- Set RUBY_API_VERSION after RUBY_VERSION has decided.
- Change old RUBY_DOCDIR and RUBY_EXAMPLESDIR to RUBY_DOC and RUBY_EG in
comment.
- Fix shared libraries PLIST to support Mac OS X with introducing RUBY_SLEXT:
Shared library => .dylib
Extension library => .bundle
- Improve PRINT_PLIST_AWK to handle new shared libraries.
No functional change shoud be done and fix PR pkg/44050.
INSTALL_PROGRAM and INSTALL_SCRIPT.
They reflect to Ruby's Config::CONFIG constant which contains
various configuration parametes which would be used when installing
extention modules including ruby gems.
Setting INSTALL explicitly reset the line in mk/configure/gnu-configure.mk.
CONFIGURE_ENV+= ac_given_INSTALL=${INSTALL:Q}\ -c\ -o\ ${BINOWN}\ -g\ ${BINGRP}
Should be fix PR pkg/43684 and pkg/43687.
Bump PKGREVISION.
* Fix critical problem of BigDecimal class in 1.8.7-p173.
Fri Jun 12 16:36:44 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced
in r23613. [ruby-talk:338957]
Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org>
* eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check
with another method.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid
segmentation fault caused by (insanely) long decimal values.
backported from 1.9. CVE-2009-1904
* ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i,
BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split,
BigDecimal_inspect): ditto.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if
exp is bigger than DBL_MANT_DIG.
Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org>
* file.c: include fcntl.h for O_RDONLY on Solaris.
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (rv_strdup): macro to duplicate nul-terminated string.
[ruby-core:22852]
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out.
[ruby-core:22600]
Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (rb_eval): needs to guard intermediate string objects.
based on a patch from Brent Roman <brent AT mbari.org> a
[ruby-core:22584].
Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org>
* Makefile.in (update-rubyspec, test-rubyspec): Catch up to
rubyspec merge. A patch by Brian Ford at [ruby-core:21032]
Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org>
* lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal
method name typo. [Bug #1173]
Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (rb_file_s_extname): fix for spaces before extention.
[ruby-dev:38044]
Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* win32/win32.c (_CrtDbgReportW): prevent from false positive
assertions in msvcrtd. [ruby-core:22116]
Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen.
[ruby-talk:328195], [ruby-core:22142]
Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check.
Patch by Kornelius Kalnbach. [ruby-core:20992].
* test/ostruct/test_ostruct.rb: test for inspect.
Patch by Kornelius Kalnbach. [ruby-core:20992].
Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org>
* eval.c (rb_thread_schedule): handle EBADF of select as well.
[ruby-core:21264]
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.
Fix small PLIST improvement, too.
Bump PKGREVISION.
These packages are implicitly updated with distfile update only.
databases/ruby-gdbm
devel/ruby-readline
lang/ruby
lang/ruby18
Here's quote from release announce:
Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.
And relevant changes:
Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
* ext/dl/dl.c (rb_ary_to_ptr): ditto.
* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
well.
pkgsrc change:
Apply fix for sunpro compilre, provided by PR pkg/37771 from
Naoto Morishima.
This release includes fix for multiple vulnerabilities.
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb
Full changes are too many, please refer ChangeLog file.
This is security fix:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_buf_append): should infect.
Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow.
* string.c (str_buf_cat): ditto.
Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): no need to expand root path which has no
short file name. [ruby-dev:35095]
Sun Jun 15 19:27:40 2008 Akinori MUSHA <knu@iDaemons.org>
* configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby
directories; submitted by Takahiro Kambe <taca at
back-street.net> in [ruby-dev:35099].
It main chagnes are security fix of WEBrick library.
Mon Mar 3 23:34:13 2008 GOTOU Yuuzou <gotoyuzo@notwork.org>
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
Mon Dec 3 08:13:52 2007 Kouhei Sutou <kou@cozmixng.org>
* test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb,
test/rss/test_image.rb, test/rss/rss-testcase.rb: ensured
declaring XML namespaces.
- don't call the linker directly to build shared libraries,
use ${CC} -G
- link libsunmath statically, as it is provided by SUNWspro and
therefore not available on systems where the compiler is not
installed.
Basically, no change since previous update except Net::HTTP default
@enable_post_connection_check was wrongly set to true. (It might
cause compatibility problem.)
Approved by wiz@.
This is bug fix release of Ruby 1.8.6. Especially it fixes thread/eval
function problem on Mac OS X. It also contains an openssl extention's
portablity problem which was bad patch by pkgsrc.
For more detail, please refer CHANGES file.
RUBY_SITERIDIR.
It fixes install error of textproc/ruby-redcloth when ruby18-base didn't
biild with ruby-build-ri-db option.
Noted by obache@ via private mail and approved by wiz@.
Bump PKGREVISION.
- discontinue use of RUBY_PATCH_DATE.
- Introduce RUBY_PATCH_LEVEL.
pkgsrc's ruby tracks Ruby's patch release and avoid to maintain
its own patch files (with RUBY_PATCH_DATE).
Changes are too much, please see ChangeLog file.
- Include options.mk before rubyversion.mk, so PLIST for ri database
should be created suitably.
- make RUBY_RIDIR and its friends relative path to ${PREFIX}.
- Fix and improve handling of ${RUBY_RIDIR} handling and should
be fixed remaining ${RUBY_RIDIR} after pkg_delete ruby18-base.
(Noted by private mail from wiz@.)
Bump PKGREVISION of ruby18-base package.
