Subject: CVS commit: [pkgsrc-2012Q1] pkgsrc/misc/rubygems
From: S.P.Zeidler
Date: 2012-04-22 23:02:19
Message id: 20120422210219.67EB9175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3750 - requested by taca
misc/rubygems: security fix

Revisions pulled up:
- misc/rubygems/Makefile                                        1.47
- misc/rubygems/PLIST                                           1.20
- misc/rubygems/distinfo                                        1.37
- misc/rubygems/patches/patch-aa                                1.12
- misc/rubygems/patches/patch-ao                                1.4

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Apr 22 08:11:54 UTC 2012

   Modified Files:
   	pkgsrc/misc/rubygems: Makefile PLIST distinfo
   	pkgsrc/misc/rubygems/patches: patch-aa patch-ao

   Log Message:
   Update rubygems package to 1.8.23.

   === 1.8.23 / 2012-04-19

   This release increases the security used when RubyGems is talking to
   an https server. If you use a custom RubyGems server over SSL, this
   release will cause RubyGems to no longer connect unless your SSL cert
   is globally valid.

   You can configure SSL certificate usage in RubyGems through the
   :ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
   The recommended way is to set :ssl_ca_cert to the CA certificate for
   your server or a certificate bundle containing your CA certification.

   You may also set :ssl_verify_mode to 0 to completely disable SSL
   certificate checks, but this is not recommended.

   * 2 security fixes:
     * Disallow redirects from https to http
     * Turn on verification of server SSL certs

   * 1 minor feature:
     * Add --clear-sources to fetch

   * 2 bug fixes:
     * Use File.identical? to check if two files are the same.
     * Fixed init_with warning when using psych

   === 1.8.22 / 2012-04-13

   * 4 bug fixes:

     * Workaround for psych/syck YAML date parsing issue
     * Don't trust the encoding of ARGV. Fixes #307
     * Quiet default warnings about missing spec variables
     * Read a binary file properly (windows fix)

   === 1.8.21 / 2012-03-22

   * 2 bug fixes:

     * Add workaround for buggy yaml output from 1.9.2
     * Force 1.9.1 to remove it's prelude code. Fixes #305

   === 1.8.20 / 2012-03-21

   * 4 bug fixes:

     * Add --force to `gem build` to skip validation. Fixes #297
     * Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
     * Treat the source as a proper url base. Fixes #304
     * Warn when updating the specs cache fails. Fixes #300

   === 1.8.19 / 2012-03-14

   * 3 bug fixes:

     * Handle loading psych vs syck properly. Fixes #298
     * Make sure Date objects don't leak in via Marshal
     * Perform Date => Time coercion on yaml loading. Fixes #266

   === 1.8.18 / 2012-03-11

   * 4 bug fixes:

     * Use Psych API to emit more compatible YAML
     * Download and write inside `gem fetch` directly. Fixes #289
     * Honor sysconfdir on 1.8. Fixes #291
     * Search everywhere for a spec for `gem spec`. Fixes #288
     * Fix Gem.all_load_path. Fixes #171

   To generate a diff of this commit:
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/misc/rubygems/Makefile
   cvs rdiff -u -r1.19 -r1.20 pkgsrc/misc/rubygems/PLIST
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/misc/rubygems/distinfo
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/misc/rubygems/patches/patch-aa
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/misc/rubygems/patches/patch-ao

Files:
RevisionActionfile
1.46.2.1modifypkgsrc/misc/rubygems/Makefile
1.19.4.1modifypkgsrc/misc/rubygems/PLIST
1.36.2.1modifypkgsrc/misc/rubygems/distinfo
1.11.6.1modifypkgsrc/misc/rubygems/patches/patch-aa
1.3.10.1modifypkgsrc/misc/rubygems/patches/patch-ao