New versions of Ruby were released today for 4 vulnerabilities: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/ https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/ https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/ https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
Release announcements are at: https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-4-8-released/ https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/ https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-6-5-released/ Unfortunately, there is a packaging issue with the ruby 2.4.8 tarball, so instead of using that, this just picks the 4 patch commits from GitHub. I've only done minor testing of this so far. I will be doing more testing, but if there are no problems, I plan to commit in a couple days. Thanks, Jeremy Index: 2.4/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.4/Makefile,v retrieving revision 1.18 diff -u -p -r1.18 Makefile --- 2.4/Makefile 30 Aug 2019 15:56:31 -0000 1.18 +++ 2.4/Makefile 1 Oct 2019 17:43:03 -0000 @@ -4,6 +4,14 @@ VERSION = 2.4.7 SHARED_LIBS = ruby24 2.0 NEXTVER = 2.5 +REVISION-main = 0 +MASTER_SITES0 = https://github.com/ruby/ruby/commit/ +PATCHFILES = 88387876af112eb0bdefe7408bca6aaaacf52d6f.patch:0 \ + 38d2d0dbd319a9cc49fd2c945be4090cea72ef36.patch:0 \ + 8eff476bce40b52f244b8c912d1a5f40aa64b683.patch:0 \ + 1a45b0448224009a9bde9b28ae259d8674c792be.patch:0 +PATCH_DIST_STRIP = -p1 + PSEUDO_FLAVORS= no_ri_docs bootstrap # Do not build the RI docs on slow arches .if ${MACHINE_ARCH:Malpha} || ${MACHINE_ARCH:Marm} || ${MACHINE_ARCH:Mhppa} Index: 2.4/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.4/distinfo,v retrieving revision 1.11 diff -u -p -r1.11 distinfo --- 2.4/distinfo 30 Aug 2019 15:56:31 -0000 1.11 +++ 2.4/distinfo 1 Oct 2019 17:43:16 -0000 @@ -1,2 +1,10 @@ +SHA256 (1a45b0448224009a9bde9b28ae259d8674c792be.patch) = TUEQjT2myZa7OtZtD0QnhG9eify0Bit1CR41TkkVTRQ= +SHA256 (38d2d0dbd319a9cc49fd2c945be4090cea72ef36.patch) = gpCnkgBLmApAWI1lKnBES0qwiUmZbzm6PDYVtdbE8jM= +SHA256 (88387876af112eb0bdefe7408bca6aaaacf52d6f.patch) = mbF/Q1Pjrvs3vQz5SHT4vGtPwZh1cjFmK8zGDEDzy7A= +SHA256 (8eff476bce40b52f244b8c912d1a5f40aa64b683.patch) = qhjeBfpMFa6OR/uqQAbXIpQgoK7OsWDFlxNEMEe3y7w= SHA256 (ruby-2.4.7.tar.gz) = zW78cgympiJ0XiusefRebNY6sPWlOtfriBVF9Y/zi4k= +SIZE (1a45b0448224009a9bde9b28ae259d8674c792be.patch) = 2439 +SIZE (38d2d0dbd319a9cc49fd2c945be4090cea72ef36.patch) = 3154 +SIZE (88387876af112eb0bdefe7408bca6aaaacf52d6f.patch) = 1917 +SIZE (8eff476bce40b52f244b8c912d1a5f40aa64b683.patch) = 4033 SIZE (ruby-2.4.7.tar.gz) = 16036496 Index: 2.5/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/Makefile,v retrieving revision 1.10 diff -u -p -r1.10 Makefile --- 2.5/Makefile 30 Aug 2019 15:57:24 -0000 1.10 +++ 2.5/Makefile 1 Oct 2019 15:24:38 -0000 @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.10 2019/08/30 15:57:24 jeremy Exp $ -VERSION = 2.5.6 +VERSION = 2.5.7 SHARED_LIBS = ruby25 0.0 NEXTVER = 2.6 Index: 2.5/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.5/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- 2.5/distinfo 30 Aug 2019 15:57:24 -0000 1.6 +++ 2.5/distinfo 1 Oct 2019 15:25:04 -0000 @@ -1,2 +1,2 @@ -SHA256 (ruby-2.5.6.tar.gz) = HX7QbGcwIM0SpzftaGRwVS6Omdcrgs08JtqjEVw2vqc= -SIZE (ruby-2.5.6.tar.gz) = 17684288 +SHA256 (ruby-2.5.7.tar.gz) = Cy0NXjRRtqtFT4Gxv8oAdAfAVI3qQD8eui5CnaSt1tQ= +SIZE (ruby-2.5.7.tar.gz) = 15669771 Index: 2.6/Makefile =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/Makefile,v retrieving revision 1.7 diff -u -p -r1.7 Makefile --- 2.6/Makefile 30 Aug 2019 15:58:26 -0000 1.7 +++ 2.6/Makefile 1 Oct 2019 15:25:17 -0000 @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.7 2019/08/30 15:58:26 jeremy Exp $ -VERSION = 2.6.4 +VERSION = 2.6.5 DISTNAME = ruby-${VERSION} SHARED_LIBS = ruby26 0.0 NEXTVER = 2.7 Index: 2.6/distinfo =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- 2.6/distinfo 30 Aug 2019 15:58:26 -0000 1.6 +++ 2.6/distinfo 1 Oct 2019 15:25:37 -0000 @@ -1,2 +1,2 @@ -SHA256 (ruby-2.6.4.tar.gz) = T8HYunVQWzeXAgpv/IWovP9q3E2rrjQ7ZXK/KB7heTc= -SIZE (ruby-2.6.4.tar.gz) = 16503137 +SHA256 (ruby-2.6.5.tar.gz) = ZpdrcW7MH9NPm3w8Kwe703YxgVN3ouPoWlsZTP3L7X0= +SIZE (ruby-2.6.5.tar.gz) = 16172159 Index: 2.6/pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/ruby/2.6/pkg/PLIST-main,v retrieving revision 1.5 diff -u -p -r1.5 PLIST-main --- 2.6/pkg/PLIST-main 30 Aug 2019 15:58:26 -0000 1.5 +++ 2.6/pkg/PLIST-main 1 Oct 2019 15:51:08 -0000 @@ -42,7 +42,7 @@ include/ruby-${REV}/ruby/util.h include/ruby-${REV}/ruby/version.h include/ruby-${REV}/ruby/vm.h include/ruby-${REV}/${SUB}/ -include/ruby-${REV}/${SUB}/rb_mjit_min_header-2.6.4.h +include/ruby-${REV}/${SUB}/rb_mjit_min_header-2.6.5.h include/ruby-${REV}/${SUB}/ruby/ include/ruby-${REV}/${SUB}/ruby/config.h lib/libruby26.so