Bug 232435 - lang/ruby24: Update to 2.4.5 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Summary: lang/ruby24: Update to 2.4.5 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Sunpoet Po-Chuan Hsieh
URL:
Keywords: security
Depends on: 232427
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-19 05:49 UTC by Yasuhiro Kimura
Modified: 2018-10-24 18:28 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?


Attachments
patch file (9.34 KB, patch)
2018-10-19 05:49 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2018-10-19 05:49:04 UTC
Created attachment 198349 [details]
patch file

* Update to 2.4.5. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Move USERS upward.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks  ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to  {erb,irb,ri,rub}24.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 commit-hook freebsd_committer 2018-10-20 14:58:34 UTC
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:58:03 UTC 2018
New revision: 482555
URL: https://svnweb.freebsd.org/changeset/ports/482555

Log:
  Update to 2.4.5

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
  PR:		232435
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby24/Makefile
  head/lang/ruby24/distinfo
  head/lang/ruby24/files/patch-configure.in
  head/lang/ruby24/files/patch-ext-openssl-extconf.rb
  head/lang/ruby24/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby24/files/patch-tool_mkconfig.rb
  head/lang/ruby24/pkg-plist
Comment 2 Sunpoet Po-Chuan Hsieh freebsd_committer 2018-10-20 15:00:27 UTC
Committed. Thanks!
Comment 3 commit-hook freebsd_committer 2018-10-24 18:28:26 UTC
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:28:20 UTC 2018
New revision: 482931
URL: https://svnweb.freebsd.org/changeset/ports/482931

Log:
  MFH: r482555

  Update to 2.4.5

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
  PR:		232435
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby24/Makefile
  branches/2018Q4/lang/ruby24/distinfo
  branches/2018Q4/lang/ruby24/files/patch-configure.in
  branches/2018Q4/lang/ruby24/files/patch-ext-openssl-extconf.rb
  branches/2018Q4/lang/ruby24/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby24/files/patch-tool_mkconfig.rb
  branches/2018Q4/lang/ruby24/pkg-plist