[I am sending this directly in the belief that it may be affecting other ruby20 users as well as myself; if you prefer I open a PR in- stead of emailing you directly, just let me know.]
I am experiencing some odd behavior with "pkg audit" and the ruby20 port. I had version 2.0.0.645,1 of the port installed and "pkg audit" did not complain about it. However, the port was recently updated to 2.0.0.647,1 and portupgrade refuses to install that version, claiming it is affected by CVE-2015-1855. I have "DEFAULT_VERSIONS+=ruby=2.0" in /etc/make.conf as directed in an UPDATING entry of some time ago. This would seem to be the opposite of the desired effect, as both the vuln.xml cite and the Ruby news here: https://www.ruby-lang.org/en/news/2015/08/18/ruby-2-0-0-p647-released/ claim that 645 is vulnerable and 647 isn't. I tried to see what was going on, in the hope of submitting a patch instead of just reporting the issue, but became mired in the complex- ity of the ruby meta-port, bsd.ruby.mk, etc. Thanks, Terry Kennedy http://www.tmk.com [email protected] New York, NY USA _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ruby To unsubscribe, send any mail to "[email protected]"
