pkgsrc/www/ruby-mechanize/Makefile
taca c41067b2d2 www/ruby-mechanize: update to 2.7.7
pkgsrc change: add "USE_LANGUAGES=	# empty"


2.7.7 / 2021-02-01

* Security fixes for CVE-2021-21289

  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected
  into several classes' methods via implicit use of Ruby's `Kernel.open`
  method. Exploitation is possible only if untrusted input is used as a
  local filename and passed to any of these calls:

  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
  - `Mechanize#download`: since v2.2 (see dc91667)
  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)

  See
  github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
  for more information.

  Also see #547, #548. Thank you, @kyoshidajp!

New Features

* Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557)
  @pvalena

Bug fix

* Ignore input fields with blank names (#542, #536)
2021-02-03 15:44:35 +00:00

24 lines
1 KiB
Makefile

# $NetBSD: Makefile,v 1.20 2021/02/03 15:44:35 taca Exp $
DISTNAME= mechanize-2.7.7
CATEGORIES= www
MAINTAINER= minskim@NetBSD.org
HOMEPAGE= https://github.com/sparklemotion/mechanize
COMMENT= Library to automate interaction with websites
LICENSE= mit
DEPENDS+= ${RUBY_PKGPREFIX}-net-http-digest_auth>=1.1.1:../../www/ruby-net-http-digest_auth
DEPENDS+= ${RUBY_PKGPREFIX}-net-http-persistent>=2.5.2:../../www/ruby-net-http-persistent
DEPENDS+= ${RUBY_PKGPREFIX}-mime-types>=1.17.2:../../mail/ruby-mime-types
DEPENDS+= ${RUBY_PKGPREFIX}-domain_name>=0.5.1<1:../../net/ruby-domain_name
DEPENDS+= ${RUBY_PKGPREFIX}-http-cookie>=1.0<2:../../www/ruby-http-cookie
DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.6<2:../../textproc/ruby-nokogiri
DEPENDS+= ${RUBY_PKGPREFIX}-ntlm-http>=0.1<1:../../www/ruby-ntlm-http
DEPENDS+= ${RUBY_PKGPREFIX}-webrobots>=0.0<0.2:../../www/ruby-webrobots
DEPENDS+= ${RUBY_PKGPREFIX}-webrick>=1.7<2:../../www/ruby-webrick
USE_LANGUAGES= # empty
.include "../../lang/ruby/gem.mk"
.include "../../mk/bsd.pkg.mk"