pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang lang/ruby24-base: update to 2.4.4, security release
details: https://anonhg.NetBSD.org/pkgsrc/rev/f33c220d29e4
branches: trunk
changeset: 378063:f33c220d29e4
user: taca <taca%pkgsrc.org@localhost>
date: Thu Mar 29 03:04:47 2018 +0000
description:
lang/ruby24-base: update to 2.4.4, security release
Ruby 2.4.4 Released Posted by nagachika on 28 Mar 2018
Ruby 2.4.4 has been released.
This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes. See commit logs for more details.
diffstat:
lang/ruby/rubyversion.mk | 8 ++++----
lang/ruby24-base/Makefile | 7 +------
lang/ruby24-base/distinfo | 18 +++++-------------
lang/ruby24-base/patches/patch-man_erb.1 | 22 ----------------------
lang/ruby24-base/patches/patch-man_irb.1 | 22 ----------------------
lang/ruby24-base/patches/patch-man_ri.1 | 22 ----------------------
lang/ruby24-base/patches/patch-man_ruby.1 | 22 ----------------------
7 files changed, 10 insertions(+), 111 deletions(-)
diffs (185 lines):
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby/rubyversion.mk
--- a/lang/ruby/rubyversion.mk Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby/rubyversion.mk Thu Mar 29 03:04:47 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.191 2018/02/25 12:24:15 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.192 2018/03/29 03:04:47 taca Exp $
#
# This file determines which Ruby version is used as a dependency for
@@ -216,7 +216,7 @@
# current supported Ruby's version
RUBY22_VERSION= 2.2.9
RUBY23_VERSION= 2.3.6
-RUBY24_VERSION= 2.4.3
+RUBY24_VERSION= 2.4.4
RUBY25_VERSION= 2.5.0
# current API compatible version; used for version of shared library
@@ -314,9 +314,9 @@
RUBY_RAKE_VERSION= 12.0.0
RUBY_JSON_VERSION= 2.0.4
-RUBY_BIGDECIMAL_VERSION= 1.3.0
+RUBY_BIGDECIMAL_VERSION= 1.3.2
RUBY_IO_CONSOLE_VERSION= 0.4.6
-RUBY_OPENSSL_VERSION= 2.0.5
+RUBY_OPENSSL_VERSION= 2.0.7
RUBY_PSYCH_VERSION= 2.2.2
RUBY_DID_YOU_MEAN_VERSION= 1.1.0
RUBY_MINITEST_VERSION= 5.10.1
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/Makefile
--- a/lang/ruby24-base/Makefile Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby24-base/Makefile Thu Mar 29 03:04:47 2018 +0000
@@ -1,15 +1,10 @@
-# $NetBSD: Makefile,v 1.7 2018/02/19 16:46:58 taca Exp $
+# $NetBSD: Makefile,v 1.8 2018/03/29 03:04:47 taca Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
-PKGREVISION= 2
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
-PATCH_SITES= https://bugs.ruby-lang.org/attachments/download/7028/
-PATCHFILES= rubygems-276-for-ruby24.patch
-PATCH_DIST_STRIP= -p0
-
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= ${RUBY_HOMEPAGE}
COMMENT= Ruby ${RUBY_VERSION} release minimum base package
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/distinfo
--- a/lang/ruby24-base/distinfo Wed Mar 28 21:51:17 2018 +0000
+++ b/lang/ruby24-base/distinfo Thu Mar 29 03:04:47 2018 +0000
@@ -1,13 +1,9 @@
-$NetBSD: distinfo,v 1.8 2018/02/19 16:46:58 taca Exp $
+$NetBSD: distinfo,v 1.9 2018/03/29 03:04:47 taca Exp $
-SHA1 (ruby-2.4.3.tar.bz2) = 3ca96536320b915762d57fe1ee540df6810bf631
-RMD160 (ruby-2.4.3.tar.bz2) = f02b5ca6b577351c8852a99eecaa4d4a3dda026f
-SHA512 (ruby-2.4.3.tar.bz2) = fb4339e30c04d03b1422b6c32ede45902e072cd26325b36f3fc05c341d42eea6431d88718242dcc9ce24d9cad26f3d26772f2e806bd7d93f40be50268c318409
-Size (ruby-2.4.3.tar.bz2) = 12615068 bytes
-SHA1 (rubygems-276-for-ruby24.patch) = ed8c182b8c5391dcb975089c43a90786b398d274
-RMD160 (rubygems-276-for-ruby24.patch) = 5a5697d9520418a48fff24148e4b1263d3a3cd63
-SHA512 (rubygems-276-for-ruby24.patch) = f94248f7208c63db1a7c89537d8b1c541a8cf003d697bccaf8238004c45e9293d0ac9ae42fc97ef72fa761b97d8da1d049a863c96707721b04c90256f960e669
-Size (rubygems-276-for-ruby24.patch) = 19937 bytes
+SHA1 (ruby-2.4.4.tar.bz2) = 1cc548ba3eb821e29ab92ac13e1d5c7bf23b1526
+RMD160 (ruby-2.4.4.tar.bz2) = 38aacd0ef60f4927318bb06cc997304681638c1e
+SHA512 (ruby-2.4.4.tar.bz2) = ae632852a5f413561d8134e9ef3bb82adb37317696dd293ef92cb76709ecd45718f14116ecce35b12f1c2dd53ccae8dabc7a924a270072b697512d11f4922347
+Size (ruby-2.4.4.tar.bz2) = 12659705 bytes
SHA1 (patch-configure) = a4013e4674be0060d2b0d43569b7695f6df7b4a7
SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b
SHA1 (patch-lib_mkmf.rb) = 75d2261a8282a00cd5f811a5e629302d1667207e
@@ -21,8 +17,4 @@
SHA1 (patch-lib_rubygems_installer.rb) = 7a9cfbd5d05c8901132d2bbf4555efa05e6363ec
SHA1 (patch-lib_rubygems_platform.rb) = a208bf6bce28a687511bace5ff8a773fb6bcf87d
SHA1 (patch-lib_rubygems_specification.rb) = e2ef2e6de4838168d11efef92f65d87d22c65ae4
-SHA1 (patch-man_erb.1) = 2ae8a0400974922d6a637648ed0da2fedee98ed0
-SHA1 (patch-man_irb.1) = c6d127481fbc268efbd67fd273094363ca199c7f
-SHA1 (patch-man_ri.1) = d5a3479daa2d5e8185a186b5b450eec80fddbc57
-SHA1 (patch-man_ruby.1) = dcdb336ed5e5e2a4d07416f67c2f4a42c453d6f1
SHA1 (patch-test_rubygems_test__gem.rb) = 80d646b95df81bacca6d277d2801dba16df291f5
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_erb.1
--- a/lang/ruby24-base/patches/patch-man_erb.1 Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_erb.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/erb.1.orig 2016-09-26 12:39:18.000000000 +0000
-+++ man/erb.1
-@@ -143,11 +143,12 @@ class.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_irb.1
--- a/lang/ruby24-base/patches/patch-man_irb.1 Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_irb.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/irb.1.orig 2016-09-26 12:39:18.000000000 +0000
-+++ man/irb.1
-@@ -159,11 +159,12 @@ Personal irb initialization.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_ri.1
--- a/lang/ruby24-base/patches/patch-man_ri.1 Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_ri.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ri.1.orig 2016-09-26 12:39:18.000000000 +0000
-+++ man/ri.1
-@@ -166,11 +166,12 @@ Searches user-wide documents here.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after being fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
diff -r 7e0619a14c42 -r f33c220d29e4 lang/ruby24-base/patches/patch-man_ruby.1
--- a/lang/ruby24-base/patches/patch-man_ruby.1 Wed Mar 28 21:51:17 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-man_ruby.1,v 1.1 2017/06/18 13:45:11 taca Exp $
-
-* Fix mdoc markup.
-
---- man/ruby.1.orig 2016-09-26 12:39:18.000000000 +0000
-+++ man/ruby.1
-@@ -641,11 +641,12 @@ Comprehensive catalog of Ruby libraries.
- .Pp
- .Sh REPORTING BUGS
- .Bl -bullet
--.Li Security vulnerabilities should be reported via an email to
-+.It
-+Security vulnerabilities should be reported via an email to
- .Aq security%ruby-lang.org@localhost .
- Reported problems will be published after they've been fixed.
--.Pp
--.Li And you can report other bugs and feature requests via the
-+.It
-+You can report other bugs and feature requests via the
- Ruby Issue Tracking System
- .Pq Lk https://bugs.ruby-lang.org/ .
- Do not report security vulnerabilities
Home |
Main Index |
Thread Index |
Old Index