diff options
author | taca <taca@pkgsrc.org> | 2015-08-20 15:30:47 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2015-08-20 15:30:47 +0000 |
commit | 0fdd64ad1c4ebf6d1d4aa01b6050cfa2e81ba873 (patch) | |
tree | 5eee90935650b800442a6c77c6d2b467e524df11 /lang | |
parent | c4c5258f5c75e225339c548269067a523936dc54 (diff) | |
download | pkgsrc-0fdd64ad1c4ebf6d1d4aa01b6050cfa2e81ba873.tar.gz |
Update ruby22-base to 2.2.3 (Ruby 2.2.3).
Release note:
Ruby 2.2.3 Released
Posted by nagachika on 18 Aug 2015
We are pleased to announce the release of Ruby 2.2.3. This is a TEENY
version release of the stable 2.2 series.
This release includes the security fix for a RubyGems domain name
verification vulnerability.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
There are also some bugfixes. See ChangeLog for details.
Diffstat (limited to 'lang')
-rw-r--r-- | lang/ruby/rubyversion.mk | 4 | ||||
-rw-r--r-- | lang/ruby22-base/Makefile | 3 | ||||
-rw-r--r-- | lang/ruby22-base/distinfo | 9 | ||||
-rw-r--r-- | lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
4 files changed, 7 insertions, 30 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index 27e83a20efd..9dfeedb4f3d 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.146 2015/08/20 15:27:43 taca Exp $ +# $NetBSD: rubyversion.mk,v 1.147 2015/08/20 15:30:47 taca Exp $ # # This file determines which Ruby version is used as a dependency for @@ -230,7 +230,7 @@ RUBY18_VERSION= 1.8.7 RUBY193_VERSION= 1.9.3 RUBY200_VERSION= 2.0.0 RUBY21_VERSION= 2.1.7 -RUBY22_VERSION= 2.2.2 +RUBY22_VERSION= 2.2.3 # patch RUBY18_PATCHLEVEL= pl374 diff --git a/lang/ruby22-base/Makefile b/lang/ruby22-base/Makefile index f9e719a5b00..506955428d1 100644 --- a/lang/ruby22-base/Makefile +++ b/lang/ruby22-base/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2015/06/23 14:04:40 taca Exp $ +# $NetBSD: Makefile,v 1.4 2015/08/20 15:30:47 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 2 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby22-base/distinfo b/lang/ruby22-base/distinfo index 741b168f7c0..f66683af66c 100644 --- a/lang/ruby22-base/distinfo +++ b/lang/ruby22-base/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.6 2015/06/30 19:41:32 jperkin Exp $ +$NetBSD: distinfo,v 1.7 2015/08/20 15:30:47 taca Exp $ -SHA1 (ruby-2.2.2.tar.bz2) = de97ec6132ac76bb7c0f92b5ca4682138093af1b -RMD160 (ruby-2.2.2.tar.bz2) = af9f1c4de12fc25c0d6e20bf339cc13e7d89df2d -Size (ruby-2.2.2.tar.bz2) = 13314437 bytes +SHA1 (ruby-2.2.3.tar.bz2) = 59fe80aeeb518ffb396bb1df74b47b25541fb207 +RMD160 (ruby-2.2.3.tar.bz2) = 048769272df86969a6848234bc3a1a1968a6e47c +Size (ruby-2.2.3.tar.bz2) = 13333814 bytes SHA1 (patch-configure) = 8abbc486b8cf30bb789ef58d1cb289191dcd1af6 SHA1 (patch-ext_dbm_extconf.rb) = ee932265052613d458375ad1a760a09fefb9d959 SHA1 (patch-lib_mkmf.rb) = f86f1ae5a1053a0643545a2c11c9fd2bbd5a289d @@ -15,7 +15,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = 33279f961cc4c530f0d81c8b415 SHA1 (patch-lib_rubygems_install__update__options.rb) = 8ec3a2387f3a83e19d76b7a900ebf3b37bdcc043 SHA1 (patch-lib_rubygems_installer.rb) = 864f3f8fe2949aedd85f730e447d8495f58d3b25 SHA1 (patch-lib_rubygems_platform.rb) = 2bddd029a2678de5a5d016af33f629caa712fbce -SHA1 (patch-lib_rubygems_remote__fetcher.rb) = 02c149b7b29e457dad909ebec38691440e192816 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 SHA1 (patch-man_ri.1) = b07be05375977cfac0f88765a95e85db4f858885 diff --git a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index 66ffba2fd3d..00000000000 --- a/lang/ruby22-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:40 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2014-11-17 03:55:02.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -94,7 +94,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |