lang/ruby23-base: update to 2.3.7, security release Ruby 2.3.7 Released Posted by usa on 28 Mar 2018 Ruby 2.3.7 has been released. This release includes about 70 bug fixes after the previous release, and also includes several security fixes. Please check the topics below for details. * CVE-2017-17742: HTTP response splitting in WEBrick * CVE-2018-8777: DoS by large request in WEBrick * CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir * CVE-2018-8778: Buffer under-read in String#unpack * CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket * CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir * Multiple vulnerabilities in RubyGems See the ChangeLog for details. After this release, we will end the normal maintenance phase of Ruby 2.3, and start the security maintenance phase of it. This means that after the release of 2.3.7 we will never backport any bug fixes to 2.3 except security fixes. The term of the security maintenance phase is scheduled for 1 year. By the end of this term, official support of Ruby 2.3 will be over. Therefore, we recommend that you start planning to upgrade to Ruby 2.5 or 2.4.diff -r1.193 -r1.194 pkgsrc/lang/ruby/rubyversion.mk
(taca)
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: rubyversion.mk,v 1.193 2018/03/29 03:06:57 taca Exp $ | 1 | # $NetBSD: rubyversion.mk,v 1.194 2018/03/29 03:09:35 taca Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | # This file determines which Ruby version is used as a dependency for | 4 | # This file determines which Ruby version is used as a dependency for | |
| 5 | # a package. | 5 | # a package. | |
| 6 | # | 6 | # | |
| 7 | # | 7 | # | |
| 8 | # === User-settable variables === | 8 | # === User-settable variables === | |
| 9 | # | 9 | # | |
| 10 | # RUBY_VERSION_DEFAULT | 10 | # RUBY_VERSION_DEFAULT | |
| 11 | # The preferered Ruby version to use. | 11 | # The preferered Ruby version to use. | |
| 12 | # | 12 | # | |
| 13 | # Possible values: 22 23 24 25 | 13 | # Possible values: 22 23 24 25 | |
| 14 | # Default: 24 | 14 | # Default: 24 | |
| @@ -205,27 +205,27 @@ | @@ -205,27 +205,27 @@ | |||
| 205 | _RUBYVERSION_MK= # defined | 205 | _RUBYVERSION_MK= # defined | |
| 206 | 206 | |||
| 207 | .include "../../mk/bsd.prefs.mk" | 207 | .include "../../mk/bsd.prefs.mk" | |
| 208 | 208 | |||
| 209 | .if defined(PKGNAME_REQD) | 209 | .if defined(PKGNAME_REQD) | |
| 210 | . if !empty(PKGNAME_REQD:Mruby[0-9][0-9]-*) | 210 | . if !empty(PKGNAME_REQD:Mruby[0-9][0-9]-*) | |
| 211 | _RUBY_VERSION_REQD:= ${PKGNAME_REQD:C/ruby([0-9][0-9])-.*/\1/} | 211 | _RUBY_VERSION_REQD:= ${PKGNAME_REQD:C/ruby([0-9][0-9])-.*/\1/} | |
| 212 | RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/ruby([0-9][0-9])-.*/\1/} | 212 | RUBY_VERSION_REQD?= ${PKGNAME_REQD:C/ruby([0-9][0-9])-.*/\1/} | |
| 213 | . endif | 213 | . endif | |
| 214 | .endif | 214 | .endif | |
| 215 | 215 | |||
| 216 | # current supported Ruby's version | 216 | # current supported Ruby's version | |
| 217 | RUBY22_VERSION= 2.2.9 | 217 | RUBY22_VERSION= 2.2.9 | |
| 218 | RUBY23_VERSION= 2.3.6 | 218 | RUBY23_VERSION= 2.3.7 | |
| 219 | RUBY24_VERSION= 2.4.4 | 219 | RUBY24_VERSION= 2.4.4 | |
| 220 | RUBY25_VERSION= 2.5.1 | 220 | RUBY25_VERSION= 2.5.1 | |
| 221 | 221 | |||
| 222 | # current API compatible version; used for version of shared library | 222 | # current API compatible version; used for version of shared library | |
| 223 | RUBY22_API_VERSION= 2.2.0 | 223 | RUBY22_API_VERSION= 2.2.0 | |
| 224 | RUBY23_API_VERSION= 2.3.0 | 224 | RUBY23_API_VERSION= 2.3.0 | |
| 225 | RUBY24_API_VERSION= 2.4.0 | 225 | RUBY24_API_VERSION= 2.4.0 | |
| 226 | RUBY25_API_VERSION= 2.5.0 | 226 | RUBY25_API_VERSION= 2.5.0 | |
| 227 | 227 | |||
| 228 | # | 228 | # | |
| 229 | RUBY_VERSION_DEFAULT?= 24 | 229 | RUBY_VERSION_DEFAULT?= 24 | |
| 230 | 230 | |||
| 231 | # supported Ruby's version | 231 | # supported Ruby's version |
| @@ -1,25 +1,20 @@ | @@ -1,25 +1,20 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.15 2018/02/23 15:26:14 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.16 2018/03/29 03:09:35 taca Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= ${RUBY_DISTNAME} | 3 | DISTNAME= ${RUBY_DISTNAME} | |
| 4 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} | 4 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION} | |
| 5 | PKGREVISION= 2 | |||
| 6 | CATEGORIES= lang ruby | 5 | CATEGORIES= lang ruby | |
| 7 | MASTER_SITES= ${MASTER_SITE_RUBY} | 6 | MASTER_SITES= ${MASTER_SITE_RUBY} | |
| 8 | 7 | |||
| 9 | PATCH_SITES= https://bugs.ruby-lang.org/attachments/download/7029/ | |||
| 10 | PATCHFILES= rubygems-276-for-ruby23.patch | |||
| 11 | PATCH_DIST_STRIP= -p0 | |||
| 12 | ||||
| 13 | MAINTAINER= taca@NetBSD.org | 8 | MAINTAINER= taca@NetBSD.org | |
| 14 | HOMEPAGE= ${RUBY_HOMEPAGE} | 9 | HOMEPAGE= ${RUBY_HOMEPAGE} | |
| 15 | COMMENT= Ruby ${RUBY_VERSION} release minimum base package | 10 | COMMENT= Ruby ${RUBY_VERSION} release minimum base package | |
| 16 | 11 | |||
| 17 | RUBY_VERSIONS_ACCEPTED= 23 | 12 | RUBY_VERSIONS_ACCEPTED= 23 | |
| 18 | 13 | |||
| 19 | USE_LANGUAGES= c | 14 | USE_LANGUAGES= c | |
| 20 | USE_TOOLS+= pax yacc pkg-config | 15 | USE_TOOLS+= pax yacc pkg-config | |
| 21 | GNU_CONFIGURE= yes | 16 | GNU_CONFIGURE= yes | |
| 22 | TEST_TARGET= test | 17 | TEST_TARGET= test | |
| 23 | CONFIGURE_ARGS+= --enable-shared | 18 | CONFIGURE_ARGS+= --enable-shared | |
| 24 | WRKSRC= ${RUBY_WRKSRC} | 19 | WRKSRC= ${RUBY_WRKSRC} | |
| 25 | 20 |
| @@ -1,30 +1,22 @@ | @@ -1,30 +1,22 @@ | |||
| 1 | $NetBSD: distinfo,v 1.15 2018/02/19 16:46:26 taca Exp $ | 1 | $NetBSD: distinfo,v 1.16 2018/03/29 03:09:35 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (ruby-2.3.6.tar.bz2) = 07c3b66d544dd22c22fbae3f16cfb3eeb88b7b1e | 3 | SHA1 (ruby-2.3.7.tar.bz2) = 3bb88965405da5e4de2432eeb445fffa8a66fb33 | |
| 4 | RMD160 (ruby-2.3.6.tar.bz2) = 664e027a6f172212ac8ebff3aa9b99df4e99906b | 4 | RMD160 (ruby-2.3.7.tar.bz2) = cb8f83f773a0d1cfc8595148ac61aff253f6b67d | |
| 5 | SHA512 (ruby-2.3.6.tar.bz2) = bc3c7a115745a38e44bd91eb5637b1e412011c471d9749db7960185ef75737b944dd0e524f22432809649952ca7d93f46d458990e9cd2b0db5ca8abf4bc8ea99 | 5 | SHA512 (ruby-2.3.7.tar.bz2) = e72754f7703f0706c4b0bccd053035536053451fe069a55427984cc0bc5692b86bd51c243c5f62f78527c66b08300d2e4aa19b73e6ded13d6020aa2450e66a7d | |
| 6 | Size (ruby-2.3.6.tar.bz2) = 14429114 bytes | 6 | Size (ruby-2.3.7.tar.bz2) = 14421177 bytes | |
| 7 | SHA1 (rubygems-276-for-ruby23.patch) = 859334e0313e522826b28c4878611f34c46b7526 | |||
| 8 | RMD160 (rubygems-276-for-ruby23.patch) = c4d7718b7e4845811bf54917ca185ac49c75d6b3 | |||
| 9 | SHA512 (rubygems-276-for-ruby23.patch) = b2b363bec953aa4cfd17bd501753a621b829d5052780f33c6d74d813f128f703a4dd59db53ac59860aed6f741fd1a77b1ef173523f0f8b49b91282e5c8181961 | |||
| 10 | Size (rubygems-276-for-ruby23.patch) = 19953 bytes | |||
| 11 | SHA1 (patch-configure) = 3737bf52082288b02e7382d71a322f4822c5abe4 | 7 | SHA1 (patch-configure) = 3737bf52082288b02e7382d71a322f4822c5abe4 | |
| 12 | SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b | 8 | SHA1 (patch-ext_dbm_extconf.rb) = c998f8735db54b1ae2bc8b6caa359ce88bc7a45b | |
| 13 | SHA1 (patch-ext_openssl_ossl__ssl.c) = 24e794aae278da6204e29212d9e2add0b0119ea4 | 9 | SHA1 (patch-ext_openssl_ossl__ssl.c) = 24e794aae278da6204e29212d9e2add0b0119ea4 | |
| 14 | SHA1 (patch-lib_mkmf.rb) = d01302bac014ec1d72bbf19df64bc2c93c07ec5e | 10 | SHA1 (patch-lib_mkmf.rb) = d01302bac014ec1d72bbf19df64bc2c93c07ec5e | |
| 15 | SHA1 (patch-lib_rdoc_ri_driver.rb) = bdbe04aa1dd1719d901233b16bcb318172a42b6c | 11 | SHA1 (patch-lib_rdoc_ri_driver.rb) = bdbe04aa1dd1719d901233b16bcb318172a42b6c | |
| 16 | SHA1 (patch-lib_rubygems.rb) = d8968f54bdc973379675a3ebb5ca68325cff6644 | 12 | SHA1 (patch-lib_rubygems.rb) = d8968f54bdc973379675a3ebb5ca68325cff6644 | |
| 17 | SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 7f5af0331a7e16f6c3ed472cf33ddaf762c5c4b2 | 13 | SHA1 (patch-lib_rubygems_commands_setup__command.rb) = 7f5af0331a7e16f6c3ed472cf33ddaf762c5c4b2 | |
| 18 | SHA1 (patch-lib_rubygems_config__file.rb) = 6c45b2adaa35284d32e5c3035d8435897bd22bda | 14 | SHA1 (patch-lib_rubygems_config__file.rb) = 6c45b2adaa35284d32e5c3035d8435897bd22bda | |
| 19 | SHA1 (patch-lib_rubygems_defaults.rb) = 3a4bfa91441a7416d079e51719d7df646d1aa940 | 15 | SHA1 (patch-lib_rubygems_defaults.rb) = 3a4bfa91441a7416d079e51719d7df646d1aa940 | |
| 20 | SHA1 (patch-lib_rubygems_dependency__installer.rb) = 91741a1836d3635d3b89dd7d775c3ae549f6363c | 16 | SHA1 (patch-lib_rubygems_dependency__installer.rb) = 91741a1836d3635d3b89dd7d775c3ae549f6363c | |
| 21 | SHA1 (patch-lib_rubygems_install__update__options.rb) = 167cfeeb47842d20eaadd15ed89ea886cbfd33db | 17 | SHA1 (patch-lib_rubygems_install__update__options.rb) = 167cfeeb47842d20eaadd15ed89ea886cbfd33db | |
| 22 | SHA1 (patch-lib_rubygems_installer.rb) = 37218b0ebf874095dce8b92bc30b5beb720e13a2 | 18 | SHA1 (patch-lib_rubygems_installer.rb) = 37218b0ebf874095dce8b92bc30b5beb720e13a2 | |
| 23 | SHA1 (patch-lib_rubygems_platform.rb) = 244a6698636012235882ae606ae3a3b4dffd3faf | 19 | SHA1 (patch-lib_rubygems_platform.rb) = 244a6698636012235882ae606ae3a3b4dffd3faf | |
| 24 | SHA1 (patch-lib_rubygems_specification.rb) = 46f517d6128d1366c0a302a7d04d2caec7ec948f | 20 | SHA1 (patch-lib_rubygems_specification.rb) = 46f517d6128d1366c0a302a7d04d2caec7ec948f | |
| 25 | SHA1 (patch-man_erb.1) = a03758f5ae399463b140fbac92c39e6ccc9d18bd | |||
| 26 | SHA1 (patch-man_irb.1) = bf3cd43511ddc51a41dced16f2be1c9f8018d226 | |||
| 27 | SHA1 (patch-man_ri.1) = d8917e7a08bbc3eb41349570cc658d40c1b3463f | |||
| 28 | SHA1 (patch-man_ruby.1) = c6d1de29fe470024b926226615d97d485dececd9 | |||
| 29 | SHA1 (patch-test_rubygems_test__gem.rb) = 47cc7af18fc5f30d6d695e70851cfaf3205a9266 | 21 | SHA1 (patch-test_rubygems_test__gem.rb) = 47cc7af18fc5f30d6d695e70851cfaf3205a9266 | |
| 30 | SHA1 (patch-tool_rbinstall.rb) = 159b657293029cb5bc096d7c23ae85fe05c88ba2 | 22 | SHA1 (patch-tool_rbinstall.rb) = 159b657293029cb5bc096d7c23ae85fe05c88ba2 |