diff options
author | tron <tron> | 2015-09-03 18:56:54 +0000 |
---|---|---|
committer | tron <tron> | 2015-09-03 18:56:54 +0000 |
commit | df74f6a962a10807527474a42452f87f31c16f8d (patch) | |
tree | cbaee5059dfbfb889fb28fedf4310239f2e6c5de | |
parent | c70eb87f3cda8bf419e5dbe7b8b161f90ba41906 (diff) | |
download | pkgsrc-df74f6a962a10807527474a42452f87f31c16f8d.tar.gz |
Pullup ticket #4804 - requested by taca
lang/ruby22-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.147
- lang/ruby22-base/Makefile 1.4
- lang/ruby22-base/distinfo 1.6-1.7
- lang/ruby22-base/patches/patch-configure 1.3
- lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted
---
Module Name: pkgsrc
Committed By: jperkin
Date: Tue Jun 30 19:41:32 UTC 2015
Modified Files:
pkgsrc/lang/ruby22-base: distinfo
pkgsrc/lang/ruby22-base/patches: patch-configure
Log Message:
Disable CPU detection on Darwin, the result for 32-bit (i486) is incompatible
with pkgsrc MACHINE_ARCH (i386). Fixes 32-bit build, no change for 64-bit.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 20 15:30:47 UTC 2015
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby22-base: Makefile distinfo
Removed Files:
pkgsrc/lang/ruby22-base/patches: patch-lib_rubygems_remote__fetcher.rb
Log Message:
Update ruby22-base to 2.2.3 (Ruby 2.2.3).
Release note:
Ruby 2.2.3 Released
Posted by nagachika on 18 Aug 2015
We are pleased to announce the release of Ruby 2.2.3. This is a TEENY
version release of the stable 2.2 series.
This release includes the security fix for a RubyGems domain name
verification vulnerability.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
There are also some bugfixes. See ChangeLog for details.
-rw-r--r-- | lang/ruby/rubyversion.mk | 4 | ||||
-rw-r--r-- | lang/ruby22-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby22-base/distinfo | 11 | ||||
-rw-r--r-- | lang/ruby22-base/patches/patch-configure | 13 | ||||
-rw-r--r-- | lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
5 files changed, 19 insertions, 33 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index d877d3475c0..6e6aaa24999 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.143.2.2 2015/09/03 18:49:44 tron Exp $ +# $NetBSD: rubyversion.mk,v 1.143.2.3 2015/09/03 18:56:54 tron Exp $ # # This file determines which Ruby version is used as a dependency for @@ -230,7 +230,7 @@ RUBY18_VERSION= 1.8.7 RUBY193_VERSION= 1.9.3 RUBY200_VERSION= 2.0.0 RUBY21_VERSION= 2.1.7 -RUBY22_VERSION= 2.2.2 +RUBY22_VERSION= 2.2.3 # patch RUBY18_PATCHLEVEL= pl374 diff --git a/lang/ruby22-base/Makefile b/lang/ruby22-base/Makefile index f9e719a5b00..2b7303e5a6b 100644 --- a/lang/ruby22-base/Makefile +++ b/lang/ruby22-base/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2015/06/23 14:04:40 taca Exp $ +# $NetBSD: Makefile,v 1.3.2.1 2015/09/03 18:56:54 tron Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby22-base/distinfo b/lang/ruby22-base/distinfo index 6b6dcff6e3a..20665dec46c 100644 --- a/lang/ruby22-base/distinfo +++ b/lang/ruby22-base/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.5 2015/06/23 14:04:40 taca Exp $ +$NetBSD: distinfo,v 1.5.2.1 2015/09/03 18:56:54 tron Exp $ -SHA1 (ruby-2.2.2.tar.bz2) = de97ec6132ac76bb7c0f92b5ca4682138093af1b -RMD160 (ruby-2.2.2.tar.bz2) = af9f1c4de12fc25c0d6e20bf339cc13e7d89df2d -Size (ruby-2.2.2.tar.bz2) = 13314437 bytes -SHA1 (patch-configure) = 729397349d70492303534873194e35d4ffb98ba5 +SHA1 (ruby-2.2.3.tar.bz2) = 59fe80aeeb518ffb396bb1df74b47b25541fb207 +RMD160 (ruby-2.2.3.tar.bz2) = 048769272df86969a6848234bc3a1a1968a6e47c +Size (ruby-2.2.3.tar.bz2) = 13333814 bytes +SHA1 (patch-configure) = 8abbc486b8cf30bb789ef58d1cb289191dcd1af6 SHA1 (patch-ext_dbm_extconf.rb) = ee932265052613d458375ad1a760a09fefb9d959 SHA1 (patch-lib_mkmf.rb) = f86f1ae5a1053a0643545a2c11c9fd2bbd5a289d SHA1 (patch-lib_rdoc_ri_driver.rb) = 5bdd3ed6f50a2ea79f643c6bebd7ad0063e79051 @@ -15,7 +15,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = 33279f961cc4c530f0d81c8b415 SHA1 (patch-lib_rubygems_install__update__options.rb) = 8ec3a2387f3a83e19d76b7a900ebf3b37bdcc043 SHA1 (patch-lib_rubygems_installer.rb) = 864f3f8fe2949aedd85f730e447d8495f58d3b25 SHA1 (patch-lib_rubygems_platform.rb) = 2bddd029a2678de5a5d016af33f629caa712fbce -SHA1 (patch-lib_rubygems_remote__fetcher.rb) = 02c149b7b29e457dad909ebec38691440e192816 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = b07be05375977cfac0f88765a95e85db4f858885 diff --git a/lang/ruby22-base/patches/patch-configure b/lang/ruby22-base/patches/patch-configure index 8f2c6022b7d..7383f2a6498 100644 --- a/lang/ruby22-base/patches/patch-configure +++ b/lang/ruby22-base/patches/patch-configure @@ -1,10 +1,19 @@ -$NetBSD: patch-configure,v 1.2 2015/04/22 19:04:35 sevan Exp $ +$NetBSD: patch-configure,v 1.2.2.1 2015/09/03 18:56:54 tron Exp $ * Adding Interix support. * Ignore doxygen. ---- configure.orig 2015-02-27 07:34:18.000000000 +0000 +--- configure.orig 2015-04-13 14:18:08.000000000 +0000 +++ configure +@@ -5579,7 +5579,7 @@ esac + else + if test x"$target_alias" = x; then + case "$target_os" in #( +- darwin*) : ++ notdarwin*) : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for real target cpu" >&5 + $as_echo_n "checking for real target cpu... " >&6; } @@ -8846,6 +8846,10 @@ esac ac_cv_func_isinf=yes ac_cv_func_isnan=yes diff --git a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index 66ffba2fd3d..00000000000 --- a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:40 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2014-11-17 03:55:02.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -94,7 +94,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |