Commit graph

36 commits

Author SHA1 Message Date
jperkin
a2ce85611a *: Add some required USE_GCC_RUNTIME. 2018-07-17 10:56:23 +00:00
jperkin
4b936d4110 ruby22-base: Apply upstream patch to fix GCC 7 issue.
Bump PKGREVISION, package previously built but marshal operations during gem
installs would fail.
2018-05-25 15:56:58 +00:00
taca
8ec69e9d5d lang/ruby22-base: update to 2.2.10, security release
Ruby 2.2.10 Released				Posted by usa on 28 Mar 2018

Ruby 2.2.10 has been released.  This release includes several security
fixes. Please check the topics below for details.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
  traversal in tempfile and tmpdir
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
  UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

Ruby 2.2 is under the state of the security maintenance phase, until the end
of the March of 2018.  After the date, maintenance of Ruby 2.2 will be ended.
So, this release is expected to be the last release of Ruby 2.2.  We will
never make a new release of Ruby 2.2 unless Ruby 2.2.10 has a serious
regression bug.  We recommend you migrating to newer versions of Ruby, such as
2.5.
2018-03-29 03:11:58 +00:00
wiz
f0711fb72d lang/*: remove BROKEN markers for known openssl-1.1 breakage
Requested by joerg.
2018-02-23 15:26:14 +00:00
wiz
eef6a7adac ruby22-base: mark as broken on NetBSD-current due to openssl-1.1 2018-02-20 06:43:14 +00:00
taca
7116f74b77 lang/ruby22-base: rubygem security fix
Add an patch to fix security problem of rubygems.

Bump PKGREVISION.
2018-02-19 16:47:53 +00:00
jperkin
c2dbe3602e ruby*-base: Don't add SSP flags, leave that to pkgsrc. 2018-01-16 14:53:27 +00:00
taca
5765f6c327 lang/ruby22-base: update to 2.2.9
Ruby 2.2.9 Released
Posted by usa on 14 Dec 2017

Ruby 2.2.9 has been released. This release includes several security
fixes. Please check the topics below for details.

* CVE-2017-17405: Command injection vulnerability in Net::FTP
* Unsafe Object Deserialization Vulnerability in RubyGems

Ruby 2.2 is now under the state of the security maintenance phase, until the
end of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
2017-12-15 03:26:03 +00:00
taca
7aa2cea01b Update ruby22-base and ruby22 packages to 2.2.8.
pkgsrc change: clean up PILST.


Ruby 2.2.8 Released			Posted by usa on 14 Sep 2017

Ruby 2.2.8 has been released. This release includes several security
fixes. Please check the topics below for details.

* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf

* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
  authentication of WEBrick

* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode

* CVE-2017-14064: Heap exposure vulnerability in generating JSON

* Multiple vulnerabilities in RubyGems

* Updated bundled libyaml to version 0.1.7

Ruby 2.2 is now under the state of the security maintenance phase, until the
endo of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
2017-09-15 00:33:58 +00:00
taca
331f22d2fa Add patch to fix vulnerabilities of rubygems.
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

* a DNS request hijacking vulnerability
* an ANSI escape sequence vulnerability
* a DoS vulernerability in the query command
* a vulnerability in the gem installer that allowed a malicious gem to
  overwrite arbitrary files

Bump PKGREVISION.
2017-08-30 03:32:55 +00:00
taca
158f45b075 Fix build problem when PKGSRC_USE_RELRO is not "no".
* Pass LDFLAGS to LIBRUBY_DLDFLAGS via DLDFLAGS as Ruby 2.4 dose.
2017-07-06 16:35:05 +00:00
taca
370c87b2d4 Replace RUBY_VERSION_FULL with RUBY_VERSION since there is no
RUBY_VERSION_FULL contains Ruby's patchlevel.
2017-05-30 15:46:21 +00:00
taca
cb531f3e0d Update ruby22-base and ruby22 to 2.2.7.
Ruby 2.2.7 Released					2017/3/28

Ruby 2.2.7 has been released.

This release includes about 70 bug fixes after the previous release. See the
ChangeLog for details.

After this release, we will end the normal maintenance phase of Ruby 2.2, and
start the security maintenance phase of it.  This means that after the release
of 2.2.7 we will never backport any bug fixes to 2.2 except security fixes.
The term of the security maintenance phase is scheduled for 1 year.  By the
end of this term, official support of Ruby 2.2 will be over.  Therefore, we
recommend that you start planning to upgrade to Ruby 2.4 or 2.3.
2017-04-09 15:49:50 +00:00
taca
e064a50852 Update ruby22{,-base,gdbm,fiddle,readline,tk} to 2.2.6.
pkgsrc change: rubygems dose not blame open-ended dependency unless verbose
option is enabled.


Ruby 2.2.6 Released				Posted by usa on 15 Nov 2016

Ruby 2.2.6 has been released.

This release includes new SSL certificates for RubyGems. And, this also
includes about 80 bug fixes after the previous release. See the ChangeLog for
details.
2016-12-05 15:02:25 +00:00
taca
eb7780b911 Trying to move common configuration to common place. 2016-11-13 15:14:19 +00:00
joerg
852712577b Rename RUBY_VERSION_SUPPORTED into _RUBY_VERSIONS_ACCEPTED to follow the
naming scheme of the other multi-version packages. Add support for the
coorresponding RUBY_VERSIONS_INCOMPATIBLE list.
2016-09-08 15:19:16 +00:00
rillig
fb49e963e0 Removed reference to undefined RUBY_LICENSE variable. 2016-07-10 18:42:50 +00:00
taca
0cfafdfb59 Update ruby22-base to 2.2.5, no security fix.
Ruby 2.2.5 Released				Posted by usa on 26 Apr 2016

Ruby 2.2.5 has been released.

This release includes many bug fixes. See the ChangeLog for details.
2016-05-15 14:07:48 +00:00
taca
f24151ae79 Try to fix build error by recent OpenSSL change on NetBSD,
reported as PR pkg/50971.
2016-03-24 16:28:59 +00:00
wiz
0e3a70b5a7 Add upstream patch from SVN to fix build with RELRO.
I don't see a relation to relro, but the linker found out about
a missing symbol it didn't complain about before.

SVN 54139:

Thu Mar 17 11:36:27 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

       * ext/socket/option.c (inspect_tcpi_msec): more accurate condition
         for TCPI msec member inspection function.
         [ruby-core:74388] [Bug #12185]

Bump PKGREVISION.
2016-03-17 07:53:46 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
jperkin
db1332a441 Use OPSYSVARS. 2016-02-25 14:42:55 +00:00
jperkin
71cc1fb130 Newer ruby releases require C99 due to use of signbit(). 2016-01-27 12:12:19 +00:00
taca
983f1f969a Bump PKGREVISION.
There are enough period that all patch files are ignored due to missing
from distinfo.
2015-12-20 05:27:46 +00:00
taca
b046e65cbd Oops, wrong distinfo file. 2015-12-17 01:36:36 +00:00
taca
ee1fa296ab Update ruby22{-base} to 2.2.4 (Ruby 2.2.4).
Ruby 2.2.4 Released

Posted by nagachika on 16 Dec 2015

Ruby 2.2.4 has been released.

This release includes a security fix for Fiddle extension. Please view the
topic below for more details.

    * CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

There are also some bugfixes. See ChangeLog for details.
2015-12-16 16:05:19 +00:00
joerg
2aa9afe82c Mark a few more variables as volatile to prevent clobbering by setjmp.
Found due to crashes with very recent clang. Bump revision.
2015-11-20 14:31:59 +00:00
agc
54622f28e2 Add SHA512 digests for distfiles for lang category
Problems found with existing digests:
	Package nhc98 distfile nhc98src-1.22.tar.gz
	a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
	81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]

Problems found locating distfiles:
	Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
	Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
	Package icc11: missing distfile l_cproc_p_11.1.080.tgz
	Package jini: missing distfile jini-1_2_1_001-src.zip
	Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
	Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
	Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
	Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
	Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
	Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
	Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
	Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
	Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
	Package sun-jre6: missing distfile jce_policy-6.zip
	Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
	Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
	Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
	Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 22:50:31 +00:00
sevan
dc55922718 Add pkg-config to USE_TOOLS.
Set PKG_CONFIG to empty as it removes reference to the build directory.

Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from
http://www.libressl.org/patches.html

Fix typo in comment s/refrect/reference.

Reviewed by taca@ wiz@
2015-10-14 18:38:00 +00:00
taca
fa8b1e2f30 Update ruby22-base to 2.2.3 (Ruby 2.2.3).
Release note:

Ruby 2.2.3 Released

Posted by nagachika on 18 Aug 2015

We are pleased to announce the release of Ruby 2.2.3. This is a TEENY
version release of the stable 2.2 series.

This release includes the security fix for a RubyGems domain name
verification vulnerability.

    CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier

There are also some bugfixes. See ChangeLog for details.
2015-08-20 15:30:47 +00:00
jperkin
f9036a939a Disable CPU detection on Darwin, the result for 32-bit (i486) is incompatible
with pkgsrc MACHINE_ARCH (i386).  Fixes 32-bit build, no change for 64-bit.
2015-06-30 19:41:32 +00:00
taca
08cff58043 Add security fix for rubygems, CVE-2015-3900.
Bump PKGREVISION.
2015-06-23 14:03:02 +00:00
taca
6f14e4ae7d Avoid to generate empty command line on some platforms:
$(DLLIB): $(OBJS) Makefile
...
	$(Q) $(POSTLINK)

And POSTLINK is empty macro.  In such case, GNU make ignore empty command
line but BSD make tries to execute it and causes error.

Bump PKGREVISION.
2015-04-30 03:26:37 +00:00
sevan
82e648eabb Remove mention of MirBSD in patch description as support is there by default now
Reviewed by wiz@
2015-04-22 19:04:35 +00:00
taca
4dc5e9c9d8 Update ruby22-base and ruby22 package to 2.2.2.
From release announce:

We are pleased to announce the release of Ruby 2.2.2. This is a TEENY version
release of the stable 2.2 series.

This release includes the security fix for a OpenSSL extension¡Çs hostname
verification vulnerability.

    CVE-2015-1855: Ruby OpenSSL Hostname Verification

There are also some bugfixes. See ChangeLog for details.
2015-04-19 16:25:10 +00:00
taca
99680f5c7d Adding Ruby 2.2.1 package, this is ruby22-base.
From release announce:

We are pleased to announce the release of Ruby 2.2.1. This is the first TEENY
version release of the stable 2.2 series.

This release includes the fix for ffi build failure and memory leak issue on
Symbol GC (See Bug #10686).

See ChangeLog for details.
2015-03-08 16:24:55 +00:00