Ruby 1.8.7, 1.9.3, and 2.0.0 had security releases today to fix
CVE-2013-4073: Hostname check bypassing vulnerability in SSL client.
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
Exploitation of this vulnerability requires that a trusted CA
issue a certificate with a null byte in the subjectAltName field.
This will likely be the last patch release of ruby 1.8.7, as it
becomes unsupported upstream next week.
The 1.9.3 and 2.0.0 releases also contain other bugfixes.
Unfortunately, upstream got sloppy and changed ABI in a patch
release (removing a function, adding some new functions), so this
bumps the majors on libruby19.so and libruby20.so.
Tested on i386. Compiles fine on amd64, but I still need to do some
additional testing there. Assuming no problems, I will be commiting
this next week.
Thanks,
Jeremy
Index: 1.8/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/1.8/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- 1.8/Makefile 11 Mar 2013 11:20:28 -0000 1.27
+++ 1.8/Makefile 27 Jun 2013 20:15:46 -0000
@@ -7,7 +7,7 @@ COMMENT-tk= tk interface for ruby
COMMENT-ri_docs= ri documentation files ruby
VERSION= 1.8.7
-PATCHLEVEL= 370
+PATCHLEVEL= 374
SHARED_LIBS= ruby18 0.0
PKGNAME-main= ruby-${VERSION}.${PATCHLEVEL}
@@ -15,8 +15,6 @@ PKGNAME-iconv= ruby-iconv-${VERSION}.${
PKGNAME-gdbm= ruby-gdbm-${VERSION}.${PATCHLEVEL}
PKGNAME-tk= ruby-tk-${VERSION}.${PATCHLEVEL}
PKGNAME-ri_docs= ruby-ri_docs-${VERSION}.${PATCHLEVEL}
-
-REVISION-main= 1
PKG_ARCH-ri_docs= *
PKGSPEC-main= ruby->=1.8,<1.9
Index: 1.8/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/1.8/distinfo,v
retrieving revision 1.7
diff -u -p -r1.7 distinfo
--- 1.8/distinfo 3 Jul 2012 19:58:39 -0000 1.7
+++ 1.8/distinfo 27 Jun 2013 20:16:44 -0000
@@ -1,5 +1,2 @@
-MD5 (ruby-1.8.7-p370.tar.gz) = mLALvRzd4xFhVe225VW3gQ==
-RMD160 (ruby-1.8.7-p370.tar.gz) = dtLpYn+11oui0FqRpFspvpqRzR8=
-SHA1 (ruby-1.8.7-p370.tar.gz) = /8VzYBnJqmkqBe2Vr3/pdq+z2hM=
-SHA256 (ruby-1.8.7-p370.tar.gz) = vNjbR6329eOCK2CgR4Xu2xuX1B+9fLWV0CdZ+qNlgcY=
-SIZE (ruby-1.8.7-p370.tar.gz) = 4897464
+SHA256 (ruby-1.8.7-p374.tar.gz) = h27uqu6rEMv0dngzVH1m2G1nF+9I/T2J4n24kmplJ2w=
+SIZE (ruby-1.8.7-p374.tar.gz) = 4903749
Index: 1.8/patches/patch-error_c
===================================================================
RCS file: 1.8/patches/patch-error_c
diff -N 1.8/patches/patch-error_c
--- 1.8/patches/patch-error_c 8 Oct 2012 13:15:17 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-error_c,v 1.2 2012/10/08 13:15:17 jeremy Exp $
-
-Backport security fix, from Shugo Maeda (ruby developer), similar to
-changes in ruby SVN revision 37068.
-
---- error.c.orig Mon Oct 8 03:43:34 2012
-+++ error.c Mon Oct 8 03:43:49 2012
-@@ -665,9 +665,6 @@ name_err_to_s(exc)
-
- if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
- StringValue(str);
-- if (str != mesg) {
-- OBJ_INFECT(str, mesg);
-- }
- return str;
- }
-
Index: 1.9/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/1.9/Makefile,v
retrieving revision 1.37
diff -u -p -r1.37 Makefile
--- 1.9/Makefile 17 May 2013 20:08:35 -0000 1.37
+++ 1.9/Makefile 27 Jun 2013 20:23:57 -0000
@@ -9,10 +9,10 @@ COMMENT-tk = tk interface for ruby
COMMENT-ri_docs = ri documentation files for ruby
VERSION = 1.9.3
-PATCHLEVEL = 429
+PATCHLEVEL = 448
RUBYLIBREV = 1.9.1
-SHARED_LIBS = ruby19 1.0
+SHARED_LIBS = ruby19 2.0
PKGNAME-main = ruby-${VERSION}.${PATCHLEVEL}
PKGNAME-gdbm = ruby-gdbm-${VERSION}.${PATCHLEVEL}
PKGNAME-dbm = ruby-dbm-${VERSION}.${PATCHLEVEL}
Index: 1.9/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/1.9/distinfo,v
retrieving revision 1.13
diff -u -p -r1.13 distinfo
--- 1.9/distinfo 17 May 2013 20:08:35 -0000 1.13
+++ 1.9/distinfo 27 Jun 2013 20:17:47 -0000
@@ -1,2 +1,2 @@
-SHA256 (ruby-1.9.3-p429.tar.gz) = 0ZLRr8RqfvJ7nQo8eme1CQSJhNssOJB6qCZBvfmArPQ=
-SIZE (ruby-1.9.3-p429.tar.gz) = 12553234
+SHA256 (ruby-1.9.3-p448.tar.gz) = LzXhhlQ6A77F5gMpbW2IKLlMpYurBJtnsc62HTgbyKc=
+SIZE (ruby-1.9.3-p448.tar.gz) = 12559260
Index: 1.9/patches/patch-Makefile_in
===================================================================
RCS file: 1.9/patches/patch-Makefile_in
diff -N 1.9/patches/patch-Makefile_in
--- 1.9/patches/patch-Makefile_in 17 May 2013 20:08:35 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-$OpenBSD: patch-Makefile_in,v 1.1 2013/05/17 20:08:35 jeremy Exp $
-
-This lines causes make build to fail when run the first time.
-
---- Makefile.in.orig Tue May 14 09:52:50 2013
-+++ Makefile.in Tue May 14 09:53:00 2013
-@@ -169,7 +169,6 @@ $(PROGRAM):
- @$(RM) $@
- $(ECHO) linking $@
- $(Q) $(PURIFY) $(CC) $(LDFLAGS) $(XLDFLAGS) $(MAINOBJ)
$(EXTOBJS) $(LIBRUBYARG) $(MAINLIBS) $(LIBS) $(OUTFLAG)$@
-- $(Q) $(POSTLINK)
-
- # We must `rm' the library each time this rule is invoked because "updating" a
- # MAB library on Apple/NeXT (see --enable-fat-binary in configure) is not
Index: 1.9/pkg/PLIST-ri_docs
===================================================================
RCS file: /cvs/ports/lang/ruby/1.9/pkg/PLIST-ri_docs,v
retrieving revision 1.8
diff -u -p -r1.8 PLIST-ri_docs
--- 1.9/pkg/PLIST-ri_docs 17 May 2013 20:08:35 -0000 1.8
+++ 1.9/pkg/PLIST-ri_docs 27 Jun 2013 20:49:24 -0000
@@ -13097,8 +13097,6 @@ share/ri/${RUBYLIBREV}/system/Struct/to_
share/ri/${RUBYLIBREV}/system/Struct/to_s-i.ri
share/ri/${RUBYLIBREV}/system/Struct/values-i.ri
share/ri/${RUBYLIBREV}/system/Struct/values_at-i.ri
-share/ri/${RUBYLIBREV}/system/Syck/
-share/ri/${RUBYLIBREV}/system/Syck/cdesc-Syck.ri
share/ri/${RUBYLIBREV}/system/Symbol/
share/ri/${RUBYLIBREV}/system/Symbol/%3c%3d%3e-i.ri
share/ri/${RUBYLIBREV}/system/Symbol/%3d%3d%3d-i.ri
Index: 2.0/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/2.0/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- 2.0/Makefile 17 May 2013 20:11:43 -0000 1.4
+++ 2.0/Makefile 27 Jun 2013 21:17:48 -0000
@@ -8,11 +8,11 @@ COMMENT-tk = tk interface for ruby
COMMENT-ri_docs = ri documentation files for ruby
VERSION = 2.0.0
-PATCHLEVEL = 195
+PATCHLEVEL = 247
RUBYLIBREV = 2.0
DISTNAME = ruby-${VERSION}-p${PATCHLEVEL}
-SHARED_LIBS = ruby20 0.0
+SHARED_LIBS = ruby20 1.0
PKGNAME-main = ruby-${VERSION}.${PATCHLEVEL}
PKGNAME-gdbm = ruby20-gdbm-${VERSION}.${PATCHLEVEL}
PKGNAME-tk = ruby20-tk-${VERSION}.${PATCHLEVEL}
Index: 2.0/distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/2.0/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- 2.0/distinfo 17 May 2013 20:11:43 -0000 1.2
+++ 2.0/distinfo 27 Jun 2013 21:09:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (ruby-2.0.0-p195.tar.gz) = ov6NROrDwn0ZHKLQ7i2HH5rthzx0SRsqjfIpv9xOWpM=
-SIZE (ruby-2.0.0-p195.tar.gz) = 13641558
+SHA256 (ruby-2.0.0-p247.tar.gz) = PnEEKHLHdyZAlGDoZHovMECDoVrg3v6Q2AAKaZF+INM=
+SIZE (ruby-2.0.0-p247.tar.gz) = 13652782
Index: 2.0/pkg/PLIST-ri_docs
===================================================================
RCS file: /cvs/ports/lang/ruby/2.0/pkg/PLIST-ri_docs,v
retrieving revision 1.2
diff -u -p -r1.2 PLIST-ri_docs
--- 2.0/pkg/PLIST-ri_docs 17 May 2013 20:11:43 -0000 1.2
+++ 2.0/pkg/PLIST-ri_docs 27 Jun 2013 21:30:23 -0000
@@ -3836,6 +3836,7 @@ share/ri/${RUBYLIBREV}/system/Gem/TestCa
share/ri/${RUBYLIBREV}/system/Gem/TestCase/StaticSet/prefetch-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/add_to_fetcher-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/all_spec_names-i.ri
+share/ri/${RUBYLIBREV}/system/Gem/TestCase/assert_contains_make_command-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/assert_path_exists-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/build_rake_in-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/cdesc-TestCase.ri
@@ -3856,6 +3857,7 @@ share/ri/${RUBYLIBREV}/system/Gem/TestCa
share/ri/${RUBYLIBREV}/system/Gem/TestCase/new_default_spec-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/new_spec-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/nmake_found%3f-i.ri
+share/ri/${RUBYLIBREV}/system/Gem/TestCase/parse_make_command_line-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/process_based_port-c.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/process_based_port-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/quick_gem-i.ri
@@ -3865,6 +3867,7 @@ share/ri/${RUBYLIBREV}/system/Gem/TestCa
share/ri/${RUBYLIBREV}/system/Gem/TestCase/refute_path_exists-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/req-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/rubybin-c.ri
+share/ri/${RUBYLIBREV}/system/Gem/TestCase/scan_make_command_lines-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/setup-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/spec-i.ri
share/ri/${RUBYLIBREV}/system/Gem/TestCase/teardown-i.ri
@@ -3964,8 +3967,10 @@ share/ri/${RUBYLIBREV}/system/Gem/config
share/ri/${RUBYLIBREV}/system/Gem/configuration-c.ri
share/ri/${RUBYLIBREV}/system/Gem/datadir-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_bindir-c.ri
+share/ri/${RUBYLIBREV}/system/Gem/default_cert_path-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_dir-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_exec_format-c.ri
+share/ri/${RUBYLIBREV}/system/Gem/default_key_path-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_path-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_rubygems_dirs-c.ri
share/ri/${RUBYLIBREV}/system/Gem/default_sources-c.ri
@@ -7936,10 +7941,6 @@ share/ri/${RUBYLIBREV}/system/Psych/Code
share/ri/${RUBYLIBREV}/system/Psych/Coder/style-i.ri
share/ri/${RUBYLIBREV}/system/Psych/Coder/tag-i.ri
share/ri/${RUBYLIBREV}/system/Psych/Coder/type-i.ri
-share/ri/${RUBYLIBREV}/system/Psych/EngineManager/
-share/ri/${RUBYLIBREV}/system/Psych/EngineManager/cdesc-EngineManager.ri
-share/ri/${RUBYLIBREV}/system/Psych/EngineManager/yamler%3d-i.ri
-share/ri/${RUBYLIBREV}/system/Psych/EngineManager/yamler-i.ri
share/ri/${RUBYLIBREV}/system/Psych/Error/
share/ri/${RUBYLIBREV}/system/Psych/Error/cdesc-Error.ri
share/ri/${RUBYLIBREV}/system/Psych/Exception/
