| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* CVE-2014-8090: Another Denial of Service XML Expansion.
|
|
* CVE-2014-8090: Another Denial of Service XML Expansion.
|
|
* CVE-2014-8090: Another Denial of Service XML Expansion.
|
|
|
|
Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
|
|
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
|
|
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
|
|
|
|
Almost no functional change to existing packages.
Wed May 14 17:35:32 2014 NAKAMURA Usaku <usa@ruby-lang.org>
* common.mk: need to quote $BASERUBY because it may includes options.
this change is only for release management, not bug fix.
[Backport #9837] [ruby-dev:48218]
Mon Mar 31 15:38:07 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
error reasons with old OpenSSL, and insert a colon iff formatted
message is not empty.
|
|
|
|
* Add RUBY21_PATCHLEVEL with commented out.
|
|
|
|
|
|
Quote from release announce:
This release contains a fix for a regression of Hash#reject in Ruby 2.1.1,
support for build with Readline-6.3 (see Bug #9578), an updated bundled
version of libyaml with psych, and some bug fixes.
For details, please refer ChangeLog.
|
|
Including many bug fixes:
* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))
For detail, please refer ChangeLog.
|
|
|
|
|
|
|
|
|
|
|
|
appropriate place. Noted by obache@.
|
|
|
|
This causes multiple failures of Ruby gems in FreeBSD bulk builds.
(Besides, it is unclear whether it is actually needed or wanted.)
|
|
And add value for Ruby 2.1.1 in description.
|
|
|
|
|
|
|
|
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This release includes many bugfixes. See tickets and ChangeLog for details.
|
|
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This is the last ordinal release of Ruby 1.9.3. It means that Ruby 1.9.3 goes
into the state of the security maintenance phase, and will never be released
unless any critical regressions or security issues are found. This phase is
planned to be maintained for 1 year. Then, maintenance of Ruby 1.9.3 will be
ended at Feb. 24th, 2015.
This release includes many bugfixes. See tickets and ChangeLog for details.
|
|
to support rubygems bundled with Ruby 2.1.1 (Rubygems 2.2 and later?).
|
|
|
|
* Replace RUBY210_* to RUBY21_* for Ruby 2.1.1. And RUBY_VER of
value "21" would support Ruby 2.1.1.
* Make RUBY_SUFFIX to contain major-minor-teeny. (It is not always
the same as RUBY_VER any more.)
* Make RUBY_SRCDIR to relative path.
|
|
|
|
|
|
minimum version.
|
|
* Remove use of "both" value in RUBY_JSON_TYPE since it isn't used in any
where.
|
|
|
|
with Ruby's distribution.
* Define some variable for Ruby 2.1.0.
|
|
Noted by wiz@ via private E-mail.
|
|
|
|
Address to PR pkg/48509.
|
|
It isn't used any other place.
|
|
200 is also in default.
|
|
|
|
Ruby 2.0.0-p353 is released
Now Ruby 2.0.0-p353 is released.
This release includes a security fix about floating point parsing.
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
|
|
Ruby 1.9.3-p484 is released
Now Ruby 1.9.3-p484 is released.
This release includes a security fix about ruby interpreter core:
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
|
|
|
|
Fix build problem on NetBSD/i386.
|
|
Fix build problem on FreeBSD.
|
