This diff fixes CVE-2012-5371 (Hash-flooding DoS vulnerability for ruby
1.9), as well as some other bug fixes, see
http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/

Other than the version bump, the only port changes are fixing the
LIB_DEPENDS of the gdbm, dbm, and tk subpackages so they won't break
when ruby 2.0 is installed.

Tested on amd64, regress tests pass clean.  I'll probably be committing
next week after I can test on i386.

Thanks,
Jeremy

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/1.9/Makefile,v
retrieving revision 1.29
diff -N -u -p Makefile
--- Makefile    24 Oct 2012 22:49:05 -0000      1.29
+++ Makefile    10 Nov 2012 03:12:26 -0000
@@ -7,7 +7,7 @@ COMMENT-tk =            tk interface for ruby
 COMMENT-ri_docs =      ri documentation files for ruby
 
 VERSION =              1.9.3
-PATCHLEVEL =           286
+PATCHLEVEL =           327
 RUBYLIBREV =           1.9.1
 
 SHARED_LIBS =          ruby19 1.0
@@ -57,12 +57,12 @@ MULTI_PACKAGES =    -main -gdbm -dbm
 
 WANTLIB-gdbm =         c m gdbm pthread ruby19
 LIB_DEPENDS-gdbm =     databases/gdbm \
-                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL}
+                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL},<1.10
 RUN_DEPENDS-gdbm =     
 
 WANTLIB-dbm =          c m db pthread ruby19
 LIB_DEPENDS-dbm =      databases/db/v4 \
-                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL}
+                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL},<1.10
 RUN_DEPENDS-dbm =      
  
 .if !${FLAVOR:Mno_x11}
@@ -72,7 +72,7 @@ CONFIGURE_ARGS+=      --with-tcl-include=${PREFIX}/include/
                        --with-X11-dir=${X11BASE}
 WANTLIB-tk =           X11 c m pthread ruby19 tcl85 tk85
 LIB_DEPENDS-tk =       tk->=8.5,<8.6:x11/tk/8.5 \
-                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL}
+                       lang/ruby/${REV},-main>=${VERSION}.${PATCHLEVEL},<1.10
 RUN_DEPENDS-tk =       
 .endif
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/1.9/distinfo,v
retrieving revision 1.8
diff -N -u -p distinfo
--- distinfo    24 Oct 2012 22:49:05 -0000      1.8
+++ distinfo    10 Nov 2012 03:12:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (ruby-1.9.3-p286.tar.gz) = 6UNnEIdR/WvOeUAdlHuqZglsdX/ToIVjUKKr0F0m2J0=
-SIZE (ruby-1.9.3-p286.tar.gz) = 12459652
+SHA256 (ruby-1.9.3-p327.tar.gz) = Ud12Ri0/brLGWadekPlJ9W2ljEK/tXZiEkeBYLfyPXE=
+SIZE (ruby-1.9.3-p327.tar.gz) = 12484826

Reply via email to