head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2026.05.06.05.15.35;	author taca;	state Exp;
branches
	1.1.2.1;
next	;
commitid	bcPiyD09cOvjgIEG;

1.1.2.1
date	2026.05.06.05.15.35;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	GbqS1CVcKhuUW9FG;

1.1.2.2
date	2026.05.09.16.39.11;	author bsiegert;	state Exp;
branches;
next	;
commitid	GbqS1CVcKhuUW9FG;


desc
@@


1.1
log
@lang/ruby34: update default gem erb to 4.0.4.1

Update default gem erb to 4.0.4.1 to fix security problem of CVE-2026-41316.

Bump PKGREVISION.
@
text
@$NetBSD$

Update to erb 4.0.4.1 to fix CVE-2026-41316.

--- lib/erb.rb.orig	2026-03-11 09:51:47.000000000 +0000
+++ lib/erb.rb
@@@@ -463,6 +463,9 @@@@ class ERB
   #   erb.def_method(MyClass, 'render(arg1, arg2)', filename)
   #   print MyClass.new.render('foo', 123)
   def def_method(mod, methodname, fname='(ERB)')
+    unless @@_init.equal?(self.class.singleton_class)
+      raise ArgumentError, "not initialized"
+    end
     src = self.src.sub(/^(?!#|$)/) {"def #{methodname}\n"} << "\nend\n"
     mod.module_eval do
       eval(src, binding, fname, -1)
@


1.1.2.1
log
@file patch-lib_erb.rb was added on branch pkgsrc-2026Q1 on 2026-05-09 16:39:11 +0000
@
text
@d1 16
@


1.1.2.2
log
@Pullup ticket #7104 - requested by taca
lang/ruby34: security fix

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.321
- lang/ruby34/Makefile                                          1.8
- lang/ruby34/distinfo                                          1.14
- lang/ruby34/patches/patch-lib_erb.rb                          1.1
- lang/ruby34/patches/patch-lib_erb_version.rb                  1.1
- lang/ruby34/patches/patch-test_erb_test__erb.rb               1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May  6 05:15:35 UTC 2026

   Modified Files:
   	pkgsrc/lang/ruby: rubyversion.mk
   	pkgsrc/lang/ruby34: Makefile distinfo
   Added Files:
   	pkgsrc/lang/ruby34/patches: patch-lib_erb.rb patch-lib_erb_version.rb
   	    patch-test_erb_test__erb.rb

   Log Message:
   lang/ruby34: update default gem erb to 4.0.4.1

   Update default gem erb to 4.0.4.1 to fix security problem of CVE-2026-41316.

   Bump PKGREVISION.
@
text
@a0 16
$NetBSD: patch-lib_erb.rb,v 1.1 2026/05/06 05:15:35 taca Exp $

Update to erb 4.0.4.1 to fix CVE-2026-41316.

--- lib/erb.rb.orig	2026-03-11 09:51:47.000000000 +0000
+++ lib/erb.rb
@@@@ -463,6 +463,9 @@@@ class ERB
   #   erb.def_method(MyClass, 'render(arg1, arg2)', filename)
   #   print MyClass.new.render('foo', 123)
   def def_method(mod, methodname, fname='(ERB)')
+    unless @@_init.equal?(self.class.singleton_class)
+      raise ArgumentError, "not initialized"
+    end
     src = self.src.sub(/^(?!#|$)/) {"def #{methodname}\n"} << "\nend\n"
     mod.module_eval do
       eval(src, binding, fname, -1)
@