![[BACK]](/icons/back.gif){kind=icon}
Up to [NetBSD + pkgsrc-wip] / pkgsrc / lang / ruby18-base
Request diff between arbitrary revisions - Display revisions graphically
Keyword substitution: kv
Default branch: MAIN
Update ruby18-base package to 1.8.7-pl357 (Ruby 1.8.7 patchlevel 357). Wed Feb 8 14:06:59 2012 Hiroshi Nakamura <nahi@ruby-lang.org> * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL option to prevent BEAST attack. See [Bug #5353]. In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent TLS-CBC-IV vulunerability described at http://www.openssl.org/~bodo/tls-cbc.txt It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack. (CVE-2011-3389) Until now ossl sets OP_ALL at SSLContext allocation and call SSL_CTX_set_options at connection. SSL_CTX_set_options updates the value by using |= so bits set by OP_ALL cannot be unset afterwards. This commit changes to call SSL_CTX_set_options only 1 time for each SSLContext. It sets the specified value if SSLContext#options= are called and sets OP_ALL if not. To help users to unset bits in OP_ALL, this commit also adds several constant to SSL such as OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were not exposed in Ruby because there's no way to unset bits in OP_ALL before. Following is an example to enable 0/n split for BEAST prevention. ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS * test/openssl/test_ssl.rb: Test above option exists.
Update ruby18-base package to 1.8.7.357. It contains security fix for CVE-2011-4815 (DoS). Wed Dec 28 21:34:23 2011 URABE Shyouhei <shyouhei@ruby-lang.org> * string.c (rb_str_hash): randomize hash to avoid algorithmic complexity attacks. CVE-2011-4815 * st.c (strhash): ditto. * string.c (Init_String): initialization of hash_seed to be at the beginning of the process. * st.c (Init_st): ditto. Thu Dec 8 11:57:04 2011 Tanaka Akira <akr@fsij.org> * inits.c (rb_call_inits): call Init_RandomSeed at first. * random.c (seed_initialized): defined. (fill_random_seed): extracted from random_seed. (make_seed_value): extracted from random_seed. (rb_f_rand): initialize random seed at first. (initial_seed): defined. (Init_RandomSeed): defined. (Init_RandomSeed2): defined. (rb_reset_random_seed): defined. (Init_Random): call Init_RandomSeed2. Sat Dec 10 20:44:23 2011 Tanaka Akira <akr@fsij.org> * lib/securerandom.rb: call OpenSSL::Random.seed at the SecureRandom.random_bytes call. insert separators for array join. patch by Masahiro Tomita. [ruby-dev:44270] Mon Oct 17 04:20:22 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> * mkconfig.rb: fix for continued lines. based on a patch from Marcus Rueckert <darix AT opensu.se> at [ruby-core:20420]. Mon Oct 17 04:19:39 2011 Yukihiro Matsumoto <matz@ruby-lang.org> * numeric.c (flo_cmp): Infinity is greater than any bignum number. [ruby-dev:38672] * bignum.c (rb_big_cmp): ditto. Mon Oct 17 03:56:12 2011 Yusuke Endoh <mame@tsg.ne.jp> * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): initialize store->ex_data.sk. [ruby-core:28907] [ruby-core:23971] [ruby-core:18121]
Update ruby18-base pacakge to 1.8.7.352 (1.8.7-p352). This is maintenance release. For more detail chagge, plrease refer: http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
Pullup ticket #3443 - requested by taca lang/ruby18-base security update Revisions pulled up: - lang/ruby18-base/Makefile 1.60-1.61 - lang/ruby18-base/distinfo 1.49 - lang/ruby18-base/patches/patch-ext_bigdecimal_bigdecimal.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Sun May 29 01:36:24 UTC 2011 Modified Files: pkgsrc/lang/ruby18-base: Makefile Added Files: pkgsrc/lang/ruby18-base/patches: patch-ext_bigdecimal_bigdecimal.c Log Message: Add a patch for CVE-2011-0188 from repository as ruby19-base. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon May 30 04:21:38 UTC 2011 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Log Message: It seems that I forgot update distinfo file. Since it cause creating binary package which isn't up to date, bump PKGREVISION, again.
It seems that I forgot update distinfo file. Since it cause creating binary package which isn't up to date, bump PKGREVISION, again.
* Make rdoc compatible with newer version of rdoc (on Ruby 1.9.2) about handling of none existing files. This should be fix build problem of www/ruby-rails3 with ruby18-base. Bump PKGREVISION.
Pullup ticket #3361 - requested by taca
archivers/ruby-libarchive: dependence update
comms/ruby-termios: dependence update
converters/ruby-uconv: dependence update
databases/ruby-do_sqlite3: dependence update
databases/ruby-ldap: dependence update
databases/ruby-mysql: dependence update
databases/ruby-odbc: dependence update
databases/ruby-pg: dependence update
databases/ruby-postgresql: dependence update
databases/ruby-qdbm: dependence update
databases/ruby-sqlite: dependence update
databases/ruby-sqlite3: dependence update
databases/ruby-tokyocabinet: dependence update
devel/ruby-SDL: dependence update
devel/ruby-debug-base: dependence update
devel/ruby-eet: dependence update
devel/ruby-eventmachine: dependence update
devel/ruby-ffi: dependence update
devel/ruby-gnome2-atk: dependence update
devel/ruby-gnome2-bonobo: dependence update
devel/ruby-gnome2-bonoboui: dependence update
devel/ruby-gnome2-gconf: dependence update
devel/ruby-gnome2-gio: dependence update
devel/ruby-gnome2-glib: dependence update
devel/ruby-gnome2-libglade: dependence update
devel/ruby-gnome2-pango: dependence update
devel/ruby-linecache: dependence update
devel/ruby-memcache: dependence update
devel/ruby-ncurses: dependence update
devel/ruby-priority-queue: dependence update
devel/ruby-racc: dependence update
devel/ruby-rbtree: dependence update
devel/ruby-rcov: dependence update
devel/ruby-rcsparse: dependence update
devel/ruby-subversion: dependence update
devel/ruby-thrift: dependence update
graphics/ruby-RMagick: dependence update
graphics/ruby-clutter-cairo: dependence update
graphics/ruby-clutter-core: dependence update
graphics/ruby-clutter-gtk: dependence update
graphics/ruby-gd: dependence update
graphics/ruby-gnome2-gdkpixbuf: dependence update
graphics/ruby-gnome2-gnomecanvas: dependence update
graphics/ruby-gnome2-goocanvas: dependence update
graphics/ruby-gnome2-gtkglext: dependence update
graphics/ruby-gnome2-libart: dependence update
graphics/ruby-gnome2-rsvg: dependence update
graphics/ruby-imlib2: dependence update
graphics/ruby-opengl: dependence update
graphics/ruby-rcairo: dependence update
inputmethod/ruby-zinnia: dependence update
lang/ruby: dependence update
lang/ruby18-base: security update
lang/ruby19-base: security update
mail/ruby-tmail: dependence update
math/ruby-rb-gsl: dependence update
multimedia/ruby-clutter-gst: dependence update
multimedia/ruby-gnome2-gstreamer: dependence update
multimedia/ruby-ming: dependence update
print/ruby-gnome2-gnomeprint: dependence update
print/ruby-gnome2-gnomeprintui: dependence update
print/ruby-gnome2-poppler: dependence update
security/ruby-password: dependence update
security/ruby-tcpwrap: dependence update
sysutils/ruby-quota: dependence update
textproc/ruby-bluecloth: dependence update
textproc/ruby-cabocha: dependence update
textproc/ruby-eruby: dependence update
textproc/ruby-ferret: dependence update
textproc/ruby-hpricot: dependence update
textproc/ruby-itex2MML: dependence update
textproc/ruby-json: dependence update
textproc/ruby-libxml: dependence update
textproc/ruby-mecab: dependence update
textproc/ruby-native-hyperestraier: dependence update
textproc/ruby-nokogiri: dependence update
textproc/ruby-oniguruma: dependence update
textproc/ruby-redcloth: dependence update
textproc/ruby-sary: dependence update
textproc/ruby-xmlparser: dependence update
textproc/ruby-xslt: dependence update
textproc/ruby-yamcha: dependence update
www/mongrel: dependence update
www/ruby-clearsilver: dependence update
www/ruby-fcgi: dependence update
www/ruby-gnome2-gtkhtml2: dependence update
www/ruby-gnome2-gtkmozembed: dependence update
www/ruby-patron: dependence update
www/thin: dependence update
x11/ruby-gnome2-gnome: dependence update
x11/ruby-gnome2-gtk: dependence update
x11/ruby-gnome2-gtksourceview: dependence update
x11/ruby-gnome2-gtksourceview2: dependence update
x11/ruby-gnome2-panelapplet: dependence update
x11/ruby-gnome2-vte: dependence update
Revisions pulled up:
- archivers/ruby-libarchive/Makefile 1.2
- comms/ruby-termios/Makefile 1.23
- converters/ruby-uconv/Makefile 1.19
- databases/ruby-do_sqlite3/Makefile 1.2
- databases/ruby-ldap/Makefile 1.7
- databases/ruby-mysql/Makefile 1.34 via patch
- databases/ruby-odbc/Makefile 1.10 via patch
- databases/ruby-pg/Makefile 1.6
- databases/ruby-postgresql/Makefile 1.37
- databases/ruby-qdbm/Makefile 1.12
- databases/ruby-sqlite/Makefile 1.3
- databases/ruby-sqlite3/Makefile 1.15
- databases/ruby-tokyocabinet/Makefile 1.24
- devel/ruby-SDL/Makefile 1.9 via patch
- devel/ruby-debug-base/Makefile 1.7
- devel/ruby-eet/Makefile 1.8
- devel/ruby-eventmachine/Makefile 1.7
- devel/ruby-ffi/Makefile 1.3
- devel/ruby-gnome2-atk/Makefile 1.8
- devel/ruby-gnome2-bonobo/Makefile patch
- devel/ruby-gnome2-bonoboui/Makefile patch
- devel/ruby-gnome2-gconf/Makefile patch
- devel/ruby-gnome2-gio/Makefile 1.3 via patch
- devel/ruby-gnome2-glib/Makefile 1.11
- devel/ruby-gnome2-libglade/Makefile patch
- devel/ruby-gnome2-pango/Makefile 1.18 via patch
- devel/ruby-linecache/Makefile 1.5
- devel/ruby-memcache/Makefile 1.4
- devel/ruby-ncurses/Makefile 1.9
- devel/ruby-priority-queue/Makefile 1.6
- devel/ruby-racc/Makefile 1.18
- devel/ruby-rbtree/Makefile 1.6
- devel/ruby-rcov/Makefile 1.5
- devel/ruby-rcsparse/Makefile 1.10
- devel/ruby-subversion/Makefile 1.28
- devel/ruby-thrift/Makefile 1.4 via patch
- graphics/ruby-RMagick/Makefile 1.76 via patch
- graphics/ruby-clutter-cairo/Makefile 1.8 via patch
- graphics/ruby-clutter-core/Makefile 1.11 via patch
- graphics/ruby-clutter-gtk/Makefile 1.8 via patch
- graphics/ruby-gd/Makefile 1.34 via patch
- graphics/ruby-gnome2-gdkpixbuf/Makefile 1.20 via patch
- graphics/ruby-gnome2-gnomecanvas/Makefile patch
- graphics/ruby-gnome2-goocanvas/Makefile 1.12 via patch
- graphics/ruby-gnome2-gtkglext/Makefile patch
- graphics/ruby-gnome2-libart/Makefile patch
- graphics/ruby-gnome2-rsvg/Makefile 1.21 va patch
- graphics/ruby-imlib2/Makefile 1.24 va patch
- graphics/ruby-opengl/Makefile 1.31
- graphics/ruby-rcairo/Makefile 1.22 via patch
- inputmethod/ruby-zinnia/Makefile 1.3
- lang/ruby/buildlink3.mk 1.13
- lang/ruby/rubyversion.mk 1.58-1.59
- lang/ruby18-base/distinfo 1.47
- lang/ruby19-base/DEINSTALL 1.2
- lang/ruby19-base/Makefile 1.7
- lang/ruby19-base/PLIST 1.4
- lang/ruby19-base/distinfo 1.4
- lang/ruby19-base/patches/patch-string.c 1.1
- mail/ruby-tmail/Makefile 1.19
- math/ruby-rb-gsl/Makefile 1.9
- multimedia/ruby-clutter-gst/Makefile 1.9 via patch
- multimedia/ruby-gnome2-gstreamer/Makefile 1.7
- multimedia/ruby-ming/Makefile 1.15 via patch
- print/ruby-gnome2-gnomeprint/Makefile patch
- print/ruby-gnome2-gnomeprintui/Makefile patch
- print/ruby-gnome2-poppler/Makefile 1.19 via patch
- security/ruby-password/Makefile 1.5
- security/ruby-tcpwrap/Makefile 1.18
- sysutils/ruby-quota/Makefile 1.21
- textproc/ruby-bluecloth/Makefile 1.5
- textproc/ruby-cabocha/Makefile 1.3
- textproc/ruby-eruby/Makefile 1.26
- textproc/ruby-ferret/Makefile 1.6
- textproc/ruby-hpricot/Makefile 1.8
- textproc/ruby-itex2MML/Makefile 1.7
- textproc/ruby-json/Makefile 1.9
- textproc/ruby-libxml/Makefile 1.7
- textproc/ruby-mecab/Makefile 1.6
- textproc/ruby-native-hyperestraier/Makefile 1.6
- textproc/ruby-nokogiri/Makefile 1.4
- textproc/ruby-oniguruma/Makefile 1.6
- textproc/ruby-redcloth/Makefile 1.14
- textproc/ruby-sary/Makefile 1.7
- textproc/ruby-xmlparser/Makefile 1.15
- textproc/ruby-xslt/Makefile 1.7
- textproc/ruby-yamcha/Makefile 1.3
- www/mongrel/Makefile 1.13 via patch
- www/ruby-clearsilver/Makefile 1.15
- www/ruby-fcgi/Makefile 1.15
- www/ruby-gnome2-gtkhtml2/Makefile patch
- www/ruby-gnome2-gtkmozembed/Makefile 1.17 via patch
- www/ruby-patron/Makefile 1.5
- www/thin/Makefile 1.8 via patch
- x11/ruby-gnome2-gtk/Makefile 1.25 via patch
- x11/ruby-gnome2-gtksourceview/Makefile patch via 1.12
- x11/ruby-gnome2-gtksourceview2/Makefile patch
- x11/ruby-gnome2-panelapplet/Makefile patch
- x11/ruby-gnome2-vte/Makefile 1.16 via patch
---
Module Name: pkgsrc
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 14:31:06 UTC 2011
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
* Start upate of ruby18 and ruby19 packags.
* Remove redundant GEM_HOME definition from PLIST.
---
Module Name: pkgsrc
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 14:35:38 UTC 2011
Modified Files:
pkgsrc/lang/ruby18-base: distinfo
Log Message:
Update ruby18-base package to 1.8.7.334 (Ruby 1.8.7p334).
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* The $SAFE Vulnerability
Fri Feb 18 21:18:55 2011 Shugo Maeda <shugo@ruby-lang.org>
* test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation):
Test for below.
Fri Feb 18 21:18:55 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* error.c (exc_to_s): untainted strings can be tainted via
Exception#to_s, which enables attackers to overwrite sane strings.
Reported by: Yusuke Endoh <mame at tsg.ne.jp>.
* error.c (name_err_to_s): ditto.
Fri Feb 18 21:17:22 2011 Shugo Maeda <shugo@ruby-lang.org>
* lib/fileutils.rb (FileUtils::remove_entry_secure): there is a
race condition in the case where the given path is a directory,
and some other user can move that directory, and create a
symlink while this method is executing.
Reported by: Nicholas Jefferson <nicholas at pythonic.com.au>
Fri Feb 18 19:46:46 2011 NAKAMURA Usaku <usa@ruby-lang.org>
* win32/win32.c (init_stdhandle): backport mistake of r29382.
some code are needless in ruby 1.8.
[ruby-core:34579]
Fri Feb 18 19:22:17 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* configure.in: revert revision r29854. This revision introduced
binary incompatibilities on some circumstances. The bug that
revision was fixing gets reopened by this reversion.
[ruby-dev:43152] cf. [Bug #2553]
---
Module Name: pkgsrc
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 14:44:11 UTC 2011
Modified Files:
pkgsrc/lang/ruby19-base: DEINSTALL Makefile PLIST distinfo
Added Files:
pkgsrc/lang/ruby19-base/patches: patch-string.c
Log Message:
Update ruby19-base package to 1.9.2pl180 (Ruby 1.9.2 p180).
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* Add a patch r30779 from repository; a bug of utf-8 string handling.
For more detail changes of Ruby 1.9.2pl180, please refer:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_180/ChangeLog
---
Module Name: pkgsrc
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 15:00:34 UTC 2011
Modified Files:
pkgsrc/lang/ruby: buildlink3.mk rubyversion.mk
Log Message:
Introduce RUBY_ABI_VERSION and use it BUILDLINK_ABI_DEPENDS.
There are ABI incompatibility amaong Ruby 1.8.7 patchlevel 302, 330 and 334,
So it would be handle if such problem in future.
---
Module Name: pkgsrc
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 21 16:01:24 UTC 2011
Modified Files:
pkgsrc/archivers/ruby-libarchive: Makefile
pkgsrc/comms/ruby-termios: Makefile
pkgsrc/converters/ruby-uconv: Makefile
pkgsrc/databases/ruby-do_sqlite3: Makefile
pkgsrc/databases/ruby-ldap: Makefile
pkgsrc/databases/ruby-mysql: Makefile
pkgsrc/databases/ruby-odbc: Makefile
pkgsrc/databases/ruby-pg: Makefile
pkgsrc/databases/ruby-postgresql: Makefile
pkgsrc/databases/ruby-qdbm: Makefile
pkgsrc/databases/ruby-sqlite: Makefile
pkgsrc/databases/ruby-sqlite3: Makefile
pkgsrc/databases/ruby-tokyocabinet: Makefile
pkgsrc/devel/ruby-SDL: Makefile
pkgsrc/devel/ruby-debug-base: Makefile
pkgsrc/devel/ruby-eet: Makefile
pkgsrc/devel/ruby-eventmachine: Makefile
pkgsrc/devel/ruby-ffi: Makefile
pkgsrc/devel/ruby-gnome2-atk: Makefile
pkgsrc/devel/ruby-gnome2-gio: Makefile
pkgsrc/devel/ruby-gnome2-glib: Makefile
pkgsrc/devel/ruby-gnome2-pango: Makefile
pkgsrc/devel/ruby-linecache: Makefile
pkgsrc/devel/ruby-memcache: Makefile
pkgsrc/devel/ruby-ncurses: Makefile
pkgsrc/devel/ruby-priority-queue: Makefile
pkgsrc/devel/ruby-racc: Makefile
pkgsrc/devel/ruby-rbtree: Makefile
pkgsrc/devel/ruby-rcov: Makefile
pkgsrc/devel/ruby-rcsparse: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/ruby-thrift: Makefile
pkgsrc/graphics/ruby-RMagick: Makefile
pkgsrc/graphics/ruby-clutter-cairo: Makefile
pkgsrc/graphics/ruby-clutter-core: Makefile
pkgsrc/graphics/ruby-clutter-gtk: Makefile
pkgsrc/graphics/ruby-gd: Makefile
pkgsrc/graphics/ruby-gnome2-gdkpixbuf: Makefile
pkgsrc/graphics/ruby-gnome2-goocanvas: Makefile
pkgsrc/graphics/ruby-gnome2-rsvg: Makefile
pkgsrc/graphics/ruby-imlib2: Makefile
pkgsrc/graphics/ruby-opengl: Makefile
pkgsrc/graphics/ruby-rcairo: Makefile
pkgsrc/inputmethod/ruby-zinnia: Makefile
pkgsrc/mail/ruby-tmail: Makefile
pkgsrc/math/ruby-rb-gsl: Makefile
pkgsrc/multimedia/ruby-clutter-gst: Makefile
pkgsrc/multimedia/ruby-gnome2-gstreamer: Makefile
pkgsrc/multimedia/ruby-ming: Makefile
pkgsrc/print/ruby-gnome2-poppler: Makefile
pkgsrc/security/ruby-password: Makefile
pkgsrc/security/ruby-tcpwrap: Makefile
pkgsrc/sysutils/ruby-quota: Makefile
pkgsrc/textproc/ruby-bluecloth: Makefile
pkgsrc/textproc/ruby-cabocha: Makefile
pkgsrc/textproc/ruby-eruby: Makefile
pkgsrc/textproc/ruby-ferret: Makefile
pkgsrc/textproc/ruby-hpricot: Makefile
pkgsrc/textproc/ruby-itex2MML: Makefile
pkgsrc/textproc/ruby-json: Makefile
pkgsrc/textproc/ruby-libxml: Makefile
pkgsrc/textproc/ruby-mecab: Makefile
pkgsrc/textproc/ruby-native-hyperestraier: Makefile
pkgsrc/textproc/ruby-nokogiri: Makefile
pkgsrc/textproc/ruby-oniguruma: Makefile
pkgsrc/textproc/ruby-redcloth: Makefile
pkgsrc/textproc/ruby-sary: Makefile
pkgsrc/textproc/ruby-xmlparser: Makefile
pkgsrc/textproc/ruby-xslt: Makefile
pkgsrc/textproc/ruby-yamcha: Makefile
pkgsrc/www/mongrel: Makefile
pkgsrc/www/ruby-clearsilver: Makefile
pkgsrc/www/ruby-fcgi: Makefile
pkgsrc/www/ruby-gnome2-gtkmozembed: Makefile
pkgsrc/www/ruby-patron: Makefile
pkgsrc/www/thin: Makefile
pkgsrc/x11/ruby-gnome2-gtk: Makefile
pkgsrc/x11/ruby-gnome2-gtksourceview2: Makefile
pkgsrc/x11/ruby-gnome2-vte: Makefile
Log Message:
Bump PKGREVISION due to ABI change of ruby18-base.
Update ruby18-base package to 1.8.7.334 (Ruby 1.8.7p334). * The FileUtils Vulnerability http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ * The $SAFE Vulnerability Fri Feb 18 21:18:55 2011 Shugo Maeda <shugo@ruby-lang.org> * test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation): Test for below. Fri Feb 18 21:18:55 2011 URABE Shyouhei <shyouhei@ruby-lang.org> * error.c (exc_to_s): untainted strings can be tainted via Exception#to_s, which enables attackers to overwrite sane strings. Reported by: Yusuke Endoh <mame at tsg.ne.jp>. * error.c (name_err_to_s): ditto. Fri Feb 18 21:17:22 2011 Shugo Maeda <shugo@ruby-lang.org> * lib/fileutils.rb (FileUtils::remove_entry_secure): there is a race condition in the case where the given path is a directory, and some other user can move that directory, and create a symlink while this method is executing. Reported by: Nicholas Jefferson <nicholas at pythonic.com.au> Fri Feb 18 19:46:46 2011 NAKAMURA Usaku <usa@ruby-lang.org> * win32/win32.c (init_stdhandle): backport mistake of r29382. some code are needless in ruby 1.8. [ruby-core:34579] Fri Feb 18 19:22:17 2011 URABE Shyouhei <shyouhei@ruby-lang.org> * configure.in: revert revision r29854. This revision introduced binary incompatibilities on some circumstances. The bug that revision was fixing gets reopened by this reversion. [ruby-dev:43152] cf. [Bug #2553]
Update ruby18-base package to 1.8.7.330. Release announce: http://www.ruby-lang.org/en/news/2010/12/25/ruby-1-8-7-p330-released/ Quote from the announce: * Here you are an annual release of 1.8.7 updates. * No license change from previos 1.8.7 release. Full Changes: http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_330/ChangeLog
Update ruby18-base to 1.8.7.302 (Ruby 1.8.7 patchlevel 302). Since many changes from previous release, please refer http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/. Note: Since all security updates are already in previous package, This update dosen't include any securify fix.
Pullup ticket #3207 - requested by taca lang/ruby18-base: security patch Revisions pulled up: - lang/ruby18-base/Makefile 1.56 - lang/ruby18-base/distinfo 1.44 - lang/ruby18-base/patches/patch-ea 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 16 07:08:13 UTC 2010 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-ea Log Message: Add a patch to fix for possible cross-site scripting (CVE-2010-0541) from r29002 in Ruby's repository. (Sadly, Ruby 1.8.7 pl301 missed this change...) Bump PKGREVISION.
Add a patch to fix for possible cross-site scripting (CVE-2010-0541) from r29002 in Ruby's repository. (Sadly, Ruby 1.8.7 pl301 missed this change...) Bump PKGREVISION.
Accepd db5 for library of ext/dbm. (Not tested well.) Bump PKGREVISION.
Fix a small problem by precious webrick security fix from Ruby's repositry (r26281). Also use COMPILER_RPATH_FLAG in Makefile. Bump PKGREVISION.
Add patches for security problem of webrick. http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/ Bump PKGREVISION.
* Make Ruby's OpenSSL library compatible with OpenSSL 1.0.0 and later, focusing to PR pkg/41829. * Add comments to patches. Bump PKGREVISION.
Pullup ticket #2799 - requested by taca ruby18-base: bug fix update ruby18-curses: bug fix update ruby18-tk: bug fix update Revisions pulled up: - devel/ruby-curses/distinfo 1.20 - lang/ruby/rubyversion.mk 1.48 - lang/ruby18-base/distinfo 1.39 - x11/ruby-tk/distinfo 1.23 --- odule Name: pkgsrc Committed By: taca Date: Tue Jun 16 15:08:38 UTC 2009 Modified Files: pkgsrc/devel/ruby-curses: distinfo pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby18-base: distinfo pkgsrc/x11/ruby-tk: distinfo Log Message: Update Ruby packages to 1.8.7.174 (1.8.7-p174). * Fix critical problem of BigDecimal class in 1.8.7-p173. Fri Jun 12 16:36:44 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced in r23613. [ruby-talk:338957]
Update Ruby packages to 1.8.7.174 (1.8.7-p174). * Fix critical problem of BigDecimal class in 1.8.7-p173. Fri Jun 12 16:36:44 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced in r23613. [ruby-talk:338957]
Pullup ticket #2792 - requested by taca ruby-curses: security update ruby-readline: security update lang/ruby18-base: security update ruby-tk: security update Revisions pulled up: - devel/ruby-curses/distinfo 1.19 - devel/ruby-readline/Makefile 1.26-1.27 - lang/ruby/rubyversion.mk 1.46 - lang/ruby18-base/PLIST 1.15 - lang/ruby18-base/distinfo 1.38 - lang/ruby18-base/patches/patch-bi delete - x11/ruby-tk/distinfo 1.22 --- Module Name: pkgsrc Committed By: wiz Date: Wed May 20 00:58:30 UTC 2009 Modified Files: pkgsrc/devel/ruby-readline: Makefile Log Message: Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib major change. Reported by Robert Elz in PR 41345. --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 10 12:45:34 UTC 2009 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Start update of Ruby programming language packages to 1.8.7.173 (1.8.7-p173). - Add LICENSE. - Update RUBY18_PATCHLEVEL to 173. --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 10 12:46:47 UTC 2009 Modified Files: pkgsrc/lang/ruby18-base: PLIST distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-bi Log Message: Update ruby18-base package to 1.8.7.173 (Ruby 1.8.7-p173). Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org> * eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check with another method. Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid segmentation fault caused by (insanely) long decimal values. backported from 1.9. CVE-2009-1904 * ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i, BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split, BigDecimal_inspect): ditto. Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if exp is bigger than DBL_MANT_DIG. Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org> * file.c: include fcntl.h for O_RDONLY on Solaris. Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * util.c (rv_strdup): macro to duplicate nul-terminated string. [ruby-core:22852] * util.c (ruby_dtoa): allocates one more byte to get rid of buffer overrun. a patch from Charlie Savage at [ruby-core:22604]. Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * util.c (ruby_dtoa): allocates one more byte to get rid of buffer overrun. a patch from Charlie Savage at [ruby-core:22604]. Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out. [ruby-core:22600] Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * eval.c (rb_eval): needs to guard intermediate string objects. based on a patch from Brent Roman <brent AT mbari.org> a [ruby-core:22584]. Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org> * Makefile.in (update-rubyspec, test-rubyspec): Catch up to rubyspec merge. A patch by Brian Ford at [ruby-core:21032] Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org> * lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal method name typo. [Bug #1173] Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (rb_file_s_extname): fix for spaces before extention. [ruby-dev:38044] Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * win32/win32.c (_CrtDbgReportW): prevent from false positive assertions in msvcrtd. [ruby-core:22116] Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen. [ruby-talk:328195], [ruby-core:22142] Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check. Patch by Kornelius Kalnbach. [ruby-core:20992]. * test/ostruct/test_ostruct.rb: test for inspect. Patch by Kornelius Kalnbach. [ruby-core:20992]. Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org> * eval.c (rb_thread_schedule): handle EBADF of select as well. [ruby-core:21264] --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 10 12:47:36 UTC 2009 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses pakcage to 1.8.7.173 (1.8.7-p173). --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 10 12:48:07 UTC 2009 Modified Files: pkgsrc/devel/ruby-readline: Makefile Log Message: Update ruby-readline package to 1.8.7.173 (1.8.7-p173). Reset PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Wed Jun 10 12:48:38 UTC 2009 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-tk package to packages to 1.8.7.173 (1.8.7-p173).
Update ruby18-base package to 1.8.7.173 (Ruby 1.8.7-p173). Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org> * eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check with another method. Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid segmentation fault caused by (insanely) long decimal values. backported from 1.9. CVE-2009-1904 * ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i, BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split, BigDecimal_inspect): ditto. Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if exp is bigger than DBL_MANT_DIG. Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org> * file.c: include fcntl.h for O_RDONLY on Solaris. Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * util.c (rv_strdup): macro to duplicate nul-terminated string. [ruby-core:22852] * util.c (ruby_dtoa): allocates one more byte to get rid of buffer overrun. a patch from Charlie Savage at [ruby-core:22604]. Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * util.c (ruby_dtoa): allocates one more byte to get rid of buffer overrun. a patch from Charlie Savage at [ruby-core:22604]. Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out. [ruby-core:22600] Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * eval.c (rb_eval): needs to guard intermediate string objects. based on a patch from Brent Roman <brent AT mbari.org> a [ruby-core:22584]. Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org> * Makefile.in (update-rubyspec, test-rubyspec): Catch up to rubyspec merge. A patch by Brian Ford at [ruby-core:21032] Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org> * lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal method name typo. [Bug #1173] Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (rb_file_s_extname): fix for spaces before extention. [ruby-dev:38044] Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * win32/win32.c (_CrtDbgReportW): prevent from false positive assertions in msvcrtd. [ruby-core:22116] Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen. [ruby-talk:328195], [ruby-core:22142] Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check. Patch by Kornelius Kalnbach. [ruby-core:20992]. * test/ostruct/test_ostruct.rb: test for inspect. Patch by Kornelius Kalnbach. [ruby-core:20992]. Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org> * eval.c (rb_thread_schedule): handle EBADF of select as well. [ruby-core:21264]
Pullup ticket #2761 - requested by taca ruby18-base: Solaris build fix Revisions pulled up: - lang/ruby18-base/distinfo 1.37 - lang/ruby18-base/patches/patch-bi 1.3 --- Module Name: pkgsrc Committed By: taca Date: Sat May 9 05:32:39 UTC 2009 Modified Files: pkgsrc/lang/ruby18-base: distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-bi Log Message: Apply a patch to fix compile error on Solaris 10. The patch was supplied by KAWAKUBO Hiroshi via PR pkg/41386.
Apply a patch to fix compile error on Solaris 10. The patch was supplied by KAWAKUBO Hiroshi via PR pkg/41386.
Pullup ticket #2752 - requested by taca ruby18-base: security update ruby18-curses: security update ruby18-tk: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.45 - lang/ruby18-base/Makefile 1.50 - lang/ruby18-base/distinfo 1.36 - lang/ruby18-base/patches/patch-dg delete - lang/ruby18-base/patches/patch-dh delete - lang/ruby18-base/patches/patch-dj delete - devel/ruby-curses/distinfo 1.18 - x11/ruby-tk/distinfo 1.21 --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:10:17 UTC 2009 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Bump Ruby 1.8.7's patch level to 160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:11:12 UTC 2009 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj Log Message: Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:18 UTC 2009 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:42 UTC 2009 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160.
Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
Apply patch from Ruby's repository, revision 22440. It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always return false when verify was failed in OpenSSL's correspondence library. (It might be possible security risk for using OCPS. Fix small PLIST improvement, too. Bump PKGREVISION.
Pullup ticket #2528 - requested by taca ruby18-base: security patch Revisions pulled up: - lang/ruby18-base/Makefile 1.47 - lang/ruby18-base/distinfo 1.34 - lang/ruby18-base/patches/patch-dg 1.5 - lang/ruby18-base/patches/patch-dh 1.3 --- Module Name: pkgsrc Committed By: taca Date: Sun Sep 14 05:17:18 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh Log Message: Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) from ruby_1_8 branch. Bump PKGREVISION.
Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/) from ruby_1_8 branch. Bump PKGREVISION.
pullup ticket #2481 - requested by taca ruby-curses, ruby, ruby18-base, ruby-tk: security fix revisions pulled up pkgsrc/lang/ruby/rubyversion.mk 1.44 pkgsrc/lang/ruby18-base/distinfo 1.17 pkgsrc/devel/ruby-curses/distinfo 1.33 pkgsrc/x11/ruby-tk/distinfo 1.20 Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:58:33 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby18-base: distinfo Log Message: Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72). These packages are implicitly updated with distfile update only. databases/ruby-gdbm devel/ruby-readline lang/ruby lang/ruby18 Here's quote from release announce: Sorry for a fuss, but it turned out that taintness check of dl in last releases I made was incomplete. Here are fixes for that. And relevant changes: Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr. * ext/dl/dl.c (rb_ary_to_ptr): ditto. * ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as well. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:40 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:55 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only.
Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72). These packages are implicitly updated with distfile update only. databases/ruby-gdbm devel/ruby-readline lang/ruby lang/ruby18 Here's quote from release announce: Sorry for a fuss, but it turned out that taintness check of dl in last releases I made was incomplete. Here are fixes for that. And relevant changes: Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr. * ext/dl/dl.c (rb_ary_to_ptr): ditto. * ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as well.
Pullup ticket 2473 - requested by taca security update for ruby - pkgsrc/devel/ruby-curses/distinfo 1.16 - pkgsrc/lang/ruby/rubyversion.mk 1.43 - pkgsrc/lang/ruby18-base/Makefile 1.46 - pkgsrc/lang/ruby18-base/distinfo 1.32 - pkgsrc/lang/ruby18-base/patches/patch-ad removed - pkgsrc/x11/ruby-tk/distinfo 1.19 Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:38:59 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Start update of Ruby 1.8.7 patchlevel 71. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:42:44 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-ad Log Message: Update ruby18-base to 1.8.7.71. pkgsrc change: Apply fix for sunpro compilre, provided by PR pkg/37771 from Naoto Morishima. This release includes fix for multiple vulnerabilities. http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb Full changes are too many, please refer ChangeLog file. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:43:51 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.71. This is version update only, no functional change in this ruby extention. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:44:51 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-tk package to 1.8.7.71. This is version update only, no functional change in this ruby extention.
Update ruby18-base to 1.8.7.71. pkgsrc change: Apply fix for sunpro compilre, provided by PR pkg/37771 from Naoto Morishima. This release includes fix for multiple vulnerabilities. http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb Full changes are too many, please refer ChangeLog file.
Pullup ticket #2443 - requested by taca
Security patch for ruby18-base
Revisions pulled up:
- lang/ruby18-base/Makefile 1.45 via patch
- lang/ruby18-base/distinfo 1.31 via patch
- lang/ruby18-base/patches/patch-ad 1.9 via patch
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Thu Jul 3 21:06:10 UTC 2008
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8 which can be exploited to cause a denial of service through memory exhaustion. (SN-2008-02)
Pullup ticket #2436 - requested by taca Security update for ruby packages Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix the security vulnerability reported in CVE-2008-2726.
Oops, wrong distinfo file.
Update Ruby 1.8.7 patchlevel 22. This is security fix: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * string.c (rb_str_buf_append): should infect. Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org> * array.c (ary_new, rb_ary_initialize, rb_ary_store, rb_ary_aplice, rb_ary_times): integer overflows should be checked. based on patches from Drew Yao <ayao at apple.com> fixed CVE-2008-2726 * string.c (rb_str_buf_append): fixed unsafe use of alloca, which led memory corruption. based on a patch from Drew Yao <ayao at apple.com> fixed CVE-2008-2726 * sprintf.c (rb_str_format): backported from trunk. * intern.h: ditto. Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (file_expand_path): no need to expand root path which has no short file name. [ruby-dev:35095] Sun Jun 15 19:27:40 2008 Akinori MUSHA <knu@iDaemons.org> * configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby directories; submitted by Takahiro Kambe <taca at back-street.net> in [ruby-dev:35099].
Update ruby18-base package to 1.8.7. Since chanes are too much to write here, please refer http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog
Fix build problem with recent NetBSD current with post version of OpenSSL 0.9.8g. Since this is fix for build problem only, I don't bump PKGREVISION.
Update ruby pakcages to 1.8.6.114 (1.8.6-p114). It main chagnes are security fix of WEBrick library. Mon Mar 3 23:34:13 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> * lib/webrick/httpservlet/filehandler.rb: should normalize path separators in path_info to prevent directory traversal attacks on DOSISH platforms. reported by Digital Security Research Group [DSECRG-08-026]. * lib/webrick/httpservlet/filehandler.rb: pathnames which have not to be published should be checked case-insensitively. Mon Dec 3 08:13:52 2007 Kouhei Sutou <kou@cozmixng.org> * test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb, test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured declaring XML namespaces.
Trying to build problem ext/dbm extention on some platforms. Detect db3 and db4 like db2 for dbm library.
Update Ruby packages to 1.8.6-p111. Basically, no change since previous update except Net::HTTP default @enable_post_connection_check was wrongly set to true. (It might cause compatibility problem.)
Try to fix build problem on DraonFly BSD. (I tested on old DragonFly 1.7.0-DEVELOPMENT.)
Add patches against Ruby 1.8.6-p111. Since 1.8.6-p111 dosen't officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's version. This isn't leaf package but fixes security problem reported by http://www.isecpartners.com/advisories/2007-006-rubyssl.txt. Bump PKGREVISION.
Update Ruby to 1.8.6-p110. Approved by wiz@. This is bug fix release of Ruby 1.8.6. Especially it fixes thread/eval function problem on Mac OS X. It also contains an openssl extention's portablity problem which was bad patch by pkgsrc. For more detail, please refer CHANGES file.
Update ruby18-base to 1.8.6.36 (Ruby 1.8.6 patchlevel 36).
Ruby 1.8.6 patchlevel 36 is maintainous release of Ruby.
Changes are too many, please see ChangeLog:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_36/ChangeLog
Updating Ruby to 1.8.6; ruby18-base - discontinue use of RUBY_PATCH_DATE. - Introduce RUBY_PATCH_LEVEL. pkgsrc's ruby tracks Ruby's patch release and avoid to maintain its own patch files (with RUBY_PATCH_DATE). Changes are too much, please see ChangeLog file.
Both db.h and ndbm.1 must be included to use DBM. Use both headers in extconf.rb to check the availability of DBM. This makes the package build on Darwin.
Pullup ticket 1943 - requested by taca
security update for ruby18
Revisions pulled up:
- pkgsrc/lang/ruby/Makefile 1.41
- pkgsrc/lang/ruby/rubyversion.mk 1.29, 1.30
- pkgsrc/lang/ruby18-base/Makefile 1.29
- pkgsrc/lang/ruby18-base/PLIST 1.9
- pkgsrc/lang/ruby18-base/PLIST.common_end 1.2
- pkgsrc/lang/ruby18-base/distinfo 1.17
- pkgsrc/lang/ruby18-base/options.mk 1.1
- pkgsrc/lang/ruby18-base/patches/patch-af 1.1
- pkgsrc/lang/ruby18-base/patches/patch-bl removed
- pkgsrc/lang/ruby18/Makefile 1.15
- pkgsrc/databases/ruby-gdbm/Makefile 1.15
- pkgsrc/databases/ruby-gdbm/distinfo 1.1
- pkgsrc/devel/ruby-curses/Makefile 1.10
- pkgsrc/devel/ruby-curses/distinfo 1.7
- pkgsrc/devel/ruby-mode/Makefile 1.15
- pkgsrc/devel/ruby-mode/distinfo 1.6
- pkgsrc/devel/ruby-readline/Makefile 1.20
- pkgsrc/devel/ruby-readline/distinfo 1.13
- pkgsrc/devel/ruby-readline/patches/patch-aa 1.5
- pkgsrc/x11/ruby-tk/Makefile 1.25, 1.26
- pkgsrc/x11/ruby-tk/PLIST 1.7
- pkgsrc/x11/ruby-tk/distinfo 1.11
- pkgsrc/mk/defaults/options.description 1.130
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:25:26 UTC 2006
Modified Files:
pkgsrc/databases/ruby-gdbm: Makefile
Added Files:
pkgsrc/databases/ruby-gdbm: distinfo
Log Message:
Update ruby-gdbm package to 1.8.5.20061205:
- rdoc addition and trivial change.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:28:18 UTC 2006
Modified Files:
pkgsrc/devel/ruby-curses: Makefile distinfo
Log Message:
Update ruby-curses package to 1.8.5.20061205:
- Fixed colose_set method always returns false.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:36:41 UTC 2006
Modified Files:
pkgsrc/devel/ruby-mode: Makefile
Added Files:
pkgsrc/devel/ruby-mode: distinfo
Log Message:
Update ruby-mode package to 1.8.5.20061205.
Tue Dec 5 00:59:05 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
* misc/ruby-mode.el (ruby-parse-partial): need to parse "/=" as
self assignment operator, not regex. [ruby-talk:227324]
Wed Sep 13 18:25:18 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
* misc/ruby-mode.el (ruby-parse-partial): better here-doc support.
a patch from Marshall T. Vandegrift <llasram at gmail.com>.
[ruby-core:08804]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:31:34 UTC 2006
Modified Files:
pkgsrc/devel/ruby-readline: Makefile distinfo
pkgsrc/devel/ruby-readline/patches: patch-aa
Log Message:
Update ruby-readline package to 1.8.5.20061205:
- No change with 20061205 patch.
- Disable checking rl_filename_completion_function() to prevent compile
error.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:34:42 UTC 2006
Modified Files:
pkgsrc/lang/ruby: Makefile
Log Message:
Update ruby package to 1.8.5.20061205. No change for this wrapper package.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:17:17 UTC 2006
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
- Handle patchlevel which has introduced to Ruby.
- Introduce RUBY_PATCH_DATE and RUBY_VERSION_SUFFIX.
- Change _RUBY_VERS_TEENY to _RUBY_VER_TEENY as other version variable
like RUBY_VER_MAJOR.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:19:50 UTC 2006
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
Update RUBY18_PATCH_DATE to 20061205, starting update of Ruby.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:34:09 UTC 2006
Modified Files:
pkgsrc/lang/ruby18: Makefile
Log Message:
Update ruby18 package to 1.8.5.20061205. No change for this meta pacakge
itself.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:24:27 UTC 2006
Modified Files:
pkgsrc/lang/ruby18-base: Makefile PLIST PLIST.common_end distinfo
Added Files:
pkgsrc/lang/ruby18-base: options.mk
pkgsrc/lang/ruby18-base/patches: patch-af
Removed Files:
pkgsrc/lang/ruby18-base/patches: patch-bl
Log Message:
o Update ruby18-base pacakge to Ruby 1.8 branch 2006/12/05.
- Many changes from 2006/9/6; see Changes file, please.
- Fixes another cgi.rb vulnerability:
http://jvn.jp/jp/JVN%2384798830/index.html
o Introduce ruby-build-ri-db PKG_OPTION which enable installing database
for Ruby's ri utility. Default is disabled and should be fix
PR pkg/34587.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 17:00:54 UTC 2006
Modified Files:
pkgsrc/mk/defaults: options.description
Log Message:
Add description of ruby-build-ri-db.
---
Module Name: pkgsrc
Committed By: tv
Date: Fri Nov 10 16:54:54 UTC 2006
Modified Files:
pkgsrc/x11/ruby-tk: Makefile
Log Message:
Use find -print | xargs rather than find -exec.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 6 16:33:16 UTC 2006
Modified Files:
pkgsrc/x11/ruby-tk: Makefile PLIST distinfo
Log Message:
Update ruby-tk package to 1.8.5.20061205:
Changes are huge, please see Changes.
- pkgsrc change; fix permission of a image file.
o Update ruby18-base pacakge to Ruby 1.8 branch 2006/12/05. - Many changes from 2006/9/6; see Changes file, please. - Fixes another cgi.rb vulnerability: http://jvn.jp/jp/JVN%2384798830/index.html o Introduce ruby-build-ri-db PKG_OPTION which enable installing database for Ruby's ri utility. Default is disabled and should be fix PR pkg/34587.
Pullup ticket 1897 - requested by taca security fix for ruby18-base Revisions pulled up: - pkgsrc/lang/ruby18-base/Makefile 1.28 - pkgsrc/lang/ruby18-base/distinfo 1.16 - pkgsrc/lang/ruby18-base/patches/patch-bl 1.3 Module Name: pkgsrc Committed By: taca Date: Fri Nov 3 05:36:23 UTC 2006 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-bl Log Message: Add patch to cgi.rb for fixing security problem (CVE-2006-5467). Bump PKGREVISION.
Pullup ticket 1901 - requested by taca
portability fixes for ruby18
Revisions pulled up:
- pkgsrc/lang/ruby18-base/DESCR 1.2
- pkgsrc/lang/ruby18-base/Makefile 1.27
- pkgsrc/lang/ruby18-base/distinfo 1.15
- pkgsrc/lang/ruby18-base/patches/patch-aa 1.7
- pkgsrc/lang/ruby18-base/patches/patch-ab 1.7
- pkgsrc/lang/ruby18/DESCR 1.6
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 29 02:45:42 UTC 2006
Modified Files:
pkgsrc/lang/ruby18-base: DESCR Makefile distinfo
pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab
Log Message:
Adding some fixes:
(1) Don't use make's varibalbe in DESCR; fixes PR pkg/34920.
(2) Use --enable-wide-getaddrinfo on not only Linux but Solaris.
(3) Make sure to link libruby.so with proper -R linker option.
Thanks for Dan McMahill who reported and suggested fix to (2) and (3)
with private mail. And thanks for Takayoshi Kochi who reports PR pkg/34920.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Oct 30 07:06:49 UTC 2006
Modified Files:
pkgsrc/lang/ruby18: DESCR
Log Message:
s/${RUBY_VERSION}/1.8.5/.
Noted by Takayoshi Kochi in connection with ruby18-base's PR.
Add patch to cgi.rb for fixing security problem (CVE-2006-5467). Bump PKGREVISION.
Adding some fixes:
(1) Don't use make's varibalbe in DESCR; fixes PR pkg/34920.
(2) Use --enable-wide-getaddrinfo on not only Linux but Solaris.
(3) Make sure to link libruby.so with proper -R linker option.
Thanks for Dan McMahill who reported and suggested fix to (2) and (3)
with private mail. And thanks for Takayoshi Kochi who reports PR pkg/34920.
Bump PKGREVISION.
Update Ruby to 1.8.5 (+ ruby-1-8 branch on 2006-09-07). pkgsrc changes: * Add RUBY_DYNAMIC_DIRS which cause generating dynamic PLIST entries. * Move using buildlinks to rubyversion.mk. * Merge converters/ruby-iconv to ruby18-base. Ruby changes: * too may, see ChangeLog file or http://eigenclass.org/hiki.rb?ruby+1.8.5+changelog
Pullup ticket 1771 - requested by taca
security fixes for ruby18-base
Revisions pulled up:
- pkgsrc/lang/ruby18-base/Makefile 1.23
- pkgsrc/lang/ruby18-base/distinfo 1.13
- pkgsrc/lang/ruby18-base/patches/patch-ag 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ah 1.1
- pkgsrc/lang/ruby18-base/patches/patch-cp 1.1
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 2 07:02:44 UTC 2006
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ag patch-ah patch-cp
Log Message:
Add three patches accidently left on my work area.
- Add two miscellaneous patches for openssl and yaml libraries.
They were left from last year, sigh.
- Add one more part for CVE-2006-3694.
Bump PKGREVISION.
Add three patches accidently left on my work area. - Add two miscellaneous patches for openssl and yaml libraries. They were left from last year, sigh. - Add one more part for CVE-2006-3694. Bump PKGREVISION.
Pullup ticket 1764 - requested by taca security fix for ruby18-base Module Name: pkgsrc Committed By: taca Date: Sun Jul 30 23:12:50 UTC 2006 Modified Files: pkgsrc/lang/ruby18-base: Makefile PLIST distinfo pkgsrc/lang/ruby18-base/patches: patch-ad patch-cc Added Files: pkgsrc/lang/ruby18-base/patches: patch-ck patch-cl patch-cm patch-cn patch-co Log Message: - Security fix for CVE-2006-3694 (JVN#13947696 and JVN#83768862). - Import yaml problem and fix document generation for ri(1). - minor clean up to pkgsrc. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon Jul 31 11:29:03 UTC 2006 Modified Files: pkgsrc/lang/ruby18-base: Makefile PLIST distinfo pkgsrc/lang/ruby18-base/patches: patch-cm Log Message: - Fix PLIST problem; a extra entry. - Reduce warning of optparse.rb when generating ri(1) database. Bump PKGREVISION.
- Fix PLIST problem; a extra entry. - Reduce warning of optparse.rb when generating ri(1) database. Bump PKGREVISION.
- Security fix for CVE-2006-3694 (JVN#13947696 and JVN#83768862). - Import yaml problem and fix document generation for ri(1). - minor clean up to pkgsrc. Bump PKGREVISION.
- Fix rpath problem with SunPro Compiler on Solaris. No other platform should not be affected by this change. - Some white space clean up. Bump PKGREVISION.
Update ruby18-base package to Ruby 1.8.4. Ruby 1.8.4 are maintainous release of Ruby programming language. Changes are too huge to list here, please see http://www.ruby-lang.org/. And this package contains some bug fixes after release of 1.8.4. Tue Dec 27 08:29:18 2005 GOTOU Yuuzou <gotoyuzo@notwork.org> * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLSocket#post_connection_chech): treat wildcard character in commonName. [ruby-dev:28121] Mon Dec 26 22:32:47 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * eval.c (rb_eval), gc.c (gc_mark_children), node.h (NEW_ALIAS, NEW_VALIAS), parse.y (fitem): allow dynamic symbols to NODE_UNDEF and NODE_ALIAS. backported from trunk. fixed: [ruby-dev:28105] Mon Dec 26 08:50:36 2005 Yukihiro Matsumoto <matz@ruby-lang.org> * eval.c (ev_const_get): fixed a bug in constant reference during instance_eval. [yarv-dev:707] * eval.c (ev_const_defined): ditto. * lib/yaml.rb (YAML::add_domain_type): typo fixed. a patch from Joel VanderWerf <vjoel at path.berkeley.edu>. [ruby-talk:165285] [ruby-core:6995]
Make sure that there is always a space between "-o" and its argument when running gcc or ld. This makes the package build on Darwin.
- Update to Ruby 1.8.3 with several fixes after its release (see CHANGES.pkgsrc file). - Merge databases/ruby-dbm, devel/ruby-zlib, security/ruby-digest and ruby-openssl, conflicting with these packages. - Better handling for RI directories. - Use pkgsrc's TOOLS framework.
Use security patch in official Ruby's ftp server instead of adding locally. This dosen't change anything to installed binaries nor built package.
Pullup ticket #769 - requested by Takahiro Kambe
security and portability fixes for ruby18-base
Revisions pulled up:
- pkgsrc/lang/ruby18-base/Makefile 1.7, 1.8
- pkgsrc/lang/ruby18-base/distinfo 1.3, 1.4, 1.5
- pkgsrc/lang/ruby18-base/patches/patch-aa 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ab 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ad 1.1
- pkgsrc/lang/ruby18-base/patches/patch-au 1.1
- pkgsrc/lang/ruby18-base/patches/patch-av 1.1
- pkgsrc/lang/ruby18-base/patches/patch-aw 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ax 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ay 1.1
- pkgsrc/lang/ruby18-base/patches/patch-az 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 18 13:38:50 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az
Log Message:
Adding DrafonFly BSD support based on patch provided by Joerg Sonnenberger.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Sep 19 15:19:13 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: distinfo
pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab
Log Message:
Rearrange configure script a little:
- Correct case statement moving "interix3*)" to before "interrix*)" since
"interix3*)" wouldn't match and always match to "interix*)".
- Remove "interix3*" in the case condition which always "interix*" pattern.
This dosen't fix anything bulding on Interix3 (SFU 3.5) and on other
platforms, but fix obvious mistake in configure script.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 21 14:03:22 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch for fix the security problem which allows an arbitrary code
to run bypassing the safe level check.
The patch was provided by Yukihiro Matsumoto on ruby-dev mailing list.
Bump PKGREVISION.
Add a patch for fix the security problem which allows an arbitrary code to run bypassing the safe level check. The patch was provided by Yukihiro Matsumoto on ruby-dev mailing list. Bump PKGREVISION.
Rearrange configure script a little: - Correct case statement moving "interix3*)" to before "interrix*)" since "interix3*)" wouldn't match and always match to "interix*)". - Remove "interix3*" in the case condition which always "interix*" pattern. This dosen't fix anything bulding on Interix3 (SFU 3.5) and on other platforms, but fix obvious mistake in configure script.
Adding DrafonFly BSD support based on patch provided by Joerg Sonnenberger. Bump PKGREVISION.
Pullup ticket 558 - requested by Takahiro Kambe security fix for ruby18-base Revisions pulled up: - pkgsrc/lang/ruby18-base/Makefile 1.6 - pkgsrc/lang/ruby18-base/distinfo 1.2 - pkgsrc/lang/ruby18-base/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: taca Date: Thu Jun 23 16:54:47 UTC 2005 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-ac Log Message: Add fix for xmlrpc library security problem noted as http://secunia.com/advisories/15767/. Bump PKGREVISION.
Add fix for xmlrpc library security problem noted as http://secunia.com/advisories/15767/. Bump PKGREVISION.
Importing ruby18-base package. This is minimum ruby 1.8.2 based on current ruby18 and ruby18 package will be meta pacakge later.
Initial revision