Age | Commit message (Collapse) | Author | Files | Lines |
|
handling of none existing files.
This should be fix build problem of www/ruby-rails3 with ruby18-base.
Bump PKGREVISION.
|
|
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* The $SAFE Vulnerability
Fri Feb 18 21:18:55 2011 Shugo Maeda <shugo@ruby-lang.org>
* test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation):
Test for below.
Fri Feb 18 21:18:55 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* error.c (exc_to_s): untainted strings can be tainted via
Exception#to_s, which enables attackers to overwrite sane strings.
Reported by: Yusuke Endoh <mame at tsg.ne.jp>.
* error.c (name_err_to_s): ditto.
Fri Feb 18 21:17:22 2011 Shugo Maeda <shugo@ruby-lang.org>
* lib/fileutils.rb (FileUtils::remove_entry_secure): there is a
race condition in the case where the given path is a directory,
and some other user can move that directory, and create a
symlink while this method is executing.
Reported by: Nicholas Jefferson <nicholas at pythonic.com.au>
Fri Feb 18 19:46:46 2011 NAKAMURA Usaku <usa@ruby-lang.org>
* win32/win32.c (init_stdhandle): backport mistake of r29382.
some code are needless in ruby 1.8.
[ruby-core:34579]
Fri Feb 18 19:22:17 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* configure.in: revert revision r29854. This revision introduced
binary incompatibilities on some circumstances. The bug that
revision was fixing gets reopened by this reversion.
[ruby-dev:43152] cf. [Bug #2553]
|
|
Release announce:
http://www.ruby-lang.org/en/news/2010/12/25/ruby-1-8-7-p330-released/
Quote from the announce:
* Here you are an annual release of 1.8.7 updates.
* No license change from previos 1.8.7 release.
Full Changes:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_330/ChangeLog
|
|
- Set RUBY_API_VERSION after RUBY_VERSION has decided.
- Change old RUBY_DOCDIR and RUBY_EXAMPLESDIR to RUBY_DOC and RUBY_EG in
comment.
- Fix shared libraries PLIST to support Mac OS X with introducing RUBY_SLEXT:
Shared library => .dylib
Extension library => .bundle
- Improve PRINT_PLIST_AWK to handle new shared libraries.
No functional change shoud be done and fix PR pkg/44050.
|
|
Since many changes from previous release, please refer
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/.
Note: Since all security updates are already in previous package,
This update dosen't include any securify fix.
|
|
INSTALL_PROGRAM and INSTALL_SCRIPT.
They reflect to Ruby's Config::CONFIG constant which contains
various configuration parametes which would be used when installing
extention modules including ruby gems.
Setting INSTALL explicitly reset the line in mk/configure/gnu-configure.mk.
CONFIGURE_ENV+= ac_given_INSTALL=${INSTALL:Q}\ -c\ -o\ ${BINOWN}\ -g\ ${BINGRP}
Should be fix PR pkg/43684 and pkg/43687.
Bump PKGREVISION.
|
|
from r29002 in Ruby's repository. (Sadly, Ruby 1.8.7 pl301 missed
this change...)
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
repositry (r26281).
Also use COMPILER_RPATH_FLAG in Makefile.
Bump PKGREVISION.
|
|
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
Bump PKGREVISION.
|
|
Add readline option to PKG_OPTIONS.ruby. This is no-op here.
No functional change.
|
|
focusing to PR pkg/41829.
* Add comments to patches.
Bump PKGREVISION.
|
|
simple sample with two threads is 2 times faster without ucontext(3).
Bump PKGREVISION.
|
|
* Fix critical problem of BigDecimal class in 1.8.7-p173.
Fri Jun 12 16:36:44 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced
in r23613. [ruby-talk:338957]
|
|
|
|
|
|
Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org>
* eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check
with another method.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid
segmentation fault caused by (insanely) long decimal values.
backported from 1.9. CVE-2009-1904
* ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i,
BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split,
BigDecimal_inspect): ditto.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if
exp is bigger than DBL_MANT_DIG.
Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org>
* file.c: include fcntl.h for O_RDONLY on Solaris.
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (rv_strdup): macro to duplicate nul-terminated string.
[ruby-core:22852]
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out.
[ruby-core:22600]
Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (rb_eval): needs to guard intermediate string objects.
based on a patch from Brent Roman <brent AT mbari.org> a
[ruby-core:22584].
Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org>
* Makefile.in (update-rubyspec, test-rubyspec): Catch up to
rubyspec merge. A patch by Brian Ford at [ruby-core:21032]
Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org>
* lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal
method name typo. [Bug #1173]
Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (rb_file_s_extname): fix for spaces before extention.
[ruby-dev:38044]
Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* win32/win32.c (_CrtDbgReportW): prevent from false positive
assertions in msvcrtd. [ruby-core:22116]
Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen.
[ruby-talk:328195], [ruby-core:22142]
Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check.
Patch by Kornelius Kalnbach. [ruby-core:20992].
* test/ostruct/test_ostruct.rb: test for inspect.
Patch by Kornelius Kalnbach. [ruby-core:20992].
Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org>
* eval.c (rb_thread_schedule): handle EBADF of select as well.
[ruby-core:21264]
|
|
by KAWAKUBO Hiroshi via PR pkg/41386.
|
|
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
|
|
It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.
Fix small PLIST improvement, too.
Bump PKGREVISION.
|
|
No other functional change.
|
|
Bump PKGREVISION.
|
|
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
from ruby_1_8 branch.
Bump PKGREVISION.
|
|
These packages are implicitly updated with distfile update only.
databases/ruby-gdbm
devel/ruby-readline
lang/ruby
lang/ruby18
Here's quote from release announce:
Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.
And relevant changes:
Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
* ext/dl/dl.c (rb_ary_to_ptr): ditto.
* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
well.
|
|
pkgsrc change:
Apply fix for sunpro compilre, provided by PR pkg/37771 from
Naoto Morishima.
This release includes fix for multiple vulnerabilities.
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb
Full changes are too many, please refer ChangeLog file.
|
|
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
|
|
|
|
This is security fix:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_buf_append): should infect.
Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow.
* string.c (str_buf_cat): ditto.
Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): no need to expand root path which has no
short file name. [ruby-dev:35095]
Sun Jun 15 19:27:40 2008 Akinori MUSHA <knu@iDaemons.org>
* configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby
directories; submitted by Takahiro Kambe <taca at
back-street.net> in [ruby-dev:35099].
|
|
|
|
Since chanes are too much to write here, please refer
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog
|
|
of OpenSSL 0.9.8g.
Since this is fix for build problem only, I don't bump PKGREVISION.
|
|
|
|
|
|
through PLIST_SUBST to the plist module.
|
|
previous release in pkgsrc.
|
|
It main chagnes are security fix of WEBrick library.
Mon Mar 3 23:34:13 2008 GOTOU Yuuzou <gotoyuzo@notwork.org>
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
Mon Dec 3 08:13:52 2007 Kouhei Sutou <kou@cozmixng.org>
* test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb,
test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured
declaring XML namespaces.
|
|
hoping to solve bulk build problem.
|
|
|
|
- don't call the linker directly to build shared libraries,
use ${CC} -G
- link libsunmath statically, as it is provided by SUNWspro and
therefore not available on systems where the compiler is not
installed.
|
|
Detect db3 and db4 like db2 for dbm library.
|
|
Basically, no change since previous update except Net::HTTP default
@enable_post_connection_check was wrongly set to true. (It might
cause compatibility problem.)
|
|
(I tested on old DragonFly 1.7.0-DEVELOPMENT.)
|
|
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.
This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.
Bump PKGREVISION.
|
|
Approved by wiz@.
This is bug fix release of Ruby 1.8.6. Especially it fixes thread/eval
function problem on Mac OS X. It also contains an openssl extention's
portablity problem which was bad patch by pkgsrc.
For more detail, please refer CHANGES file.
|
|
Ruby 1.8.6 patchlevel 36 is maintainous release of Ruby.
Changes are too many, please see ChangeLog:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_36/ChangeLog
|
|
we don't have it and a replacement for isinf() (the function that sunmath
was used for) is compiled in.
|
|
|
|
|
|
RUBY_SITERIDIR.
It fixes install error of textproc/ruby-redcloth when ruby18-base didn't
biild with ruby-build-ri-db option.
Noted by obache@ via private mail and approved by wiz@.
Bump PKGREVISION.
|
|
- discontinue use of RUBY_PATCH_DATE.
- Introduce RUBY_PATCH_LEVEL.
pkgsrc's ruby tracks Ruby's patch release and avoid to maintain
its own patch files (with RUBY_PATCH_DATE).
Changes are too much, please see ChangeLog file.
|