head 1.2; access; symbols pkgsrc-2026Q2:1.1.0.4 pkgsrc-2026Q2-base:1.1 pkgsrc-2026Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2026.07.04.06.14.13; author taca; state dead; branches; next 1.1; commitid GQXEzllYeMGSGiMG; 1.1 date 2026.05.06.05.15.35; author taca; state Exp; branches 1.1.2.1; next ; commitid bcPiyD09cOvjgIEG; 1.1.2.1 date 2026.05.06.05.15.35; author bsiegert; state dead; branches; next 1.1.2.2; commitid GbqS1CVcKhuUW9FG; 1.1.2.2 date 2026.05.09.16.39.11; author bsiegert; state Exp; branches; next ; commitid GbqS1CVcKhuUW9FG; desc @@ 1.2 log @lang/ruby34: update to 3.4.10 pkgsrc change: * Don't install ChangeLog files since recent version of them dose not provided any more. Ruby 3.4.10 (2026-06-30) * Bug #21992: Defining BasicObject#initialize causes segmentation fault * Bug #22004: parse.y doesn't executes loop body with while true || true condition * Bug #22018: ISeq created via RubyVM::InstructionSequence.compile don't support coverage * Bug #21941: Local variable becomes nil when YJIT enabled mid-method with fork/signal/ensure * Bug #21947: Timeout.timeout doesn't use Timeout::ExitException when Fiber scheduler is in use. * Bug #21847: Backport syntax_suggest 2.0.3 to supported branches * Bug #21880: The ultra_safe mode of pstore bundled with Ruby 4.0 is broken. * Bug #22070: Thread.each_caller_location(1, 1) segfaults when called from a cfunc * Bug #21955: Fiber#transfer: machine stack not released when fiber terminates, causing FiberError: can't set a guard page * Bug #21961: Marshal.load freeze option fail to freeze linked strings * Bug #21959: rb_internal_thread_event_hooks_rw_lock is not reinitialized after fork causing deadlocks * Bug #21985: RubyVM::AST negative numbers do not include - in location * Bug #22017: Backport win32-resolv * Bug #21927: Prism: misleading error message for forwarding in lambda argument * Bug #21925: Prism misparses standalone "in" pattern matching in "case/in" * Bug #21831: Prism doesn't count underscores in the fraction part of rational float * Bug #21986: RubyVM::AST incorrect location for literals followed by modifier if * Bug #22003: .bundle extensions not built when doing out-of-source build * Bug #22002: argument stack underflow (-1) * Bug #22076: defined? returns nil for protected methods defined in a module even when callable * Bug #22074: YJIT misaligns locals when there are > 256 local variables * Bug #22079: Float#ceil gives incorrect result * Bug #21882: IO::Buffer#locked leaves the buffer locked when the block raises * Bug #22112: Backport for IO::Buffer USF issues * Bug #22092: Array#sum takes slow path, does not perform compensated summation of Float elements when init argument is a Float * Bug #22101: ASAN heap-use-after-free in rb_data_free after TypedData dfree frees dynamic rb_data_type_t * Bug #22120: Segfault caused by ar_find_entry_hint() not checking for conversion to st_table @ text @$NetBSD: patch-lib_erb.rb,v 1.1 2026/05/06 05:15:35 taca Exp $ Update to erb 4.0.4.1 to fix CVE-2026-41316. --- lib/erb.rb.orig 2026-03-11 09:51:47.000000000 +0000 +++ lib/erb.rb @@@@ -463,6 +463,9 @@@@ class ERB # erb.def_method(MyClass, 'render(arg1, arg2)', filename) # print MyClass.new.render('foo', 123) def def_method(mod, methodname, fname='(ERB)') + unless @@_init.equal?(self.class.singleton_class) + raise ArgumentError, "not initialized" + end src = self.src.sub(/^(?!#|$)/) {"def #{methodname}\n"} << "\nend\n" mod.module_eval do eval(src, binding, fname, -1) @ 1.1 log @lang/ruby34: update default gem erb to 4.0.4.1 Update default gem erb to 4.0.4.1 to fix security problem of CVE-2026-41316. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-lib_erb.rb was added on branch pkgsrc-2026Q1 on 2026-05-09 16:39:11 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket #7104 - requested by taca lang/ruby34: security fix Revisions pulled up: - lang/ruby/rubyversion.mk 1.321 - lang/ruby34/Makefile 1.8 - lang/ruby34/distinfo 1.14 - lang/ruby34/patches/patch-lib_erb.rb 1.1 - lang/ruby34/patches/patch-lib_erb_version.rb 1.1 - lang/ruby34/patches/patch-test_erb_test__erb.rb 1.1 --- Module Name: pkgsrc Committed By: taca Date: Wed May 6 05:15:35 UTC 2026 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby34: Makefile distinfo Added Files: pkgsrc/lang/ruby34/patches: patch-lib_erb.rb patch-lib_erb_version.rb patch-test_erb_test__erb.rb Log Message: lang/ruby34: update default gem erb to 4.0.4.1 Update default gem erb to 4.0.4.1 to fix security problem of CVE-2026-41316. Bump PKGREVISION. @ text @a0 16 $NetBSD: patch-lib_erb.rb,v 1.1 2026/05/06 05:15:35 taca Exp $ Update to erb 4.0.4.1 to fix CVE-2026-41316. --- lib/erb.rb.orig 2026-03-11 09:51:47.000000000 +0000 +++ lib/erb.rb @@@@ -463,6 +463,9 @@@@ class ERB # erb.def_method(MyClass, 'render(arg1, arg2)', filename) # print MyClass.new.render('foo', 123) def def_method(mod, methodname, fname='(ERB)') + unless @@_init.equal?(self.class.singleton_class) + raise ArgumentError, "not initialized" + end src = self.src.sub(/^(?!#|$)/) {"def #{methodname}\n"} << "\nend\n" mod.module_eval do eval(src, binding, fname, -1) @