This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This release includes some bug fixes and a security fix.
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This release contains some security fixes.
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Multiple vulnerabilities in RubyGems
Update bundled libyaml to version 0.1.7.
And many other bugfix.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This is a stable feature release.
Notable changes:
- Introduce hash table improvement (by Vladimir Makarov)
- Binding#irb: Start a REPL session similar to binding.pry
- Unify Fixnum and Bignum into Integer
- String supports Unicode case mappings
- Performance improvements
- Thread#report_on_exception and Thread.report_on_exception changes
- Thread deadlock detection now shows threads with their backtrace and dependency
- Support OpenSSL 1.1.0 (drop support for 0.9.7 or prior)
- ext/tk is now removed from stdlib Feature #8539
- XMLRPC is now removed from stdlib Feature #12160
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
New feature release for ruby.More info:
https://www.ruby-lang.org/en/news/2015/12/25/ruby-2-3-0-released/
Patches changes:
(-) 001-rdoc-remove_gems_dep.patch was merged
(+) 001-acinclude.m4_rename_aclocal.m4.patch backported from upstream.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
For ruby changes since 2.1.x:
https://github.com/ruby/ruby/blob/v2_2_0/NEWS
Relevant changes for OpenWRT:
* all patches for ruby-core where merged upstream and
they are not needed anymore (only rdoc patch remains)
- PR for the rdoc github project was added to the patch header
(https://github.com/rdoc/rdoc/pull/340)
* new package ruby-powerassert for introduced new bundled gem power_assert
* new package ruby-unicodenormalize for Unicode normalization files
* removed ruby-dl as DL was removed after being deprecated
* ruby-{minitest,testunit} where removed from ruby library. Now they
are bundled gems
* test and sample files where removed from gems in order to save resources
and reduce pkgs dependencies
* script ruby_find_pkgsdeps was updated to match upstream changes
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ext/digest/rmd160 was referencing a function that never existed in openssl.
The name was simply mistyped. Now it can use openssl.
openssl was always linked to ext/digest when library is avaiable,
even when it was disable by configure option and not used by code.
upstream refs: https://bugs.ruby-lang.org/issues/10252
upstream refs: https://bugs.ruby-lang.org/issues/10324
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
minitest can live without gems. Just a minor fix to
solve a require that fails when gem is missing
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
rdoc seems to be written to run without gem. However,
some internal code still does not check for gems presence.
With a small patch, rdoc can run without gems.
Ref: https://bugs.ruby-lang.org/issues/10196
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
