pkgsrc/lang/ruby18-base, branch pkgsrc_2008Q2

Pullup ticket #2528 - requested by taca

2008-09-17T10:41:37Z

ruby18-base: security patch Revisions pulled up: - lang/ruby18-base/Makefile 1.47 - lang/ruby18-base/distinfo 1.34 - lang/ruby18-base/patches/patch-dg 1.5 - lang/ruby18-base/patches/patch-dh 1.3 --- Module Name: pkgsrc Committed By: taca Date: Sun Sep 14 05:17:18 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh Log Message: Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) from ruby_1_8 branch. Bump PKGREVISION.

pullup ticket #2481 - requested by taca

2008-08-12T11:22:11Z

ruby-curses, ruby, ruby18-base, ruby-tk: security fix revisions pulled up pkgsrc/lang/ruby/rubyversion.mk 1.44 pkgsrc/lang/ruby18-base/distinfo 1.17 pkgsrc/devel/ruby-curses/distinfo 1.33 pkgsrc/x11/ruby-tk/distinfo 1.20 Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:58:33 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby18-base: distinfo Log Message: Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72). These packages are implicitly updated with distfile update only. databases/ruby-gdbm devel/ruby-readline lang/ruby lang/ruby18 Here's quote from release announce: Sorry for a fuss, but it turned out that taintness check of dl in last releases I made was incomplete. Here are fixes for that. And relevant changes: Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto * ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr. * ext/dl/dl.c (rb_ary_to_ptr): ditto. * ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as well. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:40 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:55 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only.

Pullup ticket 2473 - requested by taca

2008-08-08T14:37:50Z

security update for ruby - pkgsrc/devel/ruby-curses/distinfo 1.16 - pkgsrc/lang/ruby/rubyversion.mk 1.43 - pkgsrc/lang/ruby18-base/Makefile 1.46 - pkgsrc/lang/ruby18-base/distinfo 1.32 - pkgsrc/lang/ruby18-base/patches/patch-ad removed - pkgsrc/x11/ruby-tk/distinfo 1.19 Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:38:59 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Start update of Ruby 1.8.7 patchlevel 71. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:42:44 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-ad Log Message: Update ruby18-base to 1.8.7.71. pkgsrc change: Apply fix for sunpro compilre, provided by PR pkg/37771 from Naoto Morishima. This release includes fix for multiple vulnerabilities. http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb Full changes are too many, please refer ChangeLog file. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:43:51 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.71. This is version update only, no functional change in this ruby extention. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:44:51 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-tk package to 1.8.7.71. This is version update only, no functional change in this ruby extention.

Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8

2008-07-03T21:06:10Z

which can be exploited to cause a denial of service through memory exhaustion. (SN-2008-02)

Oops, wrong distinfo file.

2008-06-20T17:26:31Z

Update Ruby 1.8.7 patchlevel 22.

2008-06-20T15:39:29Z

This is security fix: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada * string.c (rb_str_buf_append): should infect. Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. Wed Jun 18 22:24:46 2008 URABE Shyouhei * array.c (ary_new, rb_ary_initialize, rb_ary_store, rb_ary_aplice, rb_ary_times): integer overflows should be checked. based on patches from Drew Yao fixed CVE-2008-2726 * string.c (rb_str_buf_append): fixed unsafe use of alloca, which led memory corruption. based on a patch from Drew Yao fixed CVE-2008-2726 * sprintf.c (rb_str_format): backported from trunk. * intern.h: ditto. Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada * file.c (file_expand_path): no need to expand root path which has no short file name. [ruby-dev:35095] Sun Jun 15 19:27:40 2008 Akinori MUSHA * configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby directories; submitted by Takahiro Kambe in [ruby-dev:35099].

Fix DESTDIR installation.

2008-06-19T22:19:37Z

Update ruby18-base package to 1.8.7.

2008-06-19T14:35:37Z

Since chanes are too much to write here, please refer http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog

Fix build problem with recent NetBSD current with post version

2008-05-14T10:08:59Z

of OpenSSL 0.9.8g. Since this is fix for build problem only, I don't bump PKGREVISION.

REPLACE_RUBY_DIRS is relative to ${WRKSRC}, so no need to spell it out.

2008-04-14T21:47:35Z