1.8.23

Jeremy Evans Tue, 24 Apr 2012 14:19:10 -0700

This release fixes a security issue when installing gems:

* RubyGems now disallows redirection from HTTPS to HTTP.
* RubyGems now verifies SSL connections.


Tested in a bulk of the ruby ports on amd64, and also briefly on i386. I
would appreciate additional testing, but will probably be committing
this later this week.

Thanks,
Jeremy

Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/Makefile,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile
--- Makefile    8 Nov 2011 23:44:12 -0000       1.25
+++ Makefile    23 Apr 2012 18:05:49 -0000
@@ -2,7 +2,7 @@
 
 COMMENT=       package management framework for the Ruby language
 
-V=             1.8.10
+V=             1.8.23
 DISTNAME=      rubygems-$V
 PKGNAME=       ruby-gems-$V
 CATEGORIES=    devel
Index: distinfo
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/distinfo,v
retrieving revision 1.11
diff -u -p -r1.11 distinfo
--- distinfo    8 Nov 2011 23:44:12 -0000       1.11
+++ distinfo    23 Apr 2012 19:49:44 -0000
@@ -1,5 +1,5 @@
-MD5 (rubygems-1.8.10.tgz) = WwjuMXQMmwvTb2wE1Tfn1A==
-RMD160 (rubygems-1.8.10.tgz) = LH3EvFRZoLLPdxyTmPdQz+Dby/U=
-SHA1 (rubygems-1.8.10.tgz) = 0ujF2femnvLGqYCX/xkvI4sM4R8=
-SHA256 (rubygems-1.8.10.tgz) = OBUb1iqIuNCGf3rP1KrIPyxObf2eyZLtW5bEShzXhVI=
-SIZE (rubygems-1.8.10.tgz) = 249683
+MD5 (rubygems-1.8.23.tgz) = F4sOuueNu0aWPFGtKbtr2Q==
+RMD160 (rubygems-1.8.23.tgz) = YkxHUCMF+a6RrmrLSOh3Khh6LKg=
+SHA1 (rubygems-1.8.23.tgz) = rdlsiu1OEVJplbw1SiE8cqOTmAw=
+SHA256 (rubygems-1.8.23.tgz) = 5KHGu6rEEeqrlN6ueCKLdYQDOh8QoCL1K/+pYTqikGE=
+SIZE (rubygems-1.8.23.tgz) = 379999
Index: patches/patch-lib_rubygems_commands_setup_command_rb
===================================================================
RCS file: 
/cvs/ports/devel/ruby-gems/patches/patch-lib_rubygems_commands_setup_command_rb,v
retrieving revision 1.3
diff -u -p -r1.3 patch-lib_rubygems_commands_setup_command_rb
--- patches/patch-lib_rubygems_commands_setup_command_rb        8 Nov 2011 
23:44:12 -0000       1.3
+++ patches/patch-lib_rubygems_commands_setup_command_rb        23 Apr 2012 
19:51:25 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-lib_rubygems_commands_setup_command_rb,v 1.3 2011/11/08 
23:44:12 jeremy Exp $
---- lib/rubygems/commands/setup_command.rb.orig        Thu Aug 25 17:30:44 2011
-+++ lib/rubygems/commands/setup_command.rb     Sun Oct 30 20:35:07 2011
-@@ -273,7 +273,7 @@ TEXT
+--- lib/rubygems/commands/setup_command.rb.orig        Thu Apr 19 21:29:58 2012
++++ lib/rubygems/commands/setup_command.rb     Mon Apr 23 12:49:58 2012
+@@ -283,7 +283,7 @@ TEXT
           lib_dir = Gem::ConfigMap[site_or_vendor]
           bin_dir = Gem::ConfigMap[:bindir]
        else
Index: patches/patch-lib_rubygems_config_file_rb
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/patches/patch-lib_rubygems_config_file_rb,v
retrieving revision 1.4
diff -u -p -r1.4 patch-lib_rubygems_config_file_rb
--- patches/patch-lib_rubygems_config_file_rb   8 Nov 2011 23:44:12 -0000       
1.4
+++ patches/patch-lib_rubygems_config_file_rb   23 Apr 2012 19:51:18 -0000
@@ -1,12 +1,12 @@
 $OpenBSD: patch-lib_rubygems_config_file_rb,v 1.4 2011/11/08 23:44:12 jeremy 
Exp $
---- lib/rubygems/config_file.rb.orig   Thu Aug 25 17:30:44 2011
-+++ lib/rubygems/config_file.rb        Sun Oct 30 20:36:11 2011
-@@ -68,7 +68,7 @@ class Gem::ConfigFile
+--- lib/rubygems/config_file.rb.orig   Thu Apr 19 21:29:58 2012
++++ lib/rubygems/config_file.rb        Mon Apr 23 12:50:57 2012
+@@ -70,7 +70,7 @@ class Gem::ConfigFile
  
          path.strip
        rescue LoadError
--        "/etc"
-+        '${SYSCONFDIR}'
+-        RbConfig::CONFIG["sysconfdir"] || "/etc"
++        RbConfig::CONFIG["sysconfdir"] || '${SYSCONFDIR}'
        end
      end
  
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/devel/ruby-gems/pkg/PLIST,v
retrieving revision 1.11
diff -u -p -r1.11 PLIST
--- pkg/PLIST   8 Nov 2011 23:44:12 -0000       1.11
+++ pkg/PLIST   23 Apr 2012 19:52:00 -0000
@@ -86,6 +86,8 @@ ${MODRUBY_SITEDIR}/rubygems/package/tar_
 ${MODRUBY_SITEDIR}/rubygems/package_task.rb
 ${MODRUBY_SITEDIR}/rubygems/path_support.rb
 ${MODRUBY_SITEDIR}/rubygems/platform.rb
+${MODRUBY_SITEDIR}/rubygems/psych_additions.rb
+${MODRUBY_SITEDIR}/rubygems/psych_tree.rb
 ${MODRUBY_SITEDIR}/rubygems/remote_fetcher.rb
 ${MODRUBY_SITEDIR}/rubygems/require_paths_builder.rb
 ${MODRUBY_SITEDIR}/rubygems/requirement.rb
@@ -94,6 +96,7 @@ ${MODRUBY_SITEDIR}/rubygems/server.rb
 ${MODRUBY_SITEDIR}/rubygems/source_index.rb
 ${MODRUBY_SITEDIR}/rubygems/spec_fetcher.rb
 ${MODRUBY_SITEDIR}/rubygems/specification.rb
+${MODRUBY_SITEDIR}/rubygems/syck_hack.rb
 ${MODRUBY_SITEDIR}/rubygems/test_case.rb
 ${MODRUBY_SITEDIR}/rubygems/test_utilities.rb
 ${MODRUBY_SITEDIR}/rubygems/text.rb

Update: devel/ruby-gems 1.8.10 -> 1.8.23

Reply via email to