Bug 232435 - lang/ruby24: Update to 2.4.5 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Summary: lang/ruby24: Update to 2.4.5 (Fixes multiple vulnerabilities: CVE-2018-1639[56])
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Po-Chuan Hsieh
URL:
Keywords: security
Depends on: 232427
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-19 05:49 UTC by Yasuhiro Kimura
Modified: 2018-10-24 18:28 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?

Attachments
patch file (9.34 KB, patch)
2018-10-19 05:49 UTC, Yasuhiro Kimura 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 05:49:04 UTC 
Created attachment 198349 [details]
patch file

* Update to 2.4.5. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Move USERS upward.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks  ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to  {erb,irb,ri,rub}24.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-10-20 14:58:34 UTC 
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:58:03 UTC 2018
New revision: 482555
URL: https://svnweb.freebsd.org/changeset/ports/482555

Log:
  Update to 2.4.5

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
  PR:		232435
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby24/Makefile
  head/lang/ruby24/distinfo
  head/lang/ruby24/files/patch-configure.in
  head/lang/ruby24/files/patch-ext-openssl-extconf.rb
  head/lang/ruby24/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby24/files/patch-tool_mkconfig.rb
  head/lang/ruby24/pkg-plist
Comment 2 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-10-20 15:00:27 UTC 
Committed. Thanks!
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-10-24 18:28:26 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:28:20 UTC 2018
New revision: 482931
URL: https://svnweb.freebsd.org/changeset/ports/482931

Log:
  MFH: r482555

  Update to 2.4.5

  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
  PR:		232435
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby24/Makefile
  branches/2018Q4/lang/ruby24/distinfo
  branches/2018Q4/lang/ruby24/files/patch-configure.in
  branches/2018Q4/lang/ruby24/files/patch-ext-openssl-extconf.rb
  branches/2018Q4/lang/ruby24/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby24/files/patch-tool_mkconfig.rb
  branches/2018Q4/lang/ruby24/pkg-plist