CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2017/09/02 15:36:55
Modified files:
lang/jruby : Makefile
Added files:
lang/jruby/patches:
patch-lib_ruby_stdlib_rubygems_commands_open_command_rb
patch-lib_ruby_stdlib_rubygems_commands_query_command_rb
patch-lib_ruby_stdlib_rubygems_commands_sources_command_rb
patch-lib_ruby_stdlib_rubygems_dependency_list_rb
patch-lib_ruby_stdlib_rubygems_installer_rb
patch-lib_ruby_stdlib_rubygems_platform_rb
patch-lib_ruby_stdlib_rubygems_rb
patch-lib_ruby_stdlib_rubygems_remote_fetcher_rb
patch-lib_ruby_stdlib_rubygems_specification_rb
patch-lib_ruby_stdlib_rubygems_test_case_rb
patch-lib_ruby_stdlib_rubygems_text_rb
Log message:
Apply security patches in rubygems 2.6.13 to JRuby, based on the
upstream patch provided by ruby-core for ruby 2.4.
No CVE numbers, but this fixes the following vulnerabilities:
* Fix a DNS request hijacking vulnerability.
* Fix an ANSI escape sequence vulnerability.
* Fix a DOS vulernerability in the query command.
* Fix a vulnerability in the gem installer that allowed a malicious
gem to overwrite arbitrary files.
