This updates Ruby 4.0 to the latest release. Release announcement at https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
This fixes CVE-2026-41316, so it should be backported to -stable after the 7.8 stable branch opens. If someone could take care of that, I would appreciate it. More information on the vulnerability at https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/ The only change in this release is the security fix, there were no other changes apart from version bumps. Tested on amd64. I plan on committing in a couple days unless I hear objections. Best, Jeremy Index: Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/4.0/Makefile,v diff -u -p -u -p -r1.8 Makefile --- Makefile 27 Mar 2026 16:41:27 -0000 1.8 +++ Makefile 8 May 2026 00:14:59 -0000 @@ -1,5 +1,4 @@ -VERSION = 4.0.2 -REVISION = 1 +VERSION = 4.0.3 DISTNAME = ruby-${VERSION} PKGNAME-main = ruby-${VERSION} PKGNAME-ri_docs = ruby${BINREV}-ri_docs-${VERSION} Index: distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/4.0/distinfo,v diff -u -p -u -p -r1.3 distinfo --- distinfo 20 Mar 2026 01:39:32 -0000 1.3 +++ distinfo 8 May 2026 00:14:59 -0000 @@ -1,6 +1,6 @@ -SHA256 (ruby-4.0.2.tar.gz) = UVArJrULaN9JYzNspB42jN6SySj6+RZU3kxMF5H4Kqw= +SHA256 (ruby-4.0.3.tar.gz) = d5ZKzDcNXIN1uVAuW6bBPAPvkaueufUhyE+0K5yaaw8= SHA256 (ruby-box-test-fix.patch) = GbHsCPL9ZNdpXZl62mqghVbwkVoqKj6H3KtVJOoSrdk= SHA256 (ruby402-gem-fix.patch) = KyimCdjFgcYMTU1LJvA0SW/Wrj9IG5Ip/MumzjafhA8= -SIZE (ruby-4.0.2.tar.gz) = 23824654 +SIZE (ruby-4.0.3.tar.gz) = 23806898 SIZE (ruby-box-test-fix.patch) = 1047 SIZE (ruby402-gem-fix.patch) = 2248 Index: patches/patch-lib_rubygems_rb =================================================================== RCS file: /cvs/ports/lang/ruby/4.0/patches/patch-lib_rubygems_rb,v diff -u -p -u -p -r1.2 patch-lib_rubygems_rb --- patches/patch-lib_rubygems_rb 20 Mar 2026 01:39:32 -0000 1.2 +++ patches/patch-lib_rubygems_rb 8 May 2026 00:14:59 -0000 @@ -9,7 +9,7 @@ The ENV usage is to skip this logic duri Index: lib/rubygems.rb --- lib/rubygems.rb.orig +++ lib/rubygems.rb -@@ -1245,6 +1245,13 @@ An Array (#{env.inspect}) was passed in from #{caller[ +@@ -1246,6 +1246,13 @@ An Array (#{env.inspect}) was passed in from #{caller[ attr_accessor :disable_system_update_message Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/4.0/pkg/PLIST-main,v diff -u -p -u -p -r1.3 PLIST-main --- pkg/PLIST-main 20 Mar 2026 01:39:32 -0000 1.3 +++ pkg/PLIST-main 8 May 2026 00:15:00 -0000 @@ -1567,9 +1567,9 @@ lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/ lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/drb/version.rb lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/drb/weakidconv.rb lib/ruby/gems/${REV}/gems/english-0.8.1/ -lib/ruby/gems/${REV}/gems/erb-6.0.1/ -lib/ruby/gems/${REV}/gems/erb-6.0.1/libexec/ -lib/ruby/gems/${REV}/gems/erb-6.0.1/libexec/erb +lib/ruby/gems/${REV}/gems/erb-6.0.1.1/ +lib/ruby/gems/${REV}/gems/erb-6.0.1.1/libexec/ +lib/ruby/gems/${REV}/gems/erb-6.0.1.1/libexec/erb lib/ruby/gems/${REV}/gems/error_highlight-0.7.1/ lib/ruby/gems/${REV}/gems/etc-1.4.6/ lib/ruby/gems/${REV}/gems/fcntl-1.3.0/ @@ -3475,7 +3475,7 @@ lib/ruby/gems/${REV}/specifications/defa lib/ruby/gems/${REV}/specifications/default/did_you_mean-2.0.0.gemspec lib/ruby/gems/${REV}/specifications/default/digest-3.2.1.gemspec lib/ruby/gems/${REV}/specifications/default/english-0.8.1.gemspec -lib/ruby/gems/${REV}/specifications/default/erb-6.0.1.gemspec +lib/ruby/gems/${REV}/specifications/default/erb-6.0.1.1.gemspec lib/ruby/gems/${REV}/specifications/default/error_highlight-0.7.1.gemspec lib/ruby/gems/${REV}/specifications/default/etc-1.4.6.gemspec lib/ruby/gems/${REV}/specifications/default/fcntl-1.3.0.gemspec
