This fixes the following CVEs: 2017-17742, 2018-6914, 2018-8777,
2018-8778, 2018-8779, and 2018-8780.
While here, switch HOMEPAGE and MASTER_SITES from http to https,
requested by tj@.
have, but Ruby was guarding this by a single function check for
X509_STORE_set_ex_data. In most cases they are doing nice checks in
extconf.rb for the exact function so convert to doing the same here.
sets HAVE_X509_STORE_SET_EX_DATA though we don't actually have it yet, causing
undefined symbol when running ruby as part of "make fake" to generate docs.
in rubygems for versions still supported upstream (2.2, 2.3, and 2.4).
No CVE numbers, but this fixes the following vulnerabilities:
* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
gem to overwrite arbitrary files.
These directories are needed to that installing a ruby gem ext port and
then remove the ruby package doesn't leave directories around. This is
only a partial fix, the ruby gem ext ports all need a similar fix.
Problem pointed out by and feedback from pirofti@
The previous way was bogus. Use bsd.port.arch.mk to remove
MULTI_PACKAGES instead of having the lack of no_* FLAVOR add them.
Change the no_x11 PSUEDO_FLAVOR to no_tk, since what it does is turn
off the -tk subpackage.
Remove post-install target from Makefile.inc, and use a manually
post-install in every version. This is necessary due to
bsd.port.arch.mk usage.
Noticed by tobiasu@
Guidance from espie@
