| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Quote from release announce:
This release contains a fix for a regression of Hash#reject in Ruby 2.1.1,
support for build with Readline-6.3 (see Bug #9578), an updated bundled
version of libyaml with psych, and some bug fixes.
For details, please refer ChangeLog.
|
|
Including many bug fixes:
* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))
For detail, please refer ChangeLog.
|
|
|
|
|
|
|
|
And add value for Ruby 2.1.1 in description.
|
|
|
|
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This release includes many bugfixes. See tickets and ChangeLog for details.
|
|
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This is the last ordinal release of Ruby 1.9.3. It means that Ruby 1.9.3 goes
into the state of the security maintenance phase, and will never be released
unless any critical regressions or security issues are found. This phase is
planned to be maintained for 1 year. Then, maintenance of Ruby 1.9.3 will be
ended at Feb. 24th, 2015.
This release includes many bugfixes. See tickets and ChangeLog for details.
|
|
* Replace RUBY210_* to RUBY21_* for Ruby 2.1.1. And RUBY_VER of
value "21" would support Ruby 2.1.1.
* Make RUBY_SUFFIX to contain major-minor-teeny. (It is not always
the same as RUBY_VER any more.)
* Make RUBY_SRCDIR to relative path.
|
|
|
|
with Ruby's distribution.
* Define some variable for Ruby 2.1.0.
|
|
Noted by wiz@ via private E-mail.
|
|
Address to PR pkg/48509.
|
|
200 is also in default.
|
|
Ruby 2.0.0-p353 is released
Now Ruby 2.0.0-p353 is released.
This release includes a security fix about floating point parsing.
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
|
|
Ruby 1.9.3-p484 is released
Now Ruby 1.9.3-p484 is released.
This release includes a security fix about ruby interpreter core:
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
|
|
Fix build problem on NetBSD/i386.
|
|
Fix build problem on FreeBSD.
|
|
For FreeBSD:
* Fix careless mistake of patch to configure.
For MirBSD (and possibly OpenBSD):
* Don't pass empy string (before semicolon to sed(1).
* Correct suffix for libruby's shared library.
No PKGREVISION bump since this is simply fix for build problem.
|
|
|
|
|
|
pkgsrc changes:
* Fix gem command creating extra directories.
Quote from release announce:
This release includes a security fix about bundled DL / Fiddle.
* Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)
http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
* And some small bugfixes are also included.
See tickets:
https://bugs.ruby-lang.org/projects/ruby-193/issues?set_filter=1&status_id=5
ChangeLog for details.
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_426/ChangeLog
|
|
* Clean up PLIST_VARS.
No functional change should be done.
|
|
|
|
|
|
Security problem of CVE-2013-0269 was already handled but REXML security
problem is fixed by this package.
Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently.
This release includes security fixes about bundled JSON and REXML.
* Denial of Service and Unsafe Object Creation Vulnerability in JSON
(CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)
And some small bugfixes are also included.
|
|
This release includes a security fix about bundled RDoc.
Full changes are too may to write here, please refer ChangeLog.
|
|
These releasess don't include any security fixes.
Ruby 1.9.3-p362:
This release includes other many bug fixes.
Resolved build problems on Solaris.
Windows 8 support (hopefully).
other many bug fixes.
Ruby 1.9.3-p374:
This release includes many bug fixes. Especially,
Fixed randomly SEGV problem (often reported with Rails)
Windows 8 support (maybe, hopefully)
other many bug fixes.
See tickets and ChangeLog for details.
|
|
patchlevel 327) to fix DoS security problem.
http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
For other changes please refer Changelog file.
|
|
Additional fix to CVE-2011-1005 was incorporated.
So, there is no change to ruby18/ruby18-base packages of pkgsrc except
version.
|
|
Ruby 1.9.3-p286 is released.
This release includes some security fixes, and other many bug fixes.
* $SAFE escaping vulnerability about Exception#to_s / NameError#to_s
(CVE-2012-4464, CVE-2012-4466)
* Unintentional file creation caused by inserting a illegal NUL character
* other many bug fixes.
See ticktes and ChangeLog for details.
Changelog: http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_286/ChangeLog
tickets: https://bugs.ruby-lang.org/projects/ruby-193/issues?set_filter=1&status_id=5
|
|
as suggested by obache@
|
|
to "user variables" section. pkglint is now aware of them. Bump pkglint
version. Oked by wiz@
|
|
|
|
|
|
|
|
reality.
|
|
This adds shlib version handling to rubyversion.mk, a fix to configure
(include <sys/time.h> when checking for struct timespec) and a workaround
for broken code if getgrnam_r is available.
|
|
No security fix, but bug fix only,
Fri Jun 29 21:26:05 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (stack_extend): prevent ALLOCA_N, which reserves a memory
space with for restoring machine stack stored in each threads, from
optimization out. backport r34278 from the trunk.
Mon Jun 18 18:32:43 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* backport r32609 from trunk.
* ext/openssl/ossl_hmac.c: Revert checking return type of
HMAC_Init_ex as it is not compatible with OpenSSL < 1.0.0.
Mon Jun 18 18:32:43 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* backport r32606 from trunk.
* ext/openssl/ossl_digest.c: Check return value of EVP_DigestInit_ex.
* ext/openssl/ossl_hmac.c: Check return value of HMAC_Init_ex.
Thanks, Jared Jennings, for the patch.
[ Ruby 1.9 - Bug #4944 ] [ruby-core:37670]
Sun Jun 10 03:00:21 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (ruby_setjmp): need to save the stack after r2 (the Table
of Contents on ppc64) is saved onto the stack by getcontext().
based on <https://bugzilla.redhat.com/show_bug.cgi?id=628715>.
Bug#4411
Thu Jun 7 19:00:35 2012 Kenta Murata <mrkn@mrkn.jp>
* ext/bigdecimal/bigdecimal.c (VpMemAlloc): Fixes a bug reported
by Drew Yao <ayao at apple.com>
Wed Jun 6 15:09:00 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (rb_thread_join), ext/thread/thread.c (wake_one): adjusts
targets of rest waiting threads to join. [ruby-core:23457]
Wed Jun 6 14:44:13 2012 Kenta Murata <mrkn@mrkn.jp>
* bignum.c (rb_big2dbl), test/ruby/test_bignum.rb (test_to_f):
A negative Bignum out of Float range should be converted to -Infinity.
[ruby-core:30492] [Bug #3362]
Wed Jun 6 14:06:02 2012 Tanaka Akira <akr@fsij.org>
* lib/webrick/utils.rb: fix fcntl call.
* lib/drb/unix.rb: ditto.
Mon May 21 16:29:47 2012 Akinori MUSHA <knu@iDaemons.org>
* ext/syslog/syslog.c (mSyslog_inspect): Make sure self is a
module before calling rb_class2name().
Fri May 11 14:09:48 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (PUSH): to prevent VALUE from GC,
must not cast it to unsigned long, which may be shorter than
VALUE, and the result can be mere garbage.
Sat Apr 14 18:51:41 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* bignum.c (rb_big2str0): prevent working clone from
GC. [exerb-dev:0578]. patched by MURASE Masamitsu
<masamitsu.murase AT gmail.com> at [exerb-dev:0580]
Fri Mar 2 11:44:33 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* marshal.c (mark_dump_arg): mark destination string. patch by
Vit Ondruch. [Bug #4339]
* marshal.c (clear_dump_arg, clear_load_arg): clean up also data
tables as same as symbols tables.
Fri Mar 2 11:44:33 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* marshal.c (struct {dump,load}_arg): manage with dfree, instead
of using local variable which may be moved by context switch.
|
|
|
|
Should be fix PR pkg/46420.
|
|
Security fix with updating bundled RubyGems to 1.8.23 and several a few bug
fixes.
Fri Apr 20 12:40:19 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem: Removed to avoid
conflict with ca-bundle.pem
* lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem:
ditto.
* lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem:
ditto.
Fri Apr 20 09:04:35 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems: Apply the following security fixes to RubyGems 1.3.7:
RubyGems now disallows redirection from HTTPS to HTTP.
RubyGems now verifies SSL connections.
Patch by Hiroshi Nakamura.
* test/rubygems: ditto.
|
|
Security fix with updating bundled RubyGems to 1.8.23 and several bug fixes.
Please refer ChangeLog in detail:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_194/ChangeLog
|
|
|
|
Overhaul buildlink3 processing of Ruby.
* Don't buildlink in ruby/rubyversion.mk any more but define
RUBY_USE_PTHREAD (use of pthread).
* In ruby/buildlink3.mk, buildlink via mk/pthread.buildlink3.mk as to
RUBY_USE_PTHREAD.
* Also the same logic in ruby/Makefile.common.
* Buildlink of bdb, libiconv, zlib, openssl in each ruby*-base/Makefile.
|
|
The maintainers of ruby have changed the shared library naming scheme for
FreeBSD and DragonFly:
For ruby18, it's libruby18.so.18 (last part = RUBY_VER)
For ruby19, it's libruby19.so.19 (last part = RUBY_VER)
for ruby193, it's libruby193.so.191 (last part derived from API, not version)
The rubyversion.mk was never updated to reflect that, and as a result ruby
1.9.3 has never built on DragonFly. This commit will allow
lang/ruby193-base package to build.
|
|
(It seems to the tag of subversion was created with wrong name.)
Ruby 1.9.2-p318 is released.
This release include a security fixes of the Ruby OpenSSL extension.
See [1] for more detail about this fix.
*1:
http://www.ruby-lang.org/en/news/2012/02/16/security-fix-for-ruby-openssl-module-allow-0n-splitting-as-a-prevention-for-the-tls-beast-attack-/
And many bugs are fixed in this release.
See [2] for more details:
*2: http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_381/ChangeLog
|
|
Implictly update lang/ruby193 and devel/ruby-mode (nothing change).
== Fixes
* Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention
for the TLS BEAST attack
* Fixed: LLVM/clang support [Bug #5076]
* Fixed: GCC 4.7 support [Bug #5851]
* other bug fixes
For more detail, please refer:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_125/ChangeLog
|
|
Wed Feb 8 14:06:59 2012 Hiroshi Nakamura <nahi@ruby-lang.org>
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
|
