diff options
| author | taca <taca@pkgsrc.org> | 2015-08-20 15:22:16 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2015-08-20 15:22:16 +0000 |
| commit | f509a1801c3ced5f862131fd3815ade92668ae4c (patch) | |
| tree | 87c97ef9f00b7178904caa5d1986cb28e7c02a4a /lang | |
| parent | 7a1d42ef5dcb5d8a4c74809046ceb950e6c55b35 (diff) | |
| download | pkgsrc-f509a1801c3ced5f862131fd3815ade92668ae4c.tar.gz | |
Update ruby200-base-2.0.0p647 to (Ruby 2.0.0-p647).
Release announce:
Ruby 2.0.0-p647 Released
Posted by usa on 18 Aug 2015
We are pleased to announce the release of Ruby 2.0.0-p647.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, this release also includes the fix for a regression of lib/resolv.rb.
Uninitialized constant bug introduced by typo in backport of [#10712]
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as
2.1 or 2.2.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/ruby/rubyversion.mk | 6 | ||||
| -rw-r--r-- | lang/ruby200-base/Makefile | 3 | ||||
| -rw-r--r-- | lang/ruby200-base/distinfo | 9 | ||||
| -rw-r--r-- | lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
4 files changed, 7 insertions, 32 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index 9288ab6912b..3dd4839e42c 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.144 2015/07/06 01:15:22 rodent Exp $ +# $NetBSD: rubyversion.mk,v 1.145 2015/08/20 15:22:16 taca Exp $ # # This file determines which Ruby version is used as a dependency for @@ -235,9 +235,7 @@ RUBY22_VERSION= 2.2.2 # patch RUBY18_PATCHLEVEL= pl374 RUBY193_PATCHLEVEL= p551 -RUBY200_PATCHLEVEL= p645 -#RUBY21_PATCHLEVEL= p336 -#RUBY22_PATCHLEVEL= p95 +RUBY200_PATCHLEVEL= p647 # current API compatible version; used for version of shared library RUBY18_API_VERSION= 1.8.7 diff --git a/lang/ruby200-base/Makefile b/lang/ruby200-base/Makefile index 627cae969dd..13243d48933 100644 --- a/lang/ruby200-base/Makefile +++ b/lang/ruby200-base/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.19 2015/06/23 14:03:02 taca Exp $ +# $NetBSD: Makefile,v 1.20 2015/08/20 15:22:16 taca Exp $ # DISTNAME= ${RUBY_DISTNAME} PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_FULL} -PKGREVISION= 1 CATEGORIES= lang ruby MASTER_SITES= ${MASTER_SITE_RUBY} diff --git a/lang/ruby200-base/distinfo b/lang/ruby200-base/distinfo index 4816124ab9b..814a6a49f45 100644 --- a/lang/ruby200-base/distinfo +++ b/lang/ruby200-base/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.26 2015/06/23 14:03:02 taca Exp $ +$NetBSD: distinfo,v 1.27 2015/08/20 15:22:16 taca Exp $ -SHA1 (ruby-2.0.0-p645.tar.bz2) = e724dd0e4a1e820a368be307aa0863a8ecf4b694 -RMD160 (ruby-2.0.0-p645.tar.bz2) = cbfd9ca2a5fe5d6ea1d89da9fd934c864bf339ab -Size (ruby-2.0.0-p645.tar.bz2) = 10786492 bytes +SHA1 (ruby-2.0.0-p647.tar.bz2) = 537f0e212e337022f28ead8e67ffc834fcd468c6 +RMD160 (ruby-2.0.0-p647.tar.bz2) = c9b520ff1e5cc2c3c55a39b7cd3ce31317f52d0e +Size (ruby-2.0.0-p647.tar.bz2) = 10785285 bytes SHA1 (patch-configure) = aaa93fd2e4f130bb2cb852b15b58a1840e57dba5 SHA1 (patch-defs_default__gems) = 28a47952e27c22055bac6ad151d092572b96b1ec SHA1 (patch-ext_dbm_extconf.rb) = 7322637de769b7d01650e1ed566e891801ce3e92 @@ -26,7 +26,6 @@ SHA1 (patch-lib_rubygems_dependency__installer.rb) = f4e40727d231b336c1d4c2303ac SHA1 (patch-lib_rubygems_install__update__options.rb) = 22cfafe090db72211253b8528937e5be0e677ebf SHA1 (patch-lib_rubygems_installer.rb) = 7ce68eaa5893c83780f7b4e1af44a88ae63a39cf SHA1 (patch-lib_rubygems_platform.rb) = 135f2e9d6c0c529da9ffcea4b96507675cdf1f16 -SHA1 (patch-lib_rubygems_remote__fetcher.rb) = e6acc25febd819ca835cd4306f863d76aa67b106 SHA1 (patch-lib_rubygems_specification.rb) = 2a283cb7854580616df2b35357281c0a881cedf1 SHA1 (patch-man_erb.1) = 1fe6ce4f4fe6418bfabb5e132a63596562030116 SHA1 (patch-man_irb.1) = 2bf807b4c1b1c68d1f518caa054cfd900e0fedb7 diff --git a/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index c4144cc9942..00000000000 --- a/lang/ruby200-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:03:02 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2013-10-24 14:31:17.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -103,7 +103,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |