pkgsrc.se | The NetBSD package collection

./lang/ruby, Wrapper package for Ruby programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.2.4, Package name: ruby-3.2.4, Maintainer: taca

This package is a wrapper for specific releases of the Ruby
programming language, providing commands (ruby, irb, ...) without
any release number information.

The actual Ruby programming language is provided by packages with
release numbers, like ruby16 or ruby18.

No package should depend on this package directly.

Required to run:
[lang/ruby26-base]

Required to build:
[pkgtools/cwrappers]

Version history: (Expand)

(2024-04-25) Updated to version: ruby-3.2.4
(2024-02-10) Updated to version: ruby-3.2.3
(2023-04-01) Updated to version: ruby-3.1.4
(2022-11-26) Updated to version: ruby-3.1.3
(2022-10-11) Updated to version: ruby-3.1.2nb1
(2022-09-10) Updated to version: ruby-2.7.6nb1

CVS history: (Expand)

2024-04-28 15:03:00 by Thomas Klausner | Files touched by this commit (1)

Log message:
ruby: remove two dead master sites

2024-04-25 17:12:05 by Takahiro Kambe | Files touched by this commit (7) | Package updated

Log message:
lang/ruby33: update to 3.3.1

This is security release.  Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.3.0nb1.

3.3.1 (2024-04-23)

* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
  search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

2024-04-25 17:06:11 by Takahiro Kambe | Files touched by this commit (5) | Package updated

Log message:
lang/ruby32-base: update to 3.2.4

This is security release.  Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.2.3nb3.

3.2.4 (2024-04-23)

* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
  search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
* CVE-2024-27280: Buffer overread vulnerability in StringIO

2024-04-25 16:51:54 by Takahiro Kambe | Files touched by this commit (10) | Package updated

Log message:
lang/ruby31-base: update to 3.1.5

This is security release.  Note CVE-2024-27280 and CVE-2024-27281 were
already fixed by ruby31-base-3.1.4nb3.

3.1.5 (2024-04-23)

Security release.

* CVE-2024-27282: Arbitrary memory address read vulnerability with Regex
  search
* CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
* CVE-2024-27280: Buffer overread vulnerability in StringIO

2024-03-23 16:15:52 by Takahiro Kambe | Files touched by this commit (5)

Log message:
lang/ruby33: fix CVE-2024-27281

Update rdoc to 6.6.3.1 to fix for CVE-2024-27281.

Bump PKGREVISION.

2024-03-23 15:47:13 by Takahiro Kambe | Files touched by this commit (5)

Log message:
lang/ruby32-base: fix CVE-2024-27281

Update rdoc to 6.5.1.1 to fix for CVE-2024-27281.

Bump PKGREVISION.

2024-03-23 15:28:48 by Takahiro Kambe | Files touched by this commit (7)

Log message:
lang/ruby31-base: fix CVE-2024-27280 and CVE-2024-27281

Update rdoc to 6.4.1.1 to fix for CVE-2024-27281.
Update stringio to 3.0.1.2 to fix for CVE-2024-27280.

Bump PKGREVISION.

2024-02-24 15:55:27 by Takahiro Kambe | Files touched by this commit (15) | Package updated

Log message:
www/ruby-rails71: update to 7.1.3.2

Update Ruby on Rails 7.1 and related pacakges to 7.1.3.2
This includes security fix:

	CVE-2024-26142 for www/ruby-actionpack71
	CVE-2024-26143 for www/ruby-actionpack71

Action Pack

* Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

* Fix ReDoS in Accept header parsing

  CVE-2024-26142