Set PKG_CONFIG to empty as it removes reference to the build directory.
Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from
http://www.libressl.org/patches.html
Fix typo in comment s/refrect/reference.
Set shell used during configure stage to bash on OpenBSD & Bitrig
due to pdksh incompatibility.
Reviewed by taca@ wiz@
Release announce:
Ruby 2.0.0-p647 Released
Posted by usa on 18 Aug 2015
We are pleased to announce the release of Ruby 2.0.0-p647.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, this release also includes the fix for a regression of lib/resolv.rb.
Uninitialized constant bug introduced by typo in backport of [#10712]
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as
2.1 or 2.2.
$(DLLIB): $(OBJS) Makefile
...
$(Q) $(POSTLINK)
And POSTLINK is empty macro. In such case, GNU make ignore empty command
line but BSD make tries to execute it and causes error.
Bump PKGREVISION.
From release announce:
We are pleased to announce the release of Ruby 2.0.0-p645.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1
or 2.2.
This release includes the security fix mentioned above along with small
changes required for test environment (that shouldn¡Çt affect normal users).
See ChangeLog for full details.
This is the last ordinal release of Ruby 2.0.0. Ruby 2.0.0 goes into the
state of the security maintenance phase, and will never be released unless
any critical regressions or security issues are found. This phase is planned
to be maintained for 1 year. Then, maintenance of Ruby 2.0.0 will be ended
at Feb. 24th, 2016. We recommend to start planning to migrate to newer
versions of Ruby, such as 2.1 or 2.2.
pkgsrc change:
* Change "os" of Gem::Platform, now it change the case of "netbsd" only.
* Reduce patches to builtin rubygems.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Including many bug fixes:
* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))
For detail, please refer ChangeLog.
On platforms where DTrace is available, we need to invoke dtrace(1)
with the original PATH. Otherwise it gets confused in the presence
of our cc wrapper because it tries to invoke the system-default gcc
with argv[0] set to "gcc", not the absolute path to gcc.
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This release includes many bugfixes. See tickets and ChangeLog for details.
Ruby 2.0.0-p353 is released
Now Ruby 2.0.0-p353 is released.
This release includes a security fix about floating point parsing.
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
And some bugfixes are also included. See tickets and ChangeLog for details.
For FreeBSD:
* Fix careless mistake of patch to configure.
For MirBSD (and possibly OpenBSD):
* Don't pass empy string (before semicolon to sed(1).
* Correct suffix for libruby's shared library.
No PKGREVISION bump since this is simply fix for build problem.
This is latest stable release of Ruby and it basically compatible with
Ruby 1.9.3. Please refer full changes to NEWS/ChangeLog files or official
Web site. Here is language changes:
* Added keyword arguments.
* Added %i and %I for symbol list creation (similar to %w and %W).
* Default source encoding is changed to UTF-8. (was US-ASCII)
* No warning for unused variables starting with '_'
