summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron>2015-09-03 18:44:27 +0000
committertron <tron>2015-09-03 18:44:27 +0000
commit08af1e33aa1e05846d710504998901c90aa54e13 (patch)
tree5f844915eacceab7024ba935c06a16cd5a2c0f22
parent5624973d438ffad6df79886c400456c89ccdcf9f (diff)
downloadpkgsrc-08af1e33aa1e05846d710504998901c90aa54e13.tar.gz
Pullup ticket #4802 - requested by taca
lang/ruby200-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.145 - lang/ruby200-base/Makefile 1.20 - lang/ruby200-base/distinfo 1.27 - lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 20 15:22:16 UTC 2015 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby200-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby200-base/patches: patch-lib_rubygems_remote__fetcher.rb Log Message: Update ruby200-base-2.0.0p647 to (Ruby 2.0.0-p647). Release announce: Ruby 2.0.0-p647 Released Posted by usa on 18 Aug 2015 We are pleased to announce the release of Ruby 2.0.0-p647. This release includes the security fix for a RubyGems domain name verification vulnerability. Please view the topic below for more details. CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier And, this release also includes the fix for a regression of lib/resolv.rb. Uninitialized constant bug introduced by typo in backport of [#10712] Ruby 2.0.0 is now under the state of the security maintenance phase, until Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We recommend you start planning migration to newer versions of Ruby, such as 2.1 or 2.2.
-rw-r--r--lang/ruby/rubyversion.mk6
-rw-r--r--lang/ruby200-base/Makefile3
-rw-r--r--lang/ruby200-base/distinfo9
-rw-r--r--lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb21
4 files changed, 7 insertions, 32 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk
index 88f47de4b2f..b903988f6d8 100644
--- a/lang/ruby/rubyversion.mk
+++ b/lang/ruby/rubyversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.143 2015/06/23 14:07:36 taca Exp $
+# $NetBSD: rubyversion.mk,v 1.143.2.1 2015/09/03 18:44:27 tron Exp $
#
# This file determines which Ruby version is used as a dependency for
@@ -235,9 +235,7 @@ RUBY22_VERSION= 2.2.2
# patch
RUBY18_PATCHLEVEL= pl374
RUBY193_PATCHLEVEL= p551
-RUBY200_PATCHLEVEL= p645
-#RUBY21_PATCHLEVEL= p336
-#RUBY22_PATCHLEVEL= p95
+RUBY200_PATCHLEVEL= p647
# current API compatible version; used for version of shared library
RUBY18_API_VERSION= 1.8.7
diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile
index 627cae969dd..775e4b8d37a 100644
--- a/lang/ruby200-base/Makefile
+++ b/lang/ruby200-base/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.19 2015/06/23 14:03:02 taca Exp $
+# $NetBSD: Makefile,v 1.19.2.1 2015/09/03 18:44:27 tron Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo
index 4816124ab9b..79344b3e51a 100644
--- a/lang/ruby200-base/distinfo
+++ b/lang/ruby200-base/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.26 2015/06/23 14:03:02 taca Exp $
+$NetBSD: distinfo,v 1.26.2.1 2015/09/03 18:44:27 tron Exp $
-SHA1 (ruby-2.0.0-p645.tar.bz2) = e724dd0e4a1e820a368be307aa0863a8ecf4b694
-RMD160 (ruby-2.0.0-p645.tar.bz2) = cbfd9ca2a5fe5d6ea1d89da9fd934c864bf339ab
-Size (ruby-2.0.0-p645.tar.bz2) = 10786492 bytes
+SHA1 (ruby-2.0.0-p647.tar.bz2) = 537f0e212e337022f28ead8e67ffc834fcd468c6
+RMD160 (ruby-2.0.0-p647.tar.bz2) = c9b520ff1e5cc2c3c55a39b7cd3ce31317f52d0e
+Size (ruby-2.0.0-p647.tar.bz2) = 10785285 bytes
SHA1 (patch-configure) = aaa93fd2e4f130bb2cb852b15b58a1840e57dba5
SHA1 (patch-defs_default__gems) = 28a47952e27c22055bac6ad151d092572b96b1ec
SHA1 (patch-ext_dbm_extconf.rb) = 7322637de769b7d01650e1ed566e891801ce3e92
@@ -26,7 +26,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = f4e40727d231b336c1d4c2303ac
SHA1 (patch-lib_rubygems_install__update__options.rb) = 22cfafe090db72211253b8528937e5be0e677ebf
SHA1 (patch-lib_rubygems_installer.rb) = 7ce68eaa5893c83780f7b4e1af44a88ae63a39cf
SHA1 (patch-lib_rubygems_platform.rb) = 135f2e9d6c0c529da9ffcea4b96507675cdf1f16
-SHA1 (patch-lib_rubygems_remote__fetcher.rb) = e6acc25febd819ca835cd4306f863d76aa67b106
SHA1 (patch-lib_rubygems_specification.rb) = 2a283cb7854580616df2b35357281c0a881cedf1
SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116
SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7
diff --git a/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb
deleted file mode 100644
index c4144cc9942..00000000000
--- a/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:03:02 taca Exp $
-
-Fix for CVE-2015-3900.
-
---- lib/rubygems/remote_fetcher.rb.orig 2013-10-24 14:31:17.000000000 +0000
-+++ lib/rubygems/remote_fetcher.rb
-@@ -103,7 +103,13 @@ class Gem::RemoteFetcher
- rescue Resolv::ResolvError
- uri
- else
-- URI.parse "#{res.target}#{uri.path}"
-+ target = res.target.to_s.strip
-+
-+ if /\.#{Regexp.quote(host)}\z/ =~ target
-+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
-+ end
-+
-+ uri
- end
- end
-