| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
pkgsrc change: clean up PILST.
Ruby 2.2.8 Released Posted by usa on 14 Sep 2017
Ruby 2.2.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
Ruby 2.2 is now under the state of the security maintenance phase, until the
endo of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
|
|
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
* a DNS request hijacking vulnerability
* an ANSI escape sequence vulnerability
* a DoS vulernerability in the query command
* a vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files
Bump PKGREVISION.
|
|
* Pass LDFLAGS to LIBRUBY_DLDFLAGS via DLDFLAGS as Ruby 2.4 dose.
|
|
RUBY_VERSION_FULL contains Ruby's patchlevel.
|
|
Ruby 2.2.7 Released 2017/3/28
Ruby 2.2.7 has been released.
This release includes about 70 bug fixes after the previous release. See the
ChangeLog for details.
After this release, we will end the normal maintenance phase of Ruby 2.2, and
start the security maintenance phase of it. This means that after the release
of 2.2.7 we will never backport any bug fixes to 2.2 except security fixes.
The term of the security maintenance phase is scheduled for 1 year. By the
end of this term, official support of Ruby 2.2 will be over. Therefore, we
recommend that you start planning to upgrade to Ruby 2.4 or 2.3.
|
|
pkgsrc change: rubygems dose not blame open-ended dependency unless verbose
option is enabled.
Ruby 2.2.6 Released Posted by usa on 15 Nov 2016
Ruby 2.2.6 has been released.
This release includes new SSL certificates for RubyGems. And, this also
includes about 80 bug fixes after the previous release. See the ChangeLog for
details.
|
|
|
|
naming scheme of the other multi-version packages. Add support for the
coorresponding RUBY_VERSIONS_INCOMPATIBLE list.
|
|
|
|
Ruby 2.2.5 Released Posted by usa on 26 Apr 2016
Ruby 2.2.5 has been released.
This release includes many bug fixes. See the ChangeLog for details.
|
|
reported as PR pkg/50971.
|
|
I don't see a relation to relro, but the linker found out about
a missing symbol it didn't complain about before.
SVN 54139:
Thu Mar 17 11:36:27 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/socket/option.c (inspect_tcpi_msec): more accurate condition
for TCPI msec member inspection function.
[ruby-core:74388] [Bug #12185]
Bump PKGREVISION.
|
|
|
|
|
|
|
|
There are enough period that all patch files are ignored due to missing
from distinfo.
|
|
|
|
Ruby 2.2.4 Released
Posted by nagachika on 16 Dec 2015
Ruby 2.2.4 has been released.
This release includes a security fix for Fiddle extension. Please view the
topic below for more details.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
There are also some bugfixes. See ChangeLog for details.
|
|
Found due to crashes with very recent clang. Bump revision.
|
|
Problems found with existing digests:
Package nhc98 distfile nhc98src-1.22.tar.gz
a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]
Problems found locating distfiles:
Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
Package icc11: missing distfile l_cproc_p_11.1.080.tgz
Package jini: missing distfile jini-1_2_1_001-src.zip
Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
Package sun-jre6: missing distfile jce_policy-6.zip
Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Set PKG_CONFIG to empty as it removes reference to the build directory.
Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from
http://www.libressl.org/patches.html
Fix typo in comment s/refrect/reference.
Reviewed by taca@ wiz@
|
|
Release note:
Ruby 2.2.3 Released
Posted by nagachika on 18 Aug 2015
We are pleased to announce the release of Ruby 2.2.3. This is a TEENY
version release of the stable 2.2 series.
This release includes the security fix for a RubyGems domain name
verification vulnerability.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
There are also some bugfixes. See ChangeLog for details.
|
|
with pkgsrc MACHINE_ARCH (i386). Fixes 32-bit build, no change for 64-bit.
|
|
Bump PKGREVISION.
|
|
$(DLLIB): $(OBJS) Makefile
...
$(Q) $(POSTLINK)
And POSTLINK is empty macro. In such case, GNU make ignore empty command
line but BSD make tries to execute it and causes error.
Bump PKGREVISION.
|
|
Reviewed by wiz@
|
|
From release announce:
We are pleased to announce the release of Ruby 2.2.2. This is a TEENY version
release of the stable 2.2 series.
This release includes the security fix for a OpenSSL extension¡Çs hostname
verification vulnerability.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
There are also some bugfixes. See ChangeLog for details.
|
|
From release announce:
We are pleased to announce the release of Ruby 2.2.1. This is the first TEENY
version release of the stable 2.2 series.
This release includes the fix for ffi build failure and memory leak issue on
Symbol GC (See Bug #10686).
See ChangeLog for details.
|
