cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
138,307 Commits 1 Branch 0 Tags
Commit Graph

390 Commits

Author SHA1 Message Date
jeremy
2a9b1c9854 Make ruby 2.6 the default ruby version 2019-04-29 00:35:58 +00:00
jeremy
6bb2a9dd70 Update to ruby 2.6.3 2019-04-26 15:46:28 +00:00
jeremy
f95e2ed20b Update to ruby 2.4.6 2019-04-03 17:25:25 +00:00
jeremy
ea5b1a22a7 Use upstream patch to fix the following vulnerabilities in rubygems: 
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
 2019-03-15 16:46:41 +00:00
jeremy
147d437975 Update to ruby 2.5.5 
Fixes the following vulnerabilities in rubygems:

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
 2019-03-15 16:45:36 +00:00
jeremy
5245052a1f Update to ruby 2.6.2 
Fixes the following vulnerabilities in rubygems:

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
 2019-03-15 16:44:49 +00:00
jeremy
16da32da5f Update to ruby 2.6.1 2019-02-01 16:24:59 +00:00
jeremy
8b866cfc06 Add support for building ruby 2.6 packages for ruby ports using ruby26 FLAVOR 
While here, fix MODRUBY_SITEDIR and MODRUBY_LIBREV for the
jruby FLAVOR, even though no ports currently use either.
 2019-01-16 17:11:57 +00:00
jeremy
22bd3e0d0a Hookup ruby 2.6.0 2019-01-14 16:18:21 +00:00
jeremy
0d9f363af6 Import ruby 2.6.0 
Help and testing from jca@ and George Koehler
OK jca@
 2019-01-14 16:13:05 +00:00
jeremy
9cc172603d Bump REVISION after ASN1_dup prototype added back to LibreSSL 
Recommended by jca@ and jsing@
 2018-11-30 15:19:07 +00:00
naddy
84174f9106 bump for package path change devel/gmp -> devel/gmp,-main 2018-11-02 18:48:39 +00:00
jeremy
f3bf72cdd7 Send ruby 2.3 to the Attic 2018-10-29 14:40:51 +00:00
jeremy
1a276d60ff Unhook ruby 2.3 2018-10-29 14:38:28 +00:00
jeremy
b6999fd84a Switch the default ruby version from ruby 2.4 to ruby 2.5. Remove 
support for building with ruby 2.3.
 2018-10-26 16:12:24 +00:00
jsing
6ac36c352a Stop pulling in a header (asn1_mac.h) with ancient OpenSSL macro cruft - 
pull in asn1.h directly instead.

ok jeremy@ (a long time ago; committing just in time for removal!)
 2018-10-24 17:07:31 +00:00
jeremy
30db53a5bb Update to ruby 2.5.3 
Fixes CVE-2018-16395 and CVE-2018-16396.

Lots of PLIST changes due to switch from manual PLIST handling to using
make update-plist.
 2018-10-22 14:46:53 +00:00
jeremy
49c98a6d14 Update to ruby 2.4.5 
Fixes CVE-2018-16395 and CVE-2018-16396.

Lots of PLIST changes due to switch from manual PLIST handling to using
make update-plist.
 2018-10-22 14:45:52 +00:00
jeremy
4d9d5324b0 Update to ruby 2.3.8 
Fixes CVE-2018-16395 and CVE-2018-16396.

Lots of PLIST changes due to switch from manual PLIST handling to using
make update-plist.
 2018-10-22 14:44:57 +00:00
jeremy
ee71667ee4 Remove patches added to work around fifo fdlock bug, tests no longer hang 
No bumps as these files are not part of the packages.
 2018-07-04 01:38:05 +00:00
jeremy
9c37b1b669 Add OpenBSD comment to rubygems-ext.PLIST 
Bump ruby gem ext ports as this changes the package.

Requested by espie@
 2018-06-13 22:26:52 +00:00
espie
ad171de161 thinko 2018-05-27 11:37:31 +00:00
espie
9732413348 kill the ^VAR idiom in SUBST_VARS, prefer passing explicit options to 
update-plist (this will allow me to remove some crazy duplicate code
in pkg_add and update-plist)
 2018-05-27 10:56:33 +00:00
jeremy
f374615e17 Update to the latest versions of ruby: 2.5.1, 2.4.4, and 2.3.7. 
This fixes the following CVEs: 2017-17742, 2018-6914, 2018-8777,
2018-8778, 2018-8779, and 2018-8780.

While here, switch HOMEPAGE and MASTER_SITES from http to https,
requested by tj@.
 2018-03-31 21:12:45 +00:00
jeremy
7b3eb6690d Restore missing $OpenBSD$ entry in ri_docs PLIST 
Pointed out by juanfra@
 2018-03-08 15:00:27 +00:00
sthen
23f03b0df4 Better fix. It was actually X509_STORE_get_ex_new_index that we don't 
have, but Ruby was guarding this by a single function check for
X509_STORE_set_ex_data. In most cases they are doing nice checks in
extconf.rb for the exact function so convert to doing the same here.
 2018-02-23 09:54:25 +00:00
sthen
87b689426d quick fix for X509_STORE_set_ex_data to let this package/run; config checking 
sets HAVE_X509_STORE_SET_EX_DATA though we don't actually have it yet, causing
undefined symbol when running ruby as part of "make fake" to generate docs.
 2018-02-22 21:35:11 +00:00
sthen
c8307509d3 unbreak, now we have DH_get0_engine() 2018-02-22 19:36:04 +00:00
jeremy
903b134fc9 Apply upstream patches to fix rubygems security vulnerabilities in 
ruby 2.3, 2.4, and 2.5.
 2018-02-19 02:18:13 +00:00
sthen
24f62d13dc cope with new libressl functions, from jsing 2018-02-18 18:01:02 +00:00
sthen
a534cb5471 regen patch, no other change 2018-02-18 17:53:45 +00:00
jeremy
2d65497162 Move GCC diagnostic pragma outside function call to fix build with GCC 4.2. 
OK landry@
 2018-01-25 14:34:58 +00:00
jeremy
c564a3ccbf Allow use of ruby25 FLAVOR to build ruby 2.5 version of ruby gem ports 
OK jca@
 2018-01-15 23:59:33 +00:00
jeremy
9851a9d4cc Hook ruby 2.5 to the build 2018-01-15 23:58:44 +00:00
jeremy
8b7f661022 Import ruby 2.5.0 
OK jca@
 2018-01-15 23:57:42 +00:00
jeremy
12dbd0fb39 Update to ruby 2.4.3, fixing CVE-2017-17405 and CVE-2017-0903 2017-12-15 16:47:37 +00:00
jeremy
0a67ff4532 Update to ruby 2.3.6, fixing CVE-2017-17405 and CVE-2017-0903 2017-12-15 16:46:52 +00:00
jeremy
bf6889217a Move most shared logic from ruby version-specific Makefiles to Makefile.inc 
Drop the use of RUBYLIBREV, since it is the same as REV since ruby 2.0 and
causes issues with update-plist.

OK tb@
 2017-11-02 10:16:38 +00:00
jeremy
88ca83476b Update DISTNAME in ruby Makefile.inc for newer ruby dist file naming 2017-11-01 10:52:06 +00:00
jeremy
0d435f9083 Remove ruby18.PLIST 
This is not needed now that ruby 1.8 support has been removed.
 2017-11-01 10:09:53 +00:00
jeremy
3b7ec481f8 Switch default ruby version to ruby 2.4 
Also remove ruby 1.8, 2.1, and 2.2 support from ruby.port.mk. This greatly
simplifies a lot of the code.
 2017-11-01 10:09:23 +00:00
jeremy
e3627bfc71 Remove ruby 1.8, 2.1, and 2.2 
All ports that previously required ruby 1.8 have either been removed or
been upgraded to use a newer ruby version or no longer depend on ruby
at all.

Our new ruby support policy is to remove the ruby version if nothing
depends on it 6 months after the version moves from general support
to security-only support upstream.  This applies to both ruby 2.1 and
2.2 currently, so both are being removed.

OK ajacoutot@, sthen@
 2017-11-01 10:05:45 +00:00
jeremy
0c486d2496 Unlink ruby 1.8, 2.1, and 2.2 2017-11-01 10:01:25 +00:00
jeremy
273010916e Backport security fixes from ruby 2.2.8 to ruby 1.8.7. Fixes 
CVE-2017-0898 and CVE-2017-10784.  Regen patches while here.
 2017-09-16 22:54:58 +00:00
jeremy
3edfa2882e Backport security fixes from ruby 2.2.8 to ruby 2.1.9. Fixes 
CVE-2017-14033, CVE-2017-14064, CVE-2017-0898, and CVE-2017-10784.
Regen patches while here.
 2017-09-16 22:52:40 +00:00
jeremy
accc0898b0 Update to ruby 2.2.8. Fixes CVE-2017-14033, CVE-2017-14064, 
CVE-2017-0898, and CVE-2017-10784. Regen patches while here.
 2017-09-16 22:45:26 +00:00
jeremy
2e16c3b2ca Update to ruby 2.3.5. Fixes CVE-2017-14033, CVE-2017-14064, 
CVE-2017-0898, and CVE-2017-10784. Shared lib major bump due to
removed/modified functions.  Regen patches while here.
 2017-09-16 22:43:38 +00:00
jeremy
a5110ece69 Update to ruby 2.4.2. Fixes CVE-2017-14033, CVE-2017-14064, 
CVE-2017-0898, and CVE-2017-10784. Shared lib major bump due to
removed/modified functions.  Regen patches while here.
 2017-09-16 22:42:37 +00:00
jeremy
37eaf6e0da Backport security patch from ruby 2.2 to ruby 2.1. Fixes the following 
security vulnerabilities:

* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
  gem to overwrite arbitrary files.
 2017-09-02 21:32:07 +00:00
jeremy
c5d902d473 Apply security patches provided by ruby-core to fix security issues 
in rubygems for versions still supported upstream (2.2, 2.3, and 2.4).

No CVE numbers, but this fixes the following vulnerabilities:

* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
  gem to overwrite arbitrary files.
 2017-09-02 21:29:47 +00:00