| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
gets optimised away by it.
XXX This can most likely supersede hacks.mk
|
|
It contains security fix for CVE-2011-4815 (DoS).
Wed Dec 28 21:34:23 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* string.c (rb_str_hash): randomize hash to avoid algorithmic
complexity attacks. CVE-2011-4815
* st.c (strhash): ditto.
* string.c (Init_String): initialization of hash_seed to be at the
beginning of the process.
* st.c (Init_st): ditto.
Thu Dec 8 11:57:04 2011 Tanaka Akira <akr@fsij.org>
* inits.c (rb_call_inits): call Init_RandomSeed at first.
* random.c (seed_initialized): defined.
(fill_random_seed): extracted from random_seed.
(make_seed_value): extracted from random_seed.
(rb_f_rand): initialize random seed at first.
(initial_seed): defined.
(Init_RandomSeed): defined.
(Init_RandomSeed2): defined.
(rb_reset_random_seed): defined.
(Init_Random): call Init_RandomSeed2.
Sat Dec 10 20:44:23 2011 Tanaka Akira <akr@fsij.org>
* lib/securerandom.rb: call OpenSSL::Random.seed at the
SecureRandom.random_bytes call.
insert separators for array join.
patch by Masahiro Tomita. [ruby-dev:44270]
Mon Oct 17 04:20:22 2011 Nobuyoshi Nakada <nobu@ruby-lang.org>
* mkconfig.rb: fix for continued lines. based on a patch from
Marcus Rueckert <darix AT opensu.se> at [ruby-core:20420].
Mon Oct 17 04:19:39 2011 Yukihiro Matsumoto <matz@ruby-lang.org>
* numeric.c (flo_cmp): Infinity is greater than any bignum
number. [ruby-dev:38672]
* bignum.c (rb_big_cmp): ditto.
Mon Oct 17 03:56:12 2011 Yusuke Endoh <mame@tsg.ne.jp>
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): initialize
store->ex_data.sk. [ruby-core:28907] [ruby-core:23971]
[ruby-core:18121]
|
|
* Remove setting PREFIX.
* Remove executing exit on last line.
Bump PKGREVISION.
|
|
* Remove workaround for version.h.
|
|
It break the feature in these days.
|
|
This is maintenance release. For more detail chagge, plrease refer:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
|
|
On Solaris 10, it seems that --enable-wide-getaddrinfo has problem
although it was needed on Solaris 9.
Should be fix PR pkg/44039.
Bump PKGREVISION.
|
|
with devel/ruby-rdoc.
Bump PKGREVISION.
|
|
Since it cause creating binary package which isn't up to date,
bump PKGREVISION, again.
|
|
Bump PKGREVISION.
|
|
handling of none existing files.
This should be fix build problem of www/ruby-rails3 with ruby18-base.
Bump PKGREVISION.
|
|
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* The $SAFE Vulnerability
Fri Feb 18 21:18:55 2011 Shugo Maeda <shugo@ruby-lang.org>
* test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation):
Test for below.
Fri Feb 18 21:18:55 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* error.c (exc_to_s): untainted strings can be tainted via
Exception#to_s, which enables attackers to overwrite sane strings.
Reported by: Yusuke Endoh <mame at tsg.ne.jp>.
* error.c (name_err_to_s): ditto.
Fri Feb 18 21:17:22 2011 Shugo Maeda <shugo@ruby-lang.org>
* lib/fileutils.rb (FileUtils::remove_entry_secure): there is a
race condition in the case where the given path is a directory,
and some other user can move that directory, and create a
symlink while this method is executing.
Reported by: Nicholas Jefferson <nicholas at pythonic.com.au>
Fri Feb 18 19:46:46 2011 NAKAMURA Usaku <usa@ruby-lang.org>
* win32/win32.c (init_stdhandle): backport mistake of r29382.
some code are needless in ruby 1.8.
[ruby-core:34579]
Fri Feb 18 19:22:17 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* configure.in: revert revision r29854. This revision introduced
binary incompatibilities on some circumstances. The bug that
revision was fixing gets reopened by this reversion.
[ruby-dev:43152] cf. [Bug #2553]
|
|
Release announce:
http://www.ruby-lang.org/en/news/2010/12/25/ruby-1-8-7-p330-released/
Quote from the announce:
* Here you are an annual release of 1.8.7 updates.
* No license change from previos 1.8.7 release.
Full Changes:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_330/ChangeLog
|
|
- Set RUBY_API_VERSION after RUBY_VERSION has decided.
- Change old RUBY_DOCDIR and RUBY_EXAMPLESDIR to RUBY_DOC and RUBY_EG in
comment.
- Fix shared libraries PLIST to support Mac OS X with introducing RUBY_SLEXT:
Shared library => .dylib
Extension library => .bundle
- Improve PRINT_PLIST_AWK to handle new shared libraries.
No functional change shoud be done and fix PR pkg/44050.
|
|
Since many changes from previous release, please refer
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/.
Note: Since all security updates are already in previous package,
This update dosen't include any securify fix.
|
|
INSTALL_PROGRAM and INSTALL_SCRIPT.
They reflect to Ruby's Config::CONFIG constant which contains
various configuration parametes which would be used when installing
extention modules including ruby gems.
Setting INSTALL explicitly reset the line in mk/configure/gnu-configure.mk.
CONFIGURE_ENV+= ac_given_INSTALL=${INSTALL:Q}\ -c\ -o\ ${BINOWN}\ -g\ ${BINGRP}
Should be fix PR pkg/43684 and pkg/43687.
Bump PKGREVISION.
|
|
from r29002 in Ruby's repository. (Sadly, Ruby 1.8.7 pl301 missed
this change...)
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
repositry (r26281).
Also use COMPILER_RPATH_FLAG in Makefile.
Bump PKGREVISION.
|
|
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
Bump PKGREVISION.
|
|
Add readline option to PKG_OPTIONS.ruby. This is no-op here.
No functional change.
|
|
focusing to PR pkg/41829.
* Add comments to patches.
Bump PKGREVISION.
|
|
simple sample with two threads is 2 times faster without ucontext(3).
Bump PKGREVISION.
|
|
* Fix critical problem of BigDecimal class in 1.8.7-p173.
Fri Jun 12 16:36:44 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced
in r23613. [ruby-talk:338957]
|
|
|
|
|
|
Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org>
* eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check
with another method.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid
segmentation fault caused by (insanely) long decimal values.
backported from 1.9. CVE-2009-1904
* ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i,
BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split,
BigDecimal_inspect): ditto.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if
exp is bigger than DBL_MANT_DIG.
Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org>
* file.c: include fcntl.h for O_RDONLY on Solaris.
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (rv_strdup): macro to duplicate nul-terminated string.
[ruby-core:22852]
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out.
[ruby-core:22600]
Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (rb_eval): needs to guard intermediate string objects.
based on a patch from Brent Roman <brent AT mbari.org> a
[ruby-core:22584].
Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org>
* Makefile.in (update-rubyspec, test-rubyspec): Catch up to
rubyspec merge. A patch by Brian Ford at [ruby-core:21032]
Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org>
* lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal
method name typo. [Bug #1173]
Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (rb_file_s_extname): fix for spaces before extention.
[ruby-dev:38044]
Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* win32/win32.c (_CrtDbgReportW): prevent from false positive
assertions in msvcrtd. [ruby-core:22116]
Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen.
[ruby-talk:328195], [ruby-core:22142]
Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check.
Patch by Kornelius Kalnbach. [ruby-core:20992].
* test/ostruct/test_ostruct.rb: test for inspect.
Patch by Kornelius Kalnbach. [ruby-core:20992].
Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org>
* eval.c (rb_thread_schedule): handle EBADF of select as well.
[ruby-core:21264]
|
|
by KAWAKUBO Hiroshi via PR pkg/41386.
|
|
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
|
|
It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.
Fix small PLIST improvement, too.
Bump PKGREVISION.
|
|
No other functional change.
|
|
Bump PKGREVISION.
|
|
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
from ruby_1_8 branch.
Bump PKGREVISION.
|
|
These packages are implicitly updated with distfile update only.
databases/ruby-gdbm
devel/ruby-readline
lang/ruby
lang/ruby18
Here's quote from release announce:
Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.
And relevant changes:
Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
* ext/dl/dl.c (rb_ary_to_ptr): ditto.
* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
well.
|
|
pkgsrc change:
Apply fix for sunpro compilre, provided by PR pkg/37771 from
Naoto Morishima.
This release includes fix for multiple vulnerabilities.
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb
Full changes are too many, please refer ChangeLog file.
|
|
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
|
|
|
|
This is security fix:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_buf_append): should infect.
Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow.
* string.c (str_buf_cat): ditto.
Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): no need to expand root path which has no
short file name. [ruby-dev:35095]
Sun Jun 15 19:27:40 2008 Akinori MUSHA <knu@iDaemons.org>
* configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby
directories; submitted by Takahiro Kambe <taca at
back-street.net> in [ruby-dev:35099].
|
|
|
|
Since chanes are too much to write here, please refer
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog
|
|
of OpenSSL 0.9.8g.
Since this is fix for build problem only, I don't bump PKGREVISION.
|
|
|
|
|
|
through PLIST_SUBST to the plist module.
|
|
previous release in pkgsrc.
|
|
It main chagnes are security fix of WEBrick library.
Mon Mar 3 23:34:13 2008 GOTOU Yuuzou <gotoyuzo@notwork.org>
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
Mon Dec 3 08:13:52 2007 Kouhei Sutou <kou@cozmixng.org>
* test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb,
test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured
declaring XML namespaces.
|
|
hoping to solve bulk build problem.
|
|
|
|
- don't call the linker directly to build shared libraries,
use ${CC} -G
- link libsunmath statically, as it is provided by SUNWspro and
therefore not available on systems where the compiler is not
installed.
|
|
Detect db3 and db4 like db2 for dbm library.
|
