pkgsrc/lang/ruby18-base, branch pkgsrc_2008Q1 [no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-07-10T13:00:01Z Pullup ticket #2443 - requested by taca 2008-07-10T13:00:01Z tron tron 2008-07-10T13:00:01Z urn:sha1:6d7cc00af98324ffb5cb1b8c26ec183afaaaf9f5 Security patch for ruby18-base Revisions pulled up: - lang/ruby18-base/Makefile 1.45 via patch - lang/ruby18-base/distinfo 1.31 via patch - lang/ruby18-base/patches/patch-ad 1.9 via patch --- Module Name: pkgsrc Committed By: tonnerre Date: Thu Jul 3 21:06:10 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-ad Log Message: Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8 which can be exploited to cause a denial of service through memory exhaustion. (SN-2008-02) Pullup ticket #2436 - requested by taca 2008-06-28T11:54:07Z tron tron 2008-06-28T11:54:07Z urn:sha1:6f6a39d4b8881b3cd2f3e21f620c3780951e323b Security update for ruby packages Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix the security vulnerability reported in CVE-2008-2726. Add a new file that is installed in ruby-1.8.6.114 that wasn't in the 2008-03-10T02:50:38Z jlam jlam 2008-03-10T02:50:38Z urn:sha1:ab1db53a2b7c3ea55bbdceb39f17225515105f6c previous release in pkgsrc. Update ruby pakcages to 1.8.6.114 (1.8.6-p114). 2008-03-09T13:31:18Z taca taca 2008-03-09T13:31:18Z urn:sha1:e66b8c892af0c3a0d3b5be71b5baba1c7a50c84d It main chagnes are security fix of WEBrick library. Mon Mar 3 23:34:13 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> * lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. Mon Dec 3 08:13:52 2007 Kouhei Sutou <kou@cozmixng.org> * test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb, test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured declaring XML namespaces. Unlimit data size when ruby-build-ri-db option is enabled, 2008-02-19T03:56:08Z taca taca 2008-02-19T03:56:08Z urn:sha1:1eca85720d5de32b991907fec44c841fb90f4854 hoping to solve bulk build problem. Full DESTDIR support. 2008-01-04T15:42:34Z ghen ghen 2008-01-04T15:42:34Z urn:sha1:49a140ac4209a5f7abd2a5d0a88b10279812abea fix build on Solaris w/ sunpro: 2007-11-05T01:09:23Z grant grant 2007-11-05T01:09:23Z urn:sha1:c008e8172292ae5e68283bfaa27d7be87d4edb63 - don't call the linker directly to build shared libraries, use ${CC} -G - link libsunmath statically, as it is provided by SUNWspro and therefore not available on systems where the compiler is not installed. Trying to build problem ext/dbm extention on some platforms. 2007-10-28T02:33:24Z taca taca 2007-10-28T02:33:24Z urn:sha1:5406a9acb2699be3fc60e81e59c7c66eff62cf92 Detect db3 and db4 like db2 for dbm library. Update Ruby packages to 1.8.6-p111. 2007-10-06T06:12:35Z taca taca 2007-10-06T06:12:35Z urn:sha1:875f3f8ba3c62837e69998da0c7d4f82b854f3d0 Basically, no change since previous update except Net::HTTP default @enable_post_connection_check was wrongly set to true. (It might cause compatibility problem.) Try to fix build problem on DraonFly BSD. 2007-10-02T15:59:23Z taca taca 2007-10-02T15:59:23Z urn:sha1:715f8eca6a34011ebd7730c5d93e46f2ab238a6b (I tested on old DragonFly 1.7.0-DEVELOPMENT.)