Bug 232431

Summary: lang/ruby25: Update to 2.5.3 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Product: Ports & Packages Reporter: Yasuhiro Kimura <yasu>
Component: Individual Port(s)Assignee: Po-Chuan Hsieh <sunpoet>
Status: Closed FIXED    
Severity: Affects Many People CC: ports-secteam, yasu
Priority: Normal Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?
Hardware: Any   
OS: Any   
Bug Depends on: 232427    
Bug Blocks:    
Attachments:
Description Flags
patch file none

Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 03:13:27 UTC 
Created attachment 198346 [details]
patch file

* Update to 2.5.3. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Move USERS upward.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks  ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to  {erb,irb,ri,rub}25.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-10-20 14:58:32 UTC 
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:57:35 UTC 2018
New revision: 482554
URL: https://svnweb.freebsd.org/changeset/ports/482554

Log:
  Update to 2.5.3

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/18/ruby-2-5-3-released/
  		https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
  PR:		232431
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby25/Makefile
  head/lang/ruby25/distinfo
  head/lang/ruby25/files/patch-configure.ac
  head/lang/ruby25/files/patch-ext-openssl-extconf.rb
  head/lang/ruby25/files/patch-lib_mkmf.rb
  head/lang/ruby25/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby25/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby25/files/patch-tool_mkconfig.rb
  head/lang/ruby25/pkg-plist
Comment 2 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-10-20 15:00:24 UTC 
Committed. Thanks!
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-10-24 18:09:06 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:08:55 UTC 2018
New revision: 482929
URL: https://svnweb.freebsd.org/changeset/ports/482929

Log:
  MFH: r482554

  Update to 2.5.3

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/18/ruby-2-5-3-released/
  		https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
  PR:		232431
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby25/Makefile
  branches/2018Q4/lang/ruby25/distinfo
  branches/2018Q4/lang/ruby25/files/patch-configure.ac
  branches/2018Q4/lang/ruby25/files/patch-ext-openssl-extconf.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_mkmf.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby25/files/patch-tool_mkconfig.rb
  branches/2018Q4/lang/ruby25/pkg-plist