Log message:
lang/ruby24-base: update to 2.4.7

2.4.7 (2019-08-28)

Ruby 2.4.7 has been released.

This release includes a security fix. Please check the topics below for
details.

* Multiple jQuery vulnerabilities in RDoc

Ruby 2.4 is now under the state of the security maintenance phase, until
the end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 2.6 or 2.5.

Log message:
lang/ruby24-base: update to 2.4.6

* vulnerabilities of rubygems are already fixed in 2.4.5nb1.

Ruby 2.4.6 Released					1 Apr 2019

Ruby 2.4.6 has been released.

This release includes about 20 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.

	* Multiple vulnerabilities in RubyGems

See the commit log for details.

After this release, we will end the normal maintenance phase of Ruby 2.4, and
start the security maintenance phase of it.  This means that after the release
of 2.4.6 we will never backport any bug fixes to 2.4 except security fixes.
The term of the security maintenance phase is scheduled for 1 year.  By the
end of this term, official support of Ruby 2.4 will be over.  Therefore, we
recommend that you start planning to upgrade to Ruby 2.6 or 2.5.

Log message:
lang/ruby24-base: really bump PKGREVISION

Oops, really bump PKGREVISION.

Log message:
lang/ruby24-base: Add security patch for rubygems

Add security patch for rubygems, fixing these problem.

* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors

https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

Since original patch included in official announce dose not cleanly applied to
Ruby 2.4.5, use a local version which drop patch to none existing test.

Bump PKGREVISION.

Log message:
apply the gcc6.5 and arm64 hack to gcc [67].*.  fixes arm64 builds on gcc7.

Log message:
lang/ruby: switch to use distfiles in '.xz' format

Switch to use distfiles in '.xz' format.

Log message:
ruby does not like -fomit-frame-pointer on NetBSD/aarch64

Log message:
lang/ruby24-base: update to 2.4.5

Ruby 2.4.5 Released

Ruby 2.4.5 has been released.

This release includes about 40 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
  See the commit logs for details.

Log message:
*: Add some required USE_GCC_RUNTIME.

Log message:
lang/ruby24-base: update to 2.4.4, security release

Ruby 2.4.4 Released			Posted by nagachika on 28 Mar 2018

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
  traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
  UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

There are also some bug fixes. See commit logs for more details.