The NetBSD Project

CVS log for pkgsrc/lang/ruby25-base/Attic/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / ruby25-base

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.14.4.1 / (download) - annotate - [select for diffs], Thu Apr 15 07:04:00 2021 UTC (2 years, 11 months ago) by bsiegert
Branch: pkgsrc-2021Q1
Changes since 1.14: +5 -6 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #6442 - requested by taca
lang/ruby25-base: security fix

(via patch)

--
  Ruby 2.5.9 has been released.

  This release includes security fixes.  Please check the topics below
  for details.

  * CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
    WEBrick
  * CVE-2021-28965: XML round-trip vulnerability in REXML

  See the commit logs for details.

  After this release, Ruby 2.5 reaches EOL.  In other words, this is the
  last release of Ruby 2.5 series.  We will not release Ruby 2.5.10 even
  if a security vulnerability is found.  We recommend all Ruby 2.5 users
  to upgrade to Ruby 3.0, 2.7 or 2.6 immediately.
--

Revision 1.15, Thu Apr 1 14:07:06 2021 UTC (3 years ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.14: +1 -1 lines
FILE REMOVED

lang/ruby25-base: remove package

Remove ruby25-base package since it became EOL, date: 2021-03-31.

Revision 1.13.4.1 / (download) - annotate - [select for diffs], Wed Oct 21 20:02:44 2020 UTC (3 years, 5 months ago) by spz
Branch: pkgsrc-2020Q3
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)

Pullup ticket #6338 - requested by taca
lang/ruby25-base: security patch

Revisions pulled up:
- lang/ruby25-base/Makefile                                     1.17
- lang/ruby25-base/distinfo                                     1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb     1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Oct  4 03:45:26 UTC 2020

   Modified Files:
   	pkgsrc/lang/ruby25-base: Makefile distinfo
   Added Files:
   	pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb

   Log Message:
   lang/ruby25-base: Add fix for CVE-2020-25613

   Add fix for CVE-2020-25613.

   Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb

Revision 1.14 / (download) - annotate - [select for diffs], Sun Oct 4 03:45:26 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Branch point for: pkgsrc-2021Q1
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)

lang/ruby25-base: Add fix for CVE-2020-25613

Add fix for CVE-2020-25613.

Bump PKGREVISION.

Revision 1.12.2.1 / (download) - annotate - [select for diffs], Tue Apr 28 16:16:24 2020 UTC (3 years, 11 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)

Pullup ticket #6166 - requested by taca
lang/ruby25-base: security fix

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.220
- lang/ruby25-base/Makefile                                     1.16
- lang/ruby25-base/PLIST                                        1.4
- lang/ruby25-base/distinfo                                     1.13

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Apr  1 15:25:26 UTC 2020

   Modified Files:
   	pkgsrc/lang/ruby: rubyversion.mk
   	pkgsrc/lang/ruby25-base: Makefile PLIST distinfo

   Log Message:
   lang/ruby25-base: update to 2.5.8

   Update ruby25-base (and ruby25) to 2.5.8.

   2.5.8 (2020-03-31)

   This release includes security fixes. Please check the topics below for
   details.

   * CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
     fix)
   * CVE-2020-10933: Heap exposure vulnerability in the socket library

Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 1 15:25:26 2020 UTC (4 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Branch point for: pkgsrc-2020Q3
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored)

lang/ruby25-base: update to 2.5.8

Update ruby25-base (and ruby25) to 2.5.8.


2.5.8 (2020-03-31)

This release includes security fixes. Please check the topics below for
details.

* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
  fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sat Oct 5 19:46:45 2019 UTC (4 years, 6 months ago) by bsiegert
Branch: pkgsrc-2019Q3
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)

Pullup ticket #6065 - requested by taca
lang/ruby25-base: security fix

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.210
- lang/ruby25-base/Makefile                                     1.10
- lang/ruby25-base/distinfo                                     1.12
- lang/ruby25/Makefile                                          1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct  2 13:39:53 UTC 2019

   Modified Files:
   	pkgsrc/lang/ruby: rubyversion.mk
   	pkgsrc/lang/ruby25: Makefile
   	pkgsrc/lang/ruby25-base: Makefile distinfo

   Log Message:
   lang/ruby25: update to 2.5.7

   Update ruby25-base, ruby25 and ruby25-mode packges to 2.5.7.

   pkgsrc chagnes

   * fix warnings of pkglint.

   Quote from release announce:

   Ruby 2.5.7 (2019-10-01)

   This release includes security fixes as listed below. Please check the
   topics below for details.

   * CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
   * CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
   * CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
     File.fnmatch?
   * CVE-2019-16201: Regular Expression Denial of Service vulnerability of
     WEBrick's Digest access authentication

Revision 1.12 / (download) - annotate - [select for diffs], Wed Oct 2 13:39:53 2019 UTC (4 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Branch point for: pkgsrc-2020Q1
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

lang/ruby25: update to 2.5.7

Update ruby25-base, ruby25 and ruby25-mode packges to 2.5.7.

pkgsrc chagnes

* fix warnings of pkglint.

Quote from release announce:

Ruby 2.5.7 (2019-10-01)

This release includes security fixes as listed below. Please check the
topics below for details.

* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
  File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of
  WEBrick's Digest access authentication

Revision 1.10.4.1 / (download) - annotate - [select for diffs], Thu Sep 5 10:32:49 2019 UTC (4 years, 7 months ago) by bsiegert
Branch: pkgsrc-2019Q2
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)

Pullup ticket #6039 - requested by taca
lang/ruby25-base: security fix

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.207
- lang/ruby25-base/PLIST                                        1.3
- lang/ruby25-base/distinfo                                     1.11

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 28 14:12:22 UTC 2019

   Modified Files:
   	pkgsrc/lang/ruby: rubyversion.mk
   	pkgsrc/lang/ruby25-base: PLIST distinfo

   Log Message:
   lang/ruby25: update to 2.5.6

   Update ruby25-base/ruby25 to 2.5.6.

   Ruby 2.5.6 (2019-08-28)

   Ruby 2.5.6 has been released.

   This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.

   	* Multiple jQuery vulnerabilities in RDoc

   See the commit log for details.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Aug 28 14:12:21 2019 UTC (4 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base
Branch point for: pkgsrc-2019Q3
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)

lang/ruby25: update to 2.5.6

Update ruby25-base/ruby25 to 2.5.6.

Ruby 2.5.6 (2019-08-28)

Ruby 2.5.6 has been released.

This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.

	* Multiple jQuery vulnerabilities in RDoc

See the commit log for details.

Revision 1.10 / (download) - annotate - [select for diffs], Sat Mar 16 14:34:56 2019 UTC (5 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Branch point for: pkgsrc-2019Q2
Changes since 1.9: +5 -9 lines
Diff to previous 1.9 (colored)

lang/ruby25-base: updateo to 2.5.5

Update ruby25{,-base} to 2.5.5.

Quote from release announce:

Ruby 2.5.4 (2019-03-13)

This release includes bug fixes and a security update of the bundled
RubyGems. See details in Multiple vulnerabilities in RubyGems and the commit
logs.

Ruby 2.5.5 (2019-03-15)

This release includes a bug fix for the deadlock in the
multi-thread+multi-process (using Process.fork) applications (ex: puma).

Revision 1.9 / (download) - annotate - [select for diffs], Tue Mar 12 04:22:34 2019 UTC (5 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.8: +5 -1 lines
Diff to previous 1.8 (colored)

lang/ruby25-base: Add security patch for rubygems

Add security patch for rubygems, fixing these problem.

* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors

https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

Since original patch included in official announce dose not cleanly applied to
Ruby 2.5.3, use a local version which drop patch to none existing test.

Bump PKGREVISION.

Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 3 05:19:03 2019 UTC (5 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored)

lang/ruby: switch to use distfiles in '.xz' format

Switch to use distfiles in '.xz' format.

Revision 1.6.6.1 / (download) - annotate - [select for diffs], Mon Oct 29 17:25:26 2018 UTC (5 years, 5 months ago) by spz
Branch: pkgsrc-2018Q3
Changes since 1.6: +5 -5 lines
Diff to previous 1.6 (colored) next main 1.7 (colored)

Pullup ticket #5865 - requested by taca
lang/ruby: security update
lang/ruby25-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.197
- lang/ruby25-base/distinfo                                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Oct 18 14:21:36 UTC 2018

   Modified Files:
   	pkgsrc/lang/ruby: rubyversion.mk
   	pkgsrc/lang/ruby25-base: distinfo

   Log Message:
   lang/ruby25-base: update to 2.5.3

   Ruby 2.5.2 Released

   Ruby 2.5.2 has been released.

   This release includes some bug fixes and some security fixes.

   * CVE-2018-16396: Tainted flags are not propagated in Array#pack and
     String#unpack with some directives

   * CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
     There are also some bug fixes. See commit logs for more details.

   Ruby 2.5.3 Released

   Ruby 2.5.3 has been released.

   There were some missing files in the release packages of 2.5.2 which are
   necessary for building. See details in [Bug #15232].

   This release is just for fixing the packaging issue. This release doesnĘŰ
   contain any additional bug fixes from 2.5.2.


   To generate a diff of this commit:
   cvs rdiff -u -r1.196 -r1.197 pkgsrc/lang/ruby/rubyversion.mk
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby25-base/distinfo

Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 18 14:21:36 2018 UTC (5 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.6: +5 -5 lines
Diff to previous 1.6 (colored)

lang/ruby25-base: update to 2.5.3

Ruby 2.5.2 Released

Ruby 2.5.2 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
  There are also some bug fixes. See commit logs for more details.


Ruby 2.5.3 Released

Ruby 2.5.3 has been released.

There were some missing files in the release packages of 2.5.2 which are
necessary for building. See details in [Bug #15232].

This release is just for fixing the packaging issue. This release doesn„ŗ—’
contain any additional bug fixes from 2.5.2.

Revision 1.6 / (download) - annotate - [select for diffs], Thu Mar 29 03:06:57 2018 UTC (6 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Branch point for: pkgsrc-2018Q3
Changes since 1.5: +5 -9 lines
Diff to previous 1.5 (colored)

lang/ruby25-base: update to 2.5.1, security release

Ruby 2.5.1 Released				Posted by naruse on 28 Mar 2018

Ruby 2.5.1 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
  traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
  UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems

There are also some bug fixes. See commit logs for more details.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Feb 19 16:47:17 2018 UTC (6 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.4: +5 -1 lines
Diff to previous 1.4 (colored)

lang/ruby25-base: rubygem security fix

Add an patch to fix security problem of rubygems.

Bump PKGREVISION.

Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 26 13:25:29 2018 UTC (6 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

ruby25-base: Put -std= in CFLAGS not CPPFLAGS.  Bump PKGREVISION.

Revision 1.3 / (download) - annotate - [select for diffs], Wed Jan 17 11:19:46 2018 UTC (6 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

ruby25-base: Fix build and install on Darwin.

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jan 16 14:53:28 2018 UTC (6 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

ruby*-base: Don't add SSP flags, leave that to pkgsrc.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 8 14:19:06 2018 UTC (6 years, 3 months ago) by taca
Branch: MAIN

lang/ruby25-base: add ruby25-base 2.5.0

Ruby 2.5.0 is the first stable release of the Ruby 2.5 series. It introduces
many new features and performance improvements. The notable changes are as
follows:

o New Features

* rescue/else/ensure are now allowed to be used directly with do/end
  blocks. [Feature #12906]
* Add yield_self to yield given block in its context. Unlike tap, it returns
  the result of the block. [Feature #6721]
* Support branch coverage and method coverage measurement. The branch coverage
  indicates which branches are executed and which are not. The method coverage
  indicates which methods are invoked and which are not. By running a test
  suite with these new features, you will know which branches and methods are
  executed, and evaluate total coverage of the test suite more
  strictly. [Feature #13901]
* Hash#slice [Feature #8499] and Hash#transform_keys [Feature #13583]
* Struct.new can create classes that accept keyword arguments. [Feature
  #11925]
* Enumerable#any?, all?, none?, and one? accept a pattern argument. [Feature
  #11286]
* Top-level constant look-up is no longer available. [Feature #11547]
* One of our most loved libraries, pp.rb, is now automatically loaded. You no
  longer have to write require "pp". [Feature #14123]
* Print backtrace and error message in reverse order (oldest call first, most
  recent call last). When a long backtrace appears on your terminal (TTY), you
  can easily find the cause line at the bottom of the backtrace. Note that the
  order is reversed only when the backtrace is printed out to the terminal
  directly. [Feature #8661] [experimental]

o Performance improvements

* About 5-10% performance improvement by removing all trace instructions from
  overall bytecode (instruction sequences). The trace instruction was added to
  support the TracePoint. However, in most cases, TracePoint is not used and
  trace instructions are pure overhead. Instead, now we use a dynamic
  instrumentation technique. See [Feature #14104] for more details.
* Block passing by a block parameter (e.g. def foo(&b); bar(&b); end) is about
  3 times faster than Ruby 2.4 by „ŗ◊≠azy Proc allocation„ŗtechnique. [Feature
  #14045]
* Mutex is rewritten to be smaller and faster. [Feature #13517]
* ERB now generates code from a template twice as fast as Ruby 2.4.
* Improve performance of some built-in methods including Array#concat,
  Enumerable#sort_by, String#concat, String#index, Time#+, and more.
* IO.copy_stream uses copy_file_range(2) to copy offload. [Feature #13867]

o Other notable changes since 2.4

* SecureRandom now prefers OS-provided sources over OpenSSL. [Bug #9569]
* Promote cmath, csv, date, dbm, etc, fcntl, fiddle, fileutils, gdbm, ipaddr,
  scanf, sdbm, stringio, strscan, webrick, zlib from standard libraries to
  default gems.
* Update to Onigmo 6.1.3.
  - It adds the absence operator.
  - Note that Ruby 2.4.1 also includes this change.
* Update to Psych 3.0.2.
* Update to RubyGems 2.7.3.
* Update to RDoc 6.0.1.
  - Switch the lexer from IRB based one to Ripper. This dramatically improves
    the performance of document generation.
  - Fix a significant amount of bugs that existed over ten years.
  - Add support for new Ruby syntax from the latest versions.
* Update supported Unicode version to 10.0.0.
* Thread.report_on_exception is now set to true by default. This change helps
  debugging of multi-threaded programs. [Feature #14143]
* IO#write now receives multiple arguments. [Feature #9323]

See NEWS or commit logs for details.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>