Fixes:
* CVE-2025-27219: Denial of Service in CGI::Cookie.parse
* CVE-2025-27220: ReDoS in CGI::Util#escapeElement
* CVE-2025-27221: userinfo leakage in URI#join, URI#merge and URI#+
OK sthen@
The pthread based implementation breaks way too often with (likely) GC memory
corruptions:
[BUG] object allocation during garbage collection phase
when building graphics/rmagick,ruby33.
Fixes the following CVEs for DoS vulnerabilities in REXML:
* CVE-2024-43398
* CVE-2024-41946
* CVE-2024-41123
Add post-install hook to remove bin/*.lock files, as they
shouldn't be in the package (not sure why this version
started to add them).
on OpenBSD. Change this to -mbranch-protection=standard such that both
BTI and PAC support are enabled. This makes BTI work so drop the
USE_NOBTCFI-aarch64=Yes bit from the Makefile.
ok jeremy@
* Regen patches
* Drop a distpatch added upstream
* Add a distpatch to fix an openssl extension test error
* Add a patch to fix a bunch of drb ssl test errors
* Add a patch to fix a rubygems test error due to changes in our port
* Add a patch to the leaked symbols test (not yet enabled in the port)
Backport an upstream fix for ILP32 architectures.
Switch check to test-all as the test target, as the previous check
target fails before the main test suite runs due to a symbol
visibility that doesn't handle retguard.
Upstream fix identified by tb@
i386 testing by tb@
OK tb@
This fixes SIGILL/ILL_BTCFI that started occurring after
recent changes (post 7.5), for the following example code:
mutex = Mutex.new
mutex.synchronize { Fiber.new { mutex.owned? }.resume
Issue reported by jcs@
Tested by jcs@
OK jcs@
It switches ruby to use MODULES+=lang/rust instead of BUILD_DEPENDS+=lang/rust.
It makes the ports to use _SYSTEM_VERSION-rust and be bumped automatically when
rust (compiler or stdlib) changes, and so get the package updated.
ok tb@ jeremy@
This sets PATCHORIG = .orig, because the build infrastructure handles
that better and it requires less work when updating plists.
This sets optflags="", so that the build infrastructure does not
override the default optimization flags.
This removes ncurses, readline, and yaml from WANTLIB, and adds yaml-0
to WANTLIB. For Ruby 3.1 and 3.2, ncurses and readline are added back.
Ruby 3.3 drops the readline extension, so those libraries are no longer
needed.
This drops the gdbm subpackage code from Makefile.inc, since it
is no longer used by any supported Ruby version.
OK tb@, gkoehler@
This flag will be supported by lld-16. When dwz encounters a file with
already compressed sections, it errors out. Just disable the
ruby specific use of that feature and keep on relying on dwz like other
ports. ok jeremy@ (maintainer)
-mbranch-protection=pac-ret compiler option and using that in the build.
On OpenBSD this actually disables BTI support. Change the configure
script to use -mbranch-protection=standard instead.
ok jeremy@
* Remove variables not used by any ports in the tree:
* MODRUBY_LIBDIR
* MODRUBY_RELDOCDIR
* MODRUBY_DOCDIR
* MODRUBY_EXAMPLEDIR
* MODRUBY_ADJ_REPLACE
* MODRUBY_TEST_DIR
* Prefix internal variables with an underscore. Any variable
not currently used by any ports in the tree has been made
internal.
* Consolidate all SUBST_VARS and UPDATE_PLIST_ARGS setting to
a single case.
Tested by building all ports using lang/ruby module.
We haven't built JRuby ports with this support since late 2016. In
general, there is no need for jruby gem support in ports, since the gems
have no native components. You are better off using jruby -S gem
install.
While here, fix MODRUBY_TEST=rake and remove MODRUBY_TEST=rspec as it no
longer works with modern Ruby.
Also remove MODRUBY_BIN_TESTRB as that file has not existed in many Ruby
versions, and nothing in the ports tree uses it.
OK sthen@
jeremy