pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang



Module Name:    pkgsrc
Committed By:   taca
Date:           Fri Feb 22 16:20:48 UTC 2013

Modified Files:
        pkgsrc/lang/ruby: rubyversion.mk
        pkgsrc/lang/ruby193-base: Makefile distinfo
Removed Files:
        pkgsrc/lang/ruby193-base/patches: patch-ext_json_lib_json_add_core.rb
            patch-ext_json_lib_json_common.rb
            patch-ext_json_lib_json_version.rb patch-ext_json_parser_parser.c
            patch-ext_json_parser_parser.rl patch-test_json_test__json.rb
            patch-test_json_test__json__addition.rb
            patch-test_json_test__json__string__matching.rb

Log Message:
Update ruby193-base package (and related) to 1.9.3-p392.
Security problem of CVE-2013-0269 was already handled but REXML security
problem is fixed by this package.

Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently.

This release includes security fixes about bundled JSON and REXML.

* Denial of Service and Unsafe Object Creation Vulnerability in JSON
  (CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)

And some small bugfixes are also included.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.25 -r1.26 pkgsrc/lang/ruby193-base/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/ruby193-base/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/lang/ruby193-base/patches/patch-ext_json_lib_json_add_core.rb \
    pkgsrc/lang/ruby193-base/patches/patch-ext_json_lib_json_common.rb \
    pkgsrc/lang/ruby193-base/patches/patch-ext_json_lib_json_version.rb \
    pkgsrc/lang/ruby193-base/patches/patch-ext_json_parser_parser.c \
    pkgsrc/lang/ruby193-base/patches/patch-ext_json_parser_parser.rl \
    pkgsrc/lang/ruby193-base/patches/patch-test_json_test__json.rb \
    pkgsrc/lang/ruby193-base/patches/patch-test_json_test__json__addition.rb \
    
pkgsrc/lang/ruby193-base/patches/patch-test_json_test__json__string__matching.rb

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index