Bug 232438 - lang/ruby23: Update to 2.3.8 (fixes CVE-2018-1639[56]) and etc
Summary: lang/ruby23: Update to 2.3.8 (fixes CVE-2018-1639[56]) and etc
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Po-Chuan Hsieh
URL:
Keywords:
Depends on: 232427
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-19 07:30 UTC by Yasuhiro Kimura
Modified: 2018-10-24 18:37 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?

Attachments
patch file (8.89 KB, patch)
2018-10-19 07:30 UTC, Yasuhiro Kimura 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 07:30:34 UTC 
Created attachment 198352 [details]
patch file

* Update to 2.4.8. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Reorder variable definitions in Makefile.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to {erb,irb,ri,rub}23.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2018-10-19 07:48:51 UTC 
(In reply to Yasuhiro KIMURA from comment #0)

> * Update to 2.4.8. It fixes following vulnerabilities

Typo. It should be 2.3.8.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-10-20 14:59:37 UTC 
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:58:39 UTC 2018
New revision: 482556
URL: https://svnweb.freebsd.org/changeset/ports/482556

Log:
  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby23/Makefile
  head/lang/ruby23/distinfo
  head/lang/ruby23/files/patch-configure.in
  head/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby23/files/patch-thread__pthread.c
  head/lang/ruby23/pkg-plist
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-10-20 15:00:32 UTC 
Committed. Thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-10-24 18:37:35 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:37:01 UTC 2018
New revision: 482932
URL: https://svnweb.freebsd.org/changeset/ports/482932

Log:
  MFH: r482556

  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby23/Makefile
  branches/2018Q4/lang/ruby23/distinfo
  branches/2018Q4/lang/ruby23/files/patch-configure.in
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby23/files/patch-thread__pthread.c
  branches/2018Q4/lang/ruby23/pkg-plist