diff options
| author | tron <tron> | 2015-09-03 18:49:44 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-09-03 18:49:44 +0000 |
| commit | c70eb87f3cda8bf419e5dbe7b8b161f90ba41906 (patch) | |
| tree | eee0f90268ff35f6c99188ab1e0de5b3c5e4806e | |
| parent | 08af1e33aa1e05846d710504998901c90aa54e13 (diff) | |
| download | pkgsrc-c70eb87f3cda8bf419e5dbe7b8b161f90ba41906.tar.gz | |
Pullup ticket #4803 - requested by taca
lang/ruby21-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.146
- lang/ruby21-base/Makefile 1.15
- lang/ruby21-base/PLIST 1.7
- lang/ruby21-base/distinfo 1.19
- lang/ruby21-base/patches/patch-ext_tk_extconf.rb deleted
- lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb deleted
- lang/ruby21-base/patches/patch-ext_tk_tcltklib.c deleted
- lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 20 15:27:43 UTC 2015
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby21-base: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/ruby21-base/patches: patch-ext_tk_extconf.rb
patch-ext_tk_lib_tk.rb patch-ext_tk_tcltklib.c
patch-lib_rubygems_remote__fetcher.rb
Log Message:
Update ruby21-base to 2.1.7 (Ruby 2.1.7).
Release announce:
Ruby 2.1.7 Released
Posted by usa on 18 Aug 2015
Ruby 2.1.7 has been released.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, many bug fixes are also included. See tickets and ChangeLog for details.
| -rw-r--r-- | lang/ruby/rubyversion.mk | 4 | ||||
| -rw-r--r-- | lang/ruby21-base/Makefile | 3 | ||||
| -rw-r--r-- | lang/ruby21-base/PLIST | 6 | ||||
| -rw-r--r-- | lang/ruby21-base/distinfo | 12 | ||||
| -rw-r--r-- | lang/ruby21-base/patches/patch-ext_tk_extconf.rb | 19 | ||||
| -rw-r--r-- | lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb | 56 | ||||
| -rw-r--r-- | lang/ruby21-base/patches/patch-ext_tk_tcltklib.c | 170 | ||||
| -rw-r--r-- | lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
8 files changed, 10 insertions, 281 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index b903988f6d8..d877d3475c0 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.143.2.1 2015/09/03 18:44:27 tron Exp $ +# $NetBSD: rubyversion.mk,v 1.143.2.2 2015/09/03 18:49:44 tron Exp $ # # This file determines which Ruby version is used as a dependency for @@ -229,7 +229,7 @@ RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/ruby([0-9][0-9]+)-.*/\1/} RUBY18_VERSION= 1.8.7 RUBY193_VERSION= 1.9.3 RUBY200_VERSION= 2.0.0 -RUBY21_VERSION= 2.1.6 +RUBY21_VERSION= 2.1.7 RUBY22_VERSION= 2.2.2 # patch diff --git a/lang/ruby21-base/Makefile b/lang/ruby21-base/Makefile index 3c08e3e5794..dfaa661dfc1 100644 --- a/lang/ruby21-base/Makefile +++ b/lang/ruby21-base/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.14 2015/06/23 14:04:03 taca Exp $ +# $NetBSD: Makefile,v 1.14.2.1 2015/09/03 18:49:44 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby21-base/PLIST b/lang/ruby21-base/PLIST index d672029cbd4..d67a03af51a 100644 --- a/lang/ruby21-base/PLIST +++ b/lang/ruby21-base/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2015/04/19 16:19:00 taca Exp $ +@comment $NetBSD: PLIST,v 1.6.2.1 2015/09/03 18:49:44 tron Exp $ bin/erb${RUBY_SUFFIX} bin/gem${RUBY_SUFFIX} bin/irb${RUBY_SUFFIX} @@ -923,7 +923,7 @@ ${RUBY_ARCHLIB}/zlib.${RUBY_DLEXT} ${GEM_HOME}/gems/rake-10.1.0/bin/rake ${GEM_HOME}/gems/rdoc-4.1.0/bin/rdoc ${GEM_HOME}/gems/rdoc-4.1.0/bin/ri -${GEM_HOME}/gems/test-unit-2.1.6.0/bin/testrb +${GEM_HOME}/gems/test-unit-2.1.7.0/bin/testrb ${GEM_HOME}/specifications/default/bigdecimal-1.2.4.gemspec ${GEM_HOME}/specifications/default/io-console-0.4.3.gemspec ${GEM_HOME}/specifications/default/json-1.8.1.gemspec @@ -931,7 +931,7 @@ ${GEM_HOME}/specifications/default/minitest-4.7.5.gemspec ${GEM_HOME}/specifications/default/psych-2.0.5.gemspec ${GEM_HOME}/specifications/default/rake-10.1.0.gemspec ${GEM_HOME}/specifications/default/rdoc-4.1.0.gemspec -${GEM_HOME}/specifications/default/test-unit-2.1.6.0.gemspec +${GEM_HOME}/specifications/default/test-unit-2.1.7.0.gemspec man/man1/erb${RUBY_SUFFIX}.1 man/man1/irb${RUBY_SUFFIX}.1 man/man1/rake${RUBY_SUFFIX}.1 diff --git a/lang/ruby21-base/distinfo b/lang/ruby21-base/distinfo index 05322409015..5e87bec1b6e 100644 --- a/lang/ruby21-base/distinfo +++ b/lang/ruby21-base/distinfo @@ -1,12 +1,10 @@ -$NetBSD: distinfo,v 1.18 2015/06/23 14:04:03 taca Exp $ +$NetBSD: distinfo,v 1.18.2.1 2015/09/03 18:49:44 tron Exp $ -SHA1 (ruby-2.1.6.tar.bz2) = 380c3a5fa508fdaa2b227dbc00c56f703fd271d4 -RMD160 (ruby-2.1.6.tar.bz2) = fa473e794ee0df4cd30aebfa70af16840a618c43 -Size (ruby-2.1.6.tar.bz2) = 12011651 bytes +SHA1 (ruby-2.1.7.tar.bz2) = 9c2d3c73b3d2aed2c8f018d3a27e970846dcf143 +RMD160 (ruby-2.1.7.tar.bz2) = 1fb05a54d255cf3ef3b9933412e935b780ff3258 +Size (ruby-2.1.7.tar.bz2) = 12019706 bytes SHA1 (patch-configure) = 7f1f6d2dc7d32c96d6ae65562a9bc6d50d2b79dd SHA1 (patch-ext_dbm_extconf.rb) = 08520edd956e17cb6cc80b6ee2c77af77a834bd2 -SHA1 (patch-ext_tk_extconf.rb) = fc80ef5a2859736ae85303cfb2fc78ce8bc70fbc -SHA1 (patch-ext_tk_lib_tk.rb) = 78034ed6fa0f24099ce06a717da2423731b276cb SHA1 (patch-ext_tk_lib_tk_autoload.rb) = e8bcb93feae90fd46531a412f6c963a6d5d2c132 SHA1 (patch-ext_tk_lib_tk_fontchooser.rb) = cb0155332e5f519ada386fae770cd2f879527323 SHA1 (patch-ext_tk_lib_tk_tk__mac.rb) = 24b9f282558200780adbf93e71edd1aa52d1c82b @@ -14,7 +12,6 @@ SHA1 (patch-ext_tk_lib_tkextlib_tcllib_validator.rb) = fb0cb5a138c2ae311d368ec44 SHA1 (patch-ext_tk_lib_tkextlib_tile_treeview.rb) = e31201b5d0f5c333f14b795ac5e670fdb9a250cf SHA1 (patch-ext_tk_lib_tkextlib_tkimg_dted.rb) = b0786f50ebab4b5a0ccf916054bc13fbd6820541 SHA1 (patch-ext_tk_lib_tkextlib_tkimg_raw.rb) = 92a4bc7b995554b9933b1e9f9ce4df87e365bcfb -SHA1 (patch-ext_tk_tcltklib.c) = 475affcb88a06ac6daf622814a9da5027ca3d34e SHA1 (patch-lib_mkmf.rb) = 04607b73702a8ee7edfbb371ebf88ebe8a4fc428 SHA1 (patch-lib_rdoc_ri_driver.rb) = 5bdd3ed6f50a2ea79f643c6bebd7ad0063e79051 SHA1 (patch-lib_rubygems.rb) = adfbb16b9d90fe38e253bcbd34d0efa712077f21 @@ -27,7 +24,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = d88441fe44de8ee61a5548dfbe0 SHA1 (patch-lib_rubygems_install__update__options.rb) = 9a15d509928aa0440691bef8ad43bbfd2688542f SHA1 (patch-lib_rubygems_installer.rb) = e3c077156f135b9a8a368ea39e2728a60e6f4378 SHA1 (patch-lib_rubygems_platform.rb) = 965a916814127ef78f43b89b7af5e06d5d83b24f -SHA1 (patch-lib_rubygems_remote__fetcher.rb) = 860f82ea7de78150a35130942eaf719c9c622c87 SHA1 (patch-lib_rubygems_specification.rb) = 0b30e2da8b5621ffc0f91fadc94f06ba30f47d41 SHA1 (patch-lib_rubygems_uninstaller.rb) = 87fdddc435440aab57a6d44aba64abd0b2de6907 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 diff --git a/lang/ruby21-base/patches/patch-ext_tk_extconf.rb b/lang/ruby21-base/patches/patch-ext_tk_extconf.rb deleted file mode 100644 index 389e31dac45..00000000000 --- a/lang/ruby21-base/patches/patch-ext_tk_extconf.rb +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-ext_tk_extconf.rb,v 1.1 2014/12/14 14:00:17 taca Exp $ - -* Add tcl/tk 8.6 support. - ---- ext/tk/extconf.rb.orig 2013-11-30 02:46:47.000000000 +0000 -+++ ext/tk/extconf.rb -@@ -9,10 +9,10 @@ TkLib_Config['search_versions'] = - # %w[8.9 8.8 8.7 8.6 8.5 8.4 8.3 8.2 8.1 8.0 7.6 4.2] - # %w[8.7 8.6 8.5 8.4 8.3 8.2 8.1 8.0] - # %w[8.7 8.6 8.5 8.4 8.0] # to shorten search steps -- %w[8.5 8.4] # At present, Tcl/Tk8.6 is not supported. -+ %w[8.6 8.5 8.4] - - TkLib_Config['unsupported_versions'] = -- %w[8.8 8.7 8.6] # At present, Tcl/Tk8.6 is not supported. -+ %w[8.8 8.7] - - TkLib_Config['major_nums'] = '87' - diff --git a/lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb b/lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb deleted file mode 100644 index 6fbcd260969..00000000000 --- a/lang/ruby21-base/patches/patch-ext_tk_lib_tk.rb +++ /dev/null @@ -1,56 +0,0 @@ -$NetBSD: patch-ext_tk_lib_tk.rb,v 1.1 2014/12/14 14:00:17 taca Exp $ - -* Add tcl/tk 8.6 support. - ---- ext/tk/lib/tk.rb.orig 2011-05-26 23:36:33.000000000 +0000 -+++ ext/tk/lib/tk.rb -@@ -1309,8 +1309,12 @@ EOS - end - - unless interp.deleted? -- #Thread.current[:status].value = TclTkLib.mainloop(false) -- Thread.current[:status].value = interp.mainloop(false) -+ begin -+ #Thread.current[:status].value = TclTkLib.mainloop(false) -+ Thread.current[:status].value = interp.mainloop(false) -+ rescue Exception=>e -+ puts "ignore exception on interp: #{e.inspect}\n" if $DEBUG -+ end - end - - ensure -@@ -1569,7 +1573,15 @@ EOS - EOL - =end - -- at_exit{ INTERP.remove_tk_procs(TclTkLib::FINALIZE_PROC_NAME) } -+ if !WITH_RUBY_VM || RUN_EVENTLOOP_ON_MAIN_THREAD ### check Ruby 1.9 !!!!!!! -+ at_exit{ INTERP.remove_tk_procs(TclTkLib::FINALIZE_PROC_NAME) } -+ else -+ at_exit{ -+ Tk.root.destroy -+ INTERP.remove_tk_procs(TclTkLib::FINALIZE_PROC_NAME) -+ INTERP_THREAD.kill.join -+ } -+ end - - EventFlag = TclTkLib::EventFlag - -@@ -5197,6 +5209,8 @@ class TkWindow<TkObject - TkWinfo.exist?(self) - end - -+ alias subcommand tk_send -+ - def bind_class - @db_class || self.class() - end -@@ -5742,7 +5756,7 @@ TkWidget = TkWindow - #Tk.freeze - - module Tk -- RELEASE_DATE = '2010-06-03'.freeze -+ RELEASE_DATE = '2014-10-19'.freeze - - autoload :AUTO_PATH, 'tk/variable' - autoload :TCL_PACKAGE_PATH, 'tk/variable' diff --git a/lang/ruby21-base/patches/patch-ext_tk_tcltklib.c b/lang/ruby21-base/patches/patch-ext_tk_tcltklib.c deleted file mode 100644 index 6a88d15d9cc..00000000000 --- a/lang/ruby21-base/patches/patch-ext_tk_tcltklib.c +++ /dev/null @@ -1,170 +0,0 @@ -$NetBSD: patch-ext_tk_tcltklib.c,v 1.1 2014/12/14 14:00:17 taca Exp $ - -* Add tcl/tk 8.6 support. - ---- ext/tk/tcltklib.c.orig 2014-02-10 11:45:14.000000000 +0000 -+++ ext/tk/tcltklib.c -@@ -6012,7 +6012,12 @@ ip_rbNamespaceObjCmd(clientData, interp, - Tcl_CmdInfo info; - int ret; - -+ DUMP1("call ip_rbNamespaceObjCmd"); -+ DUMP2("objc = %d", objc); -+ DUMP2("objv[0] = '%s'", Tcl_GetString(objv[0])); -+ DUMP2("objv[1] = '%s'", Tcl_GetString(objv[1])); - if (!Tcl_GetCommandInfo(interp, "__orig_namespace_command__", &(info))) { -+ DUMP1("fail to get __orig_namespace_command__"); - Tcl_ResetResult(interp); - Tcl_AppendResult(interp, - "invalid command name \"namespace\"", (char*)NULL); -@@ -6020,15 +6025,38 @@ ip_rbNamespaceObjCmd(clientData, interp, - } - - rbtk_eventloop_depth++; -- /* DUMP2("namespace wrapper enter depth == %d", rbtk_eventloop_depth); */ -+ DUMP2("namespace wrapper enter depth == %d", rbtk_eventloop_depth); - - if (info.isNativeObjectProc) { -+#if TCL_MAJOR_VERSION == 8 && TCL_MINOR_VERSION < 6 -+ DUMP1("call a native-object-proc"); - ret = (*(info.objProc))(info.objClientData, interp, objc, objv); -+#else -+ /* Tcl8.6 or later */ -+ int i; -+ Tcl_Obj **cp_objv; -+ char org_ns_cmd_name[] = "__orig_namespace_command__"; -+ -+ DUMP1("call a native-object-proc for tcl8.6 or later"); -+ cp_objv = RbTk_ALLOC_N(Tcl_Obj *, (objc + 1)); -+ -+ cp_objv[0] = Tcl_NewStringObj(org_ns_cmd_name, strlen(org_ns_cmd_name)); -+ for(i = 1; i < objc; i++) { -+ cp_objv[i] = objv[i]; -+ } -+ cp_objv[objc] = (Tcl_Obj *)NULL; -+ -+ /* ret = Tcl_EvalObjv(interp, objc, cp_objv, TCL_EVAL_DIRECT); */ -+ ret = Tcl_EvalObjv(interp, objc, cp_objv, 0); -+ -+ ckfree((char*)cp_objv); -+#endif - } else { - /* string interface */ - int i; - char **argv; - -+ DUMP1("call with the string-interface"); - /* argv = (char **)Tcl_Alloc(sizeof(char *) * (objc + 1)); */ - argv = RbTk_ALLOC_N(char *, (objc + 1)); - #if 0 /* use Tcl_Preserve/Release */ -@@ -6056,9 +6084,10 @@ ip_rbNamespaceObjCmd(clientData, interp, - #endif - } - -- /* DUMP2("namespace wrapper exit depth == %d", rbtk_eventloop_depth); */ -+ DUMP2("namespace wrapper exit depth == %d", rbtk_eventloop_depth); - rbtk_eventloop_depth--; - -+ DUMP1("end of ip_rbNamespaceObjCmd"); - return ret; - } - #endif -@@ -6068,6 +6097,8 @@ ip_wrap_namespace_command(interp) - Tcl_Interp *interp; - { - #if TCL_MAJOR_VERSION >= 8 -+ -+#if TCL_MAJOR_VERSION == 8 && TCL_MINOR_VERSION < 6 - Tcl_CmdInfo orig_info; - - if (!Tcl_GetCommandInfo(interp, "namespace", &(orig_info))) { -@@ -6084,6 +6115,11 @@ ip_wrap_namespace_command(interp) - orig_info.deleteProc); - } - -+#else /* tcl8.6 or later */ -+ Tcl_GlobalEval(interp, "rename namespace __orig_namespace_command__"); -+ -+#endif -+ - Tcl_CreateObjCommand(interp, "namespace", ip_rbNamespaceObjCmd, - (ClientData) 0, (Tcl_CmdDeleteProc *)NULL); - #endif -@@ -8448,15 +8484,28 @@ invoke_tcl_proc(arg) - #endif - { - struct invoke_info *inf = (struct invoke_info *)arg; -+ -+#if TCL_MAJOR_VERSION >= 8 && TCL_MINOR_VERSION < 6 - int i, len; --#if TCL_MAJOR_VERSION >= 8 - int argc = inf->objc; - char **argv = (char **)NULL; - #endif - -+ DUMP1("call invoke_tcl_proc"); -+ -+#if TCL_MAJOR_VERSION > 8 || (TCL_MAJOR_VERSION == 8 && TCL_MINOR_VERSION >= 6) -+ -+ /* eval */ -+ inf->ptr->return_value = Tcl_EvalObjv(inf->ptr->ip, inf->objc, inf->objv, TCL_EVAL_DIRECT); -+ /* inf->ptr->return_value = Tcl_EvalObjv(inf->ptr->ip, inf->objc, inf->objv, 0); */ -+ -+#else /* Tcl/Tk 7.x, 8.0 -- 8.5 */ -+ - /* memory allocation for arguments of this command */ --#if TCL_MAJOR_VERSION >= 8 -+#if TCL_MAJOR_VERSION == 8 -+ /* Tcl/Tk 8.0 -- 8.5 */ - if (!inf->cmdinfo.isNativeObjectProc) { -+ DUMP1("called proc is not a native-obj-proc"); - /* string interface */ - /* argv = (char **)ALLOC_N(char *, argc+1);*/ /* XXXXXXXXXX */ - argv = RbTk_ALLOC_N(char *, (argc+1)); -@@ -8470,11 +8519,14 @@ invoke_tcl_proc(arg) - } - #endif - -+ DUMP1("reset result of tcl-interp"); - Tcl_ResetResult(inf->ptr->ip); - - /* Invoke the C procedure */ --#if TCL_MAJOR_VERSION >= 8 -+#if TCL_MAJOR_VERSION == 8 -+ /* Tcl/Tk 8.0 -- 8.5 */ - if (inf->cmdinfo.isNativeObjectProc) { -+ DUMP1("call tcl_proc as a native-obj-proc"); - inf->ptr->return_value - = (*(inf->cmdinfo.objProc))(inf->cmdinfo.objClientData, - inf->ptr->ip, inf->objc, inf->objv); -@@ -8482,7 +8534,9 @@ invoke_tcl_proc(arg) - else - #endif - { --#if TCL_MAJOR_VERSION >= 8 -+#if TCL_MAJOR_VERSION == 8 -+ /* Tcl/Tk 8.0 -- 8.5 */ -+ DUMP1("call tcl_proc as not a native-obj-proc"); - inf->ptr->return_value - = (*(inf->cmdinfo.proc))(inf->cmdinfo.clientData, inf->ptr->ip, - argc, (CONST84 char **)argv); -@@ -8505,6 +8559,9 @@ invoke_tcl_proc(arg) - #endif - } - -+#endif /* Tcl/Tk 8.6 or later || Tcl 7.x, 8.0 -- 8.5 */ -+ -+ DUMP1("end of invoke_tcl_proc"); - return Qnil; - } - -@@ -8644,7 +8701,9 @@ ip_invoke_core(interp, argc, argv) - #endif - - /* invoke tcl-proc */ -+ DUMP1("invoke tcl-proc"); - rb_protect(invoke_tcl_proc, (VALUE)&inf, &status); -+ DUMP2("status of tcl-proc, %d", status); - switch(status) { - case TAG_RAISE: - if (NIL_P(rb_errinfo())) { diff --git a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index 8511d602784..00000000000 --- a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:03 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2014-02-06 02:59:36.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -90,7 +90,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |