp $ Update to erb 4.0.3.1 to fix CVE-2026-41316. --- test/erb/test_erb.rb.orig 2026-03-26 00:05:04.000000000 +0000 +++ test/erb/test_erb.rb @@@@ -714,6 +714,33 @@@@ EOS assert_raise(ArgumentError) {erb.result} end + def test_prohibited_marshal_load_def_method + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_method(Class.new, 'render')} + end + + def test_prohibited_marshal_load_def_module + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_module} + end + + def test_prohibited_marshal_load_def_class + erb = ERB.allocate + erb.instance_variable_set(:@@src, "") + erb.instance_variable_set(:@@lineno, 1) + erb.instance_variable_set(:@@_init, true) + erb = Marshal.load(Marshal.dump(erb)) + assert_raise(ArgumentError) {erb.def_class} + end + def test_multi_line_comment_lineno erb = ERB.new(<<~EOS) <%= __LINE__ %> @