Bug 232431 - lang/ruby25: Update to 2.5.3 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Summary: lang/ruby25: Update to 2.5.3 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Sunpoet Po-Chuan Hsieh
URL:
Keywords: security
Depends on: 232427
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-19 03:13 UTC by Yasuhiro Kimura
Modified: 2018-10-24 18:09 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?


Attachments
patch file (9.29 KB, patch)
2018-10-19 03:13 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2018-10-19 03:13:27 UTC
Created attachment 198346 [details]
patch file

* Update to 2.5.3. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Move USERS upward.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks  ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to  {erb,irb,ri,rub}25.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 commit-hook freebsd_committer 2018-10-20 14:58:32 UTC
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:57:35 UTC 2018
New revision: 482554
URL: https://svnweb.freebsd.org/changeset/ports/482554

Log:
  Update to 2.5.3

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/18/ruby-2-5-3-released/
  		https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
  PR:		232431
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby25/Makefile
  head/lang/ruby25/distinfo
  head/lang/ruby25/files/patch-configure.ac
  head/lang/ruby25/files/patch-ext-openssl-extconf.rb
  head/lang/ruby25/files/patch-lib_mkmf.rb
  head/lang/ruby25/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby25/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby25/files/patch-tool_mkconfig.rb
  head/lang/ruby25/pkg-plist
Comment 2 Sunpoet Po-Chuan Hsieh freebsd_committer 2018-10-20 15:00:24 UTC
Committed. Thanks!
Comment 3 commit-hook freebsd_committer 2018-10-24 18:09:06 UTC
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:08:55 UTC 2018
New revision: 482929
URL: https://svnweb.freebsd.org/changeset/ports/482929

Log:
  MFH: r482554

  Update to 2.5.3

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/18/ruby-2-5-3-released/
  		https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
  PR:		232431
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby25/Makefile
  branches/2018Q4/lang/ruby25/distinfo
  branches/2018Q4/lang/ruby25/files/patch-configure.ac
  branches/2018Q4/lang/ruby25/files/patch-ext-openssl-extconf.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_mkmf.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby25/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby25/files/patch-tool_mkconfig.rb
  branches/2018Q4/lang/ruby25/pkg-plist