| Age | Commit message (Collapse) | Author | Files | Lines |
|
Ruby 2.6 reached to EOL on 22th April 2022.
|
|
Here is release announce:
Ruby 2.6.10 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes a fix of a build problem with very old compilers
and a fix of a regression of date library. See the commit logs for further
details.
After this release, Ruby 2.6 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.6 series. We will not release Ruby 2.6.11
even if a security vulnerability is found (but ocould release if a severe
regression is found). We recommend all Ruby 2.6 users to start migration to
Ruby 3.1, 3.0, or 2.7 immediately.
|
|
Ruby 2.6.9 Released
Posted by usa on 24 Nov 2021
Ruby 2.6.9 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
* CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse See the commit
logs for details.
Ruby 2.6 is now under the state of the security maintenance phase, until the
end of March of 2022. After that date, maintenance of Ruby 2.6 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 3.0 or 2.7.
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles could not be fetched (possibly fetched
conditionally?):
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jce_policy-8.zip
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo UnlimitedJCEPolicyJDK7.zip
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-1.11.0.7.10-netbsd-9-aarch64-20200509.tar.xz
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz
|
|
|
|
Ruby 2.6.8 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
We ordinally do not fix Ruby 2.6 except security fixes, but this
release also includes some regressed bugs and build problem fixes.
See the commit logs for details.
Ruby 2.6 is now under the state of the security maintenance phase,
until the end of March of 2022. After that date, maintenance of Ruby
2.6 will be ended. We recommend you start planning the migration to
newer versions of Ruby, such as 3.0 or 2.7.
|
|
Ruby 2.6.7 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
WEBrick
* CVE-2021-28965: XML round-trip vulnerability in REXML
See the commit logs for details.
By this release, we end the normal maintenance phase of Ruby 2.6, and Ruby
2.6 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.6 except security fixes. The term
of the security maintenance phase is scheduled for a year. Ruby 2.6 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 2.7
or 3.0.
|
|
Add fix for CVE-2020-25613.
Bump PKGREVISION.
|
|
Update ruby26-base (and ruby26 related packages) to 2.6.6.
2.6.6 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
|
|
Update ruby26-base and ruby26 packges to 2.6.5
pkgsrc chagnes
* fix warnings of pkglint.
Quote from release announce:
Ruby 2.6.5 (2019-10-01)
This release includes security fixes. Please check the topics below for
details.
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of
WEBrick's Digest access authentication
|
|
Update lang/ruby26-base and lang/ruby26 to 2.6.4.
Ruby 2.6.4 (2019-08-28)
Ruby 2.6.4 has been released.
This release includes a security fix of rdoc. Please check the topics below
for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit logs for changes in detail.
|
|
Update ruby26{,-base} to 2.6.3. Here is release announce:
Ruby 2.6.3 Released
Posted by naruse on 17 Apr 2019
Ruby 2.6.3 has been released.
This release adds support for New Japanese Era “令和” (Reiwa). It updates
the Unicode version to 12.1 beta (#15195), and updates date library (#15742).
This release also includes some bug fixes. See details commit logs.
|
|
Update ruby26{,-base} to 2.6.2.
Quote from release announce.
Ruby 2.6.2 (2019-03-13)
This release includes bug fixes and a security update of the bundled
RubyGems.
See details in Multiple vulnerabilities in RubyGems and the commit logs.
|
|
|
|
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handling
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
Bump PKGREVISION.
|
|
Add Ruby release 2.6.1.
Ruby 2.6.0 (2018-12-25)
New major features:
* A new JIT compiler.
* The RubyVM::AbstractSyntaxTree module.
For more detail, please refer: <https://www.ruby-lang.org/en/news/2018/12/25/ruby-2-6-0-released/>
Ruby 2.6.1 (2019-01-30)
Major change:
* Net::Protocol::BufferedIO#write raises NoMethodError when sending large
multi-byte string has been fixed.
For more detail, please refer: <https://www.ruby-lang.org/en/news/2019/01/30/ruby-2-6-1-released/>
|