| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Ruby 2.0.0-p648 Released
Posted by usa on 16 Dec 2015
Ruby 2.0.0-p648 has been released.
This release includes a security fix for Fiddle and DL extension. Please view
the topic below for more details.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenace of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1,
2.2 or 2.3 (scheduled to release within a few weeks).
|
|
Problems found with existing digests:
Package nhc98 distfile nhc98src-1.22.tar.gz
a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]
Problems found locating distfiles:
Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
Package icc11: missing distfile l_cproc_p_11.1.080.tgz
Package jini: missing distfile jini-1_2_1_001-src.zip
Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
Package sun-jre6: missing distfile jce_policy-6.zip
Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from
http://www.libressl.org/patches.html
|
|
Set PKG_CONFIG to empty as it removes reference to the build directory.
Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from
http://www.libressl.org/patches.html
Fix typo in comment s/refrect/reference.
Set shell used during configure stage to bash on OpenBSD & Bitrig
due to pdksh incompatibility.
Reviewed by taca@ wiz@
|
|
Release announce:
Ruby 2.0.0-p647 Released
Posted by usa on 18 Aug 2015
We are pleased to announce the release of Ruby 2.0.0-p647.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, this release also includes the fix for a regression of lib/resolv.rb.
Uninitialized constant bug introduced by typo in backport of [#10712]
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as
2.1 or 2.2.
|
|
Bump PKGREVISION.
|
|
which is emphatically not DTrace, causing nothing but problems for
builds. Explicitly disable DTrace support if /usr/bin/dtrace is found.
|
|
|
|
$(DLLIB): $(OBJS) Makefile
...
$(Q) $(POSTLINK)
And POSTLINK is empty macro. In such case, GNU make ignore empty command
line but BSD make tries to execute it and causes error.
Bump PKGREVISION.
|
|
From release announce:
We are pleased to announce the release of Ruby 2.0.0-p645.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1
or 2.2.
This release includes the security fix mentioned above along with small
changes required for test environment (that shouldn¡Çt affect normal users).
See ChangeLog for full details.
|
|
with pkgsrc MACHINE_ARCH (i386). Fixes 32-bit build, no change for 64-bit.
|
|
This is the last ordinal release of Ruby 2.0.0. Ruby 2.0.0 goes into the
state of the security maintenance phase, and will never be released unless
any critical regressions or security issues are found. This phase is planned
to be maintained for 1 year. Then, maintenance of Ruby 2.0.0 will be ended
at Feb. 24th, 2016. We recommend to start planning to migrate to newer
versions of Ruby, such as 2.1 or 2.2.
pkgsrc change:
* Change "os" of Gem::Platform, now it change the case of "netbsd" only.
* Reduce patches to builtin rubygems.
|
|
|
|
only the latter is supported by cwrappers. Change them all to "opt" rules for
consistency and to gain compatibility with cwrappers.
|
|
|
|
* CVE-2014-8090: Another Denial of Service XML Expansion.
|
|
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
|
|
|
|
versions, and I cannot trigger any failure up to MAKE_JOBS=24.
|
|
Bump PKGREVISION.
|
|
Including many bug fixes:
* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))
For detail, please refer ChangeLog.
|
|
On platforms where DTrace is available, we need to invoke dtrace(1)
with the original PATH. Otherwise it gets confused in the presence
of our cc wrapper because it tries to invoke the system-default gcc
with argv[0] set to "gcc", not the absolute path to gcc.
|
|
Base on r45240 in Ruby's repository with one critical correction.
|
|
|
|
No functional change.
|
|
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This release includes many bugfixes. See tickets and ChangeLog for details.
|
|
Check install_root's value is nil before it is empty string. Reported a
problem from @_ki_nu via Twitter.
Bump PKGREVISION.
|
|
|
|
fixes packages built with pbulk.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Ruby 2.0.0-p353 is released
Now Ruby 2.0.0-p353 is released.
This release includes a security fix about floating point parsing.
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
|
|
For FreeBSD:
* Fix careless mistake of patch to configure.
For MirBSD (and possibly OpenBSD):
* Don't pass empy string (before semicolon to sed(1).
* Correct suffix for libruby's shared library.
No PKGREVISION bump since this is simply fix for build problem.
|
|
|
|
No PKGREVISION bump since this fixes simply PLIST problem on Mac OS X.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
during install stage and get the DESTDIR prepended.
|
|
This is latest stable release of Ruby and it basically compatible with
Ruby 1.9.3. Please refer full changes to NEWS/ChangeLog files or official
Web site. Here is language changes:
* Added keyword arguments.
* Added %i and %I for symbol list creation (similar to %w and %W).
* Default source encoding is changed to UTF-8. (was US-ASCII)
* No warning for unused variables starting with '_'
|
