Pullup ticket #4804 - requested by taca

lang/ruby22-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.147 - lang/ruby22-base/Makefile 1.4 - lang/ruby22-base/distinfo 1.6-1.7 - lang/ruby22-base/patches/patch-configure 1.3 - lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted --- Module Name: pkgsrc Committed By: jperkin Date: Tue Jun 30 19:41:32 UTC 2015 Modified Files: pkgsrc/lang/ruby22-base: distinfo pkgsrc/lang/ruby22-base/patches: patch-configure Log Message: Disable CPU detection on Darwin, the result for 32-bit (i486) is incompatible with pkgsrc MACHINE_ARCH (i386). Fixes 32-bit build, no change for 64-bit. --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 20 15:30:47 UTC 2015 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby22-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby22-base/patches: patch-lib_rubygems_remote__fetcher.rb Log Message: Update ruby22-base to 2.2.3 (Ruby 2.2.3). Release note: Ruby 2.2.3 Released Posted by nagachika on 18 Aug 2015 We are pleased to announce the release of Ruby 2.2.3. This is a TEENY version release of the stable 2.2 series. This release includes the security fix for a RubyGems domain name verification vulnerability. CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier There are also some bugfixes. See ChangeLog for details.
author: tron <tron> 2015-09-03 18:56:54 +0000
committer: tron <tron> 2015-09-03 18:56:54 +0000
commit: df74f6a962a10807527474a42452f87f31c16f8d (patch)
tree: cbaee5059dfbfb889fb28fedf4310239f2e6c5de
parent: c70eb87f3cda8bf419e5dbe7b8b161f90ba41906 (diff)
download: pkgsrc-df74f6a962a10807527474a42452f87f31c16f8d.tar.gz
5 files changed, 19 insertions, 33 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk
index d877d3475c0..6e6aaa24999 100644
--- a/lang/ruby/rubyversion.mk
+++ b/lang/ruby/rubyversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: rubyversion.mk,v 1.143.2.2 2015/09/03 18:49:44 tron Exp $
+# $NetBSD: rubyversion.mk,v 1.143.2.3 2015/09/03 18:56:54 tron Exp $
 #
 
 # This file determines which Ruby version is used as a dependency for
@@ -230,7 +230,7 @@ RUBY18_VERSION=		1.8.7
 RUBY193_VERSION=	1.9.3
 RUBY200_VERSION=	2.0.0
 RUBY21_VERSION=		2.1.7
-RUBY22_VERSION=		2.2.2
+RUBY22_VERSION=		2.2.3
 
 # patch
 RUBY18_PATCHLEVEL=	pl374
diff --git a/lang/ruby22-base/Makefile b/lang/ruby22-base/Makefile
index f9e719a5b00..2b7303e5a6b 100644
--- a/lang/ruby22-base/Makefile
+++ b/lang/ruby22-base/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2015/06/23 14:04:40 taca Exp $
+# $NetBSD: Makefile,v 1.3.2.1 2015/09/03 18:56:54 tron Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL}
-PKGREVISION=	2
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby22-base/distinfo b/lang/ruby22-base/distinfo
index 6b6dcff6e3a..20665dec46c 100644
--- a/lang/ruby22-base/distinfo
+++ b/lang/ruby22-base/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.5 2015/06/23 14:04:40 taca Exp $
+$NetBSD: distinfo,v 1.5.2.1 2015/09/03 18:56:54 tron Exp $
 
-SHA1 (ruby-2.2.2.tar.bz2) = de97ec6132ac76bb7c0f92b5ca4682138093af1b
-RMD160 (ruby-2.2.2.tar.bz2) = af9f1c4de12fc25c0d6e20bf339cc13e7d89df2d
-Size (ruby-2.2.2.tar.bz2) = 13314437 bytes
-SHA1 (patch-configure) = 729397349d70492303534873194e35d4ffb98ba5
+SHA1 (ruby-2.2.3.tar.bz2) = 59fe80aeeb518ffb396bb1df74b47b25541fb207
+RMD160 (ruby-2.2.3.tar.bz2) = 048769272df86969a6848234bc3a1a1968a6e47c
+Size (ruby-2.2.3.tar.bz2) = 13333814 bytes
+SHA1 (patch-configure) = 8abbc486b8cf30bb789ef58d1cb289191dcd1af6
 SHA1 (patch-ext_dbm_extconf.rb) = ee932265052613d458375ad1a760a09fefb9d959
 SHA1 (patch-lib_mkmf.rb) = f86f1ae5a1053a0643545a2c11c9fd2bbd5a289d
 SHA1 (patch-lib_rdoc_ri_driver.rb) = 5bdd3ed6f50a2ea79f643c6bebd7ad0063e79051
@@ -15,7 +15,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = 33279f961cc4c530f0d81c8b415
 SHA1 (patch-lib_rubygems_install__update__options.rb) = 8ec3a2387f3a83e19d76b7a900ebf3b37bdcc043
 SHA1 (patch-lib_rubygems_installer.rb) = 864f3f8fe2949aedd85f730e447d8495f58d3b25
 SHA1 (patch-lib_rubygems_platform.rb) = 2bddd029a2678de5a5d016af33f629caa712fbce
-SHA1 (patch-lib_rubygems_remote__fetcher.rb) = 02c149b7b29e457dad909ebec38691440e192816
 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116
 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7
 SHA1 (patch-man_ri.1) = b07be05375977cfac0f88765a95e85db4f858885
diff --git a/lang/ruby22-base/patches/patch-configure b/lang/ruby22-base/patches/patch-configure
index 8f2c6022b7d..7383f2a6498 100644
--- a/lang/ruby22-base/patches/patch-configure
+++ b/lang/ruby22-base/patches/patch-configure
@@ -1,10 +1,19 @@
-$NetBSD: patch-configure,v 1.2 2015/04/22 19:04:35 sevan Exp $
+$NetBSD: patch-configure,v 1.2.2.1 2015/09/03 18:56:54 tron Exp $
 
 * Adding Interix support.
 * Ignore doxygen.
 
---- configure.orig	2015-02-27 07:34:18.000000000 +0000
+--- configure.orig	2015-04-13 14:18:08.000000000 +0000
 +++ configure
+@@ -5579,7 +5579,7 @@ esac
+ else
+     if test x"$target_alias" = x; then
+ 	case "$target_os" in #(
+-  darwin*) :
++  notdarwin*) :
+ 
+ 	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for real target cpu" >&5
+ $as_echo_n "checking for real target cpu... " >&6; }
 @@ -8846,6 +8846,10 @@ esac
  		ac_cv_func_isinf=yes
  		ac_cv_func_isnan=yes
diff --git a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb
deleted file mode 100644
index 66ffba2fd3d..00000000000
--- a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:40 taca Exp $
-
-Fix for CVE-2015-3900.
-
---- lib/rubygems/remote_fetcher.rb.orig	2014-11-17 03:55:02.000000000 +0000
-+++ lib/rubygems/remote_fetcher.rb
-@@ -94,7 +94,13 @@ class Gem::RemoteFetcher
-     rescue Resolv::ResolvError
-       uri
-     else
--      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
-+      target = res.target.to_s.strip
-+
-+      if /\.#{Regexp.quote(host)}\z/ =~ target
-+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
-+      end
-+
-+      uri
-     end
-   end
-
author	tron <tron>	2015-09-03 18:56:54 +0000
committer	tron <tron>	2015-09-03 18:56:54 +0000
commit	df74f6a962a10807527474a42452f87f31c16f8d (patch)
tree	cbaee5059dfbfb889fb28fedf4310239f2e6c5de
parent	c70eb87f3cda8bf419e5dbe7b8b161f90ba41906 (diff)
download	pkgsrc-df74f6a962a10807527474a42452f87f31c16f8d.tar.gz