This fixes the following CVEs: 2017-17742, 2018-6914, 2018-8777,
2018-8778, 2018-8779, and 2018-8780.
While here, switch HOMEPAGE and MASTER_SITES from http to https,
requested by tj@.
have, but Ruby was guarding this by a single function check for
X509_STORE_set_ex_data. In most cases they are doing nice checks in
extconf.rb for the exact function so convert to doing the same here.
sets HAVE_X509_STORE_SET_EX_DATA though we don't actually have it yet, causing
undefined symbol when running ruby as part of "make fake" to generate docs.
All ports that previously required ruby 1.8 have either been removed or
been upgraded to use a newer ruby version or no longer depend on ruby
at all.
Our new ruby support policy is to remove the ruby version if nothing
depends on it 6 months after the version moves from general support
to security-only support upstream. This applies to both ruby 2.1 and
2.2 currently, so both are being removed.
OK ajacoutot@, sthen@
security vulnerabilities:
* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
gem to overwrite arbitrary files.
in rubygems for versions still supported upstream (2.2, 2.3, and 2.4).
No CVE numbers, but this fixes the following vulnerabilities:
* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
gem to overwrite arbitrary files.
This adds support for FLAVOR=ruby24 to most ruby gem ports, to
allow building of a package for ruby 2.4.
Additionally, refactor ruby.port.mk to reduce duplication and make
future updates simpler.
OK jasper@
This is needed so that the packages do not leave around the directories
when they are removed.
This requires bumping all ruby gem ext ports, which will happen shortly.
Problem discovered by pirofti@
These directories are needed to that installing a ruby gem ext port and
then remove the ruby package doesn't leave directories around. This is
only a partial fix, the ruby gem ext ports all need a similar fix.
Problem pointed out by and feedback from pirofti@
