diff options
| author | taca <taca@pkgsrc.org> | 2018-03-29 03:09:35 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2018-03-29 03:09:35 +0000 |
| commit | fde2081f2deeb21d5d86cacb49613947bb21b847 (patch) | |
| tree | 60fe42ecab3f5d476e0fc30ada9b14878ad2d76e | |
| parent | 09cbbc70ccd092dd690a8539cd5667a4a4775cbe (diff) | |
| download | pkgsrc-fde2081f2deeb21d5d86cacb49613947bb21b847.tar.gz | |
lang/ruby23-base: update to 2.3.7, security release
Ruby 2.3.7 Released Posted by usa on 28 Mar 2018
Ruby 2.3.7 has been released.
This release includes about 70 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
See the ChangeLog for details.
After this release, we will end the normal maintenance phase of Ruby 2.3, and
start the security maintenance phase of it. This means that after the release
of 2.3.7 we will never backport any bug fixes to 2.3 except security fixes.
The term of the security maintenance phase is scheduled for 1 year. By the
end of this term, official support of Ruby 2.3 will be over. Therefore, we
recommend that you start planning to upgrade to Ruby 2.5 or 2.4.
| -rw-r--r-- | lang/ruby/rubyversion.mk | 4 | ||||
| -rw-r--r-- | lang/ruby23-base/Makefile | 7 | ||||
| -rw-r--r-- | lang/ruby23-base/distinfo | 18 | ||||
| -rw-r--r-- | lang/ruby23-base/patches/patch-man_erb.1 | 24 | ||||
| -rw-r--r-- | lang/ruby23-base/patches/patch-man_irb.1 | 24 | ||||
| -rw-r--r-- | lang/ruby23-base/patches/patch-man_ri.1 | 24 | ||||
| -rw-r--r-- | lang/ruby23-base/patches/patch-man_ruby.1 | 24 |
7 files changed, 8 insertions, 117 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index 649a63ecdbd..d0562c46206 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.193 2018/03/29 03:06:57 taca Exp $ +# $NetBSD: rubyversion.mk,v 1.194 2018/03/29 03:09:35 taca Exp $ # # This file determines which Ruby version is used as a dependency for @@ -215,7 +215,7 @@ RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/ruby([0-9][0-9])-.*/\1/} # current supported Ruby's version RUBY22_VERSION= 2.2.9 -RUBY23_VERSION= 2.3.6 +RUBY23_VERSION= 2.3.7 RUBY24_VERSION= 2.4.4 RUBY25_VERSION= 2.5.1 diff --git a/lang/ruby23-base/Makefile b/lang/ruby23-base/Makefile index 9e0e86165ee..8c8d8550bb5 100644 --- a/lang/ruby23-base/Makefile +++ b/lang/ruby23-base/Makefile @@ -1,15 +1,10 @@ -# $NetBSD: Makefile,v 1.15 2018/02/23 15:26:14 wiz Exp $ +# $NetBSD: Makefile,v 1.16 2018/03/29 03:09:35 taca Exp $ DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} -PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} -PATCH_SITES= https://bugs.ruby-lang.org/attachments/download/7029/ -PATCHFILES= rubygems-276-for-ruby23.patch -PATCH_DIST_STRIP= -p0 - MAINTAINER= taca@NetBSD.org HOMEPAGE= ${RUBY_HOMEPAGE} COMMENT= Ruby ${RUBY_VERSION} release minimum base package diff --git a/lang/ruby23-base/distinfo b/lang/ruby23-base/distinfo index 962bc727633..81b44e66826 100644 --- a/lang/ruby23-base/distinfo +++ b/lang/ruby23-base/distinfo @@ -1,13 +1,9 @@ -$NetBSD: distinfo,v 1.15 2018/02/19 16:46:26 taca Exp $ +$NetBSD: distinfo,v 1.16 2018/03/29 03:09:35 taca Exp $ -SHA1 (ruby-2.3.6.tar.bz2) = 07c3b66d544dd22c22fbae3f16cfb3eeb88b7b1e -RMD160 (ruby-2.3.6.tar.bz2) = 664e027a6f172212ac8ebff3aa9b99df4e99906b -SHA512 (ruby-2.3.6.tar.bz2) = bc3c7a115745a38e44bd91eb5637b1e412011c471d9749db7960185ef75737b944dd0e524f22432809649952ca7d93f46d458990e9cd2b0db5ca8abf4bc8ea99 -Size (ruby-2.3.6.tar.bz2) = 14429114 bytes -SHA1 (rubygems-276-for-ruby23.patch) = 859334e0313e522826b28c4878611f34c46b7526 -RMD160 (rubygems-276-for-ruby23.patch) = c4d7718b7e4845811bf54917ca185ac49c75d6b3 -SHA512 (rubygems-276-for-ruby23.patch) = b2b363bec953aa4cfd17bd501753a621b829d5052780f33c6d74d813f128f703a4dd59db53ac59860aed6f741fd1a77b1ef173523f0f8b49b91282e5c8181961 -Size (rubygems-276-for-ruby23.patch) = 19953 bytes +SHA1 (ruby-2.3.7.tar.bz2) = 3bb88965405da5e4de2432eeb445fffa8a66fb33 +RMD160 (ruby-2.3.7.tar.bz2) = cb8f83f773a0d1cfc8595148ac61aff253f6b67d +SHA512 (ruby-2.3.7.tar.bz2) = e72754f7703f0706c4b0bccd053035536053451fe069a55427984cc0bc5692b86bd51c243c5f62f78527c66b08300d2e4aa19b73e6ded13d6020aa2450e66a7d +Size (ruby-2.3.7.tar.bz2) = 14421177 bytes SHA1 (patch-configure) = 3737bf52082288b02e7382d71a322f4822c5abe4 SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b SHA1 (patch-ext_openssl_ossl__ssl.c) = 24e794aae278da6204e29212d9e2add0b0119ea4 @@ -22,9 +18,5 @@ SHA1 (patch-lib_rubygems_install__update__options.rb) = 167cfeeb47842d20eaadd15e SHA1 (patch-lib_rubygems_installer.rb) = 37218b0ebf874095dce8b92bc30b5beb720e13a2 SHA1 (patch-lib_rubygems_platform.rb) = 244a6698636012235882ae606ae3a3b4dffd3faf SHA1 (patch-lib_rubygems_specification.rb) = 46f517d6128d1366c0a302a7d04d2caec7ec948f -SHA1 (patch-man_erb.1) = a03758f5ae399463b140fbac92c39e6ccc9d18bd -SHA1 (patch-man_irb.1) = bf3cd43511ddc51a41dced16f2be1c9f8018d226 -SHA1 (patch-man_ri.1) = d8917e7a08bbc3eb41349570cc658d40c1b3463f -SHA1 (patch-man_ruby.1) = c6d1de29fe470024b926226615d97d485dececd9 SHA1 (patch-test_rubygems_test__gem.rb) = 47cc7af18fc5f30d6d695e70851cfaf3205a9266 SHA1 (patch-tool_rbinstall.rb) = 159b657293029cb5bc096d7c23ae85fe05c88ba2 diff --git a/lang/ruby23-base/patches/patch-man_erb.1 b/lang/ruby23-base/patches/patch-man_erb.1 deleted file mode 100644 index e439ab70b56..00000000000 --- a/lang/ruby23-base/patches/patch-man_erb.1 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-man_erb.1,v 1.1 2015/12/30 14:59:42 taca Exp $ - -* Fix mdoc markup. - ---- man/erb.1.orig 2015-05-23 09:38:49.000000000 +0000 -+++ man/erb.1 -@@ -143,12 +143,12 @@ class. - .Pp - .Sh REPORTING BUGS - .Bl -bullet --.Li Security vulnerabilities should be reported via an email to --.Aq security@ruby-lang.org Ns --.Li . -+.It -+Security vulnerabilities should be reported via an email to -+.Aq security@ruby-lang.org . - Reported problems will be published after being fixed. --.Pp --.Li And you can report other bugs and feature requests via the -+.It -+You can report other bugs and feature requests via the - Ruby Issue Tracking System (http://bugs.ruby-lang.org). - Do not report security vulnerabilities - via the system because it publishes the vulnerabilities immediately. diff --git a/lang/ruby23-base/patches/patch-man_irb.1 b/lang/ruby23-base/patches/patch-man_irb.1 deleted file mode 100644 index 4c80c4b6bee..00000000000 --- a/lang/ruby23-base/patches/patch-man_irb.1 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-man_irb.1,v 1.1 2015/12/30 14:59:42 taca Exp $ - -* Fix mdoc markup. - ---- man/irb.1.orig 2015-05-23 09:38:49.000000000 +0000 -+++ man/irb.1 -@@ -159,12 +159,12 @@ Personal irb initialization. - .Pp - .Sh REPORTING BUGS - .Bl -bullet --.Li Security vulnerabilities should be reported via an email to --.Aq security@ruby-lang.org Ns --.Li . -+.It -+Security vulnerabilities should be reported via an email to -+.Aq security@ruby-lang.org . - Reported problems will be published after being fixed. --.Pp --.Li And you can report other bugs and feature requests via the -+.It -+You can report other bugs and feature requests via the - Ruby Issue Tracking System (http://bugs.ruby-lang.org). - Do not report security vulnerabilities - via the system because it publishes the vulnerabilities immediately. diff --git a/lang/ruby23-base/patches/patch-man_ri.1 b/lang/ruby23-base/patches/patch-man_ri.1 deleted file mode 100644 index 4d65d0a6d93..00000000000 --- a/lang/ruby23-base/patches/patch-man_ri.1 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-man_ri.1,v 1.1 2015/12/30 14:59:42 taca Exp $ - -* Fix mdoc markup. - ---- man/ri.1.orig 2015-05-23 09:38:49.000000000 +0000 -+++ man/ri.1 -@@ -166,12 +166,12 @@ Searches user-wide documents here. - .Pp - .Sh REPORTING BUGS - .Bl -bullet --.Li Security vulnerabilities should be reported via an email to --.Aq security@ruby-lang.org Ns --.Li . -+.It -+Security vulnerabilities should be reported via an email to -+.Aq security@ruby-lang.org . - Reported problems will be published after being fixed. --.Pp --.Li And you can report other bugs and feature requests via the -+.It -+You can report other bugs and feature requests via the - Ruby Issue Tracking System (http://bugs.ruby-lang.org). - Do not report security vulnerabilities - via the system because it publishes the vulnerabilities immediately. diff --git a/lang/ruby23-base/patches/patch-man_ruby.1 b/lang/ruby23-base/patches/patch-man_ruby.1 deleted file mode 100644 index d4c32586881..00000000000 --- a/lang/ruby23-base/patches/patch-man_ruby.1 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-man_ruby.1,v 1.1 2015/12/30 14:59:42 taca Exp $ - -* Fix mdoc markup. - ---- man/ruby.1.orig 2015-11-15 02:04:37.000000000 +0000 -+++ man/ruby.1 -@@ -632,12 +632,12 @@ Comprehensive catalog of Ruby libraries. - .Pp - .Sh REPORTING BUGS - .Bl -bullet --.Li Security vulnerabilities should be reported via an email to --.Aq security@ruby-lang.org Ns --.Li . -+.It -+Security vulnerabilities should be reported via an email to -+.Aq security@ruby-lang.org . - Reported problems will be published after they've been fixed. --.Pp --.Li And you can report other bugs and feature requests via the -+.It -+You can report other bugs and feature requests via the - Ruby Issue Tracking System (https://bugs.ruby-lang.org/). - Do not report security vulnerabilities - via the system because it publishes the vulnerabilities immediately. |