Bug 232438

Summary: lang/ruby23: Update to 2.3.8 (fixes CVE-2018-1639[56]) and etc
Product: Ports & Packages Reporter: Yasuhiro Kimura <yasu>
Component: Individual Port(s)Assignee: Po-Chuan Hsieh <sunpoet>
Status: Closed FIXED    
Severity: Affects Many People CC: yasu
Priority: --- Flags: bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on: 232427    
Bug Blocks:    
Attachments:
Description Flags
patch file none

Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 07:30:34 UTC 
Created attachment 198352 [details]
patch file

* Update to 2.4.8. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Reorder variable definitions in Makefile.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to {erb,irb,ri,rub}23.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 07:48:51 UTC 
(In reply to Yasuhiro KIMURA from comment #0)

> * Update to 2.4.8. It fixes following vulnerabilities

Typo. It should be 2.3.8.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-10-20 14:59:37 UTC 
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:58:39 UTC 2018
New revision: 482556
URL: https://svnweb.freebsd.org/changeset/ports/482556

Log:
  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby23/Makefile
  head/lang/ruby23/distinfo
  head/lang/ruby23/files/patch-configure.in
  head/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby23/files/patch-thread__pthread.c
  head/lang/ruby23/pkg-plist
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-10-20 15:00:32 UTC 
Committed. Thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-10-24 18:37:35 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:37:01 UTC 2018
New revision: 482932
URL: https://svnweb.freebsd.org/changeset/ports/482932

Log:
  MFH: r482556

  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby23/Makefile
  branches/2018Q4/lang/ruby23/distinfo
  branches/2018Q4/lang/ruby23/files/patch-configure.in
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby23/files/patch-thread__pthread.c
  branches/2018Q4/lang/ruby23/pkg-plist