./lang/ruby24-base, Ruby 2.4.6 release minimum base package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.6, Package name: ruby24-base-2.4.6, Maintainer: taca

Ruby is the interpreted scripting language for quick and
easy object-oriented programming. It has many features to
process text files and to do system management tasks (as in
Perl). It is simple, straight-forward, and extensible.

Features of Ruby are shown below.

+ Simple Syntax
+ *Normal* Object-Oriented features (ex. class, method calls)
+ *Advanced* Object-Oriented features (ex. Mix-in, Singleton-method)
+ Operator Overloading
+ Exception Handling
+ Iterators and Closures
+ Garbage Collection
+ Dynamic Loading of Object files (on some architecture)
+ Highly Portable (works on many UNIX machines, and on DOS,
Windows, Mac, BeOS etc.)

This package is Ruby 2.4 release minimum base package.

DEINSTALL [+/-]

Required to run:
[textproc/libyaml]

Required to build:
[pkgtools/cwrappers]

Package options: ruby-build-ri-db

Master sites: (Expand)

SHA1: 86a4fa22cb3547005ec4bfcf77489a4254226187
RMD160: f1ef06577c2ef90046ba2e7147b6a94a66cf6b9d
Filesize: 9771.039 KB

Version history: (Expand)


CVS history: (Expand)


   2019-04-07 18:17:39 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
lang/ruby24-base: update to 2.4.6

* vulnerabilities of rubygems are already fixed in 2.4.5nb1.

Ruby 2.4.6 Released					1 Apr 2019

Ruby 2.4.6 has been released.

This release includes about 20 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.

	* Multiple vulnerabilities in RubyGems

See the commit log for details.

After this release, we will end the normal maintenance phase of Ruby 2.4, and
start the security maintenance phase of it.  This means that after the release
of 2.4.6 we will never backport any bug fixes to 2.4 except security fixes.
The term of the security maintenance phase is scheduled for 1 year.  By the
end of this term, official support of Ruby 2.4 will be over.  Therefore, we
recommend that you start planning to upgrade to Ruby 2.6 or 2.5.
   2019-03-12 05:24:40 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/ruby24-base: really bump PKGREVISION

Oops, really bump PKGREVISION.
   2019-03-12 05:23:45 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
lang/ruby24-base: Add security patch for rubygems

Add security patch for rubygems, fixing these problem.

* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors

https://www.ruby-lang.org/en/news/2019/ … -rubygems/

Since original patch included in official announce dose not cleanly applied to
Ruby 2.4.5, use a local version which drop patch to none existing test.

Bump PKGREVISION.
   2019-02-07 11:07:21 by matthew green | Files touched by this commit (3)
Log message:
apply the gcc6.5 and arm64 hack to gcc [67].*.  fixes arm64 builds on gcc7.
   2019-01-03 06:19:03 by Takahiro Kambe | Files touched by this commit (5)
Log message:
lang/ruby: switch to use distfiles in '.xz' format

Switch to use distfiles in '.xz' format.
   2018-12-22 04:11:57 by Roy Marples | Files touched by this commit (1)
Log message:
ruby does not like -fomit-frame-pointer on NetBSD/aarch64
   2018-10-18 16:15:13 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
lang/ruby24-base: update to 2.4.5

Ruby 2.4.5 Released

Ruby 2.4.5 has been released.

This release includes about 40 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
  See the commit logs for details.
   2018-07-17 12:56:24 by Jonathan Perkin | Files touched by this commit (8)
Log message:
*: Add some required USE_GCC_RUNTIME.