Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2012-04-22 23:02:19 by S.P.Zeidler | Files touched by this commit (5) |
Log message:
Pullup ticket #3750 - requested by taca
misc/rubygems: security fix
Revisions pulled up:
- misc/rubygems/Makefile 1.47
- misc/rubygems/PLIST 1.20
- misc/rubygems/distinfo 1.37
- misc/rubygems/patches/patch-aa 1.12
- misc/rubygems/patches/patch-ao 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 22 08:11:54 UTC 2012
Modified Files:
pkgsrc/misc/rubygems: Makefile PLIST distinfo
pkgsrc/misc/rubygems/patches: patch-aa patch-ao
Log message:
Update rubygems package to 1.8.23.
=== 1.8.23 / 2012-04-19
This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.
You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.
You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.
* 2 security fixes:
* Disallow redirects from https to http
* Turn on verification of server SSL certs
* 1 minor feature:
* Add --clear-sources to fetch
* 2 bug fixes:
* Use File.identical? to check if two files are the same.
* Fixed init_with warning when using psych
=== 1.8.22 / 2012-04-13
* 4 bug fixes:
* Workaround for psych/syck YAML date parsing issue
* Don't trust the encoding of ARGV. Fixes #307
* Quiet default warnings about missing spec variables
* Read a binary file properly (windows fix)
=== 1.8.21 / 2012-03-22
* 2 bug fixes:
* Add workaround for buggy yaml output from 1.9.2
* Force 1.9.1 to remove it's prelude code. Fixes #305
=== 1.8.20 / 2012-03-21
* 4 bug fixes:
* Add --force to `gem build` to skip validation. Fixes #297
* Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
* Treat the source as a proper url base. Fixes #304
* Warn when updating the specs cache fails. Fixes #300
=== 1.8.19 / 2012-03-14
* 3 bug fixes:
* Handle loading psych vs syck properly. Fixes #298
* Make sure Date objects don't leak in via Marshal
* Perform Date => Time coercion on yaml loading. Fixes #266
=== 1.8.18 / 2012-03-11
* 4 bug fixes:
* Use Psych API to emit more compatible YAML
* Download and write inside `gem fetch` directly. Fixes #289
* Honor sysconfdir on 1.8. Fixes #291
* Search everywhere for a spec for `gem spec`. Fixes #288
* Fix Gem.all_load_path. Fixes #171
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/misc/rubygems/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/misc/rubygems/PLIST
cvs rdiff -u -r1.36 -r1.37 pkgsrc/misc/rubygems/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/misc/rubygems/patches/patch-aa
cvs rdiff -u -r1.3 -r1.4 pkgsrc/misc/rubygems/patches/patch-ao
|
Next | Query returned 1 messages, browsing 1 to 10 | previous