Bug 232438 - lang/ruby23: Update to 2.3.8 (fixes CVE-2018-1639[56]) and etc
Summary: lang/ruby23: Update to 2.3.8 (fixes CVE-2018-1639[56]) and etc
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Sunpoet Po-Chuan Hsieh
URL:
Keywords:
Depends on: 232427
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-19 07:30 UTC by Yasuhiro Kimura
Modified: 2018-10-24 18:37 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ruby)
yasu: merge-quarterly?


Attachments
patch file (8.89 KB, patch)
2018-10-19 07:30 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2018-10-19 07:30:34 UTC
Created attachment 198352 [details]
patch file

* Update to 2.4.8. It fixes following vulnerabilities.
  - CVE-2018-16395
  - CVE-2018-16396
* To fix portlint warnings,
  - Reorder variable definitions in Makefile.
  - Regenerate patch by 'make makepatch'.
* Stop using obsolete MLINKS and do what is really expected.
  - When this port is default ruby version, create symlinks ${MANPREFIX}/man/man1/{erb,irb,ri,rub}.1.gz that point to {erb,irb,ri,rub}23.1.gz.
* Sort INSTALLED_SCRIPTS.

Bug #232427 adds entry to VuXML that describe vulnerabilities fixed with this version. So please commit it together.
Comment 1 Yasuhiro Kimura 2018-10-19 07:48:51 UTC
(In reply to Yasuhiro KIMURA from comment #0)

> * Update to 2.4.8. It fixes following vulnerabilities

Typo. It should be 2.3.8.
Comment 2 commit-hook freebsd_committer 2018-10-20 14:59:37 UTC
A commit references this bug:

Author: sunpoet
Date: Sat Oct 20 14:58:39 UTC 2018
New revision: 482556
URL: https://svnweb.freebsd.org/changeset/ports/482556

Log:
  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06
  MFH:		2018Q4

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby23/Makefile
  head/lang/ruby23/distinfo
  head/lang/ruby23/files/patch-configure.in
  head/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  head/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby23/files/patch-thread__pthread.c
  head/lang/ruby23/pkg-plist
Comment 3 Sunpoet Po-Chuan Hsieh freebsd_committer 2018-10-20 15:00:32 UTC
Committed. Thanks!
Comment 4 commit-hook freebsd_committer 2018-10-24 18:37:35 UTC
A commit references this bug:

Author: sunpoet
Date: Wed Oct 24 18:37:01 UTC 2018
New revision: 482932
URL: https://svnweb.freebsd.org/changeset/ports/482932

Log:
  MFH: r482556

  Update to 2.3.8

  - Move BROKEN_* upward
  - Move USES upward
  - Remove no-op MLINKS and create symlinks for manpages
  - Sort INSTALLED_SCRIPTS
  - Regenerate patch files with makepatch:

  Changes:	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
  PR:		232438
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	afc60484-0652-440e-b01a-5ef814747f06

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q4/
  branches/2018Q4/Mk/bsd.ruby.mk
  branches/2018Q4/lang/ruby23/Makefile
  branches/2018Q4/lang/ruby23/distinfo
  branches/2018Q4/lang/ruby23/files/patch-configure.in
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json__index.rb
  branches/2018Q4/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  branches/2018Q4/lang/ruby23/files/patch-thread__pthread.c
  branches/2018Q4/lang/ruby23/pkg-plist