Created attachment 223839 [details] Patch file Update to 2.7.3, which includes fix of CVE-2021-28965. Release Note: https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/ Bug #254793 describes vulnerability fixed with this release. So please commit it together.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4ba1ba53f548cc0a9b4a2e77445b6540f9beb99c commit 4ba1ba53f548cc0a9b4a2e77445b6540f9beb99c Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2021-04-06 13:11:17 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2021-04-06 13:21:42 +0000 lang/ruby27: Update to 2.7.3 PR: 254802 Reported by: Yasuhiro Kimura <yasu@utahime.org> Reviewed by: meta (myself) Relnotes: https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/ Security: CVE-2021-28965 Security: CVE-2021-28966 Mk/bsd.ruby.mk | 4 +- lang/ruby27/distinfo | 6 +-- lang/ruby27/pkg-plist | 119 ++++++++++++++++++++++++++++++++++++-------------- 3 files changed, 91 insertions(+), 38 deletions(-)
Committed, thanks!